Issue #2850037 by voleger, shashikant_chauhan, gaurav.kapoor, MerryHamster,...

Issue #2850037 by voleger, shashikant_chauhan, gaurav.kapoor, MerryHamster, xjm: Replace all calls to db_like(), which is deprecated

core/includes/database.inc

@@ -436,6 +436,7 @@ function db_escape_field($field) {
  * @see \Drupal\Core\Database\Connection::escapeLike()
  */
 function db_like($string) {
+  @trigger_error('db_like() is deprecated in Drupal 8.0.x and will be removed before Drupal 9.0.0. Instead, get a database connection injected into your service from the container and call escapeLike() on it. For example, $injected_database->escapeLike($string). See https://www.drupal.org/node/2993033', E_USER_DEPRECATED);
   return Database::getConnection()->escapeLike($string);
 }
 

core/lib/Drupal/Core/Database/Connection.php

@@ -1028,7 +1028,7 @@ public function escapeAlias($field) {
    * @code
    * $result = db_query(
    *   'SELECT * FROM person WHERE name LIKE :pattern',
-   *   array(':pattern' => db_like($prefix) . '%')
+   *   array(':pattern' => $injected_connection->escapeLike($prefix) . '%')
    * );
    * @endcode
    *

core/lib/Drupal/Core/Database/Query/ConditionInterface.php

@@ -31,7 +31,7 @@ interface ConditionInterface {
    * to tell the database that case insensitive equivalence is desired:
    * @code
    * db_select('users')
-   *  ->condition('name', db_like($name), 'LIKE')
+   *  ->condition('name', $injected_connection->escapeLike($name), 'LIKE')
    * @endcode
    * Use 'LIKE BINARY' instead of 'LIKE' for case sensitive queries.
    *

core/modules/locale/src/StringDatabaseStorage.php

@@ -438,7 +438,7 @@ protected function dbStringSelect(array $conditions, array $options = []) {
         $filter = $query;
       }
       foreach ($options['filters'] as $field => $string) {
-        $filter->condition($this->dbFieldTable($field) . '.' . $field, '%' . db_like($string) . '%', 'LIKE');
+        $filter->condition($this->dbFieldTable($field) . '.' . $field, '%' . $this->connection->escapeLike($string) . '%', 'LIKE');
       }
     }
 

core/modules/views/src/Plugin/views/display/EntityReference.php

@@ -2,7 +2,9 @@
 
 namespace Drupal\views\Plugin\views\display;
 
+use Drupal\Core\Database\Connection;
 use Drupal\Core\Database\Query\Condition;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
  * The plugin that handles an EntityReference display.
@@ -41,6 +43,42 @@ class EntityReference extends DisplayPluginBase {
    */
   protected $usesAttachments = FALSE;
 
+  /**
+   * The database connection.
+   *
+   * @var \Drupal\Core\Database\Connection
+   */
+  protected $connection;
+
+  /**
+   * Constructs a new EntityReference object.
+   *
+   * @param array $configuration
+   *   A configuration array containing information about the plugin instance.
+   * @param string $plugin_id
+   *   The plugin_id for the plugin instance.
+   * @param mixed $plugin_definition
+   *   The plugin implementation definition.
+   * @param \Drupal\Core\Database\Connection $connection
+   *   The database connection.
+   */
+  public function __construct(array $configuration, $plugin_id, $plugin_definition, Connection $connection) {
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
+    $this->connection = $connection;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+    return new static(
+      $configuration,
+      $plugin_id,
+      $plugin_definition,
+      $container->get('database')
+    );
+  }
+
   /**
    * {@inheritdoc}
    */
@@ -123,7 +161,7 @@ public function query() {
     // Restrict the autocomplete options based on what's been typed already.
     if (isset($options['match'])) {
       $style_options = $this->getOption('style');
-      $value = db_like($options['match']);
+      $value = $this->connection->escapeLike($options['match']);
       if ($options['match_operator'] !== '=') {
         $value = $value . '%';
         if ($options['match_operator'] != 'STARTS_WITH') {

core/modules/views/src/Plugin/views/filter/Combine.php

@@ -3,7 +3,6 @@
 namespace Drupal\views\Plugin\views\filter;
 
 use Drupal\Core\Form\FormStateInterface;
-use Drupal\Core\Database\Database;
 
 /**
  * Filter handler which allows to search on multiple fields.
@@ -136,7 +135,7 @@ public function opEqual($expression) {
 
   protected function opContains($expression) {
     $placeholder = $this->placeholder();
-    $this->query->addWhereExpression($this->options['group'], "$expression LIKE $placeholder", [$placeholder => '%' . db_like($this->value) . '%']);
+    $this->query->addWhereExpression($this->options['group'], "$expression LIKE $placeholder", [$placeholder => '%' . $this->connection->escapeLike($this->value) . '%']);
   }
 
