feat(salesforce/find-partially-matching-record): sanitize user inputs
This commit is contained in:
Ali BARIN
@@ -1,4 +1,6 @@
|
|||||||
import defineAction from '../../../../helpers/define-action.js';
|
import defineAction from '../../../../helpers/define-action.js';
|
||||||
|
import listObjects from '../../dynamic-data/list-objects/index.js';
|
||||||
|
import listFields from '../../dynamic-data/list-fields/index.js';
|
||||||
|
|
||||||
export default defineAction({
|
export default defineAction({
|
||||||
name: 'Find partially matching record',
|
name: 'Find partially matching record',
|
||||||
@@ -57,13 +59,31 @@ export default defineAction({
|
|||||||
],
|
],
|
||||||
|
|
||||||
async run($) {
|
async run($) {
|
||||||
|
const sanitizedSearchValue = $.step.parameters.searchValue.replaceAll(`'`, `\\'`);
|
||||||
|
|
||||||
|
// validate given object
|
||||||
|
const objects = await listObjects.run($);
|
||||||
|
const validObject = objects.data.find((object) => object.value === $.step.parameters.object);
|
||||||
|
|
||||||
|
if (!validObject) {
|
||||||
|
throw new Error(`The "${$.step.parameters.object}" object does not exist.`);
|
||||||
|
}
|
||||||
|
|
||||||
|
// validate given object field
|
||||||
|
const fields = await listFields.run($);
|
||||||
|
const validField = fields.data.find((field) => field.value === $.step.parameters.field);
|
||||||
|
|
||||||
|
if (!validField) {
|
||||||
|
throw new Error(`The "${$.step.parameters.field}" field does not exist on the "${$.step.parameters.object}" object.`);
|
||||||
|
}
|
||||||
|
|
||||||
const query = `
|
const query = `
|
||||||
SELECT
|
SELECT
|
||||||
FIELDS(ALL)
|
FIELDS(ALL)
|
||||||
FROM
|
FROM
|
||||||
${$.step.parameters.object}
|
${$.step.parameters.object}
|
||||||
WHERE
|
WHERE
|
||||||
${$.step.parameters.field} LIKE '%${$.step.parameters.searchValue}%'
|
${$.step.parameters.field} LIKE '%${sanitizedSearchValue}%'
|
||||||
LIMIT 1
|
LIMIT 1
|
||||||
`;
|
`;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user