From 8dc7d24d5ac6bf8f81c726b6887260198f609ee1 Mon Sep 17 00:00:00 2001
From: Eldad Fux <eldad.fux@gmail.com>
Date: Sun, 16 Jan 2022 01:25:00 +0200
Subject: [PATCH 1/2] Fixed missing validation

---
 app/controllers/api/account.php     | 6 +++---
 app/controllers/api/projects.php    | 2 +-
 app/views/console/users/index.phtml | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 5316ba6ef1..2ff087b725 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -479,7 +479,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                 $limit = $project->getAttribute('auths', [])['limit'] ?? 0;
 
                 if ($limit !== 0) {
-                    $sum = $dbForProject->count('users', [ new Query('deleted', Query::TYPE_EQUAL, [false]),], APP_LIMIT_COUNT);
+                    $sum = $dbForProject->count('users', [ new Query('deleted', Query::TYPE_EQUAL, [false]),], APP_LIMIT_USERS);
 
                     if ($sum >= $limit) {
                         throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
@@ -652,7 +652,7 @@ App::post('/v1/account/sessions/magic-url')
             if ($limit !== 0) {
                 $sum = $dbForProject->count('users', [
                     new Query('deleted', Query::TYPE_EQUAL, [false]),
-                ], APP_LIMIT_COUNT);
+                ], APP_LIMIT_USERS);
 
                 if ($sum >= $limit) {
                     throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
@@ -924,7 +924,7 @@ App::post('/v1/account/sessions/anonymous')
         if ($limit !== 0) {
             $sum = $dbForProject->count('users', [
                 new Query('deleted', Query::TYPE_EQUAL, [false]),
-            ], APP_LIMIT_COUNT);
+            ], APP_LIMIT_USERS);
 
             if ($sum >= $limit) {
                 throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index 9c4f9bc9bf..1ef711e6fe 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -461,7 +461,7 @@ App::patch('/v1/projects/:projectId/auth/limit')
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_PROJECT)
     ->param('projectId', '', new UID(), 'Project unique ID.')
-    ->param('limit', false, new Integer(true), 'Set the max number of users allowed in this project. Use 0 for unlimited.')
+    ->param('limit', false, new Range(0, APP_LIMIT_USERS), 'Set the max number of users allowed in this project. Use 0 for unlimited.')
     ->inject('response')
     ->inject('dbForConsole')
     ->action(function ($projectId, $limit, $response, $dbForConsole) {
diff --git a/app/views/console/users/index.phtml b/app/views/console/users/index.phtml
index a290b6d68a..b55917eb5c 100644
--- a/app/views/console/users/index.phtml
+++ b/app/views/console/users/index.phtml
@@ -353,13 +353,13 @@ $smtpEnabled = $this->getParam('smtpEnabled', false);
                     data-failure-param-alert-text="Failed to update project users limit"
                     data-failure-param-alert-classname="error">
 
-                    <input name="limit" id="users-limit" type="number" data-ls-bind="{{console-project.authLimit}}" data-cast-to="numeric" min="0" />
+                    <input name="limit" id="users-limit" type="number" data-ls-bind="{{console-project.authLimit}}" data-cast-to="numeric" min="0" max="<?php echo APP_LIMIT_USERS; ?>" />
 
                     <div class="info row thin margin-bottom margin-top">
                         <div class="col span-1">
                             <i class="icon-info-circled text-sign"></i>
                         </div>
-                        <div class="col span-11">This limit will prevent new users from signing up for your project, no matter what auth method has been used. You will still be able to create users and team memberships from your Appwrite console. For an unlimited amount of users, set the limit to 0.</div>
+                        <div class="col span-11">This limit will prevent new users from signing up for your project, no matter what auth method has been used. You will still be able to create users and team memberships from your Appwrite console. For an unlimited amount of users, set the limit to 0. Max limit is <?php echo number_format(APP_LIMIT_USERS); ?>.</div>
                     </div>
 
                     <button>Update</button> &nbsp; <button data-ui-modal-close="" type="button" class="reverse">Cancel</button>

From 9650f37dc9f31eec95f7ae651e2f69da8af6d38a Mon Sep 17 00:00:00 2001
From: Eldad Fux <eldad.fux@gmail.com>
Date: Sun, 16 Jan 2022 08:33:47 +0200
Subject: [PATCH 2/2] Update image magick version

---
 Dockerfile                 | 2 +-
 app/config/collections.php | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index e6f1334206..4f8192427d 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,7 @@ ENV DEBUG=$DEBUG
 ENV PHP_REDIS_VERSION=5.3.5 \
     PHP_MONGODB_VERSION=1.9.1 \
     PHP_SWOOLE_VERSION=v4.8.5 \
-    PHP_IMAGICK_VERSION=3.5.1 \
+    PHP_IMAGICK_VERSION=3.7.0 \
     PHP_YAML_VERSION=2.2.2 \
     PHP_MAXMINDDB_VERSION=v1.11.0
 
diff --git a/app/config/collections.php b/app/config/collections.php
index c0a5b476e5..abcdec9c1d 100644
--- a/app/config/collections.php
+++ b/app/config/collections.php
@@ -2209,6 +2209,7 @@ $collections = [
             ],
         ],
     ],
+
     'stats' => [
         '$collection' => Database::METADATA,
         '$id' => 'stats',
@@ -2294,6 +2295,7 @@ $collections = [
             ],
         ],
     ],
+    
     'realtime' => [
         '$collection' => Database::METADATA,
         '$id' => 'realtime',