diff --git a/components/com_banners/models/banners.php b/components/com_banners/models/banners.php index df5beea096d62..c6e59f6bd48f4 100644 --- a/components/com_banners/models/banners.php +++ b/components/com_banners/models/banners.php @@ -141,14 +141,14 @@ function getListQuery() $keyword=trim($keyword); $condition1 = "a.own_prefix=1 AND a.metakey_prefix=SUBSTRING(".$db->quote($keyword).",1,LENGTH( a.metakey_prefix)) OR a.own_prefix=0 AND cl.own_prefix=1 AND cl.metakey_prefix=SUBSTRING(".$db->quote($keyword).",1,LENGTH(cl.metakey_prefix)) OR a.own_prefix=0 AND cl.own_prefix=0 AND ".($prefix==substr($keyword,0,strlen($prefix))?'1':'0'); - $condition2="a.metakey REGEXP '[[:<:]]".$db->getEscaped($keyword) . "[[:>:]]'"; + $condition2="a.metakey REGEXP '[[:<:]]".$db->escape($keyword) . "[[:>:]]'"; if ($cid) { - $condition2.=" OR cl.metakey REGEXP '[[:<:]]".$db->getEscaped($keyword) . "[[:>:]]'"; + $condition2.=" OR cl.metakey REGEXP '[[:<:]]".$db->escape($keyword) . "[[:>:]]'"; } if ($catid) { - $condition2.=" OR cat.metakey REGEXP '[[:<:]]".$db->getEscaped($keyword) . "[[:>:]]'"; + $condition2.=" OR cat.metakey REGEXP '[[:<:]]".$db->escape($keyword) . "[[:>:]]'"; } $temp[]="($condition1) AND ($condition2)"; diff --git a/components/com_contact/models/category.php b/components/com_contact/models/category.php index 37de5dcf5b8fe..1f8adcbaf3253 100644 --- a/components/com_contact/models/category.php +++ b/components/com_contact/models/category.php @@ -165,7 +165,7 @@ protected function getListQuery() // Falll back to old style if the parameter hasn't been set yet. if (empty($initialSort)) { - $query->order($db->getEscaped($this->getState('list.ordering', 'a.ordering')).' '.$db->getEscaped($this->getState('list.direction', 'ASC'))); + $query->order($db->escape($this->getState('list.ordering', 'a.ordering')).' '.$db->escape($this->getState('list.direction', 'ASC'))); } elseif ($initialSort != 'sortname'){ $query->order('a.'.$initialSort); diff --git a/components/com_contact/models/featured.php b/components/com_contact/models/featured.php index 4812aa043d864..755479ee2617e 100644 --- a/components/com_contact/models/featured.php +++ b/components/com_contact/models/featured.php @@ -156,7 +156,7 @@ protected function getListQuery() } // Add the list ordering clause. - $query->order($db->getEscaped($this->getState('list.ordering', 'a.ordering')).' '.$db->getEscaped($this->getState('list.direction', 'ASC'))); + $query->order($db->escape($this->getState('list.ordering', 'a.ordering')).' '.$db->escape($this->getState('list.direction', 'ASC'))); return $query; } diff --git a/components/com_content/models/articles.php b/components/com_content/models/articles.php index 6159cf6e5037e..336b1a846e9ce 100644 --- a/components/com_content/models/articles.php +++ b/components/com_content/models/articles.php @@ -425,7 +425,7 @@ function getListQuery() // clean filter variable $filter = JString::strtolower($filter); $hitsFilter = intval($filter); - $filter = $db->Quote('%'.$db->getEscaped($filter, true).'%', false); + $filter = $db->Quote('%'.$db->escape($filter, true).'%', false); switch ($params->get('filter_field')) { diff --git a/components/com_content/models/category.php b/components/com_content/models/category.php index a357246409463..43c41af62579a 100644 --- a/components/com_content/models/category.php +++ b/components/com_content/models/category.php @@ -268,7 +268,7 @@ protected function _buildContentOrderBy() } if ($orderCol && $orderDirn) { - $orderby .= $db->getEscaped($orderCol) . ' ' . $db->getEscaped($orderDirn) . ', '; + $orderby .= $db->escape($orderCol) . ' ' . $db->escape($orderDirn) . ', '; } $articleOrderby = $params->get('orderby_sec', 'rdate'); @@ -277,7 +277,7 @@ protected function _buildContentOrderBy() $secondary = ContentHelperQuery::orderbySecondary($articleOrderby, $articleOrderDate) . ', '; $primary = ContentHelperQuery::orderbyPrimary($categoryOrderby); - $orderby .