Skip to content

Commit

Permalink
Fixes whereDate, whereDay, whereMonth, whereTime, whereYear
Browse files Browse the repository at this point in the history 
… and `whereJsonLength` to ignore invalid `$operator`

Signed-off-by: Mior Muhammad Zaki <[email protected]>
  • Loading branch information
@crynobone
crynobone committed Sep 9, 2024
1 parent 05a9554 commit 4ff4011
Show file tree
Hide file tree
Showing 3 changed files with 238 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/Illuminate/Database/DBAL/TimestampType.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,14 @@

use Doctrine\DBAL\Exception as DBALException;
use Doctrine\DBAL\Platforms\AbstractPlatform;
use Doctrine\DBAL\Platforms\MariaDb1010Platform;
use Doctrine\DBAL\Platforms\MariaDb1027Platform;
use Doctrine\DBAL\Platforms\MariaDb1052Platform;
use Doctrine\DBAL\Platforms\MariaDb1060Platform;
use Doctrine\DBAL\Platforms\MariaDBPlatform;
use Doctrine\DBAL\Platforms\MySQL57Platform;
use Doctrine\DBAL\Platforms\MySQL80Platform;
use Doctrine\DBAL\Platforms\MySQL84Platform;
use Doctrine\DBAL\Platforms\MySQLPlatform;
use Doctrine\DBAL\Platforms\PostgreSQL100Platform;
use Doctrine\DBAL\Platforms\PostgreSQL94Platform;
Expand All @@ -33,10 +35,12 @@ public function getSQLDeclaration(array $column, AbstractPlatform $platform): st
MySQLPlatform::class,
MySQL57Platform::class,
MySQL80Platform::class,
MySQL84Platform::class,
MariaDBPlatform::class,
MariaDb1027Platform::class,
MariaDb1052Platform::class,
MariaDb1060Platform::class => $this->getMySqlPlatformSQLDeclaration($column),
MariaDb1060Platform::class,
MariaDb1010Platform::class => $this->getMySqlPlatformSQLDeclaration($column),
PostgreSQLPlatform::class,
PostgreSQL94Platform::class,
PostgreSQL100Platform::class => $this->getPostgresPlatformSQLDeclaration($column),
Expand Down
42 changes: 42 additions & 0 deletions src/Illuminate/Database/Query/Builder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1436,6 +1436,13 @@ public function whereDate($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

// If the given operator is not found in the list of valid operators we will
// assume that the developer is just short-cutting the '=' operators and
// we will set the operators to '=' and set the values appropriately.
if ($this->invalidOperator($operator)) {
[$value, $operator] = [$operator, '='];
}

$value = $this->flattenValue($value);

if ($value instanceof DateTimeInterface) {
Expand Down Expand Up @@ -1477,6 +1484,13 @@ public function whereTime($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

// If the given operator is not found in the list of valid operators we will
// assume that the developer is just short-cutting the '=' operators and
// we will set the operators to '=' and set the values appropriately.
if ($this->invalidOperator($operator)) {
[$value, $operator] = [$operator, '='];
}

$value = $this->flattenValue($value);

if ($value instanceof DateTimeInterface) {
Expand Down Expand Up @@ -1518,6 +1532,13 @@ public function whereDay($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

// If the given operator is not found in the list of valid operators we will
// assume that the developer is just short-cutting the '=' operators and
// we will set the operators to '=' and set the values appropriately.
if ($this->invalidOperator($operator)) {
[$value, $operator] = [$operator, '='];
}

$value = $this->flattenValue($value);

if ($value instanceof DateTimeInterface) {
Expand Down Expand Up @@ -1563,6 +1584,13 @@ public function whereMonth($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

// If the given operator is not found in the list of valid operators we will
// assume that the developer is just short-cutting the '=' operators and
// we will set the operators to '=' and set the values appropriately.
if ($this->invalidOperator($operator)) {
[$value, $operator] = [$operator, '='];
}

$value = $this->flattenValue($value);

if ($value instanceof DateTimeInterface) {
Expand Down Expand Up @@ -1608,6 +1636,13 @@ public function whereYear($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

