Merge pull request #6883 from kenjis/fix-Model-update-null

kenjis · web-flow · commit 64f7ecc4d2ad · 2022-12-11T20:22:08.000+09:00
feat: disallow `Model::update()` without WHERE clause
diff --git a/system/BaseModel.php b/system/BaseModel.php
@@ -899,6 +899,10 @@ public function insertBatch(?array $set = null, ?bool $escape = null, int $batch
      */
     public function update($id = null, $data = null): bool
     {
+        if (is_bool($id)) {
+            throw new InvalidArgumentException('update(): argument #1 ($id) should not be boolean.');
+        }
+
         if (is_numeric($id) || is_string($id)) {
             $id = [$id];
         }
@@ -910,12 +914,12 @@ public function update($id = null, $data = null): bool
             return false;
         }
 
-        // Must be called first so we don't
+        // Must be called first, so we don't
         // strip out updated_at values.
         $data = $this->doProtectFields($data);
 
         // doProtectFields() can further remove elements from
-        // $data so we need to check for empty dataset again
+        // $data, so we need to check for empty dataset again
         if (empty($data)) {
             throw DataException::forEmptyDataset('update');
         }
@@ -1037,6 +1041,10 @@ public function updateBatch(?array $set = null, ?string $index = null, int $batc
      */
     public function delete($id = null, bool $purge = false)
     {
+        if (is_bool($id)) {
+            throw new InvalidArgumentException('delete(): argument #1 ($id) should not be boolean.');
+        }
+
         if ($id && (is_numeric($id) || is_string($id))) {
             $id = [$id];
         }
diff --git a/system/Config/Services.php b/system/Config/Services.php
@@ -332,6 +332,8 @@ public static function image(?string $handler = null, ?Images $config = null, bo
         }
 
         $config ??= config('Images');
+        assert($config instanceof Images);
+
         $handler = $handler ?: $config->defaultHandler;
         $class   = $config->handlers[$handler];
 
@@ -639,6 +641,8 @@ public static function session(?App $config = null, bool $getShared = true)
         }
 
         $config ??= config('App');
+        assert($config instanceof App);
+
         $logger = AppServices::logger();
 
         $driverName = $config->sessionDriver;
diff --git a/system/Model.php b/system/Model.php
@@ -386,6 +386,12 @@ protected function doUpdate($id = null, $data = null): bool
             $builder->set($key, $val, $escape[$key] ?? null);
         }
 
+        if ($builder->getCompiledQBWhere() === []) {
+            throw new DatabaseException(
+                'Updates are not allowed unless they contain a "where" or "like" clause.'
+            );
+        }
+
         return $builder->update();
     }
 
@@ -589,7 +595,7 @@ public function countAllResults(bool $reset = true, bool $test = false)
         }
 
         // When $reset === false, the $tempUseSoftDeletes will be
-        // dependant on $useSoftDeletes value because we don't
+        // dependent on $useSoftDeletes value because we don't
         // want to add the same "where" condition for the second time
         $this->tempUseSoftDeletes = $reset
             ? $this->useSoftDeletes
diff --git a/tests/system/Models/DeleteModelTest.php b/tests/system/Models/DeleteModelTest.php
@@ -239,4 +239,42 @@ public function testPurgeDeletedWithSoftDeleteFalse(): void
         $jobs = $this->model->findAll();
         $this->assertCount(4, $jobs);
     }
+
+    /**
+     * @dataProvider emptyPkValues
+     *
+     * @param int|string|null $id
+     */
+    public function testDeleteThrowDatabaseExceptionWithoutWhereClause($id): void
+    {
+        // BaseBuilder throws Exception.
+        $this->expectException(DatabaseException::class);
+        $this->expectExceptionMessage(
+            'Deletes are not allowed unless they contain a "where" or "like" clause.'
+        );
+
+        // $useSoftDeletes = false
+        $this->createModel(JobModel::class);
+
+        $this->model->delete($id);
+    }
+
+    /**
+     * @dataProvider emptyPkValues
+     *
+     * @param int|string|null $id
+     */
+    public function testDeleteWithSoftDeleteThrowDatabaseExceptionWithoutWhereClause($id): void
+    {
+        // Model throws Exception.
+        $this->expectException(DatabaseException::class);
+        $this->expectExceptionMessage(
+            'Deletes are not allowed unless they contain a "where" or "like" clause.'
+        );
+
+        // $useSoftDeletes = true
+        $this->createModel(UserModel::class);
+
+        $this->model->delete($id);
+    }
 }
diff --git a/tests/system/Models/UpdateModelTest.php b/tests/system/Models/UpdateModelTest.php
@@ -11,8 +11,11 @@
 
 namespace CodeIgniter\Models;
 
