Merge pull request #8756 from kenjis/fix-BaseConnection-escape-TypeError

kenjis · web-flow · commit 59ec72dbf263 · 2024-04-12T07:44:07.000+09:00
fix: `BaseConnection::escape()` does not accept Stringable
diff --git a/system/Database/BaseConnection.php b/system/Database/BaseConnection.php
@@ -17,6 +17,7 @@
 use CodeIgniter\Database\Exceptions\DatabaseException;
 use CodeIgniter\Events\Events;
 use stdClass;
+use Stringable;
 use Throwable;
 
 /**
@@ -1309,12 +1310,15 @@ public function escape($str)
             return array_map($this->escape(...), $str);
         }
 
-        /** @psalm-suppress NoValue I don't know why ERROR. */
-        if (is_string($str) || (is_object($str) && method_exists($str, '__toString'))) {
+        if ($str instanceof Stringable) {
             if ($str instanceof RawSql) {
                 return $str->__toString();
             }
 
+            $str = (string) $str;
+        }
+
+        if (is_string($str)) {
             return "'" . $this->escapeString($str) . "'";
         }
 
@@ -1328,8 +1332,8 @@ public function escape($str)
     /**
      * Escape String
      *
-     * @param list<string>|string $str  Input string
-     * @param bool                $like Whether or not the string will be used in a LIKE condition
+     * @param list<string|Stringable>|string|Stringable $str  Input string
+     * @param bool                                      $like Whether the string will be used in a LIKE condition
      *
      * @return list<string>|string
      */
@@ -1343,6 +1347,14 @@ public function escapeString($str, bool $like = false)
             return $str;
         }
 
+        if ($str instanceof Stringable) {
+            if ($str instanceof RawSql) {
+                return $str->__toString();
+            }
+
+            $str = (string) $str;
+        }
+
         $str = $this->_escapeString($str);
 
         // escape LIKE condition wildcards
@@ -1371,7 +1383,7 @@ public function escapeString($str, bool $like = false)
      * Calls the individual driver for platform
      * specific escaping for LIKE conditions
      *
-     * @param list<string>|string $str
+     * @param list<string|Stringable>|string|Stringable $str
      *
      * @return list<string>|string
      */
diff --git a/system/Database/Postgre/Connection.php b/system/Database/Postgre/Connection.php
@@ -20,6 +20,7 @@
 use PgSql\Connection as PgSqlConnection;
 use PgSql\Result as PgSqlResult;
 use stdClass;
+use Stringable;
 
 /**
  * Connection for Postgre
@@ -233,20 +234,22 @@ public function escape($str)
             $this->initialize();
         }
 
-        /** @psalm-suppress NoValue I don't know why ERROR. */
-        if (is_string($str) || (is_object($str) && method_exists($str, '__toString'))) {
+        if ($str instanceof Stringable) {
             if ($str instanceof RawSql) {
                 return $str->__toString();
             }
 
+            $str = (string) $str;
+        }
+
+        if (is_string($str)) {
             return pg_escape_literal($this->connID, $str);
         }
 
         if (is_bool($str)) {
             return $str ? 'TRUE' : 'FALSE';
         }
 
-        /** @psalm-suppress NoValue I don't know why ERROR. */
         return parent::escape($str);
     }
 
diff --git a/system/I18n/Time.php b/system/I18n/Time.php
@@ -14,33 +14,34 @@
 namespace CodeIgniter\I18n;
 
 use DateTimeImmutable;
+use Stringable;
 
 /**
  * A localized date/time package inspired
  * by Nesbot/Carbon and CakePHP/Chronos.
  *
  * Requires the intl PHP extension.
  *
- * @property int    $age         read-only
- * @property string $day         read-only
- * @property string $dayOfWeek   read-only
- * @property string $dayOfYear   read-only
- * @property bool   $dst         read-only
- * @property string $hour        read-only
- * @property bool   $local       read-only
- * @property string $minute      read-only
- * @property string $month       read-only
- * @property string $quarter     read-only
- * @property string $second      read-only
- * @property int    $timestamp   read-only
- * @property bool   $utc         read-only
- * @property string $weekOfMonth read-only
- * @property string $weekOfYear  read-only
- * @property string $year        read-only
+ * @property-read int    $age
+ * @property-read string $day
+ * @property-read string $dayOfWeek
+ * @property-read string $dayOfYear
+ * @property-read bool   $dst
+ * @property-read string $hour
+ * @property-read bool   $local
+ * @property-read string $minute
+ * @property-read string $month
+ * @property-read string $quarter
+ * @property-read string $second
+ * @property-read int    $timestamp
+ * @property-read bool   $utc
+ * @property-read string $weekOfMonth
+ * @property-read string $weekOfYear
+ * @property-read string $year
  *
  * @see \CodeIgniter\I18n\TimeTest
  */
-class Time extends DateTimeImmutable
+class Time extends DateTimeImmutable implements Stringable
 {
     use TimeTrait;
 }
diff --git a/tests/system/Database/Live/EscapeTest.php b/tests/system/Database/Live/EscapeTest.php
@@ -14,6 +14,7 @@
 namespace CodeIgniter\Database\Live;
 
