diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 0fad242..7c5560c 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -24,6 +24,7 @@ Yii Framework 2 Change Log - Bug #8772: ActiveQuery failed removing duplicate records after join when the resultset did not contain the pk values e.g. after grouping (cebe) - Bug #8900: Fixed determine active menu item with url-alias in route `\yii\widgets\Menu::isItemActive()` (demi) - Bug #9046: Fixed problem with endless error loop when an error occurred after sending a stream or file download response to the user (cebe) +- Bug #9127, #9128: Fixed MSSQL `QueryBuilder::renameColumn()` and `QueryBuilder::renameTable()` escaping (sitawit) - Bug: Fixed string comparison in `BaseActiveRecord::unlink()` which may result in wrong comparison result for hash valued primary keys starting with `0e` (cebe) - Bug: Pass correct action name to `yii\console\Controller::options()` when default action was requested (cebe) - Bug: Automatic garbage collection in `yii\caching\FileCache` was not triggered (kidol) diff --git a/framework/db/mssql/QueryBuilder.php b/framework/db/mssql/QueryBuilder.php index f3df818..f26a954 100644 --- a/framework/db/mssql/QueryBuilder.php +++ b/framework/db/mssql/QueryBuilder.php @@ -119,25 +119,28 @@ class QueryBuilder extends \yii\db\QueryBuilder /** * Builds a SQL statement for renaming a DB table. - * @param string $table the table to be renamed. The name will be properly quoted by the method. + * @param string $oldName the table to be renamed. The name will be properly quoted by the method. * @param string $newName the new table name. The name will be properly quoted by the method. * @return string the SQL statement for renaming a DB table. */ - public function renameTable($table, $newName) + public function renameTable($oldName, $newName) { - return "sp_rename '$table', '$newName'"; + return 'sp_rename ' . $this->db->quoteTableName($oldName) . ', ' . $this->db->quoteTableName($newName); } /** * Builds a SQL statement for renaming a column. * @param string $table the table whose column is to be renamed. The name will be properly quoted by the method. - * @param string $name the old name of the column. The name will be properly quoted by the method. + * @param string $oldName the old name of the column. The name will be properly quoted by the method. * @param string $newName the new name of the column. The name will be properly quoted by the method. * @return string the SQL statement for renaming a DB column. */ - public function renameColumn($table, $name, $newName) + public function renameColumn($table, $oldName, $newName) { - return "sp_rename '$table.$name', '$newName', 'COLUMN'"; + $table = $this->db->quoteTableName($table); + $oldName = $this->db->quoteColumnName($oldName); + $newName = $this->db->quoteColumnName($newName); + return "sp_rename '{$table}.{$oldName}', {$newName}, 'COLUMN'"; } /**