+use CodeIgniter\Database\Exceptions\DatabaseException;
 use CodeIgniter\Database\Exceptions\DataException;
 use CodeIgniter\Entity\Entity;
+use Generator;
+use InvalidArgumentException;
 use stdClass;
 use Tests\Support\Models\EventModel;
 use Tests\Support\Models\JobModel;
@@ -378,4 +381,36 @@ public function testUpdateWithSetAndEscape(): void
             'email'   => '1+1',
         ]);
     }
+
+    /**
+     * @dataProvider provideInvalidIds
+     *
+     * @param false|null $id
+     */
+    public function testUpdateThrowDatabaseExceptionWithoutWhereClause($id, string $exception, string $exceptionMessage): void
+    {
+        $this->expectException($exception);
+        $this->expectExceptionMessage($exceptionMessage);
+
+        // $useSoftDeletes = false
+        $this->createModel(JobModel::class);
+
+        $this->model->update($id, ['name' => 'Foo Bar']);
+    }
+
+    public function provideInvalidIds(): Generator
+    {
+        yield from [
+            [
+                null,
+                DatabaseException::class,
+                'Updates are not allowed unless they contain a "where" or "like" clause.',
+            ],
+            [
+                false,
+                InvalidArgumentException::class,
+                'update(): argument #1 ($id) should not be boolean.',
+            ],
+        ];
+    }
 }
diff --git a/user_guide_src/source/changelogs/v4.3.0.rst b/user_guide_src/source/changelogs/v4.3.0.rst
@@ -81,6 +81,8 @@ Others
 - **Database:** ``InvalidArgumentException`` that is a kind of ``LogicException`` in ``BaseBuilder::_whereIn()`` is not suppressed by the configuration. Previously if ``CI_DEBUG`` was false, the exception was suppressed.
 - **Database:** The data structure returned by :ref:`BaseConnection::getForeignKeyData() <metadata-getforeignkeydata>` has been changed.
 - **Database:** ``CodeIgniter\Database\BasePreparedQuery`` class returns now a bool value for write-type queries instead of the ``Result`` class object.
+- **Model:** ``Model::update()`` method now raises a ``DatabaseException`` if it generates an SQL
+  statement without a WHERE clause; Model does not support operations that update all records.
 - **Routing:** ``RouteCollection::resetRoutes()`` resets Auto-Discovery of Routes. Previously once discovered, RouteCollection never discover Routes files again even if ``RouteCollection::resetRoutes()`` is called.
 
 .. _v430-interface-changes:
diff --git a/user_guide_src/source/installation/upgrade_430.rst b/user_guide_src/source/installation/upgrade_430.rst
@@ -210,6 +210,8 @@ Database
 - The second parameter ``$index`` of ``BaseBuilder::updateBatch()`` has changed to ``$constraints``. It now accepts types array, string, or ``RawSql``. Extending classes should likewise change types.
 - The ``$set`` parameter of ``BaseBuilder::insertBatch()`` and ``BaseBuilder::updateBatch()`` now accepts an object of a single row of data. Extending classes should likewise change the type.
 - The third parameter ``$index`` of ``BaseBuilder::_updateBatch()`` has changed to ``$values``, and the parameter type has changed to ``array``. Extending classes should likewise change the type.
+- The ``Model::update()`` method now raises a ``DatabaseException`` if it generates an SQL
+  statement without a WHERE clause. If you need to update all records in a table, use Query Builder instead. E.g., ``$model->builder()->update($data)``.
 
 Others
 ======
diff --git a/user_guide_src/source/models/model.rst b/user_guide_src/source/models/model.rst
@@ -353,7 +353,11 @@ of the columns in a ``$table``, while the array's values are the values to save
 
 .. literalinclude:: model/016.php
 
-.. important:: If the ``$primaryKey`` field is set to ``null`` then the update will affect all records in the table.
+.. important:: Since v4.3.0, this method raises a ``DatabaseException``
+    if it generates an SQL statement without a WHERE clause.
+    In previous versions, if it is called without ``$primaryKey`` specified and
+    an SQL statement was generated without a WHERE clause, the query would still
+    execute and all records in the table would be updated.
 
