From 2e032caa92814a27dbb87d5173f7cde1382b225c Mon Sep 17 00:00:00 2001
From: Patryk Kula <patryk.kula@icloud.com>
Date: Fri, 9 Feb 2024 15:08:47 +0100
Subject: [PATCH] Fix: Additional HrefTransform validation for $type and $id
 (#434)

---
 UPGRADE.md                          | 3 +++
 src/Transformer/HrefTransformer.php | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/UPGRADE.md b/UPGRADE.md
index 32617b8d..d16bb5a5 100644
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -1,5 +1,8 @@
 # Upgrade Notes
  
+## 5.0.4
+- Add Additional HrefTransformer validation for `$type` and `$id` [patkul0](https://github.com/dachcom-digital/pimcore-formbuilder/pull/434)
+
 ## 5.0.3
 - Fix element type check in api channel [#423](https://github.com/dachcom-digital/pimcore-formbuilder/issues/423)
 
diff --git a/src/Transformer/HrefTransformer.php b/src/Transformer/HrefTransformer.php
index 6e92b8dd..a1f4fa33 100644
--- a/src/Transformer/HrefTransformer.php
+++ b/src/Transformer/HrefTransformer.php
@@ -28,8 +28,12 @@ public function reverseTransform(mixed $values, $optionConfig = null): array
             $type = $value['type'];
             $id = $value['id'];
 
+            if (empty($id) || !in_array($type, ['object', 'asset', 'document'])) {
+                continue;
+            }
+
             if (is_numeric($id)) {
-                $element = Service::getElementById($type, $id);
+                $element = Service::getElementById($type, (int) $id);
             } else {
                 // legacy
                 $element = Service::getElementByPath($type, $id);