Bugfixes
This commit is contained in:
parent
5d56d41624
commit
ebb6141ec5
@ -41,21 +41,6 @@ async function localGet({ options, dbSchema }) {
|
||||
const tableName = options?.tableName ? options.tableName : undefined;
|
||||
const dbFullName = process.env.DSQL_DB_NAME || "";
|
||||
|
||||
/**
|
||||
* Input Validation
|
||||
*
|
||||
* @description Input Validation
|
||||
*/
|
||||
if (
|
||||
typeof query == "string" &&
|
||||
(query.match(
|
||||
/^alter|^delete|information_schema|databases|^create/i
|
||||
) ||
|
||||
!query.match(/^select|^\( ?select/i))
|
||||
) {
|
||||
return { success: false, msg: "Wrong Input" };
|
||||
}
|
||||
|
||||
/**
|
||||
* Create new user folder and file
|
||||
*
|
||||
@ -71,6 +56,7 @@ async function localGet({ options, dbSchema }) {
|
||||
dbSchema,
|
||||
tableName,
|
||||
local: true,
|
||||
readOnly: true,
|
||||
});
|
||||
|
||||
if (error) throw error;
|
||||
|
@ -21,25 +21,6 @@ async function localPost({ options, dbSchema }) {
|
||||
const { query, tableName, queryValues } = options;
|
||||
const dbFullName = process.env.DSQL_DB_NAME || "";
|
||||
|
||||
/**
|
||||
* Input Validation
|
||||
*
|
||||
* @description Input Validation
|
||||
*/
|
||||
if (
|
||||
typeof query === "string" &&
|
||||
query?.match(/^create |^alter |^drop /i)
|
||||
) {
|
||||
return { success: false, msg: "Wrong Input" };
|
||||
}
|
||||
|
||||
if (
|
||||
typeof query === "object" &&
|
||||
query?.action?.match(/^create |^alter |^drop /i)
|
||||
) {
|
||||
return { success: false, msg: "Wrong Input" };
|
||||
}
|
||||
|
||||
/**
|
||||
* Create new user folder and file
|
||||
*
|
||||
|
@ -94,6 +94,23 @@ async function runQuery({
|
||||
.replace(/ {2,}/g, " ")
|
||||
.trim();
|
||||
|
||||
/**
|
||||
* Input Validation
|
||||
*
|
||||
* @description Input Validation
|
||||
*/
|
||||
if (
|
||||
readOnly &&
|
||||
(formattedQuery.match(
|
||||
/^alter|^delete|information_schema|databases|^create/i
|
||||
) ||
|
||||
!formattedQuery.match(/^select|^\( ?select/i))
|
||||
) {
|
||||
throw new Error("Wrong Input!");
|
||||
}
|
||||
|
||||
console.log("formattedQuery =>", formattedQuery);
|
||||
|
||||
if (local) {
|
||||
const rawResults = await LOCAL_DB_HANDLER(
|
||||
formattedQuery,
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@moduletrace/datasquirel",
|
||||
"version": "2.6.9",
|
||||
"version": "2.7.0",
|
||||
"description": "Cloud-based SQL data management tool",
|
||||
"main": "index.js",
|
||||
"bin": {
|
||||
|
Loading…
Reference in New Issue
Block a user