doomiwork 4.1.2 → 4.1.4

package/configuration/routerconfig.js

@@ -129,7 +129,7 @@ module.exports.loadController=(app, routes)=> {
             if (modules.length > 0) {
                 for (const modulePath of modules) {
                     //if (app.logger) app.logger.trace('initlize controller [%s] for baseUrl [%s]', modulePath, baseUrl);
-                    console.log('initlize controller [%s] for baseUrl [%s]', modulePath, baseUrl);
+                    // console.log('initlize controller [%s] for baseUrl [%s]', modulePath, baseUrl);
                     const controllModule = require(modulePath);
                     const controller = new controllModule(app);
                     app.use(baseUrl, controller.router);

package/core/controller.js

@@ -182,11 +182,11 @@ class controller {
     */
     async getListData(req, dataKey, configFile = 0) {
         if (this.logger) this.logger.trace("准备获取dataconfig文件中对应的 %s list数据",dataKey)
-        const listinfo = getListInfo(req, dataKey, configFile,this._daoModel);
+        const listinfo = getListInfo(req, dataKey, configFile, this._daoModel, ignorefilter==1);
         if (!listinfo) return { successed: false, errcode: -10, errmsg:`缺失${dataKey}对应的查询语句`};
 
         ////直接操作数据库之前，可由子类再次Handler
-        let beforeData = await this.beforeAccessDB(req, listinfo.sql,null, "list", this);
+        let beforeData = await this.beforeAccessDB(req, listinfo.sql, listinfo.params, "list", this);
         ////如果返回Null,则表示不加载数据了
         if (beforeData.canceled === true) return { successed: false, errorcode: 1, errmsg: "操作取消" };
         ////操作数据库

package/core/database/daoBase.js

@@ -101,17 +101,17 @@ class mysqlDao extends dao{
     /**
      * 删除记录
      */
-    deleteSql(id) { 
-        const ids = (id + '').trim().split(',').map(x => '\'' + x + '\'');
+    deleteSql() { 
+        // const ids = (id + '').trim().split(',').map(x => '\'' + x + '\'');
         ////如果是逻辑删除，则只将记录的删除状态设置为1
         if(this.tableoption.logicDelete)  {
 
-            let sqlDelete = `update ${this.tableoption.tableName} set #DELETEBY# #DELETEDATE# ${this.tableoption.logicDeleteField || 'rec_isdeleted'} =1 where ${this.tableoption.primaryKey} in (?) ${this.tableoption.forcefilter}`; 
+            let sqlDelete = `update ${this.tableoption.tableName} set #DELETEBY# #DELETEDATE# ${this.tableoption.logicDeleteField || 'rec_isdeleted'} =1 where ${this.tableoption.primaryKey} =? ${this.tableoption.forcefilter}`; 
             sqlDelete = sqlDelete.replace('#DELETEBY#', this.tableoption.logDeleteBy?`${this.tableoption.logDeleteBy}=?,`:'')
             sqlDelete = sqlDelete.replace('#DELETEDATE#', this.tableoption.logDeleteDate ? `${this.tableoption.logDeleteDate}=now(),` : '');
             return sqlDelete;
         }
-        return `delete from ${this.tableoption.tableName} where ${this.tableoption.primaryKey} in (?) ${this.tableoption.forcefilter}`; 
+        return `delete from ${this.tableoption.tableName} where ${this.tableoption.primaryKey} =? ${this.tableoption.forcefilter}`; 
     }
 
     /**
@@ -131,9 +131,9 @@ class mysqlDao extends dao{
     async delete(Sql, id,userid) { 
         const ids = (id + '').trim().split(',').map(x => '\'' + x + '\'');
         if (this.tableoption.logicDelete && this.tableoption.logDeleteBy){
-            return this.executeSql(Sql, [userid, ids.join(',')]); 
+            return this.executeSql(Sql, [userid, id]);  //ids.join(',')]); 
         }
-        return this.executeSql(Sql, ids.join(',')); 
+        return this.executeSql(Sql, id); //ids.join(',')); 
         ///
         //return this.executeSql(Sql, id); 
         /*if (result.successed && this.tableoption.logicDelete && userid && (this.tableoption.logDeleteBy || this.tableoption.logDeleteDate)){

