doomiwork 2.9.2 → 2.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/core/database/daoBase.js +1 -1
  2. package/core/database/mysqlbase.js +9 -2
  3. package/package.json +1 -1
  4. package/utilities/requestparser.js +7 -26
package/core/database/daoBase.js CHANGED
@@ -4,7 +4,7 @@
4
4
  * Author : Stephen.Shen
5
5
  */
6
6
 
7
- var dao = require('./mysqlbase');
7
+ const dao = require('./mysqlbase');
8
8
 
9
9
  class mysqlDao extends dao{
10
10
  /**
package/core/database/mysqlbase.js CHANGED
@@ -2,10 +2,10 @@
2
2
  * MySql 封装 (简单,应该尚未完善)
3
3
  */
4
4
  //var mysql = require('mysql');
5
- var apiResult = require('../actionresult');
5
+ const apiResult = require('../actionresult');
6
6
  const logHelper = require('doomi-helper').logHelper;
7
- //const appsetting = require('../../configuration/appsetting').getCurrentApp();
8
7
  const PoolManager = require('./poolmanager')
8
+ const mysql = require('mysql');
9
9
  class Database {
10
10
  /**
11
11
  *
@@ -17,6 +17,13 @@ class Database {
17
17
  //mysql.createPool(appsetting.getConnection(connectionstring || 'dev'));
18
18
  this.logger = logHelper.getInstance().getLogger("framework");
19
19
  }
20
+ /**
21
+ * 防Sql注入进行编码
22
+ * @param {*} value
23
+ */
24
+ escape(value){
25
+ return mysql.escape(value);
26
+ }
20
27
  /**
21
28
  * 不事务执行SQL命令
22
29
  * @param {*} sqlCommand
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "doomiwork",
3
- "version": "2.9.2",
3
+ "version": "2.9.5",
4
4
  "description": "doomisoft nodejs web framework",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/utilities/requestparser.js CHANGED
@@ -30,10 +30,13 @@ class RequestParser {
30
30
  let matchValue = ele.substring(1,ele.length-1);
31
31
  if (matchValue.indexOf(' ')>=0 || matchValue.indexOf(':')>=0 || matchValue.indexOf('=')>=0) return;
32
32
  let keyValue =utility.ifNull(keyParse.parseKeyValue(req,ele.substring(1,ele.length-1)),'');
33
- if(keyValue=='') parseKeyWordIsNull = true;
34
- keyValue = mysql.escape(keyValue)
35
- //keyValue = keyValue.replace(/'/g, "''")
36
- keyValue = keyValue.substr(1, a.length - 2)
33
+ if(keyValue=='') {
34
+ parseKeyWordIsNull = true;
35
+ }else if (typeof(keyValue)==='string'){
36
+ keyValue = mysql.escape(keyValue)
37
+ keyValue = keyValue.substr(1, keyValue.length - 2)
38
+ }
39
+
37
40
  sql=sql.replace(ele,keyValue);
38
41
  });
39
42
  if (!allowNull && parseKeyWordIsNull) return '';
@@ -105,28 +108,6 @@ class RequestParser {
105
108
  this.parseAndReplaceSql(req,countsql),
106
109
  req.searchCondition)+';'
107
110
  }
108
- // switch (req.sqltype) {
109
- // case 'sql':
110
- // ///客户端调用时是否传递一些 特殊的过滤方式
111
- // req.listSql =this.parseAndReplaceSql(req,req.dataConfig.list.sql) +
112
- // ' ' + req.searchCondition + clientFilter +
113
- // (utility.isNullOrEmpty(req.sort) ? '' : (' order by ' + (req.sort+' '+req.order))) +
114
- // (export2Excel?'':' limit ' + req.pageSize + ' OFFSET ' + (req.page - 1) * req.pageSize) +
115
- // /////在Sql中再放入获取总记录数的语句
116
- // ';SELECT FOUND_ROWS() AS total;';
117
- // if (req.dataConfig.list.countsql){
118
- // req.countSql = this.appendSearchCondition2Count(
119
- // this.parseAndReplaceSql(req,req.dataConfig.list.countsql),
120
- // req.searchCondition
121
- // )
122
- // req.listSql+=req.countSql +';';
123
- // }
124
- // break;
125
- // ////来自DAO对象的属性
126
- // ////一般较复杂的SQL写在DAO对象的constantSql属性中
127
- // case 'property':
128
- // break;
129
- // }
130
111
  }
131
112
  }
132
113
  }