From 066e0bc236a8bc2a38345effe3d907621cc34ee4 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 7 Oct 2025 23:33:19 +1300 Subject: [PATCH] Validate inc/dec operation value is numeric --- src/Appwrite/Utopia/Database/Validator/Operation.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Appwrite/Utopia/Database/Validator/Operation.php b/src/Appwrite/Utopia/Database/Validator/Operation.php index 4e421689e3..e6884ac677 100644 --- a/src/Appwrite/Utopia/Database/Validator/Operation.php +++ b/src/Appwrite/Utopia/Database/Validator/Operation.php @@ -202,6 +202,11 @@ class Operation extends Validator $this->description = "Key '{$attributeKey}' is required in data for {$action}"; return false; } + // Validate 'value' is numeric if provided (defaults to 1 if omitted) + if (\array_key_exists('value', $value['data']) && !\is_numeric($value['data']['value'])) { + $this->description = "Key 'value' must be a numeric value for {$action}"; + return false; + } } return true;