Fix string filter unexpectedly being casted to number (#10138)

* Fix string unexpectedly being casted to numbers

* Parse filter with multiple keys into `_and` block.

* Fixed filter structure in tests

api/src/middleware/sanitize-query.ts

@@ -7,7 +7,7 @@ import { RequestHandler } from 'express';
 import { sanitizeQuery } from '../utils/sanitize-query';
 import { validateQuery } from '../utils/validate-query';
 
-const sanitizeQueryMiddleware: RequestHandler = (req, res, next) => {
+const sanitizeQueryMiddleware: RequestHandler = (req, _res, next) => {
 	req.sanitizedQuery = {};
 	if (!req.query) return;
 

api/src/utils/sanitize-query.ts

@@ -3,7 +3,7 @@ import logger from '../logger';
 import { Meta } from '../types';
 import { Query, Aggregate, Filter } from '@directus/shared/types';
 import { Accountability } from '@directus/shared/types';
-import { parseFilter, deepMap } from '@directus/shared/utils';
+import { parseFilter } from '@directus/shared/utils';
 
 export function sanitizeQuery(rawQuery: Record<string, any>, accountability?: Accountability | null): Query {
 	const query: Query = {};
@@ -124,18 +124,6 @@ function sanitizeFilter(rawFilter: any, accountability: Accountability | null) {
 		}
 	}
 
-	filters = deepMap(filters, (val) => {
-		try {
-			const parsed = JSON.parse(val);
-
-			if (typeof parsed == 'number' && !Number.isSafeInteger(parsed)) return val;
-
-			return parsed;
-		} catch {
-			return val;
-		}
-	});
-
 	return parseFilter(filters, accountability);
 }
 

api/src/utils/validate-query.ts

@@ -103,7 +103,7 @@ function validateFilterPrimitive(value: any, key: string) {
 		throw new InvalidQueryException(`The filter value for "${key}" has to be a string, number, or boolean`);
 	}
 
-	if (typeof value === 'number' && Number.isNaN(value)) {
+	if (typeof value === 'number' && (Number.isNaN(value) || !Number.isSafeInteger(value))) {
 		throw new InvalidQueryException(`The filter value for "${key}" is not a valid number`);
 	}