From 422be49b1abf231cba004200cabdc947440320de Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 23 Mar 2016 03:37:20 +0000
Subject: [PATCH] disallow accidental undefined as a find value

---
 lib/dbwrap.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/lib/dbwrap.js b/lib/dbwrap.js
index 39c8364..c480e01 100644
--- a/lib/dbwrap.js
+++ b/lib/dbwrap.js
@@ -226,15 +226,15 @@ function wrap(db, dir, dbsMap) {
       });
     };
 
-    DB.find = function (obj1, params) {
-      //var obj = obj1;
-      var obj = {};
-      if (obj1) {
-        Object.keys(obj1).forEach(function (key) {
-          if (undefined !== obj1[key]) {
-            obj[key] = obj1[key];
-          }
-        });
+    DB.find = function (obj, params) {
+      var err;
+      Object.keys(obj).forEach(function (key) {
+        if (undefined === obj[key]) {
+          err = new Error("'" + key + "' was `undefined'. For security purposes you must explicitly set the value to null or ''");
+        }
+      });
+      if (err) {
+        return PromiseA.reject(err);
       }
       var sql = 'SELECT * FROM \'' + tablename + '\' ';
       var keys = obj && Object.keys(obj);