fix: do not allow bool as $id

kenjis · kenjis · commit 2ffbbbb3123a · 2022-12-09T08:37:13.000+09:00
diff --git a/system/BaseModel.php b/system/BaseModel.php
@@ -899,6 +899,10 @@ public function insertBatch(?array $set = null, ?bool $escape = null, int $batch
      */
     public function update($id = null, $data = null): bool
     {
+        if (is_bool($id)) {
+            throw new InvalidArgumentException('$id should not be boolean.');
+        }
+
         if (is_numeric($id) || is_string($id)) {
             $id = [$id];
         }
@@ -1037,6 +1041,10 @@ public function updateBatch(?array $set = null, ?string $index = null, int $batc
      */
     public function delete($id = null, bool $purge = false)
     {
+        if (is_bool($id)) {
+            throw new InvalidArgumentException('$id should not be boolean.');
+        }
+
         if ($id && (is_numeric($id) || is_string($id))) {
             $id = [$id];
         }
diff --git a/tests/system/Models/UpdateModelTest.php b/tests/system/Models/UpdateModelTest.php
@@ -15,6 +15,7 @@
 use CodeIgniter\Database\Exceptions\DataException;
 use CodeIgniter\Entity\Entity;
 use Generator;
+use InvalidArgumentException;
 use stdClass;
 use Tests\Support\Models\EventModel;
 use Tests\Support\Models\JobModel;
@@ -386,12 +387,10 @@ public function testUpdateWithSetAndEscape(): void
      *
      * @param false|null $id
      */
-    public function testUpdateThrowDatabaseExceptionWithoutWhereClause($id): void
+    public function testUpdateThrowDatabaseExceptionWithoutWhereClause($id, string $exception, string $exceptionMessage): void
     {
-        $this->expectException(DatabaseException::class);
-        $this->expectExceptionMessage(
-            'Updates are not allowed unless they contain a "where" or "like" clause.'
-        );
+        $this->expectException($exception);
+        $this->expectExceptionMessage($exceptionMessage);
 
         // $useSoftDeletes = false
         $this->createModel(JobModel::class);
@@ -402,8 +401,16 @@ public function testUpdateThrowDatabaseExceptionWithoutWhereClause($id): void
     public function provideInvalidIds(): Generator
     {
         yield from [
-            [null],
-            [false],
+            [
+                null,
+                DatabaseException::class,
+                'Updates are not allowed unless they contain a "where" or "like" clause.',
+            ],
+            [
+                false,
+                InvalidArgumentException::class,
+                '$id should not be boolean.',
+            ],
         ];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -899,6 +899,10 @@ public function insertBatch(?array $set = null, ?bool $escape = null, int $batch`
`899`	`899`	`*/`
`900`	`900`	`public function update($id = null, $data = null): bool`
`901`	`901`	`{`
	`902`	`+ if (is_bool($id)) {`
	`903`	`+ throw new InvalidArgumentException('$id should not be boolean.');`
	`904`	`+ }`
	`905`	`+`
`902`	`906`	`if (is_numeric($id) \|\| is_string($id)) {`
`903`	`907`	`$id = [$id];`
`904`	`908`	`}`
`@@ -1037,6 +1041,10 @@ public function updateBatch(?array $set = null, ?string $index = null, int $batc`
`1037`	`1041`	`*/`
`1038`	`1042`	`public function delete($id = null, bool $purge = false)`
`1039`	`1043`	`{`
	`1044`	`+ if (is_bool($id)) {`
	`1045`	`+ throw new InvalidArgumentException('$id should not be boolean.');`
	`1046`	`+ }`
	`1047`	`+`
`1040`	`1048`	`if ($id && (is_numeric($id) \|\| is_string($id))) {`
`1041`	`1049`	`$id = [$id];`
`1042`	`1050`	`}`