= $db->getEscaped($primary) . ' ' . $db->getEscaped($secondary) . ' a.created '; + $orderby .= $db->escape($primary) . ' ' . $db->escape($secondary) . ' a.created '; return $orderby; } diff --git a/components/com_newsfeeds/models/category.php b/components/com_newsfeeds/models/category.php index 59869ba47eeda..dc4a1326295ee 100644 --- a/components/com_newsfeeds/models/category.php +++ b/components/com_newsfeeds/models/category.php @@ -143,7 +143,7 @@ protected function getListQuery() } // Add the list ordering clause. - $query->order($db->getEscaped($this->getState('list.ordering', 'a.ordering')).' '.$db->getEscaped($this->getState('list.direction', 'ASC'))); + $query->order($db->escape($this->getState('list.ordering', 'a.ordering')).' '.$db->escape($this->getState('list.direction', 'ASC'))); return $query; } diff --git a/components/com_users/models/registration.php b/components/com_users/models/registration.php index aae50fd3e021a..596de5f328b90 100644 --- a/components/com_users/models/registration.php +++ b/components/com_users/models/registration.php @@ -43,10 +43,10 @@ public function activate($token) // Get the user id based on the token. $db->setQuery( - 'SELECT '.$db->nameQuote('id').' FROM '.$db->nameQuote('#__users') . - ' WHERE '.$db->nameQuote('activation').' = '.$db->Quote($token) . - ' AND '.$db->nameQuote('block').' = 1' . - ' AND '.$db->nameQuote('lastvisitDate').' = '.$db->Quote($db->getNullDate()) + 'SELECT '.$db->quoteName('id').' FROM '.$db->quoteName('#__users') . + ' WHERE '.$db->quoteName('activation').' = '.$db->Quote($token) . + ' AND '.$db->quoteName('block').' = 1' . + ' AND '.$db->quoteName('lastvisitDate').' = '.$db->Quote($db->getNullDate()) ); $userId = (int) $db->loadResult(); @@ -421,9 +421,9 @@ public function register($temp) if (count($sendEmail) > 0) { $jdate = new JDate(); // Build the query to add the messages - $q = "INSERT INTO ".$db->nameQuote('#__messages')." (".$db->nameQuote('user_id_from'). - ", ".$db->nameQuote('user_id_to').", ".$db->nameQuote('date_time'). - ", ".$db->nameQuote('subject').", ".$db->nameQuote('message').") VALUES "; + $q = "INSERT INTO ".$db->quoteName('#__messages')." (".$db->quoteName('user_id_from'). + ", ".$db->quoteName('user_id_to').", ".$db->quoteName('date_time'). + ", ".$db->quoteName('subject').", ".$db->quoteName('message').") VALUES "; $messages = array(); foreach ($sendEmail as $userid) { $messages[] = "(".$userid.", ".$userid.", '".$db->toSQLDate($jdate)."', '".JText::_('COM_USERS_MAIL_SEND_FAILURE_SUBJECT')."', '".JText::sprintf('COM_USERS_MAIL_SEND_FAILURE_BODY', $return, $data['username'])."')"; diff --git a/components/com_users/models/remind.php b/components/com_users/models/remind.php index e8925363bbeec..118c34c650da3 100644 --- a/components/com_users/models/remind.php +++ b/components/com_users/models/remind.php @@ -95,8 +95,8 @@ public function processRemindRequest($data) $db = $this->getDbo(); $query = $db->getQuery(true); $query->select('*'); - $query->from($db->nameQuote('#__users')); - $query->where($db->nameQuote('email').' = '.$db->Quote($data['email'])); + $query->from($db->quoteName('#__users')); + $query->where($db->quoteName('email').' = '.$db->Quote($data['email'])); // Get the user id. $db->setQuery((string) $query); diff --git a/components/com_weblinks/models/category.php b/components/com_weblinks/models/category.php index b4947c2f6b504..5c695c7ba1862 100644 --- a/components/com_weblinks/models/category.php +++ b/components/com_weblinks/models/category.php @@ -155,7 +155,7 @@ protected function getListQuery() } // Add the list ordering clause. - $query->order($db->getEscaped($this->getState('list.ordering', 'a.ordering')).' '.$db->getEscaped($this->getState('list.direction', 'ASC'))); + $query->order($db->escape($this->getState('list.ordering', 'a.ordering')).' '.