spice-js 2.6.60 → 2.6.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -74,6 +74,7 @@ class RestHelper {
|
|
|
74
74
|
|
|
75
75
|
try {
|
|
76
76
|
var download_type = ctx.request.query.format || "csv";
|
|
77
|
+
var include_id = ctx.request.query.include_id;
|
|
77
78
|
var content;
|
|
78
79
|
|
|
79
80
|
if (download_type == "csv") {
|
|
@@ -82,6 +83,10 @@ class RestHelper {
|
|
|
82
83
|
} = yield Promise.resolve().then(() => _interopRequireWildcard(require("flat")));
|
|
83
84
|
|
|
84
85
|
var items = _lodash.default.map(ctx.data, item => {
|
|
86
|
+
if (!include_id || include_id == "false") {
|
|
87
|
+
delete item.id;
|
|
88
|
+
}
|
|
89
|
+
|
|
85
90
|
delete item._permissions_;
|
|
86
91
|
return flatten(item);
|
|
87
92
|
});
|
|
@@ -22,7 +22,7 @@ function hasSQLInjection(input) {
|
|
|
22
22
|
"exec(", // Execution function in T-SQL
|
|
23
23
|
"execute(", // Another execution function in T-SQL
|
|
24
24
|
"xp_", // Extended stored procedures in T-SQL - often used in older SQL Server attacks
|
|
25
|
-
"0x", // Hex encoding
|
|
25
|
+
"0x ", // Hex encoding
|
|
26
26
|
"benchmark(", // MySQL benchmark function - can be used for time-based blind attacks
|
|
27
27
|
"sleep(", // MySQL sleep function - can also be used for time-based blind attacks
|
|
28
28
|
"pg_sleep(", // PostgreSQL sleep function - time-based blind attack
|