Fix resource not escaped correctly (laravel#53100)

When bindings contain a resource (e.g. file resource), then it is not escaped correctly. Additionally, the gettype() call is to ensure that a closed resource is also escaped correctly. The latter is an edge-case scenario, which can be encountered in situations when a file handler has already been closed, and one attempts to log the executed query, e.g. via using barryvdh/laravel-debugbar.
timacdonald · Oct 15, 2024 · 3a1ee16 · 3a1ee16
1 parent d4e5be7
commit 3a1ee16
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Illuminate/Database/Query/Grammars/Grammar.php b/src/Illuminate/Database/Query/Grammars/Grammar.php
@@ -1526,7 +1526,7 @@ protected function removeLeadingBoolean($value)
      */
     public function substituteBindingsIntoRawSql($sql, $bindings)
     {
-        $bindings = array_map(fn ($value) => $this->escape($value), $bindings);
+        $bindings = array_map(fn ($value) => $this->escape($value, is_resource($value) || gettype($value) === 'resource (closed)'), $bindings);
 
         $query = '';