 Multiple records may be updated with a single call by passing an array of primary keys as the first parameter:
 

Original file line number	Diff line number	Diff line change
`@@ -899,6 +899,10 @@ public function insertBatch(?array $set = null, ?bool $escape = null, int $batch`
`899`	`899`	`*/`
`900`	`900`	`public function update($id = null, $data = null): bool`
`901`	`901`	`{`
	`902`	`+ if (is_bool($id)) {`
	`903`	`+ throw new InvalidArgumentException('update(): argument #1 ($id) should not be boolean.');`
	`904`	`+ }`
	`905`	`+`
`902`	`906`	`if (is_numeric($id) \|\| is_string($id)) {`
`903`	`907`	`$id = [$id];`
`904`	`908`	`}`
`@@ -910,12 +914,12 @@ public function update($id = null, $data = null): bool`
`910`	`914`	`return false;`
`911`	`915`	`}`
`912`	`916`
`913`		`- // Must be called first so we don't`
	`917`	`+ // Must be called first, so we don't`
`914`	`918`	`// strip out updated_at values.`
`915`	`919`	`$data = $this->doProtectFields($data);`
`916`	`920`
`917`	`921`	`// doProtectFields() can further remove elements from`
`918`		`- // $data so we need to check for empty dataset again`
	`922`	`+ // $data, so we need to check for empty dataset again`
`919`	`923`	`if (empty($data)) {`
`920`	`924`	`throw DataException::forEmptyDataset('update');`
`921`	`925`	`}`
`@@ -1037,6 +1041,10 @@ public function updateBatch(?array $set = null, ?string $index = null, int $batc`
`1037`	`1041`	`*/`
`1038`	`1042`	`public function delete($id = null, bool $purge = false)`
`1039`	`1043`	`{`
	`1044`	`+ if (is_bool($id)) {`
	`1045`	`+ throw new InvalidArgumentException('delete(): argument #1 ($id) should not be boolean.');`
	`1046`	`+ }`
	`1047`	`+`
`1040`	`1048`	`if ($id && (is_numeric($id) \|\| is_string($id))) {`
`1041`	`1049`	`$id = [$id];`
`1042`	`1050`	`}`
Original file line number	Diff line number	Diff line change
`@@ -332,6 +332,8 @@ public static function image(?string $handler = null, ?Images $config = null, bo`
`332`	`332`	`}`
`333`	`333`
`334`	`334`	`$config ??= config('Images');`
	`335`	`+ assert($config instanceof Images);`
	`336`	`+`
`335`	`337`	`$handler = $handler ?: $config->defaultHandler;`
`336`	`338`	`$class = $config->handlers[$handler];`
`337`	`339`
`@@ -639,6 +641,8 @@ public static function session(?App $config = null, bool $getShared = true)`
`639`	`641`	`}`
`640`	`642`
`641`	`643`	`$config ??= config('App');`
	`644`	`+ assert($config instanceof App);`
	`645`	`+`
`642`	`646`	`$logger = AppServices::logger();`
`643`	`647`
`644`	`648`	`$driverName = $config->sessionDriver;`
Original file line number	Diff line number	Diff line change
`@@ -386,6 +386,12 @@ protected function doUpdate($id = null, $data = null): bool`
`386`	`386`	`$builder->set($key, $val, $escape[$key] ?? null);`
`387`	`387`	`}`
`388`	`388`
	`389`	`+ if ($builder->getCompiledQBWhere() === []) {`
	`390`	`+ throw new DatabaseException(`
	`391`	`+ 'Updates are not allowed unless they contain a "where" or "like" clause.'`
	`392`	`+ );`
	`393`	`+ }`
	`394`	`+`
`389`	`395`	`return $builder->update();`
`390`	`396`	`}`
`391`	`397`
`@@ -589,7 +595,7 @@ public function countAllResults(bool $reset = true, bool $test = false)`
`589`	`595`	`}`
`590`	`596`
`591`	`597`	`// When $reset === false, the $tempUseSoftDeletes will be`
`592`		`- // dependant on $useSoftDeletes value because we don't`
	`598`	`+ // dependent on $useSoftDeletes value because we don't`
`593`	`599`	`// want to add the same "where" condition for the second time`
`594`	`600`	`$this->tempUseSoftDeletes = $reset`
`595`	`601`	`? $this->useSoftDeletes`