Fix for #5153 - doing it at the mysql level as it seems to be affected by incorrect types in a way that other SQL databases aren't - limits the possible damage this can do.
This commit is contained in:
parent
80a99b549f
commit
5dcbef58a8
|
@ -181,11 +181,7 @@ export interface QueryJson {
|
||||||
|
|
||||||
export interface SqlQuery {
|
export interface SqlQuery {
|
||||||
sql: string
|
sql: string
|
||||||
bindings?:
|
bindings?: string[]
|
||||||
| string[]
|
|
||||||
| {
|
|
||||||
[key: string]: any
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export interface QueryOptions {
|
export interface QueryOptions {
|
||||||
|
|
|
@ -80,6 +80,20 @@ module MySQLModule {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function bindingTypeCoerce(bindings: any[]) {
|
||||||
|
for (let i = 0; i < bindings.length; i++) {
|
||||||
|
const binding = bindings[i]
|
||||||
|
if (typeof binding !== "string") {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
const matches = binding.match(/^\d*/g)
|
||||||
|
if (matches && matches[0] !== "" && !isNaN(Number(matches[0]))) {
|
||||||
|
bindings[i] = parseFloat(binding)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return bindings
|
||||||
|
}
|
||||||
|
|
||||||
class MySQLIntegration extends Sql implements DatasourcePlus {
|
class MySQLIntegration extends Sql implements DatasourcePlus {
|
||||||
private config: MySQLConfig
|
private config: MySQLConfig
|
||||||
private client: any
|
private client: any
|
||||||
|
@ -122,7 +136,7 @@ module MySQLModule {
|
||||||
// Node MySQL is callback based, so we must wrap our call in a promise
|
// Node MySQL is callback based, so we must wrap our call in a promise
|
||||||
const response = await this.client.query(
|
const response = await this.client.query(
|
||||||
query.sql,
|
query.sql,
|
||||||
query.bindings || []
|
bindingTypeCoerce(query.bindings || [])
|
||||||
)
|
)
|
||||||
return response[0]
|
return response[0]
|
||||||
} finally {
|
} finally {
|
||||||
|
|
Loading…
Reference in New Issue