From 991c6dea64e4b9604b3c91aaead5dcf530a28d70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Tue, 27 Dec 2022 20:15:22 +0100
Subject: [PATCH 1/2] Fix nested escaping

---
 src/Appwrite/GraphQL/Resolvers.php | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/Appwrite/GraphQL/Resolvers.php b/src/Appwrite/GraphQL/Resolvers.php
index 8da3fac586..2697c73fe7 100644
--- a/src/Appwrite/GraphQL/Resolvers.php
+++ b/src/Appwrite/GraphQL/Resolvers.php
@@ -291,13 +291,7 @@ class Resolvers
             return;
         }
 
-        foreach ($payload as $key => $value) {
-            if (\str_starts_with($key, '$')) {
-                $escapedKey = \str_replace('$', '_', $key);
-                $payload[$escapedKey] = $value;
-                unset($payload[$key]);
-            }
-        }
+        $payload = self::escapePayload($payload, 1);
 
         if ($beforeResolve) {
             $payload = $beforeResolve($payload);
@@ -305,4 +299,24 @@ class Resolvers
 
         $resolve($payload);
     }
+
+    private static function escapePayload(array $payload, int $depth) {
+        if($depth > App::getEnv('_APP_GRAPHQL_MAX_DEPTH', 3)) {
+            return;
+        }
+
+        foreach ($payload as $key => $value) {
+            if (\str_starts_with($key, '$')) {
+                $escapedKey = \str_replace('$', '_', $key);
+                $payload[$escapedKey] = $value;
+                unset($payload[$key]);
+            }
+
+            if(\is_array($value)) {
+                $payload[$key] = self::escapePayload($value, $depth + 1);
+            }
+        }
+
+        return $payload;
+    }
 }

From 0865b240c4ca551adfd7c298342d5c2aee03eb84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Tue, 27 Dec 2022 20:33:16 +0100
Subject: [PATCH 2/2] Fix linter

---
 src/Appwrite/GraphQL/Resolvers.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/Appwrite/GraphQL/Resolvers.php b/src/Appwrite/GraphQL/Resolvers.php
index 2697c73fe7..c143a93554 100644
--- a/src/Appwrite/GraphQL/Resolvers.php
+++ b/src/Appwrite/GraphQL/Resolvers.php
@@ -300,8 +300,9 @@ class Resolvers
         $resolve($payload);
     }
 
-    private static function escapePayload(array $payload, int $depth) {
-        if($depth > App::getEnv('_APP_GRAPHQL_MAX_DEPTH', 3)) {
+    private static function escapePayload(array $payload, int $depth)
+    {
+        if ($depth > App::getEnv('_APP_GRAPHQL_MAX_DEPTH', 3)) {
             return;
         }
 
@@ -312,7 +313,7 @@ class Resolvers
                 unset($payload[$key]);
             }
 
-            if(\is_array($value)) {
+            if (\is_array($value)) {
                 $payload[$key] = self::escapePayload($value, $depth + 1);
             }
         }