#712 Fix some security issues

Author: tariqksoliman

API/Backend/Datasets/models/datasets.js

@@ -160,7 +160,7 @@ function makeNewDatasetTable(name, columns, success, failure) {
       failure({
         status: "failure",
         message: "Failed to find existing datasets",
-        error: error,
+        error: err,
         name: name,
       });
     });

API/Backend/Draw/routes/filesutils.js

@@ -146,13 +146,12 @@ function getfile(req, res, next) {
                 (published ? "AND action_index=4 " : "") +
                 "ORDER BY time DESC" +
                 " " +
-                "FETCH first " +
-                (published ? req.body.id.length : "1") +
-                " rows only",
+                "FETCH first :first rows only",
               {
                 replacements: {
                   id: ids,
                   time: atThisTime,
+                  first: published ? req.body.id.length : 1,
                 },
               }
             )

API/utils.js

@@ -186,14 +186,14 @@ const Utils = {
   forceAlphaNumUnder: function (str) {
     if (typeof str === "string") {
       return str
-        .replace(/[`~!@#$%^&*|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, "")
+        .replace(/[`~!@#$%^&*|+\-=?;:'",.<>\{\}\[\]\\\//() ]/gi, "")
         .replace(/[^ -~]+/g, "");
     } else if (typeof str === "number") {
       return str;
     } else if (Array.isArray(str)) {
       return str
         .join(",")
-        .replace(/[`~!@#$%^&*|+\-=?;:'".<>\{\}\[\]\\\/]/gi, "")
+        .replace(/[`~!@#$%^&*|+\-=?;:'".<>\{\}\[\]\\\//() ]/gi, "")
         .replace(/[^ -~]+/g, "")
         .split(",");
     } else {