fix(doctrine): Handle invalid UUID in SearchFilter

api-platform · Dec 6, 2024 · 1b26f2c · 1b26f2c
1 parent 985a9a0
commit 1b26f2c
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/src/Doctrine/Common/Filter/SearchFilterTrait.php b/src/Doctrine/Common/Filter/SearchFilterTrait.php
@@ -122,6 +122,14 @@ abstract protected function normalizePropertyName(string $property): string;
      */
     protected function getIdFromValue(string $value): mixed
     {
+        if (is_numeric($value)) {
+            return $value;
+        }
+
+        if ($this->isValidUuid($value)) {
+            return $value;
+        }
+
         try {
             $iriConverter = $this->getIriConverter();
             $item = $iriConverter->getResourceFromIri($value, ['fetch_data' => false]);
@@ -163,16 +171,41 @@ protected function normalizeValues(array $values, string $property): ?array
     }
 
     /**
-     * When the field should be an integer, check that the given value is a valid one.
+     * Check if the values are valid for the given Doctrine type.
      */
     protected function hasValidValues(array $values, ?string $type = null): bool
     {
         foreach ($values as $value) {
-            if (null !== $value && \in_array($type, (array) self::DOCTRINE_INTEGER_TYPE, true) && false === filter_var($value, \FILTER_VALIDATE_INT)) {
+            if (null === $value) {
+                continue;
+            }
+
+            if (\in_array($type, (array) self::DOCTRINE_INTEGER_TYPE, true) && false === filter_var($value, \FILTER_VALIDATE_INT)) {
+                return false;
+            }
+
+            if ($type === 'uuid' && false === $this->isValidUuid($value)) {
                 return false;
             }
         }
 
         return true;
     }
+
+    protected function isValidUuid(mixed $value): bool
+    {
+        if (!\is_string($value)) {
+            return false;
+        }
+
+        if (class_exists('\Symfony\Component\Uid\Uuid')) {
+            return \Symfony\Component\Uid\Uuid::isValid($value);
+        }
+
+        if (class_exists('\Ramsey\Uuid\Uuid')) {
+            return \Ramsey\Uuid\Uuid::isValid($value);
+        }
+
+        return \preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i', $value) === 1;
+    }
 }
diff --git a/src/Doctrine/Orm/Filter/SearchFilter.php b/src/Doctrine/Orm/Filter/SearchFilter.php
@@ -231,6 +231,11 @@ protected function filterProperty(string $property, $value, QueryBuilder $queryB
             if (is_numeric($value)) {
                 return $value;
             }
+
+            if ($this->isValidUuid($value)) {
+                return $value;
+            }
+
             try {
                 $item = $this->getIriConverter()->getResourceFromIri($value, ['fetch_data' => false]);