Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

orWhere generating an OR when it previously would generate an AND #53628

Open
stellar-scottreed opened this issue Nov 22, 2024 · 8 comments
Open

Comments

@stellar-scottreed
Copy link

stellar-scottreed commented Nov 22, 2024

Laravel Version

11.33.2

PHP Version

8.3.13

Database Driver & Version

MySQL

Description

I recently upgraded a legacy laravel application from 5.4 to laravel 11.

The following code:

$booking_boats = $this->current_location->booking_boats()
    ->with(['booking'])
    ->where(function ($query) {
        $query->where('booking_boats.status','Queued')
                ->orWhere([
                    ['booking_boats.status','=','On Water'],
                    ['booking_boats.checkout_date','!=',''],
                ]);
    })
    ->get();

Would previously generate a query like this:

SELECT  *
FROM `booking_boats`
INNER JOIN `bookings`
ON `bookings`.`id` = `booking_boats`.`booking_id`
WHERE `bookings`.`deleted_at` is null
AND `bookings`.`location_id` = ?
AND (`booking_boats`.`status` = ? or (`booking_boats`.`status` = ? AND `booking_boats`.`checkout_date` != ?))
AND `booking_boats`.`deleted_at` is null

The important part is:
(booking_boats.status = ? AND booking_boats.checkout_date != ?)

In Laravel 11, the following query is generated:

SELECT  *
FROM `booking_boats`
INNER JOIN `bookings`
ON `bookings`.`id` = `booking_boats`.`booking_id`
WHERE `bookings`.`location_id` = ?
AND (`booking_boats`.`status` = ? or (`booking_boats`.`status` = ? or `booking_boats`.`checkout_date` != ?))
AND `booking_boats`.`deleted_at` is null
AND `bookings`.`deleted_at` is null

The important part is:
(booking_boats.status = ? or booking_boats.checkout_date != ?)

So, previously using ->orWhere with an array syntax would generate an AND query, but now it generates an OR query.

This seems like a bug but if somehow I missed this in the laravel upgrade notes I would appreciate knowing what exactly was changed and what functions are impacted as there are hundreds of queries I will have to update.

Thank you.

Steps To Reproduce

Perform an ->orWhere using multiple array elements, ie:

 $query->where('booking_boats.status','Queued')
    ->orWhere([
        ['booking_boats.status','=','On Water'],
        ['booking_boats.checkout_date','!=',''],
]);
@stellar-scottreed stellar-scottreed changed the title orWhere orWhere generating an OR when it previously would generate an AND Nov 22, 2024
@ahinkle
Copy link
Contributor

ahinkle commented Nov 22, 2024

Duplicate of #53184.

@stellar-scottreed
Copy link
Author

Thanks for the context. I don't really see a resolution in the duplicate though? A PR was even added to revert the breaking change but it was closed. Per this comment sounds like I'm not the only one to have spent a lot of time debugging this without seeing any mention of it in the migration guide.

Does this change in behavior only effect orWhere or does it affect other queries too?

Is there an alternative to orWhere that will keep the same behavior?

Thank you.

@stellar-scottreed
Copy link
Author

I reviewed the PR that caused this breaking change. It looks like the intention of the PR was to make it so the boolean argument is respected - which makes sense, but shouldn't the default be what it has always been: "AND"? We've been relying on this behavior since 2017.

I agree with the comments made that this change should have been added to ->whereAny ->orWhereAny instead.

If this change is not reverted I am still hoping for an update to the migration guide on what functions are impacted/behavior changed. I didn't write this legacy application and there are many people out there who inherited old code bases and could use a clear path to maintaining the previous functionality.

@crynobone
Copy link
Member

Anyone are welcome to send a PR to the Upgrade Guide documentation: https://github.com/laravel/docs/blob/11.x/upgrade.md

Copy link

Thank you for reporting this issue!

As Laravel is an open source project, we rely on the community to help us diagnose and fix issues as it is not possible to research and fix every issue reported to us via GitHub.

If possible, please make a pull request fixing the issue you have described, along with corresponding tests. All pull requests are promptly reviewed by the Laravel team.

Thank you!

@stellar-scottreed
Copy link
Author

stellar-scottreed commented Nov 26, 2024

I'd love to help but I don't understand the impact of this change enough to make a contribution to the migration guide. It's not clear from the PR which functions are affected and had their behavior changed from before.

@stellar-scottreed
Copy link
Author

Just wanted to bump this to hopefully get a clear scope of what functions are affected by this change because CVE-2024-52301 is an 8.7 high CVE and I can't easily upgrade to 11.31.0+ without clear documentation on this breaking change.

@timacdonald Are you able to upgrade the migration guide to state which functions are impacted and will now have changed behavior from your addArrayOfWheres function change?

This comment notes an additional possible breaking change caused by this.

Thank you.

@devriazul
Copy link

For those looking to maintain the old behavior of orWhere generating an AND query, a possible workaround is to explicitly define the logic in your query:
$booking_boats = $this->current_location->booking_boats() ->with(['booking']) ->where(function ($query) { $query->where('booking_boats.status', 'Queued') ->where(function ($subQuery) { $subQuery->where('booking_boats.status', 'On Water') ->where('booking_boats.checkout_date', '!=', ''); }); }) ->get();
This may not be ideal for large applications, but it can provide immediate relief while we wait for further clarification or updates in the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants