diff --git a/libraries/src/Form/Field/AliastagField.php b/libraries/src/Form/Field/AliastagField.php index 4521aa3b3cecb..a9638676d3b65 100644 --- a/libraries/src/Form/Field/AliastagField.php +++ b/libraries/src/Form/Field/AliastagField.php @@ -41,8 +41,13 @@ protected function getOptions() // Get list of tag type alias $db = Factory::getDbo(); $query = $db->getQuery(true) - ->select('Distinct type_alias AS value, type_alias AS text') - ->from('#__contentitem_tag_map'); + ->select( + [ + 'DISTINCT ' . $db->quoteName('type_alias', 'value'), + $db->quoteName('type_alias', 'text'), + ] + ) + ->from($db->quoteName('#__contentitem_tag_map')); $db->setQuery($query); $options = $db->loadObjectList(); diff --git a/libraries/src/Form/Field/AuthorField.php b/libraries/src/Form/Field/AuthorField.php index fefb699ae18bb..87e16aa0e6cca 100644 --- a/libraries/src/Form/Field/AuthorField.php +++ b/libraries/src/Form/Field/AuthorField.php @@ -55,11 +55,21 @@ protected function getOptions() // Construct the query $query = $db->getQuery(true) - ->select('u.id AS value, u.name AS text') - ->from('#__users AS u') - ->join('INNER', '#__content AS c ON c.created_by = u.id') - ->group('u.id, u.name') - ->order('u.name'); + ->select( + [ + $db->quoteName('u.id', 'value'), + $db->quoteName('u.name', 'text'), + ] + ) + ->from($db->quoteName('#__users', 'u')) + ->join('INNER', $db->quoteName('#__content', 'c'), $db->quoteName('c.created_by') . ' = ' . $db->quoteName('u.id')) + ->group( + [ + $db->quoteName('u.id'), + $db->quoteName('u.name'), + ] + ) + ->order($db->quoteName('u.name')); // Setup the query $db->setQuery($query); diff --git a/libraries/src/Form/Field/ChromestyleField.php b/libraries/src/Form/Field/ChromestyleField.php index 34e49fff67e51..5532fc964c2d0 100644 --- a/libraries/src/Form/Field/ChromestyleField.php +++ b/libraries/src/Form/Field/ChromestyleField.php @@ -16,6 +16,7 @@ use Joomla\CMS\Form\Form; use Joomla\CMS\HTML\HTMLHelper; use Joomla\CMS\Language\Text; +use Joomla\Database\ParameterType; /** * Chrome Styles field. @@ -75,7 +76,7 @@ public function __set($name, $value) switch ($name) { case 'clientId': - $this->clientId = (string) $value; + $this->clientId = (int) $value; break; default: @@ -234,11 +235,21 @@ protected function getTemplates() $query = $db->getQuery(true); // Build the query. - $query->select('element, name') - ->from('#__extensions') - ->where('client_id = ' . $this->clientId) - ->where('type = ' . $db->quote('template')) - ->where('enabled = 1'); + $query->select( + [ + $db->quoteName('element'), + $db->quoteName('name'), + ] + ) + ->from($db->quoteName('#__extensions')) + ->where( + [ + $db->quoteName('client_id') . ' = :clientId', + $db->quoteName('type') . ' = ' . $db->quote('template'), + $db->quoteName('enabled') . ' = 1', + ] + ) + ->bind(':clientId', $this->clientId, ParameterType::INTEGER); // Set the query and load the templates. $db->setQuery($query); diff --git a/libraries/src/Form/Field/ComponentlayoutField.php b/libraries/src/Form/Field/ComponentlayoutField.php index a5b19846af09e..42825e3e70149 100644 --- a/libraries/src/Form/Field/ComponentlayoutField.php +++ b/libraries/src/Form/Field/ComponentlayoutField.php @@ -18,6 +18,7 @@ use Joomla\CMS\Form\FormField; use Joomla\CMS\HTML\HTMLHelper; use Joomla\CMS\Language\Text; +use Joomla\Database\ParameterType; /** * Form Field to display a list of the layouts for a component view from @@ -69,12 +70,12 @@ protected function getInput() $template = (string) $this->element['template']; $template = preg_replace('#\W#', '', $template); - $template_style_id = ''; + $template_style_id = 0; if ($this->form instanceof Form) { $template_style_id = $this->form->getValue('template_style_id'); - $template_style_id = preg_replace('#\W#', '', $template_style_id); + $template_style_id = (int) preg_replace('#\W#', '', $template_style_id); } $view = (string) $this->element['view']; @@ -93,21 +94,33 @@ protected function getInput() $query = $db->getQuery(true); // Build the