Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 49563a8

Browse files
taylorotwelltaylorotwell
authored
[6.x] Limit expected bindings (#35865)
* limit expected bindings * limit more bindings
1 parent 4611ba6 commit 49563a8

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

Query/Builder.php

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -698,7 +698,7 @@ public function where($column, $operator = null, $value = null, $boolean = 'and'
698698
);
699699

700700
if (! $value instanceof Expression) {
701-
$this->addBinding($value, 'where');
701+
$this->addBinding(is_array($value) ? head($value) : $value, 'where');
702702
}
703703

704704
return $this;
@@ -1043,7 +1043,7 @@ public function whereBetween($column, array $values, $boolean = 'and', $not = fa
10431043

10441044
$this->wheres[] = compact('type', 'column', 'values', 'boolean', 'not');
10451045

1046-
$this->addBinding($this->cleanBindings($values), 'where');
1046+
$this->addBinding(array_slice($this->cleanBindings($values), 0, 2), 'where');
10471047

10481048
return $this;
10491049
}
@@ -1111,6 +1111,8 @@ public function whereDate($column, $operator, $value = null, $boolean = 'and')
11111111
$value, $operator, func_num_args() === 2
11121112
);
11131113

1114+
$value = is_array($value) ? head($value) : $value;
1115+
11141116
if ($value instanceof DateTimeInterface) {
11151117
$value = $value->format('Y-m-d');
11161118
}
@@ -1150,6 +1152,8 @@ public function whereTime($column, $operator, $value = null, $boolean = 'and')
11501152
$value, $operator, func_num_args() === 2
11511153
);
11521154

1155+
$value = is_array($value) ? head($value) : $value;
1156+
11531157
if ($value instanceof DateTimeInterface) {
11541158
$value = $value->format('H:i:s');
11551159
}
@@ -1189,6 +1193,8 @@ public function whereDay($column, $operator, $value = null, $boolean = 'and')
11891193
$value, $operator, func_num_args() === 2
11901194
);
11911195

1196+
$value = is_array($value) ? head($value) : $value;
1197+
11921198
if ($value instanceof DateTimeInterface) {
11931199
$value = $value->format('d');
11941200
}
@@ -1232,6 +1238,8 @@ public function whereMonth($column, $operator, $value = null, $boolean = 'and')
12321238
$value, $operator, func_num_args() === 2
12331239
);
12341240

1241+
$value = is_array($value) ? head($value) : $value;
1242+
12351243
if ($value instanceof DateTimeInterface) {
12361244
$value = $value->format('m');
12371245
}
@@ -1275,6 +1283,8 @@ public function whereYear($column, $operator, $value = null, $boolean = 'and')
12751283
$value, $operator, func_num_args() === 2
12761284
);
12771285

1286+
$value = is_array($value) ? head($value) : $value;
1287+
12781288
if ($value instanceof DateTimeInterface) {
12791289
$value = $value->format('Y');
12801290
}
@@ -1583,7 +1593,7 @@ public function whereJsonLength($column, $operator, $value = null, $boolean = 'a
15831593
$this->wheres[] = compact('type', 'column', 'operator', 'value', 'boolean');
15841594

15851595
if (! $value instanceof Expression) {
1586-
$this->addBinding($value);
1596+
$this->addBinding((int) $value);
15871597
}
15881598

15891599
return $this;
@@ -1732,7 +1742,7 @@ public function having($column, $operator = null, $value = null, $boolean = 'and
17321742
$this->havings[] = compact('type', 'column', 'operator', 'value', 'boolean');
17331743

17341744
if (! $value instanceof Expression) {
1735-
$this->addBinding($value, 'having');
1745+
$this->addBinding(is_array($value) ? head($value) : $value, 'having');
17361746
}
17371747

17381748
return $this;

0 commit comments

Comments
 (0)