Fixes whereDate, whereDay, whereMonth, whereTime, whereYear and whereJsonLength to ignore invalid $operator

Signed-off-by: Mior Muhammad Zaki <crynobone@gmail.com>

Author: crynobone

src/Illuminate/Database/DBAL/TimestampType.php

@@ -4,12 +4,14 @@
 
 use Doctrine\DBAL\Exception as DBALException;
 use Doctrine\DBAL\Platforms\AbstractPlatform;
+use Doctrine\DBAL\Platforms\MariaDb1010Platform;
 use Doctrine\DBAL\Platforms\MariaDb1027Platform;
 use Doctrine\DBAL\Platforms\MariaDb1052Platform;
 use Doctrine\DBAL\Platforms\MariaDb1060Platform;
 use Doctrine\DBAL\Platforms\MariaDBPlatform;
 use Doctrine\DBAL\Platforms\MySQL57Platform;
 use Doctrine\DBAL\Platforms\MySQL80Platform;
+use Doctrine\DBAL\Platforms\MySQL84Platform;
 use Doctrine\DBAL\Platforms\MySQLPlatform;
 use Doctrine\DBAL\Platforms\PostgreSQL100Platform;
 use Doctrine\DBAL\Platforms\PostgreSQL94Platform;
@@ -33,10 +35,12 @@ public function getSQLDeclaration(array $column, AbstractPlatform $platform): st
  MySQLPlatform::class,
  MySQL57Platform::class,
  MySQL80Platform::class,
+ MySQL84Platform::class,
  MariaDBPlatform::class,
  MariaDb1027Platform::class,
  MariaDb1052Platform::class,
- MariaDb1060Platform::class => $this->getMySqlPlatformSQLDeclaration($column),
+ MariaDb1060Platform::class,
+ MariaDb1010Platform::class => $this->getMySqlPlatformSQLDeclaration($column),
  PostgreSQLPlatform::class,
  PostgreSQL94Platform::class,
  PostgreSQL100Platform::class => $this->getPostgresPlatformSQLDeclaration($column),

src/Illuminate/Database/Query/Builder.php

@@ -1436,6 +1436,13 @@ public function whereDate($column, $operator, $value = null, $boolean = 'and')
  $value, $operator, func_num_args() === 2
  );
 
+ // If the given operator is not found in the list of valid operators we will
+ // assume that the developer is just short-cutting the '=' operators and
+ // we will set the operators to '=' and set the values appropriately.
+ if ($this->invalidOperator($operator)) {
+ [$value, $operator] = [$operator, '='];
+ }
+
  $value = $this->flattenValue($value);
 
  if ($value instanceof DateTimeInterface) {
@@ -1477,6 +1484,13 @@ public function whereTime($column, $operator, $value = null, $boolean = 'and')
  $value, $operator, func_num_args() === 2
  );
 
+ // If the given operator is not found in the list of valid operators we will
+ // assume that the developer is just short-cutting the '=' operators and
+ // we will set the operators to '=' and set the values appropriately.
+ if ($this->invalidOperator($operator)) {
+ [$value, $operator] = [$operator, '='];
+ }
+
  $value = $this->flattenValue($value);
 
  if ($value instanceof DateTimeInterface) {
@@ -1518,6 +1532,13 @@ public function whereDay($column, $operator, $value = null, $boolean = 'and')
  $value, $operator, func_num_args() === 2
  );
 
+ // If the given operator is not found in the list of valid operators we will
+ // assume that the developer is just short-cutting the '=' operators and
+ // we will set the operators to '=' and set the values appropriately.
+ if ($this->invalidOperator($operator)) {
+ [$value, $operator] = [$operator, '='];
+ }
+
  $value = $this->flattenValue($value);
 
  if ($value instanceof DateTimeInterface) {
@@ -1563,6 +1584,13 @@ public function whereMonth($column, $operator, $value = null, $boolean = 'and')
  $value, $operator, func_num_args() === 2
  );
 
+ // If the given operator is not found in the list of valid operators we will
+ // assume that the developer is just short-cutting the '=' operators and
+ // we will set the operators to '=' and set the values appropriately.
+ if ($this->invalidOperator($operator)) {
+ [$value, $operator] = [$operator, '='];
+ }
+
  $value = $this->flattenValue($value);
 
  if ($value instanceof DateTimeInterface) {
@@ -1608,6 +1636,13 @@ public function whereYear($column, $operator, $value = null, $boolean = 'and')
  $value, $operator, func_num_args() === 2
  );
 
+ // If the given operator is not found in the list of valid operators we will
+ // assume that the developer is just short-cutting the '=' operators and
+ // we will set the operators to '=' and set the values appropriately.
+ if ($this->invalidOperator($operator)) {
+ [$value, $operator] = [$operator, '='];
+ }
+
  $value = $this->flattenValue($value);
 
  if ($value instanceof DateTimeInterface) {
@@ -1974,6 +2009,13 @@ public function whereJsonLength($column, $operator, $value = null, $boolean = 'a
  $value, $operator, func_num_args() === 2
  );
 