query. - $query->select('e.element, e.name') - ->from('#__extensions as e') - ->where('e.client_id = ' . (int) $clientId) - ->where('e.type = ' . $db->quote('template')) - ->where('e.enabled = 1'); + $query->select( + [ + $db->quoteName('e.element'), + $db->quoteName('e.name'), + ] + ) + ->from($db->quoteName('#__extensions', 'e')) + ->where( + [ + $db->quoteName('e.client_id') . ' = :clientId', + $db->quoteName('e.type') . ' = ' . $db->quote('template'), + $db->quoteName('e.enabled') . ' = 1', + ] + ) + ->bind(':clientId', $clientId, ParameterType::INTEGER); if ($template) { - $query->where('e.element = ' . $db->quote($template)); + $query->where($db->quoteName('e.element') . ' = :template') + ->bind(':template', $template); } if ($template_style_id) { - $query->join('LEFT', '#__template_styles as s on s.template=e.element') - ->where('s.id=' . (int) $template_style_id); + $query->join('LEFT', $db->quoteName('#__template_styles', 's'), $db->quoteName('s.template') . ' = ' . $db->quoteName('e.element')) + ->where($db->quoteName('s.id') . ' = :style') + ->bind(':style', $template_style_id, ParameterType::INTEGER); } // Set the query and load the templates. diff --git a/libraries/src/Form/Field/ComponentsField.php b/libraries/src/Form/Field/ComponentsField.php index b56372afad604..7c7d3f94f8e7b 100644 --- a/libraries/src/Form/Field/ComponentsField.php +++ b/libraries/src/Form/Field/ComponentsField.php @@ -40,10 +40,19 @@ protected function getOptions() { $db = Factory::getDbo(); $query = $db->getQuery(true) - ->select('name AS text, element AS value') - ->from('#__extensions') - ->where('enabled >= 1') - ->where('type =' . $db->quote('component')); + ->select( + [ + $db->quoteName('name', 'text'), + $db->quoteName('element', 'value'), + ] + ) + ->from($db->quoteName('#__extensions')) + ->where( + [ + $db->quoteName('enabled') . ' >= 1', + $db->quoteName('type') . ' = ' . $db->quote('component'), + ] + ); $items = $db->setQuery($query)->loadObjectList(); diff --git a/libraries/src/Form/Field/ContenttypeField.php b/libraries/src/Form/Field/ContenttypeField.php index 2ef6764b7b59e..6b7a63164f98e 100644 --- a/libraries/src/Form/Field/ContenttypeField.php +++ b/libraries/src/Form/Field/ContenttypeField.php @@ -65,10 +65,15 @@ protected function getOptions() $lang = Factory::getLanguage(); $db = Factory::getDbo(); $query = $db->getQuery(true) - ->select('a.type_id AS value, a.type_title AS text, a.type_alias AS alias') - ->from('#__content_types AS a') - - ->order('a.type_title ASC'); + ->select( + [ + $db->quoteName('a.type_id', 'value'), + $db->quoteName('a.type_title', 'text'), + $db->quoteName('a.type_alias', 'alias'), + ] + ) + ->from($db->quoteName('#__content_types', 'a')) + ->order($db->quoteName('a.type_title') . ' ASC'); // Get the options. $db->setQuery($query); diff --git a/libraries/src/Form/Field/EditorField.php b/libraries/src/Form/Field/EditorField.php index f0992b2c68e13..bdcc184c62822 100644 --- a/libraries/src/Form/Field/EditorField.php +++ b/libraries/src/Form/Field/EditorField.php @@ -286,19 +286,27 @@ protected function getEditor() // Get the database object. $db = Factory::getDbo(); + // Build the query. + $query = $db->getQuery(true) + ->select($db->quoteName('element')) + ->from($db->quoteName('#__extensions')) + ->where( + [ + $db->quoteName('element') . ' = :editor', + $db->quoteName('folder') . ' = ' . $db->quote('editors'), + $db->quoteName('enabled') . ' = 1', + ] + ); + + // Declare variable before binding. + $element = ''; + $query->bind(':editor', $element); + $query->setLimit(1); + // Iterate over the types looking for an existing editor. foreach ($types as $element) { - // Build the query. - $query = $db->getQuery(true) - ->select('element') - ->from('#__extensions') - ->where('element = ' . $db->quote($element)) - ->where('folder = ' . $db->quote('editors')) - ->where('enabled = 1'); - - // Check of the editor exists. - $query->setLimit(1); + // Check if the editor exists. $db->setQuery($query); $editor = $db->loadResult();