feat: convert QueryException to ModelNotFoundException in implicit route binding

When implicit route model binding encounters a QueryException (e.g., from
integer overflow or type mismatch), convert it to a ModelNotFoundException
instead of letting the 500 propagate. This ensures invalid route parameters
like '/users/99999999999999999999' return a 404 rather than a 500.

Author: calebdw

src/Illuminate/Routing/ImplicitRouteBinding.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Contracts\Routing\UrlRoutable;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
+use Illuminate\Database\QueryException;
 use Illuminate\Routing\Exceptions\BackedEnumCaseNotFoundException;
 use Illuminate\Support\Reflector;
 use Illuminate\Support\Str;
@@ -45,19 +46,23 @@ public static function resolveForRoute($container, $route)
                 ? 'resolveSoftDeletableRouteBinding'
                 : 'resolveRouteBinding';
 
-            if ($parent instanceof UrlRoutable &&
-                ! $route->preventsScopedBindings() &&
-                ($route->enforcesScopedBindings() || array_key_exists($parameterName, $route->bindingFields()))) {
-                $childRouteBindingMethod = $route->allowsTrashedBindings() && $instance::isSoftDeletable()
-                    ? 'resolveSoftDeletableChildRouteBinding'
-                    : 'resolveChildRouteBinding';
-
-                if (! $model = $parent->{$childRouteBindingMethod}(
-                    $parameterName, $parameterValue, $route->bindingFieldFor($parameterName)
-                )) {
+            try {
+                if ($parent instanceof UrlRoutable &&
+                    ! $route->preventsScopedBindings() &&
+                    ($route->enforcesScopedBindings() || array_key_exists($parameterName, $route->bindingFields()))) {
+                    $childRouteBindingMethod = $route->allowsTrashedBindings() && $instance::isSoftDeletable()
+                        ? 'resolveSoftDeletableChildRouteBinding'
+                        : 'resolveChildRouteBinding';
+
+                    if (! $model = $parent->{$childRouteBindingMethod}(
+                        $parameterName, $parameterValue, $route->bindingFieldFor($parameterName)
+                    )) {
+                        throw (new ModelNotFoundException)->setModel(get_class($instance), [$parameterValue]);
+                    }
+                } elseif (! $model = $instance->{$routeBindingMethod}($parameterValue, $route->bindingFieldFor($parameterName))) {
                     throw (new ModelNotFoundException)->setModel(get_class($instance), [$parameterValue]);
                 }
-            } elseif (! $model = $instance->{$routeBindingMethod}($parameterValue, $route->bindingFieldFor($parameterName))) {
+            } catch (QueryException) {
                 throw (new ModelNotFoundException)->setModel(get_class($instance), [$parameterValue]);
             }
 

tests/Routing/ImplicitRouteBindingTest.php

@@ -2,8 +2,11 @@
 
 namespace Illuminate\Tests\Routing;
 
+use Exception;
 use Illuminate\Container\Container;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\ModelNotFoundException;
+use Illuminate\Database\QueryException;
 use Illuminate\Routing\Exceptions\BackedEnumCaseNotFoundException;
 use Illuminate\Routing\ImplicitRouteBinding;
 use Illuminate\Routing\Route;
@@ -126,9 +129,33 @@ public function test_it_can_resolve_the_implicit_model_route_bindings_for_the_gi
 
         ImplicitRouteBinding::resolveForRoute($container, $route);
     }
+
+    public function testItThrowsModelNotFoundExceptionOnQueryException(): void
+    {
+        $action = ['uses' => function (ImplicitRouteBindingUserWithQueryException $user) {
+            return $user;
+        }];
+
+        $route = new Route('GET', '/test', $action);
+        $route->parameters = ['user' => 'invalid-value'];
+
+        $route->prepareForSerialization();
+
+        $this->expectException(ModelNotFoundException::class);
+
+        ImplicitRouteBinding::resolveForRoute(Container::getInstance(), $route);
+    }
 }
 
 class ImplicitRouteBindingUser extends Model
 {
     //
 }
+
+class ImplicitRouteBindingUserWithQueryException extends Model
+{
+    public function resolveRouteBinding($value, $field = null): void
+    {
+        throw new QueryException('mysql', 'select * from users where id = ?', [$value], new Exception('Out of range value'));
+    }
+}