Comparing version 0.2.9 to 0.2.10
@@ -136,3 +136,2 @@ /** | ||
} | ||
client.query(sql, function (err, data) { | ||
@@ -365,3 +364,7 @@ if (log) { | ||
for (var i = 0; i < val.length; i++) { | ||
val[i] = this.client.escape(val[i]); | ||
if(/^"(?:\\"|.)*?"$/gi.test(val) || /^'(?:\\'|.)*?'$/gi.test(val)) { | ||
val[i] = val[i]; | ||
} else { | ||
val[i] = this.client.escape(val[i]); | ||
} | ||
} | ||
@@ -399,3 +402,3 @@ return val.join(','); | ||
} | ||
return this.client.escape(val.toString()); | ||
return /^"(?:\\"|.)*?"$/gi.test(val) || /^'(?:\\'|.)*?'$/gi.test(val) ? val : this.client.escape(val); | ||
}; | ||
@@ -897,3 +900,3 @@ | ||
} else if (condType === 'in' || condType === 'inq' || condType === 'nin') { | ||
sqlCond += "(" + eval(val) + ")"; | ||
sqlCond += "(" + val + ")"; | ||
} else { | ||
@@ -900,0 +903,0 @@ sqlCond += val; |
{ | ||
"name": "caminte", | ||
"description": "ORM for every database: redis, mysql, neo4j, mongodb, rethinkdb, postgres, sqlite, tingodb", | ||
"version": "0.2.9", | ||
"version": "0.2.10", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "Aleksej Gordejev", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
701494
13878
0