From 276016eed70ee24f894bad4bc0d25af6d4254db9 Mon Sep 17 00:00:00 2001
From: HolgerHatGarKeineNode
 <123783602+HolgerHatGarKeineNode@users.noreply.github.com>
Date: Wed, 17 Jun 2026 09:56:25 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Handle=20non-numeric=20values=20in?=
 =?UTF-8?q?=20`selected`=20filter=20for=20Country=20API=20and=20add=20corr?=
 =?UTF-8?q?esponding=20tests?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 🔧 Refactor `CountryController` to safely process non-numeric values in `selected` query parameter using `array_filter`.
- 🧪 Add feature test to ensure API does not crash when `selected` includes non-numeric codes.
---
 app/Http/Controllers/Api/CountryController.php | 10 ++++++----
 tests/Feature/Api/CountryControllerTest.php    | 13 +++++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 tests/Feature/Api/CountryControllerTest.php

diff --git a/app/Http/Controllers/Api/CountryController.php b/app/Http/Controllers/Api/CountryController.php
index 9cc24a1..51ee82d 100644
--- a/app/Http/Controllers/Api/CountryController.php
+++ b/app/Http/Controllers/Api/CountryController.php
@@ -33,10 +33,12 @@ class CountryController extends Controller
             )
             ->when(
                 $request->exists('selected'),
-                fn (Builder $query) => $query
-                    ->whereIn('code', $request->input('selected', []))
-                    ->orWhereIn('id',
-                        $request->input('selected', [])),
+                function (Builder $query) use ($request) {
+                    $selected = $request->input('selected', []);
+
+                    $query->whereIn('code', $selected)
+                        ->orWhereIn('id', array_filter($selected, 'is_numeric'));
+                },
                 fn (Builder $query) => $query->limit(10),
             )
             ->get()
diff --git a/tests/Feature/Api/CountryControllerTest.php b/tests/Feature/Api/CountryControllerTest.php
new file mode 100644
index 0000000..7018c94
--- /dev/null
+++ b/tests/Feature/Api/CountryControllerTest.php
@@ -0,0 +1,13 @@
+<?php
+
+use App\Models\Country;
+
+it('does not crash when selected contains non-numeric codes', function () {
+    Country::factory()->create(['code' => 'CH']);
+
+    $response = $this->getJson('/api/countries?'.http_build_query([
+        'selected' => ['CH', 'de', '1'],
+    ]));
+
+    $response->assertSuccessful();
+});