BUG: Doctrine Embeddables corrupted during property mapping #3532
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
given you have an entity like this:
class Invoice
{
/**
* @ORM\Embedded(columnPrefix="number_", class="KayStrobach\Invoice\Domain\Model\Invoice\Embeddable\NumberingEmbeddable")
*/
protected ?NumberingEmbeddable $number = null;
...
}and the embeddable like this:
class NumberingEmbeddable implements \JsonSerializable
{
/**
* @ORM\Column(type="string", nullable=false)
* @var string
*/
protected string $prefix = '';
/**
* @ORM\Column(type="integer", nullable=true)
* @var int|null
*/
protected ?int $number = null;
/**
* @ORM\Column(type="string", nullable=false)
* @var string
*/
protected string $postfix = '';
... and then you send it as a post via an f:form-VH to and action in an action controller weird thing happen:
- if you deliver none of the properties, they are all intact
- if you deliver atleast one, all non delivered properties are unset / nulled
This can cause massive data loss, when not all properties are sent per post request.
Workaround:
<f:form.hidden property="number.prefix" />
...
the workaround might cause massive security and integrity issues, as the values can be modified in the browser.
neos/flow 8.4.2 Flow Application Framework
doctrine/annotations 1.14.4 Docblock Annotations Parser
doctrine/cache 2.2.0 PHP Doctrine Cache library is a popular cache implementation that supports many different drivers such as redis, memcache, apc, mongodb and others.
doctrine/collections 2.5.0 PHP Doctrine Collections library that adds additional functionality on top of PHP arrays.
doctrine/common 3.5.0 PHP Doctrine Common project is a library that provides additional functionality that other Doctrine projects depend on such as better reflection support, proxies and much more.
doctrine/dbal 3.10.4 Powerful PHP database abstraction layer (DBAL) with many features for database schema introspection and management.
doctrine/deprecations 1.1.5 A small layer on top of trigger_error(E_USER_DEPRECATED) or PSR-3 logging with options to disable all deprecations or selectively for packages.
doctrine/event-manager 2.0.1 The Doctrine Event Manager is a simple PHP event system that was built to be used with the various Doctrine projects.
doctrine/inflector 2.1.0 PHP Doctrine Inflector is a small library that can perform string manipulations with regard to upper/lowercase and singular/plural forms of words.
doctrine/instantiator 2.0.0 A small, lightweight utility to instantiate objects in PHP without invoking their constructors
doctrine/lexer 2.1.1 PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers.
doctrine/migrations 3.9.5 PHP Doctrine Migrations project offer additional functionality on top of the database abstraction layer (DBAL) for versioning your database schema and easily deploying changes to it. It is a very easy to use and a powerful tool.
doctrine/orm 2.20.9 Object-Relational-Mapper for PHP
doctrine/persistence 3.4.3 The Doctrine Persistence project is a set of shared interfaces and functionality that the different Doctrine object mappers share.
Expected Behavior
only replace the send properties keep the others intact
Steps To Reproduce
see problem description
Environment
- Flow: 8.4.2
- PHP:8.2 - 8.4Anything else?
open for quotes to sponsor that issue