badmfck-api-server 3.8.1 → 3.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -95,7 +95,7 @@ async function Initializer(services) {
|
|
|
95
95
|
exports.Initializer = Initializer;
|
|
96
96
|
class APIService extends BaseService_1.BaseService {
|
|
97
97
|
static nextLogID = 0;
|
|
98
|
-
version = "3.8.
|
|
98
|
+
version = "3.8.2";
|
|
99
99
|
options;
|
|
100
100
|
monitor = null;
|
|
101
101
|
started = new Date();
|
|
@@ -48,6 +48,7 @@ export declare class MysqlAdapter implements IDBAdapter {
|
|
|
48
48
|
query(request: IDBQuery, conn?: mysql.PoolConnection): Promise<IDBResult>;
|
|
49
49
|
finalizeConnection(conn: mysql.PoolConnection): void;
|
|
50
50
|
prepareQuery(request: IDBQuery): string;
|
|
51
|
+
static safeReplace(query: string, key: string, value: string): string;
|
|
51
52
|
static prepareQueryFieldValue(field: IDBQueryField): string | number | boolean | null | undefined;
|
|
52
53
|
prepareCountQuery(query: string): string;
|
|
53
54
|
commit(trx: ITransaction): Promise<IDBError | null>;
|
|
@@ -519,7 +519,7 @@ class MysqlAdapter {
|
|
|
519
519
|
queryField.name = name.replaceAll("`", '').replaceAll('\"', "").replaceAll('\'', "");
|
|
520
520
|
fields[i] = queryField;
|
|
521
521
|
const parsed = MysqlAdapter.prepareQueryFieldValue(fields[i]);
|
|
522
|
-
query =
|
|
522
|
+
query = MysqlAdapter.safeReplace(query, "@" + name, parsed + "");
|
|
523
523
|
}
|
|
524
524
|
}
|
|
525
525
|
const tmp = query.toLowerCase();
|
|
@@ -538,9 +538,8 @@ class MysqlAdapter {
|
|
|
538
538
|
insertFieldNames.push('`' + f.name + '`');
|
|
539
539
|
insertFieldValues.push(f.__parsedValue);
|
|
540
540
|
}
|
|
541
|
-
query = query
|
|
542
|
-
|
|
543
|
-
.replaceAll('@values', insertFieldValues.join(","));
|
|
541
|
+
query = MysqlAdapter.safeReplace(query, "@fields", insertFieldNames.join(","));
|
|
542
|
+
query = MysqlAdapter.safeReplace(query, "@values", insertFieldValues.join(","));
|
|
544
543
|
}
|
|
545
544
|
if (query.indexOf("@insert") !== -1) {
|
|
546
545
|
let oninsertNames = [];
|
|
@@ -554,7 +553,7 @@ class MysqlAdapter {
|
|
|
554
553
|
oninsertNames.push(f.name);
|
|
555
554
|
oninsertValues.push(f.__parsedValue);
|
|
556
555
|
}
|
|
557
|
-
query =
|
|
556
|
+
query = MysqlAdapter.safeReplace(query, "@insert", `(${oninsertNames.join(",")}) VALUES (${oninsertValues.join(",")})`);
|
|
558
557
|
}
|
|
559
558
|
if (query.indexOf("@onupdate") !== -1) {
|
|
560
559
|
let onUpdate = [];
|
|
@@ -566,7 +565,7 @@ class MysqlAdapter {
|
|
|
566
565
|
continue;
|
|
567
566
|
onUpdate.push('`' + f.name + '` = ' + f.__parsedValue);
|
|
568
567
|
}
|
|
569
|
-
query =
|
|
568
|
+
query = MysqlAdapter.safeReplace(query, "@onupdate", onUpdate.join(" , "));
|
|
570
569
|
}
|
|
571
570
|
if (query.indexOf('@onduplicate') !== -1) {
|
|
572
571
|
let onDuplicate = [];
|
|
@@ -578,10 +577,14 @@ class MysqlAdapter {
|
|
|
578
577
|
continue;
|
|
579
578
|
onDuplicate.push('`' + f.name + '` = ' + f.__parsedValue);
|
|
580
579
|
}
|
|
581
|
-
query =
|
|
580
|
+
query = MysqlAdapter.safeReplace(query, "@onduplicate", onDuplicate.join(" , "));
|
|
582
581
|
}
|
|
583
582
|
return query;
|
|
584
583
|
}
|
|
584
|
+
static safeReplace(query, key, value) {
|
|
585
|
+
const regex = new RegExp(key + "(?=\\b|\\s|,|\\)|$)", "g");
|
|
586
|
+
return query.replace(regex, value);
|
|
587
|
+
}
|
|
585
588
|
static prepareQueryFieldValue(field) {
|
|
586
589
|
let value = field.value;
|
|
587
590
|
let system = field.system;
|