   /**
@@ -162,40 +161,40 @@ protected function opContainsWord($expression) {
     // Switch between the 'word' and 'allwords' operator.
     $type = $this->operator == 'word' ? 'OR' : 'AND';
     $group = $this->query->setWhereGroup($type);
-    $operator = Database::getConnection()->mapConditionOperator('LIKE');
+    $operator = $this->connection->mapConditionOperator('LIKE');
     $operator = isset($operator['operator']) ? $operator['operator'] : 'LIKE';
 
     foreach ($matches as $match_key => $match) {
       $temp_placeholder = $placeholder . '_' . $match_key;
       // Clean up the user input and remove the sentence delimiters.
       $word = trim($match[2], ',?!();:-"');
-      $this->query->addWhereExpression($group, "$expression $operator $temp_placeholder", [$temp_placeholder => '%' . Database::getConnection()->escapeLike($word) . '%']);
+      $this->query->addWhereExpression($group, "$expression $operator $temp_placeholder", [$temp_placeholder => '%' . $this->connection->escapeLike($word) . '%']);
     }
   }
 
   protected function opStartsWith($expression) {
     $placeholder = $this->placeholder();
-    $this->query->addWhereExpression($this->options['group'], "$expression LIKE $placeholder", [$placeholder => db_like($this->value) . '%']);
+    $this->query->addWhereExpression($this->options['group'], "$expression LIKE $placeholder", [$placeholder => $this->connection->escapeLike($this->value) . '%']);
   }
 
   protected function opNotStartsWith($expression) {
     $placeholder = $this->placeholder();
-    $this->query->addWhereExpression($this->options['group'], "$expression NOT LIKE $placeholder", [$placeholder => db_like($this->value) . '%']);
+    $this->query->addWhereExpression($this->options['group'], "$expression NOT LIKE $placeholder", [$placeholder => $this->connection->escapeLike($this->value) . '%']);
   }
 
   protected function opEndsWith($expression) {
     $placeholder = $this->placeholder();
-    $this->query->addWhereExpression($this->options['group'], "$expression LIKE $placeholder", [$placeholder => '%' . db_like($this->value)]);
+    $this->query->addWhereExpression($this->options['group'], "$expression LIKE $placeholder", [$placeholder => '%' . $this->connection->escapeLike($this->value)]);
   }
 
   protected function opNotEndsWith($expression) {
     $placeholder = $this->placeholder();
-    $this->query->addWhereExpression($this->options['group'], "$expression NOT LIKE $placeholder", [$placeholder => '%' . db_like($this->value)]);
+    $this->query->addWhereExpression($this->options['group'], "$expression NOT LIKE $placeholder", [$placeholder => '%' . $this->connection->escapeLike($this->value)]);
   }
 
   protected function opNotLike($expression) {
     $placeholder = $this->placeholder();
-    $this->query->addWhereExpression($this->options['group'], "$expression NOT LIKE $placeholder", [$placeholder => '%' . db_like($this->value) . '%']);
+    $this->query->addWhereExpression($this->options['group'], "$expression NOT LIKE $placeholder", [$placeholder => '%' . $this->connection->escapeLike($this->value) . '%']);
   }
 
   protected function opRegex($expression) {

core/modules/views/src/Plugin/views/filter/StringFilter.php

@@ -2,8 +2,10 @@
 
 namespace Drupal\views\Plugin\views\filter;
 
+use Drupal\Core\Database\Connection;
 use Drupal\Core\Database\Query\Condition;
 use Drupal\Core\Form\FormStateInterface;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
  * Basic textfield filter to handle string filtering commands
@@ -23,6 +25,42 @@ class StringFilter extends FilterPluginBase {
   // exposed filter options
   protected $alwaysMultiple = TRUE;
 
+  /**
+   * The database connection.
+   *
+   * @var \Drupal\Core\Database\Connection
+   */
+  protected $connection;
+
+  /**
+   * Constructs a new EntityReference object.
+   *
+   * @param array $configuration
+   *   A configuration array containing information about the plugin instance.
+   * @param string $plugin_id
+   *   The plugin_id for the plugin instance.
+   * @param mixed $plugin_definition
+   *   The plugin implementation definition.
+   * @param \Drupal\Core\Database\Connection $connection
+   *   The database connection.
+   */
+  public function __construct(array $configuration, $plugin_id, $plugin_definition, Connection $connection) {
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
+    $this->connection = $connection;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
+    return new static(
+      $configuration,
+      $plugin_id,
+      $plugin_definition,
+      $container->get('database')
+    );
+  }
+
   protected function defineOptions() {
     $options = parent::defineOptions();
 