$db->escape($this->getState('list.direction', 'ASC'))); return $query; } diff --git a/installation/models/database.php b/installation/models/database.php index 4175670bdc6a7..5a500262efee8 100644 --- a/installation/models/database.php +++ b/installation/models/database.php @@ -348,7 +348,7 @@ public function backupDatabase(& $db, $name, $prefix) // Get the tables in the database. $db->setQuery( 'SHOW TABLES' . - ' FROM '.$db->nameQuote($name) + ' FROM '.$db->quoteName($name) ); if ($tables = $db->loadResultArray()) { foreach ($tables as $table) @@ -360,7 +360,7 @@ public function backupDatabase(& $db, $name, $prefix) // Drop the backup table. $db->setQuery( - 'DROP TABLE IF EXISTS '.$db->nameQuote($backupTable) + 'DROP TABLE IF EXISTS '.$db->quoteName($backupTable) ); $db->query(); @@ -372,7 +372,7 @@ public function backupDatabase(& $db, $name, $prefix) // Rename the current table to the backup table. $db->setQuery( - 'RENAME TABLE '.$db->nameQuote($table).' TO '.$db->nameQuote($backupTable) + 'RENAME TABLE '.$db->quoteName($table).' TO '.$db->quoteName($backupTable) ); $db->query(); @@ -402,10 +402,10 @@ public function createDatabase(& $db, $name, $utf) { // Build the create database query. if ($utf) { - $query = 'CREATE DATABASE '.$db->nameQuote($name).' CHARACTER SET `utf8`'; + $query = 'CREATE DATABASE '.$db->quoteName($name).' CHARACTER SET `utf8`'; } else { - $query = 'CREATE DATABASE '.$db->nameQuote($name); + $query = 'CREATE DATABASE '.$db->quoteName($name); } // Run the create database query. @@ -437,7 +437,7 @@ public function deleteDatabase(& $db, $name, $prefix) // Get the tables in the database. $db->setQuery( - 'SHOW TABLES FROM '.$db->nameQuote($name) + 'SHOW TABLES FROM '.$db->quoteName($name) ); if ($tables = $db->loadResultArray()) { foreach ($tables as $table) @@ -446,7 +446,7 @@ public function deleteDatabase(& $db, $name, $prefix) if (strpos($table, $prefix) === 0) { // Drop the table. $db->setQuery( - 'DROP TABLE IF EXISTS '.$db->nameQuote($table) + 'DROP TABLE IF EXISTS '.$db->quoteName($table) ); $db->query(); @@ -521,7 +521,7 @@ public function setDatabaseCharset(& $db, $name) if ($db->hasUTF()) { // Run the create database query. $db->setQuery( - 'ALTER DATABASE '.$db->nameQuote($name).' CHARACTER' . + 'ALTER DATABASE '.$db->quoteName($name).' CHARACTER' . ' SET `utf8`' ); $db->query(); diff --git a/modules/mod_languages/helper.php b/modules/mod_languages/helper.php index 3575a0ffb2c27..cf7ec9b85ec86 100644 --- a/modules/mod_languages/helper.php +++ b/modules/mod_languages/helper.php @@ -26,7 +26,7 @@ public static function getList(&$params) $query->select('id'); $query->select('language'); - $query->from($db->nameQuote('#__menu')); + $query->from($db->quoteName('#__menu')); $query->where('home=1'); $db->setQuery($query); $homes = $db->loadObjectList('language'); diff --git a/modules/mod_login/helper.php b/modules/mod_login/helper.php index d8c3eb05d6f9a..cb7c547affafa 100644 --- a/modules/mod_login/helper.php +++ b/modules/mod_login/helper.php @@ -22,10 +22,10 @@ static function getReturnURL($params, $type) $db = JFactory::getDbo(); $query = $db->getQuery(true); - $query->select($db->nameQuote('link')); - $query->from($db->nameQuote('#__menu')); - $query->where($db->nameQuote('published') . '=1'); - $query->where($db->nameQuote('id') . '=' . $db->quote($itemid)); + $query->select($db->quoteName('link')); + $query->from($db->quoteName('#__menu')); + $query->where($db->quoteName('published') . '=1'); + $query->where($db->quoteName('id') . '=' . $db->quote($itemid)); $db->setQuery($query); if ($link = $db->loadResult()) { diff --git a/modules/mod_related_items/helper.php b/modules/mod_related_items/helper.php index e45a13fa6eaf7..ccf82ee553640 100644 --- a/modules/mod_related_items/helper.php +++ b/modules/mod_related_items/helper.php @@ -57,7 +57,7 @@ public static function getList($params) { $key = trim($key); if ($key) { - $likes[] = ',' . $db->getEscaped($key) . ','; // surround with commas so first and last items have surrounding commas + $likes[] = ',' . $db->escape($key) . ','; // surround with commas so first and last items have surrounding commas } } diff --git a/plugins/search/categories/categories.php b/plugins/search/categories/categories.php index 3b1fe04a9d993..fb52bf078f9a9 100644 --- a/plugins/search/categories/categories.php +++ b/plugins/search/categories/categories.php @@ -99,7 +99,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $order = 'a.title DESC'; } - $text = $db->Quote('%'.