Error when enter none existing filed name in filtering

[dominikhalvonik]

Hi all,

I am using your moduel and first of all I must say that it is great. Today I encountered situation that I cannot handle so please direct me the right way, if it is a bug or just my lack of knowlage. I am using ZF3 with:

"zfcampus/zf-apigility-doctrine": "^2.2",
"zfcampus/zf-doctrine-querybuilder": "^1.6",
"doctrine/doctrine-orm-module": "^1.1",

The reason why I am doing this is that my app has a API module but most of it has normal UI. When I try to filter like this:

domain.com/api/transaction?filter[0][type]=eq&filter[0][field]=name&filter[0][value]=test

Everything is fine. But when I try to do something like this:

domain.com/api/transaction?filter[0][type]=eq&filter[0][field]=fdsafdsafds&filter[0][value]=test

I get this message:

{
    "error": "[Semantical Error] line 0, col 68 near 'skdjbvkdjvb =': Error: Class Application\\Entity\\Client\\Transaction has no field or association named skdjbvkdjvb"
}

Which is 100% true, but I would like to hide application information like namespaces etc and not show them to the world. Also when I try this:

domain.com/api/transaction?filter[0][type]=eq&filter[0][fieldName]=fdsafdsafds&filter[0][value]=test

I get this message:

{
    "error": "[Syntax Error] line 0, col 69: Error: Expected Doctrine\\ORM\\Query\\Lexer::T_IDENTIFIER, got '='"
}

Which is also not very nice from secutiry point of view. I red your documentation and crawled the code and I cannot find a solution how to change the output when someone will try to break my application adding incorrect URL params. Thank you.

[weierophinney]

This repository has been closed and moved to laminas-api-tools/api-tools-doctrine-querybuilder; a new issue has been opened at https://github.com/laminas-api-tools/api-tools-doctrine-querybuilder/issues/3.