Skip to content

Commit

Permalink
[6.x] Limit expected bindings (#35865)
Browse files Browse the repository at this point in the history
* limit expected bindings

* limit more bindings
  • Loading branch information
taylorotwell authored Jan 13, 2021
1 parent 4611ba6 commit 49563a8
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions Query/Builder.php
Original file line number Diff line number Diff line change
Expand Up @@ -698,7 +698,7 @@ public function where($column, $operator = null, $value = null, $boolean = 'and'
);

if (! $value instanceof Expression) {
$this->addBinding($value, 'where');
$this->addBinding(is_array($value) ? head($value) : $value, 'where');
}

return $this;
Expand Down Expand Up @@ -1043,7 +1043,7 @@ public function whereBetween($column, array $values, $boolean = 'and', $not = fa

$this->wheres[] = compact('type', 'column', 'values', 'boolean', 'not');

$this->addBinding($this->cleanBindings($values), 'where');
$this->addBinding(array_slice($this->cleanBindings($values), 0, 2), 'where');

return $this;
}
Expand Down Expand Up @@ -1111,6 +1111,8 @@ public function whereDate($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;

if ($value instanceof DateTimeInterface) {
$value = $value->format('Y-m-d');
}
Expand Down Expand Up @@ -1150,6 +1152,8 @@ public function whereTime($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;

if ($value instanceof DateTimeInterface) {
$value = $value->format('H:i:s');
}
Expand Down Expand Up @@ -1189,6 +1193,8 @@ public function whereDay($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;

if ($value instanceof DateTimeInterface) {
$value = $value->format('d');
}
Expand Down Expand Up @@ -1232,6 +1238,8 @@ public function whereMonth($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;

if ($value instanceof DateTimeInterface) {
$value = $value->format('m');
}
Expand Down Expand Up @@ -1275,6 +1283,8 @@ public function whereYear($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;

if ($value instanceof DateTimeInterface) {
$value = $value->format('Y');
}
Expand Down Expand Up @@ -1583,7 +1593,7 @@ public function whereJsonLength($column, $operator, $value = null, $boolean = 'a
$this->wheres[] = compact('type', 'column', 'operator', 'value', 'boolean');

if (! $value instanceof Expression) {
$this->addBinding($value);
$this->addBinding((int) $value);
}

return $this;
Expand Down Expand Up @@ -1732,7 +1742,7 @@ public function having($column, $operator = null, $value = null, $boolean = 'and
$this->havings[] = compact('type', 'column', 'operator', 'value', 'boolean');

if (! $value instanceof Expression) {
$this->addBinding($value, 'having');
$this->addBinding(is_array($value) ? head($value) : $value, 'having');
}

return $this;
Expand Down

0 comments on commit 49563a8

Please # to comment.