@@ -288,7 +326,7 @@ public function opEqual($field) {
   }
 
   protected function opContains($field) {
-    $this->query->addWhere($this->options['group'], $field, '%' . db_like($this->value) . '%', 'LIKE');
+    $this->query->addWhere($this->options['group'], $field, '%' . $this->connection->escapeLike($this->value) . '%', 'LIKE');
   }
 
   protected function opContainsWord($field) {
@@ -310,7 +348,7 @@ protected function opContainsWord($field) {
       $words = trim($match[2], ',?!();:-');
       $words = $phrase ? [$words] : preg_split('/ /', $words, -1, PREG_SPLIT_NO_EMPTY);
       foreach ($words as $word) {
-        $where->condition($field, '%' . db_like(trim($word, " ,!?")) . '%', 'LIKE');
+        $where->condition($field, '%' . $this->connection->escapeLike(trim($word, " ,!?")) . '%', 'LIKE');
       }
     }
 
@@ -324,23 +362,23 @@ protected function opContainsWord($field) {
   }
 
   protected function opStartsWith($field) {
-    $this->query->addWhere($this->options['group'], $field, db_like($this->value) . '%', 'LIKE');
+    $this->query->addWhere($this->options['group'], $field, $this->connection->escapeLike($this->value) . '%', 'LIKE');
   }
 
   protected function opNotStartsWith($field) {
-    $this->query->addWhere($this->options['group'], $field, db_like($this->value) . '%', 'NOT LIKE');
+    $this->query->addWhere($this->options['group'], $field, $this->connection->escapeLike($this->value) . '%', 'NOT LIKE');
   }
 
   protected function opEndsWith($field) {
-    $this->query->addWhere($this->options['group'], $field, '%' . db_like($this->value), 'LIKE');
+    $this->query->addWhere($this->options['group'], $field, '%' . $this->connection->escapeLike($this->value), 'LIKE');
   }
 
   protected function opNotEndsWith($field) {
-    $this->query->addWhere($this->options['group'], $field, '%' . db_like($this->value), 'NOT LIKE');
+    $this->query->addWhere($this->options['group'], $field, '%' . $this->connection->escapeLike($this->value), 'NOT LIKE');
   }
 
   protected function opNotLike($field) {
-    $this->query->addWhere($this->options['group'], $field, '%' . db_like($this->value) . '%', 'NOT LIKE');
+    $this->query->addWhere($this->options['group'], $field, '%' . $this->connection->escapeLike($this->value) . '%', 'NOT LIKE');
   }
 
   protected function opShorterThan($field) {

core/tests/Drupal/KernelTests/Core/Database/BasicSyntaxTest.php

@@ -91,7 +91,7 @@ public function testLikeEscape() {
     $this->assertIdentical($num_matches, '2', 'Found 2 records.');
     // Match only "Ring_" using a LIKE expression with no wildcards.
     $num_matches = db_select('test', 't')
-      ->condition('name', db_like('Ring_'), 'LIKE')
+      ->condition('name', $this->connection->escapeLike('Ring_'), 'LIKE')
       ->countQuery()
       ->execute()
       ->fetchField();
@@ -122,7 +122,7 @@ public function testLikeBackslash() {
     $this->assertIdentical($num_matches, '2', 'Found 2 records.');
     // Match only the former using a LIKE expression with no wildcards.
     $num_matches = db_select('test', 't')
-      ->condition('name', db_like('abc%\_'), 'LIKE')
+      ->condition('name', $this->connection->escapeLike('abc%\_'), 'LIKE')
       ->countQuery()
       ->execute()
       ->fetchField();

core/tests/Drupal/KernelTests/Core/Database/DatabaseLegacyTest.php

@@ -302,6 +302,15 @@ public function testDbEscapeField() {
     $this->assertNotNull(db_escape_field('test'));
   }
 
+  /**
+   * Tests deprecation of the db_like() function.
+   *
+   * @expectedDeprecation db_like() is deprecated in Drupal 8.0.x and will be removed before Drupal 9.0.0. Instead, get a database connection injected into your service from the container and call escapeLike() on it. For example, $injected_database->escapeLike($string). See https://www.drupal.org/node/2993033
+   */
+  public function testDbLike() {
+    $this->assertSame('test\%', db_like('test%'));
+  }
+
   /**
    * Tests deprecation of the db_escape_table() function.
    *