#10 OR filter bypasses all doctrine extensions -> Potential security …

…problem - added warning to readme
metaclass-nl · Aug 6, 2022 · 912d8aa · 912d8aa
1 parent b7d6686
commit 912d8aa
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -6,7 +6,12 @@ Combines API Platform ORM Filters with AND, OR and NOT according to client reque
 - existing requests keep working unmodified if not using "and", "or" or "not" as query parameters
 - works with built in filters of Api Platform, except for DateFilter
   with EXCLUDE_NULL. A DateFilter subclass is provided to correct this.
-
+
+SECURIY WARNING: The current version of LogicFilter allows clients 
+to bypass criteria set by custom Extensions to limit their access to certain data,
+like the examples do in the docs on [Custom Doctrine ORM Extension](https://api-platform.com/docs/core/extensions/#custom-doctrine-orm-extension) 
+see [Issue 10](https://github.com/metaclass-nl/filter-bundle/issues/10).
+
 Usage
 -----
 Once the FilterLogic class and service configuration have been installed in you app,