@@ -10,6 +10,7 @@ const inspect = require("util").inspect;
1010
1111const { sequelize } = require ( "../../../connection" ) ;
1212
13+ const Utils = require ( "../../../utils.js" ) ;
1314const logger = require ( "../../../logger" ) ;
1415const datasets = require ( "../models/datasets" ) ;
1516const csvtojson = require ( "csvtojson" ) ;
@@ -38,15 +39,13 @@ function get(req, res, next) {
3839 Datasets . findOne ( { where : { name : queries [ i ] . dataset } } )
3940 . then ( ( result ) => {
4041 if ( result ) {
41- const column = queries [ i ] . column
42- . replace ( / [ ` ~ ! @ # $ % ^ & * | + \- = ? ; : ' " , . < > \{ \} \[ \] \\ \/ ] / gi, "" )
43- . replace ( / [ ^ - ~ ] + / g, "" ) ;
42+ const column = queries [ i ] . column ;
4443 sequelize
4544 . query (
4645 "SELECT * FROM " +
47- result . dataValues . table +
46+ Utils . forceAlphaNumUnder ( result . dataValues . table ) +
4847 ' WHERE "' +
49- column +
48+ Utils . forceAlphaNumUnder ( column ) +
5049 '"=:search ORDER BY id ASC LIMIT 100' ,
5150 {
5251 replacements : {
@@ -121,7 +120,7 @@ router.post("/search", function (req, res, next) {
121120 sequelize
122121 . query (
123122 "SELECT properties, ST_AsGeoJSON(geom) FROM " +
124- table +
123+ Utils . forceAlphaNumUnder ( table ) +
125124 " WHERE properties ->> :key = :value;" ,
126125 {
127126 replacements : {
@@ -239,7 +238,7 @@ router.post("/upload", function (req, res, next) {
239238 if ( fields . upsert === "true" ) {
240239 let condition = "" ;
241240 fields . header . forEach ( ( elm ) => {
242- elm = elm . replace ( / [ ` ~ ! @ # $ % ^ & * | + \- = ? ; : ' " , . < > \{ \} \[ \] \\ \/ ] / gi , "" ) ;
241+ elm = Utils . forceAlphaNumUnder ( elm ) ;
243242 condition +=
244243 ' AND ( a."' +
245244 elm +
@@ -255,12 +254,15 @@ router.post("/upload", function (req, res, next) {
255254 sequelize
256255 . query (
257256 "DELETE FROM " +
258- tableName +
257+ Utils . forceAlphaNumUnder ( tableName ) +
259258 " a USING " +
260- tableName +
259+ Utils . forceAlphaNumUnder ( tableName ) +
261260 " b " +
262261 "WHERE b.id < a.id" +
263- condition
262+ condition ,
263+ {
264+ replacements : { } ,
265+ }
264266 )
265267 . then ( ( ) => {
266268 res . send ( {
@@ -357,7 +359,14 @@ router.post("/upload", function (req, res, next) {
357359 tableObj = result . tableObj ;
358360 } else {
359361 sequelize
360- . query ( "TRUNCATE TABLE " + result . table + " RESTART IDENTITY" )
362+ . query (
363+ "TRUNCATE TABLE " +
364+ Utils . forceAlphaNumUnder ( result . table ) +
365+ " RESTART IDENTITY" ,
366+ {
367+ replacements : { } ,
368+ }
369+ )
361370 . then ( ( ) => {
362371 tableObj = result . tableObj ;
363372 } )
@@ -410,7 +419,14 @@ router.post("/recreate", function (req, res, next) {
410419
411420 if ( req . body . mode == "full" ) {
412421 sequelize
413- . query ( "TRUNCATE TABLE " + result . table + " RESTART IDENTITY" )
422+ . query (
423+ "TRUNCATE TABLE " +
424+ Utils . forceAlphaNumUnder ( result . table ) +
425+ " RESTART IDENTITY" ,
426+ {
427+ replacements : { } ,
428+ }
429+ )
414430 . then ( ( ) => {
415431 populateDatasetTable (
416432 result . tableObj ,
0 commit comments