+ // If the given operator is not found in the list of valid operators we will
+ // assume that the developer is just short-cutting the '=' operators and
+ // we will set the operators to '=' and set the values appropriately.
+ if ($this->invalidOperator($operator)) {
+ [$value, $operator] = [$operator, '='];
+ }
+
  $this->wheres[] = compact('type', 'column', 'operator', 'value', 'boolean');
 
  if (! $value instanceof ExpressionContract) {

tests/Integration/Database/QueryBuilderTest.php

@@ -9,6 +9,7 @@
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Schema;
+use Illuminate\Testing\Assert as PHPUnit;
 
 class QueryBuilderTest extends DatabaseTestCase
 {
@@ -305,66 +306,256 @@ public function testWhereDate()
  $this->assertSame(1, DB::table('posts')->whereDate('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testWhereDateWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->whereDate('created_at', '? OR 1=1', '2018-01-02');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'created_at',
+ 'type' => 'Date',
+ 'value' => '? OR 1=1',
+ 'boolean' => 'and',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(0, $sql->count());
+ }
+
  public function testOrWhereDate()
  {
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDate('created_at', '2018-01-02')->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDate('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testOrWhereDateWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->where('id', 1)->orWhereDate('created_at', '? OR 1=1', '2018-01-02');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'id',
+ 'type' => 'Basic',
+ 'value' => 1,
+ 'boolean' => 'and',
+ ],
+ [
+ 'column' => 'created_at',
+ 'type' => 'Date',
+ 'value' => '? OR 1=1',
+ 'boolean' => 'or',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(1, $sql->count());
+ }
+
  public function testWhereDay()
  {
  $this->assertSame(1, DB::table('posts')->whereDay('created_at', '02')->count());
  $this->assertSame(1, DB::table('posts')->whereDay('created_at', 2)->count());
  $this->assertSame(1, DB::table('posts')->whereDay('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testWhereDayWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->whereDay('created_at', '? OR 1=1', '02');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'created_at',
+ 'type' => 'Day',
+ 'value' => '00',
+ 'boolean' => 'and',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(0, $sql->count());
+ }
+
  public function testOrWhereDay()
  {
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDay('created_at', '02')->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDay('created_at', 2)->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereDay('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testOrWhereDayWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->where('id', 1)->orWhereDay('created_at', '? OR 1=1', '02');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'id',
+ 'type' => 'Basic',
+ 'value' => 1,
+ 'boolean' => 'and',
+ ],
+ [
+ 'column' => 'created_at',
+ 'type' => 'Day',
+ 'value' => '00',
+ 'boolean' => 'or',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(1, $sql->count());
+ }
+
  public function testWhereMonth()
  {
  $this->assertSame(1, DB::table('posts')->whereMonth('created_at', '01')->count());
  $this->assertSame(1, DB::table('posts')->whereMonth('created_at', 1)->count());
  $this->assertSame(1, DB::table('posts')->whereMonth('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testWhereMonthWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->whereMonth('created_at', '? OR 1=1', '01');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'created_at',
+ 'type' => 'Month',
+ 'value' => '00',
+ 'boolean' => 'and',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(0, $sql->count());
+ }
+
  public function testOrWhereMonth()
  {
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereMonth('created_at', '01')->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereMonth('created_at', 1)->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereMonth('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testOrWhereMonthWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->where('id', 1)->orWhereMonth('created_at', '? OR 1=1', '01');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'id',
+ 'type' => 'Basic',
+ 'value' => 1,
+ 'boolean' => 'and',
+ ],
+ [
+ 'column' => 'created_at',
+ 'type' => 'Month',
+ 'value' => '00',
+ 'boolean' => 'or',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(1, $sql->count());
+ }
+
  public function testWhereYear()
  {
  $this->assertSame(1, DB::table('posts')->whereYear('created_at', '2018')->count());
  $this->assertSame(1, DB::table('posts')->whereYear('created_at', 2018)->count());
  $this->assertSame(1, DB::table('posts')->whereYear('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testWhereYearWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->whereYear('created_at', '? OR 1=1', '2018');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'created_at',
+ 'type' => 'Year',
+ 'value' => '? OR 1=1',
+ 'boolean' => 'and',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(0, $sql->count());
+ }
+
  public function testOrWhereYear()
  {
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereYear('created_at', '2018')->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereYear('created_at', 2018)->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereYear('created_at', new Carbon('2018-01-02'))->count());
  }
 
+ public function testOrWhereYearWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->where('id', 1)->orWhereYear('created_at', '? OR 1=1', '2018');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'id',
+ 'type' => 'Basic',
+ 'value' => 1,
+ 'boolean' => 'and',
+ ],
+ [
+ 'column' => 'created_at',
+ 'type' => 'Year',
+ 'value' => '? OR 1=1',
+ 'boolean' => 'or',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(1, $sql->count());
+ }
+
  public function testWhereTime()
  {
  $this->assertSame(1, DB::table('posts')->whereTime('created_at', '03:04:05')->count());
  $this->assertSame(1, DB::table('posts')->whereTime('created_at', new Carbon('2018-01-02 03:04:05'))->count());
  }
 
+ public function testWhereTimeWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->whereTime('created_at', '? OR 1=1', '03:04:05');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'created_at',
+ 'type' => 'Time',
+ 'value' => '? OR 1=1',
+ 'boolean' => 'and',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(0, $sql->count());
+ }
+
  public function testOrWhereTime()
  {
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereTime('created_at', '03:04:05')->count());
  $this->assertSame(2, DB::table('posts')->where('id', 1)->orWhereTime('created_at', new Carbon('2018-01-02 03:04:05'))->count());
  }
 
+ public function testOrWhereTimeWithInvalidOperator()
+ {
+ $sql = DB::table('posts')->where('id', 1)->orWhereTime('created_at', '? OR 1=1', '03:04:05');
+
+ PHPUnit::assertArraySubset([
+ [
+ 'column' => 'id',
+ 'type' => 'Basic',
+ 'value' => 1,
+ 'boolean' => 'and',
+ ],
+ [
+ 'column' => 'created_at',
+ 'type' => 'Time',
+ 'value' => '? OR 1=1',
+ 'boolean' => 'or',
+ ],
+ ], $sql->wheres);
+
+ $this->assertSame(1, $sql->count());
+ }
+
  public function testWhereNested()
  {
  $results = DB::table('posts')->where('content', 'Lorem Ipsum.')->whereNested(function ($query) {