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "doomiwork",
-  "version": "4.1.2",
+  "version": "4.1.4",
   "description": "doomisoft nodejs web framework",
   "main": "index.js",
   "scripts": {
@@ -15,9 +15,9 @@
   "license": "ISC",
   "dependencies": {
     "express": "^4.17.1",
-    "moment": "^2.29.1",
+    "moment": "^2.29.4",
     "mysql": "^2.18.1",
     "node-uuid": "^1.4.8",
-    "node-xlsx": "^0.23.0"
+    "node-xlsx": "^0.24.0"
   }
 }

package/utilities/keywordparse.js

@@ -55,14 +55,14 @@ module.exports.parseKeyValue=(req,str)=>{
  * @param {*} defaultValue 如果不满足，则返回默认的
  * @returns 
  */
-module.exports.validatorParamsType=(value, dataType, defaultValue = null)=> {
+module.exports.validatorParamsType = (value, dataType, defaultValue = null, inscope=[])=> {
     if (!value || !dataType) return value;
     switch (dataType.toLowerCase()) {
         case 'guid':       ///限制长度为36位的GUID
-            if (value.length != 36 || value.split('-').length != 5) return defaultValue;
+            if (value.length != 36 || value.split('-').length != 5) value= defaultValue;
             break;
         case 'number':   ///限制为数字
-            if (isNaN(value)) return defaultValue;
+            if (isNaN(value)) value= defaultValue;
             break;
         case 'date':       ///限制为日期，格式输出为YYYY-MM-DD
             let date = Date.parse(value);
@@ -72,8 +72,25 @@ module.exports.validatorParamsType=(value, dataType, defaultValue = null)=> {
             let datetime = Date.parse(value);
             if (isNaN(datetime)) return defaultValue;
             return datetime;
+        case 'array':      ///返回数组
+            value= value.split(',');
     }
-    return value;
+    ///检查值在不在范围内取值
+    let inRange = true;
+    if (inscope.length > 0 && value) {
+        inRange = false;
+        if (Array.isArray(value)) {
+            for(const item of value){
+                if (inscope.some(scope => scope.toLowerCase() === item.toLowerCase())){
+                    inRange = true;
+                    break;
+                } 
+            }
+        } else {
+            inRange = inscope.some(scope => scope.toLowerCase() === value.toLowerCase())
+        }
+    }
+    return inRange ? value : defaultValue;
 }
 