$db->getEscaped($text, true).'%', false); + $text = $db->Quote('%'.$db->escape($text, true).'%', false); $query = $db->getQuery(true); $return = array(); diff --git a/plugins/search/contacts/contacts.php b/plugins/search/contacts/contacts.php index 7d7e04ff69d38..9096f31140d08 100644 --- a/plugins/search/contacts/contacts.php +++ b/plugins/search/contacts/contacts.php @@ -98,7 +98,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $order = 'a.name DESC'; } - $text = $db->Quote('%'.$db->getEscaped($text, true).'%', false); + $text = $db->Quote('%'.$db->escape($text, true).'%', false); $rows = array(); if (!empty($state)) { diff --git a/plugins/search/content/content.php b/plugins/search/content/content.php index 52a757d47be7d..34ac1902e9110 100644 --- a/plugins/search/content/content.php +++ b/plugins/search/content/content.php @@ -73,7 +73,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $wheres = array(); switch ($phrase) { case 'exact': - $text = $db->Quote('%'.$db->getEscaped($text, true).'%', false); + $text = $db->Quote('%'.$db->escape($text, true).'%', false); $wheres2 = array(); $wheres2[] = 'a.title LIKE '.$text; $wheres2[] = 'a.introtext LIKE '.$text; @@ -89,7 +89,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $words = explode(' ', $text); $wheres = array(); foreach ($words as $word) { - $word = $db->Quote('%'.$db->getEscaped($word, true).'%', false); + $word = $db->Quote('%'.$db->escape($word, true).'%', false); $wheres2 = array(); $wheres2[] = 'a.title LIKE '.$word; $wheres2[] = 'a.introtext LIKE '.$word; diff --git a/plugins/search/newsfeeds/newsfeeds.php b/plugins/search/newsfeeds/newsfeeds.php index 8cb5306ba98da..f9ee25c5baab0 100644 --- a/plugins/search/newsfeeds/newsfeeds.php +++ b/plugins/search/newsfeeds/newsfeeds.php @@ -84,7 +84,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $wheres = array(); switch ($phrase) { case 'exact': - $text = $db->Quote('%'.$db->getEscaped($text, true).'%', false); + $text = $db->Quote('%'.$db->escape($text, true).'%', false); $wheres2 = array(); $wheres2[] = 'a.name LIKE '.$text; $wheres2[] = 'a.link LIKE '.$text; @@ -98,7 +98,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $wheres = array(); foreach ($words as $word) { - $word = $db->Quote('%'.$db->getEscaped($word, true).'%', false); + $word = $db->Quote('%'.$db->escape($word, true).'%', false); $wheres2 = array(); $wheres2[] = 'a.name LIKE '.$word; $wheres2[] = 'a.link LIKE '.$word; diff --git a/plugins/search/weblinks/weblinks.php b/plugins/search/weblinks/weblinks.php index 53ee1d52ee45b..8d163c4ab4e67 100644 --- a/plugins/search/weblinks/weblinks.php +++ b/plugins/search/weblinks/weblinks.php @@ -89,7 +89,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) switch ($phrase) { case 'exact': - $text = $db->Quote('%'.$db->getEscaped($text, true).'%', false); + $text = $db->Quote('%'.$db->escape($text, true).'%', false); $wheres2 = array(); $wheres2[] = 'a.url LIKE '.$text; $wheres2[] = 'a.description LIKE '.$text; @@ -104,7 +104,7 @@ function onContentSearch($text, $phrase='', $ordering='', $areas=null) $wheres = array(); foreach ($words as $word) { - $word = $db->Quote('%'.$db->getEscaped($word, true).'%', false); + $word = $db->Quote('%'.$db->escape($word, true).'%', false); $wheres2 = array(); $wheres2[] = 'a.url LIKE '.$word; $wheres2[] = 'a.description LIKE '.$word;