escape values for regex

Author: GromNaN

src/Validation/DatabasePresenceVerifier.php

@@ -49,7 +49,7 @@ public function getMultiCount($collection, $column, array $values, array $extra
         }
 
         // Generates a regex like '/^(a|b|c)$/i' which can query multiple values
-        $regex = new Regex('^('.implode('|', $values).')$', 'i');
+        $regex = new Regex('^('.implode('|', array_map(preg_quote(...), $values)).')$', 'i');
 
         $query = $this->table($collection)->where($column, 'regex', $regex);
 

tests/ValidationTest.php

@@ -110,6 +110,18 @@ public function testExists(): void
         );
         $this->assertTrue($validator->fails());
 
+        $validator = Validator::make(
+            ['name' => '(invalid regex{'],
+            ['name' => 'required|exists:users']
+        );
+        $this->assertTrue($validator->fails());
+
+        $validator = Validator::make(
+            ['name' => ['foo', '(invalid regex{']],
+            ['name' => 'required|exists:users']
+        );
+        $this->assertTrue($validator->fails());
+
         User::create(['name' => '']);
 
         $validator = Validator::make(