From 1a5712017bc40c0eac68b53f5fd93061a606ac65 Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Tue, 28 Dec 2021 18:57:24 +0100
Subject: [PATCH 1/3] fix: database query value limits

---
 app/controllers/api/database.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php
index 2841c6fa4..ced5de1c2 100644
--- a/app/controllers/api/database.php
+++ b/app/controllers/api/database.php
@@ -1717,7 +1717,15 @@ App::get('/v1/database/collections/:collectionId/documents')
             }
         }
 
-        $queries = \array_map(fn ($query) => Query::parse($query), $queries);
+        $queries = \array_map(function ($query) {
+            $query = Query::parse($query);
+
+            if (\count($query->getValues()) > 100) {
+                throw new Exception("You cannot use more than 100 query values on attribute '{$query->getAttribute()}'", 400);
+            }
+
+            return $query;
+        }, $queries);
 
         if (!empty($queries)) {
             $validator = new QueriesValidator(new QueryValidator($collection->getAttribute('attributes', [])), $collection->getAttribute('indexes', []), true);

From 9e88092ee8b710f2cd22d5eb862d96cee0d3772c Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Tue, 28 Dec 2021 19:16:22 +0100
Subject: [PATCH 2/3] tests: add tests for query limit

---
 tests/e2e/Services/Database/DatabaseBase.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php
index f226b88ac..564e7975a 100644
--- a/tests/e2e/Services/Database/DatabaseBase.php
+++ b/tests/e2e/Services/Database/DatabaseBase.php
@@ -1201,6 +1201,21 @@ trait DatabaseBase
         $this->assertEquals(400, $documents['headers']['status-code']);
         $this->assertEquals('Index not found: actors', $documents['body']['message']);
 
+        $conditions = [];
+
+        for ($i=0; $i < 101; $i++) { 
+            $conditions[] = $i;
+        }
+
+        $documents = $this->client->call(Client::METHOD_GET, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()), [
+            'queries' => ['releaseYear.equal(' . implode(',', $conditions) . ')'],
+        ]);
+
+        $this->assertEquals(400, $documents['headers']['status-code']);
+
         return [];
     }
 

From 03989a052bfc39002cfafcd42ad3f42472f0a452 Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Wed, 29 Dec 2021 15:06:44 +0100
Subject: [PATCH 3/3] fix: query on

---
 composer.lock                                | 12 ++++++------
 tests/e2e/Services/Database/DatabaseBase.php | 11 +++++++++++
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/composer.lock b/composer.lock
index 00e3ca58f..2e8f6a495 100644
--- a/composer.lock
+++ b/composer.lock
@@ -2138,16 +2138,16 @@
         },
         {
             "name": "utopia-php/database",
-            "version": "0.13.0",
+            "version": "0.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/utopia-php/database.git",
-                "reference": "2e13987364f4966ec8a36784d4fb5df3a84e4e78"
+                "reference": "a1b2849c991b6384fe70e3c2d0633256a4fb795b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/utopia-php/database/zipball/2e13987364f4966ec8a36784d4fb5df3a84e4e78",
-                "reference": "2e13987364f4966ec8a36784d4fb5df3a84e4e78",
+                "url": "https://api.github.com/repos/utopia-php/database/zipball/a1b2849c991b6384fe70e3c2d0633256a4fb795b",
+                "reference": "a1b2849c991b6384fe70e3c2d0633256a4fb795b",
                 "shasum": ""
             },
             "require": {
@@ -2195,9 +2195,9 @@
             ],
             "support": {
                 "issues": "https://github.com/utopia-php/database/issues",
-                "source": "https://github.com/utopia-php/database/tree/0.13.0"
+                "source": "https://github.com/utopia-php/database/tree/0.13.1"
             },
-            "time": "2021-12-27T12:59:50+00:00"
+            "time": "2021-12-29T14:04:55+00:00"
         },
         {
             "name": "utopia-php/domains",
diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php
index f226b88ac..d367fa92f 100644
--- a/tests/e2e/Services/Database/DatabaseBase.php
+++ b/tests/e2e/Services/Database/DatabaseBase.php
@@ -1145,6 +1145,17 @@ trait DatabaseBase
         $this->assertEquals(1944, $documents['body']['documents'][0]['releaseYear']);
         $this->assertCount(1, $documents['body']['documents']);
 
+        $documents = $this->client->call(Client::METHOD_GET, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()), [
+            'queries' => ['$id.equal("' . $documents['body']['documents'][0]['$id'] . '")'],
+        ]);
+
+        $this->assertEquals($documents['headers']['status-code'], 200);
+        $this->assertEquals(1944, $documents['body']['documents'][0]['releaseYear']);
+        $this->assertCount(1, $documents['body']['documents']);
+
         $documents = $this->client->call(Client::METHOD_GET, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],