 /**

package/utilities/requestparser-bak.js

@@ -0,0 +1,163 @@
+const { parseKeyValue, validatorParamsType } = require('./keywordparse');
+const dataconfig = require('../configuration/dataconfig').getCurrent();
+const mysql = require('mysql');
+const ORDER_STRING = ['asc', 'desc']
+const FORBID_SQL_KEYWORD = /;|(--)|(\bWHERE\b)|(\bSHOW\b)|(\bCOUNT\(\b)|(\bCREATE\b)|(\bCALL\b)|(\bBY\b)|(\bORDER\b)|(\bJOIN\b)|(\bUNION\b)|(\bFROM\b)|(\bSELECT\b)|(\bDROP\b)|(\bTRUNCATE\b)|(\bDELETE\b)|(\bUPDATE\b)|(\bINSERT\b)|(\bEXEC\b)|(\bEXECUTE\b)/gi;
+
+function appendSearchCondition2Count(originSql, searchCondition) {
+    ///如果包含了这个特定的字符，则替换
+    if (originSql.indexOf('#APPENDSEARCH#') >= 0)
+        return originSql.replace('#APPENDSEARCH#', searchCondition);
+    return originSql + ' ' + searchCondition;
+}
+/**
+ * 检查是否有Sql注入的风险
+ * @param {*} sql 
+ */
+function checkSqlInjection(sql) {
+    if (!sql) return sql;
+    if (FORBID_SQL_KEYWORD.test(sql)) return '';
+    //let sqlError = sql.match(FORBID_SQL_KEYWORD); //strict ? sql.match(FORBID_SQL_KEYWORD_STRICT):sql.match(FORBID_SQL_KEYWORD);
+    //if (sqlError && sqlError.length > 0) return '';
+    return sql;
+}
+/*
+* 根据对应列表的配置(dataConfig.list.search),从请求上下文中获取用户进行搜索的参数信息
+*/
+module.exports.getSearchCondition = (option) => {
+    let paraCopy = option || {};
+    if (!paraCopy.request || !paraCopy.refer) return '';
+    if (!paraCopy.valueFrom) paraCopy.valueFrom = "all";
+    const request = paraCopy.request;
+    let retSearch = [];
+    paraCopy.refer.forEach(element => {
+        retSearch.push(this.parseTagInSql(request, element.pattern, false));
+    });
+    return retSearch.join('');
+}
+
+/**
+ * 解析sql字符串中特殊的占位符
+ * @param {*} req 
+ * @param {*} sql 
+ * @param {*} allowNull 
+ * @returns 
+ */
+module.exports.parseTagInSql = (req, sql, allowNull = true) => {
+    if (!sql) return '';
+    ///定义正则准备查找sql中的特定关键字
+    const matched = sql.match(/@.*?@/g);
+    if (!matched || matched.length <= 0) return sql;
+    let parseKeyWordIsNull = false;
+
+    const charReg = /\s+|:|=/gi
+    matched.forEach(ele => {
+        let matchValue = ele.substring(1, ele.length - 1);
+        ///不允许特殊字符出现
+        let notdo = matchValue.match(charReg);
+        if (notdo && notdo.length > 0) return;
+
+        let noQuoteProtect = matchValue[0] == '!';
+        if (noQuoteProtect) {
+            matchValue = matchValue.substring(1);
+        }
+        ///是否有格式要求
+        let validformat = matchValue.split('|');
+        matchValue = validformat[0];
+        let keyValue = (parseKeyValue(req, matchValue) || '')+''; //utility.ifNull(keyParse.parseKeyValue(req, matchValue), '')+'';
+        if (!keyValue) {
+            parseKeyWordIsNull = true;
+        } else if (typeof (keyValue) === 'string') {
+            keyValue = noQuoteProtect ? checkSqlInjection(mysql.escape(keyValue)) : mysql.escape(keyValue)
+            keyValue = keyValue.substr(1, keyValue.length - 2);
+            ///验证参数的格式合法性
+            if (keyValue && validformat.length > 1) {
+                // console.log(`参数格式合法检查==>${validformat[1]}:${matchValue} = ${keyValue}`)
+                keyValue = validatorParamsType(keyValue, validformat[1], validformat[2])
+            }
+            if (!keyValue) {
+                parseKeyWordIsNull = true;
+            }
+            ///没有引号保护下发现了sql注入，则用1=0不返回任何结果
+            if (!keyValue && noQuoteProtect) {
+                keyValue = '1=0'
+            }
+        } else {  ////数组形式的参数，目前框架不支持，统一认为为sql注入攻击,全部忽略
+            // console.log(`参数非法==>类型${typeof (keyValue)}:${matchValue} = ${keyValue}`)
+            parseKeyWordIsNull = true;
+            keyValue = ''
+        }
+        sql = sql.replace(ele, keyValue);
+    });
+    if (!allowNull && parseKeyWordIsNull) return '';
+    return sql;
+}
+
+/*
+* 列表请求上下文中获取需要的信息
+* 如Page ,PageSize , Sort 等等
+*/
+module.exports.getListInfo = (req, dataKey, cfgType = 0, dao,ignorefilter=false) => {
+    if (!dataKey) return null;
+    ///确认是否是需要导出Excel
+    const export2Excel = (req.query.exportexcel + "").toLowerCase() === "true";
+    let { page = 1, rows: pageSize = 100, sort, order, clientFilter: filter } = req.query
+    ///防止sortSql 注入在排序的参数中
+    if (sort) sort = checkSqlInjection(sort);
+    // 防止页面数据传入非数字
+    if (isNaN(pageSize)) pageSize = 30;
+    // 防止页面数据传入非数字
+    if (!page || isNaN(page)) page = 1
+    ///最大允许获取100条数据
+    pageSize =Math.max(0,Math.min(pageSize, 10000));
+    ///拼接排序的语句
+    if (order && sort && ORDER_STRING.includes(order.toLowerCase())) sort = sort + ' ' + order
+    //req.order =req.sort? utility.ifNull((req.body.order || req.query.order), ""):'';
+    const dataConfig = dataconfig.getConfig(dataKey, cfgType);
+    if (dataConfig && dataConfig.list) {
+        req.dataConfig = dataConfig
+        let { sql, listsql, countsql, sqltype = 'sql', field, footer, search, sort: constsort } = dataConfig.list
+        /**解析查询条件 */
+        const searchCondition = ignorefilter?'':this.getSearchCondition({ request: req, refer: search });
+        /**排序方式 *///
+        sort = sort || constsort;
+        /**来自req请求参数中的过滤条件 */
+        let clientfilter = checkSqlInjection(this.parseTagInSql(req, filter, false));
+        //如果配置文件中不是直接的sql语句，则从DAO对象中的指定方法来获取sql
+        if (sqltype !== 'sql' && listsql && typeof (dao[listsql]) === 'function') {
+            sql = dao[sql](req, { page, rows: pageSize, sort, filter: searchCondition, client: clientfilter });
+            if (dao[countsql] && typeof (dao[countsql]) === 'function')
+                countsql = dao[countsql](req, { page, rows: pageSize, sort, filter: searchCondition, client: clientfilter });
+        }
+
+        /**根据过滤条件、排序条件、分页获取的方式，和原始sql拼接成最终获取数据的sql */
+        if (sqltype==='sql'){
+            sql = this.parseTagInSql(req, sql) +
+                ' ' + searchCondition + clientfilter +
+                (sort ? (' order by ' + sort) : '') +
+                (export2Excel ? '' : ' limit ' + Number(pageSize) + ' OFFSET ' + (Math.max(Number(page), 1) - 1) * Number(pageSize)) +
+                /////在Sql中再放入获取总记录数的语句
+                ';SELECT FOUND_ROWS() AS total;';
+            /*** 如果存在汇总列的sql，则把SQL放置在最末尾 */
+            if (countsql) {
+                sql += appendSearchCondition2Count(this.parseTagInSql(req, countsql), searchCondition)
+            }
+        }
+        return { sql, fields: field, footers: footer, page, hascounter: countsql?true:false };
+    }
+}
+/*
+* 详细页面请求上下文中获取需要的信息
+* 如Page ,PageSize , Sort 等等
+*/
+module.exports.getDetailInfo = (req,dataKey) => {
+    if (dataKey) {
+        const dataConfig = dataconfig.getConfig(dataKey);
+        if (dataConfig && dataConfig.detail) {
+            req.dataConfig = dataConfig;
+            const { primary, field: fields, primaryIsAutoIncrease } = dataConfig.detail;
+            return { primary, fields, autoincrease: primaryIsAutoIncrease }
+        }
+    }
+    return null;
+}

