Affects Version/s: None
Fix Version/s: 2.5
Security Level: All
This issue is created automatically through a Github pull request on behalf of hackedd:
Using a query parameter of which the name starts with an underscore results in a QueryException. For example:
$q = $em->createQueryBuilder()
->where("u.username = :_name")
Invalid parameter format, : given, but :<name> or ?<num> expected.
This happens because of a bug in the Lexer, which recognizes `:_name` as two tokens (the `:` as the start of a input parameter, `_name` as an identifier). The attached patch changes the regular expression for input parameters to allow identifiers starting with a letter or underscore.