// If the given operator is not found in the list of valid operators we will
// assume that the developer is just short-cutting the '=' operators and
// we will set the operators to '=' and set the values appropriately.
if ($this->invalidOperator($operator)) {
[$value, $operator] = [$operator, '='];
}

$value = $this->flattenValue($value);

if ($value instanceof DateTimeInterface) {
Expand Down Expand Up @@ -1974,6 +2009,13 @@ public function whereJsonLength($column, $operator, $value = null, $boolean = 'a
$value, $operator, func_num_args() === 2
);

// If the given operator is not found in the list of valid operators we will
// assume that the developer is just short-cutting the '=' operators and
// we will set the operators to '=' and set the values appropriately.
if ($this->invalidOperator($operator)) {
[$value, $operator] = [$operator, '='];
}

$this->wheres[] = compact('type', 'column', 'operator', 'value', 'boolean');

if (! $value instanceof ExpressionContract) {
Expand Down
191 changes: 191 additions & 0 deletions tests/Integration/Database/QueryBuilderTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Schema;
use Illuminate\Testing\Assert as PHPUnit;

class QueryBuilderTest extends DatabaseTestCase
{
Expand Down Expand Up @@ -305,66 +306,256 @@ public function testWhereDate()
$this->assertSame(1, DB::table('posts')->whereDate('created_at', new Carbon('2018-01-02'))->count());
}

public function testWhereDateWithInvalidOperator()
{
$sql = DB::table('posts')->whereDate('created_at', '? OR 1=1', '2018-01-02');

PHPUnit::assertArraySubset([
[
'column' => 'created_at',
'type' => 'Date',
'value' => '? OR 1=1',
'boolean' => 'and',
],
], $sql->wheres);

$this->assertSame(0, $sql->count());
}

public function testOrWhereDate()
{
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDate('created_at', '2018-01-02')->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDate('created_at', new Carbon('2018-01-02'))->count());
}

public function testOrWhereDateWithInvalidOperator()
{
$sql = DB::table('posts')->where('id', 1)->orWhereDate('created_at', '? OR 1=1', '2018-01-02');

PHPUnit::assertArraySubset([
[
'column' => 'id',
'type' => 'Basic',
'value' => 1,
'boolean' => 'and',
],
[
'column' => 'created_at',
'type' => 'Date',
'value' => '? OR 1=1',
'boolean' => 'or',
],
], $sql->wheres);

$this->assertSame(1, $sql->count());
}

public function testWhereDay()
{
$this->assertSame(1, DB::table('posts')->whereDay('created_at', '02')->count());
$this->assertSame(1, DB::table('posts')->whereDay('created_at', 2)->count());
$this->assertSame(1, DB::table('posts')->whereDay('created_at', new Carbon('2018-01-02'))->count());
}

public function testWhereDayWithInvalidOperator()
{
$sql = DB::table('posts')->whereDay('created_at', '? OR 1=1', '02');

PHPUnit::assertArraySubset([
[
'column' => 'created_at',
'type' => 'Day',
'value' => '00',
'boolean' => 'and',
],
], $sql->wheres);

$this->assertSame(0, $sql->count());
}

public function testOrWhereDay()
{
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDay('created_at', '02')->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDay('created_at', 2)->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDay('created_at', new Carbon('2018-01-02'))->count());
}

public function testOrWhereDayWithInvalidOperator()
{
$sql = DB::table('posts')->where('id', 1)->orWhereDay('created_at', '? OR 1=1', '02');

PHPUnit::assertArraySubset([
[
'column' => 'id',
'type' => 'Basic',
'value' => 1,
'boolean' => 'and',
],
[
'column' => 'created_at',
'type' => 'Day',
'value' => '00',
'boolean' => 'or',
],
], $sql->wheres);

$this->assertSame(1, $sql->count());
}

public function testWhereMonth()
{
$this->assertSame(1, DB::table('posts')->whereMonth('created_at', '01')->count());
$this->assertSame(1, DB::table('posts')->whereMonth('created_at', 1)->count());
$this->assertSame(1, DB::table('posts')->whereMonth('created_at', new Carbon('2018-01-02'))->count());
}

public function testWhereMonthWithInvalidOperator()
{
$sql = DB::table('posts')->whereMonth('created_at', '? OR 1=1', '01');

