precompiled query may write regex

This commit is contained in:
Raul Ochoa 2014-04-11 12:03:43 +02:00 committed by Sandro Santilli
parent fb9c6b8aaa
commit cdb4e5f19b

View File

@ -71,7 +71,7 @@ Date.prototype.toJSON = function() {
s += ( offset < 0 ? '+' : '-' ) s += ( offset < 0 ? '+' : '-' )
+ pad(Math.abs(offset / 60)) + pad(Math.abs(offset / 60))
+ pad(Math.abs(offset % 60)) + pad(Math.abs(offset % 60))
} }
return s; return s;
} }
@ -165,19 +165,16 @@ app.get(global.settings.base_url+'/version', function(req, res) {
res.send(getVersion()); res.send(getVersion());
}); });
// Return true of the given query may write to the database var sqlQueryMayWriteRegex = new RegExp("\\b(alter|insert|update|delete|create|drop|reindex|truncate)\\b", "i");
// /**
// NOTE: this is a fuzzy check, the return could be true even * This is a fuzzy check, the return could be true even if the query doesn't really write anything. But you can be
// if the query doesn't really write anything. * pretty sure of a false return.
// But you can be pretty sure of a false return. *
// * @param sql
* @returns {boolean} Return true of the given query may write to the database
*/
function queryMayWrite(sql) { function queryMayWrite(sql) {
var mayWrite = false; return sqlQueryMayWriteRegex.test(sql);
var pattern = RegExp("\\b(alter|insert|update|delete|create|drop|reindex|truncate)\\b", "i");
if ( pattern.test(sql) ) {
mayWrite = true;
}
return mayWrite;
} }
function sanitize_filename(filename) { function sanitize_filename(filename) {