Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator #52704

Merged
merged 8 commits into from
Sep 9, 2024
Merged

[10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator #52704

merged 8 commits into from
Sep 9, 2024

Conversation

crynobone
Copy link
Member

No description provided.

@crynobone crynobone force-pushed the where-invalid-operator branch from 5a92005 to f303beb Compare September 9, 2024 08:45
@crynobone
Fixes whereDate, whereDay, whereMonth, whereTime, whereYear
4ff4011 
… and `whereJsonLength` to ignore invalid `$operator`

Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone crynobone force-pushed the where-invalid-operator branch from ea2559e to 4ff4011 Compare September 9, 2024 09:11
@crynobone
wip
91957aa 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone
wip
d885a18 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone
wip
29ad954 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone
wip
a533e81 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone
wip
c02180e 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone
wip
859df7c 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone
wip
05c495a 
Signed-off-by: Mior Muhammad Zaki <[email protected]>
@crynobone crynobone changed the title Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator [10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator Sep 9, 2024
GrahamCampbell
GrahamCampbell reviewed Sep 9, 2024
View reviewed changes
src/Illuminate/Database/DBAL/TimestampType.php
@@ -33,13 +36,16 @@ public function getSQLDeclaration(array $column, AbstractPlatform $platform): st
MySQLPlatform::class,
MySQL57Platform::class,
MySQL80Platform::class,
MySQL84Platform::class,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we move these changes to a separate PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

10.x is currently on security only updates.

@rodrigopedra
Copy link
Contributor

Mind if I ask why? Or what is this trying to solve?

Isn't it better to throw an InvalidArgumentException?

I mean, if a particular DBMS supports an operator not listed as valid within the class, I guess the developer would be surprised by this behavior.

@GrahamCampbell
Copy link
Member

Mind if I ask why? Or what is this trying to solve?

I assume the issue is SQL injection, where the operator comes from user input? We have a similar fallback system for when an invalid sort direction is passed to order by, for example.

@Jubeki Jubeki mentioned this pull request Sep 9, 2024
Closed
@taylorotwell taylorotwell merged commit 80cdd87 into 10.x Sep 9, 2024
23 of 25 checks passed
@taylorotwell taylorotwell deleted the where-invalid-operator branch September 9, 2024 13:54
@renovate renovate bot mentioned this pull request Oct 10, 2024
Merged
1 task
This was referenced Nov 19, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GrahamCampbell GrahamCampbell GrahamCampbell left review comments

Assignees

@taylorotwell taylorotwell

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@crynobone @rodrigopedra @GrahamCampbell @taylorotwell