From 252a4e12ff26bf656e23abf07964a6b38957833e Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Wed, 3 Dec 2025 22:38:37 +1300 Subject: [PATCH] Validate format on non-strings --- .../Http/Databases/Collections/Create.php | 1 - .../Utopia/Database/Validator/Attributes.php | 6 +++++- .../Legacy/DatabasesCustomServerTest.php | 18 ++++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Create.php index a4e2265bfb..0dbe995457 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Create.php @@ -19,7 +19,6 @@ use Utopia\Database\Exception\Duplicate as DuplicateException; use Utopia\Database\Exception\Index as IndexException; use Utopia\Database\Exception\Limit as LimitException; use Utopia\Database\Exception\NotFound as NotFoundException; -use Utopia\Database\Exception\Structure as StructureException; use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\Permission; use Utopia\Database\Validator\Authorization; diff --git a/src/Appwrite/Utopia/Database/Validator/Attributes.php b/src/Appwrite/Utopia/Database/Validator/Attributes.php index fae6d6a3b0..fea4086eaf 100644 --- a/src/Appwrite/Utopia/Database/Validator/Attributes.php +++ b/src/Appwrite/Utopia/Database/Validator/Attributes.php @@ -6,7 +6,6 @@ use Utopia\Database\Database; use Utopia\Database\Validator\Datetime as DatetimeValidator; use Utopia\Database\Validator\Key; use Utopia\Validator; -use Utopia\Validator\Boolean as BooleanValidator; use Utopia\Validator\Range; use Utopia\Validator\Text; @@ -135,6 +134,11 @@ class Attributes extends Validator // Validate format if provided if (isset($attribute['format']) && $attribute['format'] !== '') { + // Format is only allowed for string type + if ($attribute['type'] !== Database::VAR_STRING) { + $this->message = "Format is only allowed for string type for attribute '" . $attribute['key'] . "'"; + return false; + } if (!in_array($attribute['format'], $this->supportedFormats)) { $this->message = "Invalid format for attribute '" . $attribute['key'] . "': " . $attribute['format']; return false; diff --git a/tests/e2e/Services/Databases/Legacy/DatabasesCustomServerTest.php b/tests/e2e/Services/Databases/Legacy/DatabasesCustomServerTest.php index 5b2b09c23f..0edcf27108 100644 --- a/tests/e2e/Services/Databases/Legacy/DatabasesCustomServerTest.php +++ b/tests/e2e/Services/Databases/Legacy/DatabasesCustomServerTest.php @@ -7454,6 +7454,24 @@ class DatabasesCustomServerTest extends Scope ]); $this->assertEquals(400, $collection['headers']['status-code']); + // Test: Format on non-string type (format is only allowed for strings) + $collection = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => ID::unique(), + 'name' => 'Format On Integer', + 'attributes' => [ + [ + 'key' => 'count', + 'type' => Database::VAR_INTEGER, + 'format' => 'enum', + ], + ], + ]); + $this->assertEquals(400, $collection['headers']['status-code']); + // Test: Valid integer with min/max range and default within range (should succeed) $collection = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ 'content-type' => 'application/json',