PHPUnit::assertArraySubset([
[
'column' => 'created_at',
'type' => 'Month',
'value' => '00',
'boolean' => 'and',
],
], $sql->wheres);

$this->assertSame(0, $sql->count());
}

public function testOrWhereMonth()
{
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereMonth('created_at', '01')->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereMonth('created_at', 1)->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereMonth('created_at', new Carbon('2018-01-02'))->count());
}

public function testOrWhereMonthWithInvalidOperator()
{
$sql = DB::table('posts')->where('id', 1)->orWhereMonth('created_at', '? OR 1=1', '01');

PHPUnit::assertArraySubset([
[
'column' => 'id',
'type' => 'Basic',
'value' => 1,
'boolean' => 'and',
],
[
'column' => 'created_at',
'type' => 'Month',
'value' => '00',
'boolean' => 'or',
],
], $sql->wheres);

$this->assertSame(1, $sql->count());
}

public function testWhereYear()
{
$this->assertSame(1, DB::table('posts')->whereYear('created_at', '2018')->count());
$this->assertSame(1, DB::table('posts')->whereYear('created_at', 2018)->count());
$this->assertSame(1, DB::table('posts')->whereYear('created_at', new Carbon('2018-01-02'))->count());
}

public function testWhereYearWithInvalidOperator()
{
$sql = DB::table('posts')->whereYear('created_at', '? OR 1=1', '2018');

PHPUnit::assertArraySubset([
[
'column' => 'created_at',
'type' => 'Year',
'value' => '? OR 1=1',
'boolean' => 'and',
],
], $sql->wheres);

$this->assertSame(0, $sql->count());
}

public function testOrWhereYear()
{
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereYear('created_at', '2018')->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereYear('created_at', 2018)->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereYear('created_at', new Carbon('2018-01-02'))->count());
}

public function testOrWhereYearWithInvalidOperator()
{
$sql = DB::table('posts')->where('id', 1)->orWhereYear('created_at', '? OR 1=1', '2018');

PHPUnit::assertArraySubset([
[
'column' => 'id',
'type' => 'Basic',
'value' => 1,
'boolean' => 'and',
],
[
'column' => 'created_at',
'type' => 'Year',
'value' => '? OR 1=1',
'boolean' => 'or',
],
], $sql->wheres);

$this->assertSame(1, $sql->count());
}

public function testWhereTime()
{
$this->assertSame(1, DB::table('posts')->whereTime('created_at', '03:04:05')->count());
$this->assertSame(1, DB::table('posts')->whereTime('created_at', new Carbon('2018-01-02 03:04:05'))->count());
}

public function testWhereTimeWithInvalidOperator()
{
$sql = DB::table('posts')->whereTime('created_at', '? OR 1=1', '03:04:05');

PHPUnit::assertArraySubset([
[
'column' => 'created_at',
'type' => 'Time',
'value' => '? OR 1=1',
'boolean' => 'and',
],
], $sql->wheres);

$this->assertSame(0, $sql->count());
}

public function testOrWhereTime()
{
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereTime('created_at', '03:04:05')->count());
$this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereTime('created_at', new Carbon('2018-01-02 03:04:05'))->count());
}

public function testOrWhereTimeWithInvalidOperator()
{
$sql = DB::table('posts')->where('id', 1)->orWhereTime('created_at', '? OR 1=1', '03:04:05');

PHPUnit::assertArraySubset([
[
'column' => 'id',
'type' => 'Basic',
'value' => 1,
'boolean' => 'and',
],
[
'column' => 'created_at',
'type' => 'Time',
'value' => '? OR 1=1',
'boolean' => 'or',
],
], $sql->wheres);

$this->assertSame(1, $sql->count());
}

public function testWhereNested()
{
$results = DB::table('posts')->where('content', 'Lorem Ipsum.')->whereNested(function ($query) {
Expand Down

0 comments on commit 4ff4011

Please sign in to comment.