From 140c3a81d261669d0785aebe2599aed99991e890 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Mon, 19 Dec 2022 11:52:13 -0600 Subject: [PATCH] do not allow nested arrays in whereIn method --- src/Illuminate/Database/Query/Builder.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Illuminate/Database/Query/Builder.php b/src/Illuminate/Database/Query/Builder.php index 2b699d44fa82..c03ba037f4b6 100755 --- a/src/Illuminate/Database/Query/Builder.php +++ b/src/Illuminate/Database/Query/Builder.php @@ -1028,6 +1028,10 @@ public function whereIn($column, $values, $boolean = 'and', $not = false) $this->wheres[] = compact('type', 'column', 'values', 'boolean'); + if (count($values) !== count(Arr::flatten($values, 1))) { + throw new InvalidArgumentException("Nested arrays may not be passed to whereIn method."); + } + // Finally, we'll add a binding for each value unless that value is an expression // in which case we will just skip over it since it will be the query as a raw // string and not as a parameterized place-holder to be replaced by the PDO.