fix(drizzle): sanitize query value uuid / number id NaN (#8369)

Fixes #8347 (additionally
for UUID search as well)

Author: r1tsuu

packages/drizzle/src/queries/parseParams.ts

@@ -2,6 +2,7 @@ import type { SQL } from 'drizzle-orm'
 import type { Field, Operator, Where } from 'payload'
 
 import { and, isNotNull, isNull, ne, notInArray, or, sql } from 'drizzle-orm'
+import { PgUUID } from 'drizzle-orm/pg-core'
 import { QueryError } from 'payload'
 import { validOperators } from 'payload/shared'
 
@@ -194,6 +195,7 @@ export function parseParams({
                   adapter,
                   columns,
                   field,
+                  isUUID: table?.[columnName] instanceof PgUUID,
                   operator,
                   relationOrPath,
                   val,

packages/drizzle/src/queries/sanitizeQueryValue.ts

@@ -16,6 +16,7 @@ type SanitizeQueryValueArgs = {
     rawColumn: SQL<unknown>
   }[]
   field: Field | TabAsField
+  isUUID: boolean
   operator: string
   relationOrPath: string
   val: any
@@ -30,6 +31,7 @@ export const sanitizeQueryValue = ({
   adapter,
   columns,
   field,
+  isUUID,
   operator: operatorArg,
   relationOrPath,
   val,
@@ -90,6 +92,16 @@ export const sanitizeQueryValue = ({
 
   if (field.type === 'number' && typeof formattedValue === 'string') {
     formattedValue = Number(val)
+
+    if (Number.isNaN(formattedValue)) {
+      formattedValue = null
+    }
+  }
+
+  if (isUUID && typeof formattedValue === 'string') {
+    if (!uuidValidate(val)) {
+      formattedValue = null
+    }
   }
 
   if (field.type === 'date' && operator !== 'exists') {

test/collections-rest/int.spec.ts

@@ -934,6 +934,22 @@ describe('collections-rest', () => {
         expect(result.totalDocs).toEqual(1)
       })
 
+      it('like - id should not crash', async () => {
+        const post = await createPost({ title: 'post' })
+
+        const response = await restClient.GET(`/${slug}`, {
+          query: {
+            where: {
+              id: {
+                like: 'words partial',
+              },
+            },
+          },
+        })
+
+        expect(response.status).toEqual(200)
+      })
+
       it('exists - true', async () => {
         const postWithDesc = await createPost({ description: 'exists' })
         await createPost({ description: undefined })