search

laminas-api-tools / api-tools-doctrine

Laminas API Tools Doctrine module
https://api-tools.getlaminas.org/documentation
BSD 3-Clause "New" or "Revised" License
10 stars 21 forks source link

Added check for valid SQL before running fetchAll. #12

Closed TomHAnderson closed 4 years ago

TomHAnderson commented 4 years ago
Q A
Documentation no
Bugfix yes
BC Break no
New Feature yes
RFC no
QA no

Description

Fixes https://github.com/laminas-api-tools/api-tools-doctrine-querybuilder/issues/3

api-tools-doctrine-querybuilder allows a user to inject invalid sql into a QueryBuilder. This fix calls the collection adapter query object with getSQL() which triggers the query to parse() https://github.com/doctrine/orm/blob/master/lib/Doctrine/ORM/Query.php#L181 and throws an exception if the query is invalid. This is caught and re-thrown as a DomainException fro ApiProblem.

Unit test included which injects invalid sql to trigger custom 500 error.

TomHAnderson commented 4 years ago

Closing due to lack to action.