orm
orm copied to clipboard
doctrine
Single quotes should not be added to SQLFilter parameters
Bug Report
| Q | A |
|---|---|
| BC Break | no |
| Version | 2.13.3 |
Summary
Greetings,
I think there's a weird behaviour in doctrine's filters. Possibly a bug.
When you you pass a parameter to SQLfilter, not only $this->getParameter() returns it as a string, but two simple quotes are automatically added to this value. Therefore, all string methods, operators or casting that we could do on this value do not behave like we would expect.
It's very confusing and could lead to all sort of bugs
Current behavior
in my file where I enable the filter
$this->em->getFilters()->enable('myFilter')->setParameter('myVar', 42);
in the filter
$number = (int) $this->getParameter('myVar);
Then $number is equal to 0, not 42 because it tries to cast "'42'" to int
in my file where I enable the filter
$this->em->getFilters()->enable('myFilter')->setParameter('myVar', null);
in the filter
if ('' === $this->getParameter('myVar')) {
echo 'myVar is empty';
} else {
echo 'myVar is not empty';
Then it will say that 'myVar is not empty', because it contains "''", which I would definitely not expect by passing "null" as parameter...
How to reproduce
see above.
Expected behavior
getParameter() should still return a string (even that could be up to debate, but I understand why it has been enforced), but it should NOT add those two single quotes
Same issue here: quotes are a good security pass but it's creating issues with filters.
I ended up doing something like:
$expression = 0 == substr($this->getParameter('is_duplicate'), 1, -1) ? 'IS NULL' : 'IS NOT NULL';
return sprintf('%s.is_duplicate %s', $targetTableAlias, $expresion);
