Harden query cache bypass and payload encoding

premtsd-code · premtsd-code · commit 5b87fc86e47b · 2026-06-23T10:31:23.000+01:00
diff --git a/src/Database/Database.php b/src/Database/Database.php
@@ -8639,16 +8639,20 @@ private function restoreQueryCacheDocuments(
      * @template T
      * @param string $key
      * @param callable(): T $callback
-     * @param string $hash
+     * @param string|null $hash
      * @return T
      * @throws AuthorizationException
      * @throws Exception
      */
     public function withCache(
         string $key,
         callable $callback,
-        string $hash = '',
+        ?string $hash = '',
     ): mixed {
+        if ($hash === null) {
+            return $callback();
+        }
+
         $shouldRefreshCache = false;
 
         try {
@@ -8684,7 +8688,10 @@ public function withCache(
 
         if ($value !== false) {
             try {
-                $this->cache->save($key, $this->encodeCacheValue($value), $hash);
+                $encoded = $this->encodeCacheValue($value);
+                if ($encoded !== false) {
+                    $this->cache->save($key, $encoded, $hash);
+                }
             } catch (Throwable $e) {
                 Console::warning('Warning: Failed to save cache value: ' . $e->getMessage());
             }
@@ -8723,14 +8730,14 @@ private function restoreQueryCacheDocument(Document $collection, mixed $payload)
     }
 
     /**
-     * @return array<string, mixed>
+     * @return array<string, mixed>|false
      */
-    private function encodeCacheValue(mixed $value): array
+    private function encodeCacheValue(mixed $value): array|false
     {
         if ($value instanceof Document) {
             $collection = $value->getCollection();
             if ($collection === '') {
-                return ['value' => $value];
+                return false;
             }
 
             return [
@@ -8742,6 +8749,10 @@ private function encodeCacheValue(mixed $value): array
 
         $collection = $this->getCacheValueCollection($value);
         if ($collection === null || !\is_array($value)) {
+            if ($this->hasCacheValueDocument($value)) {
+                return false;
+            }
+
             return ['value' => $value];
         }
 
@@ -8772,6 +8783,25 @@ private function getCacheValueCollection(mixed $value): ?string
         return null;
     }
 
+    private function hasCacheValueDocument(mixed $value): bool
+    {
+        if ($value instanceof Document) {
+            return true;
+        }
+
+        if (!\is_array($value)) {
+            return false;
+        }
+
+        foreach ($value as $item) {
+            if ($this->hasCacheValueDocument($item)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     private function encodeQueryCacheValue(mixed $value): mixed
     {
         if ($value instanceof Document) {
diff --git a/tests/unit/QueryCacheTest.php b/tests/unit/QueryCacheTest.php
@@ -217,6 +217,64 @@ function () use (&$callbackCalls): string {
         $this->assertSame(2, $callbackCalls);
     }
 
+    public function testWithCacheBypassesCacheForNullHash(): void
+    {
+        $cache = new HashMemoryCache();
+        $database = $this->createDatabase($cache);
+
+        $callbackCalls = 0;
+
+        $first = $database->withCache(
+            key: 'key',
+            callback: function () use (&$callbackCalls): string {
+                $callbackCalls++;
+                return 'first';
+            },
+            hash: null,
+        );
+        $second = $database->withCache(
+            key: 'key',
+            callback: function () use (&$callbackCalls): string {
+                $callbackCalls++;
+                return 'second';
+            },
+            hash: null,
+        );
+
+        $this->assertSame('first', $first);
+        $this->assertSame('second', $second);
+        $this->assertSame(2, $callbackCalls);
+        $this->assertSame([], $cache->list('key'));
+    }
+
+    public function testWithCacheDoesNotCacheCollectionlessDocuments(): void
+    {
+        $cache = new HashMemoryCache();
+        $database = $this->createDatabase($cache);
+
+        $callbackCalls = 0;
+
+        $first = $database->withCache(
+            key: 'key',
+            callback: function () use (&$callbackCalls): Document {
+                $callbackCalls++;
+                return new Document(['$id' => 'first']);
+            },
+        );
+        $second = $database->withCache(
+            key: 'key',
+            callback: function () use (&$callbackCalls): Document {
+                $callbackCalls++;
+                return new Document(['$id' => 'second']);
+            },
+        );
+
+        $this->assertSame('first', $first->getId());
+        $this->assertSame('second', $second->getId());
+        $this->assertSame(2, $callbackCalls);
+        $this->assertSame([], $cache->list('key'));
+    }
+
     public function testWithCacheCachesSingleDocument(): void
     {
         $cache = new HashMemoryCache();
