You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
@aheinze Why did you disable callable strings? Now filtering with '$fn => 'callable' throws an exception and filtering with '$fn' => function($field) {return true;} throws the following error:
The reason will be displayed to describe this comment to others. Learn more.
@raffaelj callable strings enabled a serious security hole. You could call all available php functions like system etc. I will look into the closure error!
The reason will be displayed to describe this comment to others. Learn more.
So the $where filter works for me. Thanks for the implementation.
@aheinze What do you think about a white list for user registered function names? Than the where filter could also be used with callable strings via rest api.
33e7199
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aheinze Why did you disable callable strings? Now filtering with
'$fn => 'callable'
throws an exception and filtering with'$fn' => function($field) {return true;}
throws the following error:This breaks at least my custom full text search for repeaters in CpMultiplane and it breaks the PublicationPeriod Addon from @pauloamgomes.
33e7199
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@raffaelj callable strings enabled a serious security hole. You could call all available php functions like
system
etc. I will look into the closure error!33e7199
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@raffaelj I removed all $fn, $func etc filters in the latest commit. Please use
$where
instead. Example:33e7199
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I see. That's a problem.
I'll give it a try tomorrow.
33e7199
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So the
$where
filter works for me. Thanks for the implementation.@aheinze What do you think about a white list for user registered function names? Than the where filter could also be used with callable strings via rest api.