 use CodeIgniter\Database\RawSql;
+use CodeIgniter\I18n\Time;
 use CodeIgniter\Test\CIUnitTestCase;
 use CodeIgniter\Test\DatabaseTestTrait;
 
@@ -54,6 +55,14 @@ public function testEscape(): void
         $this->assertSame($expected, $sql);
     }
 
+    public function testEscapeStringable(): void
+    {
+        $expected = "SELECT * FROM brands WHERE name = '2024-01-01 12:00:00'";
+        $sql      = 'SELECT * FROM brands WHERE name = ' . $this->db->escape(new Time('2024-01-01 12:00:00'));
+
+        $this->assertSame($expected, $sql);
+    }
+
     public function testEscapeString(): void
     {
         $expected = "SELECT * FROM brands WHERE name = 'O" . $this->char . "'Doules'";
@@ -62,6 +71,15 @@ public function testEscapeString(): void
         $this->assertSame($expected, $sql);
     }
 
+    public function testEscapeStringStringable(): void
+    {
+        $expected = "SELECT * FROM brands WHERE name = '2024-01-01 12:00:00'";
+        $sql      = "SELECT * FROM brands WHERE name = '"
+            . $this->db->escapeString(new Time('2024-01-01 12:00:00')) . "'";
+
+        $this->assertSame($expected, $sql);
+    }
+
     public function testEscapeLikeString(): void
     {
         $expected = "SELECT * FROM brands WHERE column LIKE '%10!% more%' ESCAPE '!'";
@@ -70,6 +88,15 @@ public function testEscapeLikeString(): void
         $this->assertSame($expected, $sql);
     }
 
+    public function testEscapeLikeStringStringable(): void
+    {
+        $expected = "SELECT * FROM brands WHERE column LIKE '%2024-01-01 12:00:00%' ESCAPE '!'";
+        $sql      = "SELECT * FROM brands WHERE column LIKE '%"
+            . $this->db->escapeLikeString(new Time('2024-01-01 12:00:00')) . "%' ESCAPE '!'";
+
+        $this->assertSame($expected, $sql);
+    }
+
     public function testEscapeLikeStringDirect(): void
     {
         if ($this->db->DBDriver === 'MySQLi') {

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@`
`20`	`20`	`use PgSql\Connection as PgSqlConnection;`
`21`	`21`	`use PgSql\Result as PgSqlResult;`
`22`	`22`	`use stdClass;`
	`23`	`+use Stringable;`
`23`	`24`
`24`	`25`	`/**`
`25`	`26`	`* Connection for Postgre`
`@@ -233,20 +234,22 @@ public function escape($str)`
`233`	`234`	`$this->initialize();`
`234`	`235`	`}`
`235`	`236`
`236`		`- /** @psalm-suppress NoValue I don't know why ERROR. */`
`237`		`- if (is_string($str) \|\| (is_object($str) && method_exists($str, '__toString'))) {`
	`237`	`+ if ($str instanceof Stringable) {`
`238`	`238`	`if ($str instanceof RawSql) {`
`239`	`239`	`return $str->__toString();`
`240`	`240`	`}`
`241`	`241`
	`242`	`+ $str = (string) $str;`
	`243`	`+ }`
	`244`	`+`
	`245`	`+ if (is_string($str)) {`
`242`	`246`	`return pg_escape_literal($this->connID, $str);`
`243`	`247`	`}`
`244`	`248`
`245`	`249`	`if (is_bool($str)) {`
`246`	`250`	`return $str ? 'TRUE' : 'FALSE';`
`247`	`251`	`}`
`248`	`252`
`249`		`- /** @psalm-suppress NoValue I don't know why ERROR. */`
`250`	`253`	`return parent::escape($str);`
`251`	`254`	`}`
`252`	`255`