package/utilities/requestparser.js

@@ -2,7 +2,7 @@
 const dataconfig = require('../configuration/dataconfig').getCurrent();
 const mysql = require('mysql');
 const ORDER_STRING = ['asc', 'desc']
-const FORBID_SQL_KEYWORD = /;|(--)|(\bWHERE\b)|(\bSHOW\b)|(\bCOUNT\(\b)|(\bCREATE\b)|(\bCALL\b)|(\bBY\b)|(\bORDER\b)|(\bJOIN\b)|(\bUNION\b)|(\bFROM\b)|(\bSELECT\b)|(\bDROP\b)|(\bTRUNCATE\b)|(\bDELETE\b)|(\bUPDATE\b)|(\bINSERT\b)|(\bEXEC\b)|(\bEXECUTE\b)/gi;
+const FORBID_SQL_KEYWORD = /;|(--)|(\bWHERE\b)|(\bCASE\b)|(\bWHEN\b)|(\bSLEEP\b)|(\bSHOW\b)|(\bCOUNT\(\b)|(\bCREATE\b)|(\bCALL\b)|(\bBY\b)|(\bORDER\b)|(\bJOIN\b)|(\bUNION\b)|(\bFROM\b)|(\bSELECT\b)|(\bDROP\b)|(\bTRUNCATE\b)|(\bDELETE\b)|(\bUPDATE\b)|(\bINSERT\b)|(\bEXEC\b)|(\bEXECUTE\b)/gi;
 
