Forgotten $parameterCounter++; leads to overwriting parameters when using DateRangeFilter

Author: stephanvierkant

Datatable/Filter/AbstractFilter.php

@@ -373,7 +373,7 @@ protected function getExpression(Composite $expr, QueryBuilder $qb, $searchType,
             case 'decimal':
             case 'float':
                 if (is_numeric($searchValue)) {
-                    $searchValue = floatval($searchValue);
+                    $searchValue = (float) $searchValue;
                 } else {
                     $incompatibleTypeOfField = true;
                 }
@@ -382,8 +382,8 @@ protected function getExpression(Composite $expr, QueryBuilder $qb, $searchType,
             case 'bigint':
             case 'smallint':
             case 'boolean':
-                if ($searchValue == strval(intval($searchValue))) {
-                    $searchValue = intval($searchValue);
+                if ( $searchValue == (string) (int) $searchValue ) {
+                    $searchValue = (int) $searchValue;
                 } else {
                     $incompatibleTypeOfField = true;
                 }
@@ -465,6 +465,8 @@ protected function getExpression(Composite $expr, QueryBuilder $qb, $searchType,
      */
     protected function getBetweenAndExpression(Andx $andExpr, QueryBuilder $qb, $searchField, $from, $to, $parameterCounter)
     {
+        $parameterCounter++;
+
         $k = $parameterCounter + 1;
         $andExpr->add($qb->expr()->between($searchField, '?'.$parameterCounter, '?'.$k));
         $qb->setParameter($parameterCounter, $from);

Datatable/Filter/DateRangeFilter.php

@@ -45,7 +45,6 @@ public function addAndExpression(Andx $andExpr, QueryBuilder $qb, $searchField,
         $dateEnd = new DateTime($_dateEnd);
         $dateEnd->setTime(23, 59, 59);
 
-        $parameterCounter += 1;
         $andExpr = $this->getBetweenAndExpression($andExpr, $qb, $searchField, $dateStart->format('Y-m-d H:i:s'), $dateEnd->format('Y-m-d H:i:s'), $parameterCounter);
         $parameterCounter += 2;