From 5af6105ea77d1647dffa468bc5998d97a2844a8e Mon Sep 17 00:00:00 2001
From: Sitawit Suteepohnwiroj <sitawit@gmail.com>
Date: Thu, 16 Jul 2015 15:53:35 +0700
Subject: [PATCH] Fixes #9127, Fixes #9128: Fixed MSSQL
 `QueryBuilder::renameColumn()` and `QueryBuilder::renameTable()` escaping

---
 framework/CHANGELOG.md              |  1 +
 framework/db/mssql/QueryBuilder.php | 15 +++++++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index 0fad24230f..7c5560c269 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -24,6 +24,7 @@ Yii Framework 2 Change Log
 - Bug #8772: ActiveQuery failed removing duplicate records after join when the resultset did not contain the pk values e.g. after grouping (cebe)
 - Bug #8900: Fixed determine active menu item with url-alias in route `\yii\widgets\Menu::isItemActive()` (demi)
 - Bug #9046: Fixed problem with endless error loop when an error occurred after sending a stream or file download response to the user (cebe)
+- Bug #9127, #9128: Fixed MSSQL `QueryBuilder::renameColumn()` and `QueryBuilder::renameTable()` escaping (sitawit)
 - Bug: Fixed string comparison in `BaseActiveRecord::unlink()` which may result in wrong comparison result for hash valued primary keys starting with `0e` (cebe)
 - Bug: Pass correct action name to `yii\console\Controller::options()` when default action was requested (cebe)
 - Bug: Automatic garbage collection in `yii\caching\FileCache` was not triggered (kidol)
diff --git a/framework/db/mssql/QueryBuilder.php b/framework/db/mssql/QueryBuilder.php
index f3df81879f..f26a9544de 100644
--- a/framework/db/mssql/QueryBuilder.php
+++ b/framework/db/mssql/QueryBuilder.php
@@ -119,25 +119,28 @@ class QueryBuilder extends \yii\db\QueryBuilder
 
     /**
      * Builds a SQL statement for renaming a DB table.
-     * @param string $table the table to be renamed. The name will be properly quoted by the method.
+     * @param string $oldName the table to be renamed. The name will be properly quoted by the method.
      * @param string $newName the new table name. The name will be properly quoted by the method.
      * @return string the SQL statement for renaming a DB table.
      */
-    public function renameTable($table, $newName)
+    public function renameTable($oldName, $newName)
     {
-        return "sp_rename '$table', '$newName'";
+        return 'sp_rename ' . $this->db->quoteTableName($oldName) . ', ' . $this->db->quoteTableName($newName);
     }
 
     /**
      * Builds a SQL statement for renaming a column.
      * @param string $table the table whose column is to be renamed. The name will be properly quoted by the method.
-     * @param string $name the old name of the column. The name will be properly quoted by the method.
+     * @param string $oldName the old name of the column. The name will be properly quoted by the method.
      * @param string $newName the new name of the column. The name will be properly quoted by the method.
      * @return string the SQL statement for renaming a DB column.
      */
-    public function renameColumn($table, $name, $newName)
+    public function renameColumn($table, $oldName, $newName)
     {
-        return "sp_rename '$table.$name', '$newName', 'COLUMN'";
+        $table = $this->db->quoteTableName($table);
+        $oldName = $this->db->quoteColumnName($oldName);
+        $newName = $this->db->quoteColumnName($newName);
+        return "sp_rename '{$table}.{$oldName}', {$newName}, 'COLUMN'";
     }
 
     /**