 function appendSearchCondition2Count(originSql, searchCondition) {
     ///如果包含了这个特定的字符，则替换
@@ -16,8 +16,7 @@ function appendSearchCondition2Count(originSql, searchCondition) {
  */
 function checkSqlInjection(sql) {
     if (!sql) return sql;
-    let sqlError = sql.match(FORBID_SQL_KEYWORD); //strict ? sql.match(FORBID_SQL_KEYWORD_STRICT):sql.match(FORBID_SQL_KEYWORD);
-    if (sqlError && sqlError.length > 0) return '';
+    if (FORBID_SQL_KEYWORD.test(sql)) return '';
     return sql;
 }
 /*
@@ -28,11 +27,16 @@ module.exports.getSearchCondition = (option) => {
     if (!paraCopy.request || !paraCopy.refer) return '';
     if (!paraCopy.valueFrom) paraCopy.valueFrom = "all";
     const request = paraCopy.request;
-    let retSearch = [];
+    let retSearch = [],params = [];
     paraCopy.refer.forEach(element => {
-        retSearch.push(this.parseTagInSql(request, element.pattern, false,true));
+        const paramSql = this.parseTagForParameterize(request, element);
+        if (paramSql.sql) {
+            retSearch.push(paramSql.sql);
+            params = params.concat(paramSql.params||[]);
+        }
     });
-    return retSearch.join('');
+    return  {filter:retSearch.join(''),params}
+    //return retSearch.join('');
 }
 
 /**
@@ -42,13 +46,12 @@ module.exports.getSearchCondition = (option) => {
  * @param {*} allowNull 
  * @returns 
  */
-module.exports.parseTagInSql = (req, sql, allowNull = true,isSearch=false) => {
+module.exports.parseTagInSql = (req, sql, allowNull = true) => {
     if (!sql) return '';
     ///定义正则准备查找sql中的特定关键字
     const matched = sql.match(/@.*?@/g);
     if (!matched || matched.length <= 0) return sql;
     let parseKeyWordIsNull = false;
-
     const charReg = /\s+|:|=/gi
     matched.forEach(ele => {
         let matchValue = ele.substring(1, ele.length - 1);
@@ -67,20 +70,15 @@ module.exports.parseTagInSql = (req, sql, allowNull = true,isSearch=false) => {
         if (!keyValue) {
             parseKeyWordIsNull = true;
         } else if (typeof (keyValue) === 'string') {
-            keyValue = noQuoteProtect || isSearch ? checkSqlInjection(mysql.escape(keyValue)) : mysql.escape(keyValue)
-            keyValue = keyValue.substr(1, keyValue.length - 2);
+            keyValue = noQuoteProtect ? checkSqlInjection(mysql.escape(keyValue)) : mysql.escape(keyValue)
+            keyValue = keyValue.substring(1, keyValue.length - 1);
             ///验证参数的格式合法性
-            if (keyValue && validformat.length > 1) {
-                // console.log(`参数格式合法检查==>${validformat[1]}:${matchValue} = ${keyValue}`)
-                keyValue = validatorParamsType(keyValue, validformat[1], validformat[2])
-            }
+            if (keyValue && validformat.length > 1)  keyValue = validatorParamsType(keyValue, validformat[1], validformat[2])
             if (!keyValue) {
                 parseKeyWordIsNull = true;
             }
             ///没有引号保护下发现了sql注入，则用1=0不返回任何结果
-            if (!keyValue && noQuoteProtect) {
-                keyValue = '1=0'
-            }
+            if (!keyValue && noQuoteProtect)  keyValue = '1=0'
         } else {  ////数组形式的参数，目前框架不支持，统一认为为sql注入攻击,全部忽略
             // console.log(`参数非法==>类型${typeof (keyValue)}:${matchValue} = ${keyValue}`)
             parseKeyWordIsNull = true;
@@ -92,6 +90,54 @@ module.exports.parseTagInSql = (req, sql, allowNull = true,isSearch=false) => {
     return sql;
 }
 
