/**
* This block is added to deal with the possibility that a requested filter is not an allowable option on the
* database table. If the requested field filter is not a valid field on this table then we completely skip
* the query because no results will be expected if the field does not exist. The exception to this is if the field
* is part of an OR query then we remove the missing field from the stack but still allow the other fields through.
*
* @param array $queryParams
* @param Repository $repo
*
* @return bool|array $cleanParams
*/
public function whitelistParameters(array $queryParams, Repository $repo)
{
$metadata = $repo->getClassMetadata();
$allowedParams = array_keys($metadata->getFieldMappings());
$cleanParams = [];
foreach ($queryParams as $fieldSelect => $valueSelect) {
$stack = preg_split('/ *(\\|\\|\\|) */', $fieldSelect);
$valueStack = preg_split('/ *(\\|\\|\\|) */', $valueSelect);
if (count($stack) > 1) {
$allowedKeys = [];
$allowedVals = [];
foreach ($stack as $i => $stackItem) {
if (in_array($stackItem, $allowedParams)) {
$allowedKeys[] = $stackItem;
$allowedVals[] = $valueStack[$i];
}
}
if (!count($allowedKeys)) {
return false;
}
$allowed = join(' ||| ', $allowedKeys);
$cleanParams[$allowed] = join(' ||| ', $allowedVals);
} else {
if (!in_array($fieldSelect, $allowedParams)) {
return false;
}
$cleanParams[$fieldSelect] = $valueSelect;
}
}
return $cleanParams;
}