From 4f76693fe106f486b1622daebd8d30ed21be50b1 Mon Sep 17 00:00:00 2001
From: Valery Petrov <v.petrov>
Date: Fri, 15 May 2026 16:29:30 +0300
Subject: [PATCH] issues/27: Harden ContentFilterDto query parsing; use
 DateTimeImmutable in UpdateTimestampTrait

---
 src/Dto/Content/ContentFilterDto.php         | 12 +++++++++++-
 src/Entity/Behavior/UpdateTimestampTrait.php |  9 +++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/Dto/Content/ContentFilterDto.php b/src/Dto/Content/ContentFilterDto.php
index f63c6cf..1902b5f 100644
--- a/src/Dto/Content/ContentFilterDto.php
+++ b/src/Dto/Content/ContentFilterDto.php
@@ -34,9 +34,12 @@ final readonly class ContentFilterDto
         );
     }
 
+    /**
+     * Symfony QueryBag может отдать массив при ?regionId[]=… — не передаём его в is_numeric (TypeError в PHP 8).
+     */
     private static function positiveInt(mixed $value): ?int
     {
-        if ($value === null || $value === '' || !is_numeric($value)) {
+        if ($value === null || $value === '' || !is_scalar($value) || !is_numeric($value)) {
             return null;
         }
 
@@ -45,12 +48,19 @@ final readonly class ContentFilterDto
         return $value > 0 ? $value : null;
     }
 
+    /**
+     * При ?active[]=… query->get вернёт массив — отбрасываем без вызова filter_var по нему.
+     */
     private static function nullableBool(mixed $value): ?bool
     {
         if ($value === null || $value === '') {
             return null;
         }
 
+        if (!is_scalar($value)) {
+            return null;
+        }
+
         if (is_bool($value)) {
             return $value;
         }
diff --git a/src/Entity/Behavior/UpdateTimestampTrait.php b/src/Entity/Behavior/UpdateTimestampTrait.php
index 7d851d3..f68363f 100644
--- a/src/Entity/Behavior/UpdateTimestampTrait.php
+++ b/src/Entity/Behavior/UpdateTimestampTrait.php
@@ -6,19 +6,24 @@ namespace App\Entity\Behavior;
 
 use Doctrine\ORM\Mapping as ORM;
 
+/**
+ * Требует у класса-сущности свойство `$updateAt` (mapped column).
+ *
+ * @property \DateTimeInterface|null $updateAt
+ */
 trait UpdateTimestampTrait
 {
     #[ORM\PrePersist]
     public function setInitialUpdateAt(): void
     {
         if ($this->updateAt === null) {
-            $this->updateAt = new \DateTime();
+            $this->updateAt = new \DateTimeImmutable();
         }
     }
 
     #[ORM\PreUpdate]
     public function refreshUpdateAt(): void
     {
-        $this->updateAt = new \DateTime();
+        $this->updateAt = new \DateTimeImmutable();
     }
 }