+/**
+ * 为列表查询定义参数化查询
+ * @param {*} req 
+ * @param {*} sql 
+ * @param {*} allowNull 
+ * @param {*} isSearch 
+ * @returns 
+ */
+module.exports.parseTagForParameterize = (req, filterSetting={}) => {
+    ///type=parameter表示参数化方式查询
+    ///type=joint 表示拼接sql语句查询
+    ///scope=[] 表示需要解析的字段必须在此列表内容中
+    let {pattern:sql,type='parameter',inscope=[]} = filterSetting;
+    if (!sql) return {sql:''};
+    ///定义正则准备查找sql中的特定关键字
+    const matched = sql.match(/@.*?@/g);
+    let params = [];
+    if (!matched || matched.length <= 0) return {sql};
+    for(const ele of matched){
+        let matchValue = ele.substring(1, ele.length - 1);
+        ///检查是否有特殊的字符比如 % 等
+        const specialRegex = /^[^a-zA-Z0-9]*(.*?)[^a-zA-Z0-9]*$/
+        const matchContent = matchValue.match(specialRegex);
+        matchValue = matchContent ? matchContent[1]:matchValue;
+        if (!matchValue) return {sql:'',params:[]};
+        ///是否有格式要求
+        let validformat = matchValue.split('|');
+        matchValue = validformat[0];
+        let keyValue = parseKeyValue(req, matchValue)||''; //utility.ifNull(keyParse.parseKeyValue(req, matchValue), '')+'';
+        if (keyValue && validformat.length > 1) keyValue = validatorParamsType(keyValue, validformat[1], validformat[2], inscope)
+        ///如果解析不出这个KeyValue ,则认为当前这条SQL过滤无效
+        if (!keyValue) return {sql:'',params:[]};
+        if (keyValue) {
+            if(type.toLowerCase() === 'parameter'){
+                sql = sql.replace(ele, '?');    ///变成参数化查询
+                if (Array.isArray(keyValue))
+                    params.push(keyValue)
+                else
+                    params.push(matchContent[0].replace(matchContent[1], keyValue));// '%' + keyValue + '%')
+            } else if (type.toLowerCase() === 'joint'){ ///拼接sql语句查询
+                ///拼接的SQL语句，keyvalue必须在scope列表中，否则不予拼接
+                const result = inscope.some(item => item.toLowerCase() === matchValue.toLowerCase());
+                if (result)sql = sql.replace(ele, keyValue); 
+            }
+        }
+    }
+    return {sql,params};
+}
 /*
 * 列表请求上下文中获取需要的信息
 * 如Page ,PageSize , Sort 等等
@@ -124,25 +170,27 @@ module.exports.getListInfo = (req, dataKey, cfgType = 0, dao) => {
         let clientfilter = checkSqlInjection(this.parseTagInSql(req, filter, false));
         //如果配置文件中不是直接的sql语句，则从DAO对象中的指定方法来获取sql
         if (sqltype !== 'sql' && listsql && typeof (dao[listsql]) === 'function') {
-            sql = dao[sql](req, { page, rows: pageSize, sort, filter: searchCondition, client: clientfilter });
+            sql = dao[sql](req, { page, rows: pageSize, sort, filter: searchCondition.filter, client: clientfilter });
             if (dao[countsql] && typeof (dao[countsql]) === 'function')
-                countsql = dao[countsql](req, { page, rows: pageSize, sort, filter: searchCondition, client: clientfilter });
+                countsql = dao[countsql](req, { page, rows: pageSize, sort, filter: searchCondition.filter, client: clientfilter });
         }
 
         /**根据过滤条件、排序条件、分页获取的方式，和原始sql拼接成最终获取数据的sql */
         if (sqltype==='sql'){
             sql = this.parseTagInSql(req, sql) +
-                ' ' + searchCondition + clientfilter +
+                ' ' + searchCondition.filter + clientfilter +
                 (sort ? (' order by ' + sort) : '') +
                 (export2Excel ? '' : ' limit ' + Number(pageSize) + ' OFFSET ' + (Math.max(Number(page), 1) - 1) * Number(pageSize)) +
                 /////在Sql中再放入获取总记录数的语句
                 ';SELECT FOUND_ROWS() AS total;';
             /*** 如果存在汇总列的sql，则把SQL放置在最末尾 */
             if (countsql) {
-                sql += appendSearchCondition2Count(this.parseTagInSql(req, countsql), searchCondition)
+                sql += appendSearchCondition2Count(this.parseTagInSql(req, countsql), searchCondition.filter)
             }
         }
-        return { sql, fields: field, footers: footer, page, hascounter: countsql?true:false };
+        ///如果存在统计的SQL，则参数需要Double一次
+        const sqlParams = countsql ? [].concat(searchCondition.params, searchCondition.params):searchCondition.params;
+        return { sql, fields: field, params: sqlParams, footers: footer, page, hascounter: countsql?true:false };
     }
 }
 /*