doomiwork 3.7.0 → 3.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -128,8 +128,8 @@ class mysqlDao extends dao{
128
128
  async update(Sql, model, id) {return this.executeSql(Sql, [model, id]);}
129
129
  ///删除记录
130
130
  async delete(Sql, id,userid) {
131
- let result = await this.executeSql(Sql, id);
132
- if (result.successed && this.tableoption.logicDelete && userid && (this.tableoption.logDeleteBy || this.tableoption.logDeleteDate)){
131
+ return this.executeSql(Sql, id);
132
+ /*if (result.successed && this.tableoption.logicDelete && userid && (this.tableoption.logDeleteBy || this.tableoption.logDeleteDate)){
133
133
  let sqlLog = `update ${this.tableoption.tableName} set ? where ${this.tableoption.primaryKey}=? ${this.tableoption.forcefilter}`;
134
134
  let model = {};
135
135
  if (this.tableoption.logDeleteBy){
@@ -141,6 +141,7 @@ class mysqlDao extends dao{
141
141
  if (Object.keys(model).length>0) this.executeSql(sqlLog, [model, id]);
142
142
  }
143
143
  return result;
144
+ */
144
145
  }
145
146
  /**
146
147
  * 获取对应数据的权限设置
@@ -117,7 +117,7 @@ class Database {
117
117
  if (err) {
118
118
  this.logger.error("Database Query Error :" + err, sqlCommand);
119
119
  this.logError(null, '数据库操作错误:' + err + sqlCommand)
120
- return success(Object.assign(apiResult.DB_EXECUTE_FAILED, { errmessage: err.message }));
120
+ return success(Object.assign(apiResult.DB_EXECUTE_FAILED, { errmessage:'数据库操作错误'}));// err.message }));
121
121
  }
122
122
  return success({ successed: true, rows: rows });//,fields:fields});
123
123
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "doomiwork",
3
- "version": "3.7.0",
3
+ "version": "3.7.1",
4
4
  "description": "doomisoft nodejs web framework",
5
5
  "main": "index.js",
6
6
  "scripts": {
@@ -64,6 +64,9 @@ class RequestParser {
64
64
  if (!keyValue && noQuoteProtect) {
65
65
  keyValue = '1=0'
66
66
  }
67
+ }else{ ////数组形式的参数,目前框架不支持,统一认为为sql注入攻击,全部忽略
68
+ parseKeyWordIsNull = true;
69
+ keyValue = ''
67
70
  }
68
71
  sql=sql.replace(ele,keyValue);
69
72
  });