public inbox for [email protected]
help / color / mirror / Atom feedFrom: Ashesh Vashi <[email protected]>
To: Khushboo Vashi <[email protected]>
Cc: Dave Page <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220
Date: Thu, 20 Oct 2016 16:38:50 +0530
Message-ID: <CAG7mmozKKnLcoMhvFsYSrqKrQ0HkpLa099=zLinJC6jnu-3z+Q@mail.gmail.com> (raw)
In-Reply-To: <CAFOhELf6uqXsAgUp+GB6vCFF9bBU-b-7hM_kD_1rg6w-WjOGLA@mail.gmail.com>
References: <CAFOhELebFb=ceHh2bhRFE6awSx1LGW9EYaqC7AfkmEaWnPXXig@mail.gmail.com>
<CA+OCxoz8pmhgEwF-q3ob9pdOwhOL0D5hPrrpVApw1JFbgbFf6w@mail.gmail.com>
<CAG7mmozC2SyM=XfJEn6a4w93dFEzhHV-9re6BMst4GD7EO-6qQ@mail.gmail.com>
<CA+OCxoxOB6Yx-d8yKEkB3Gv6XAD=UAVBObxLB275m=nQuecpcQ@mail.gmail.com>
<CAFOhELf6uqXsAgUp+GB6vCFF9bBU-b-7hM_kD_1rg6w-WjOGLA@mail.gmail.com>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgadmin-hackers>
On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi <
[email protected]> wrote:
>
>
> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page <[email protected]> wrote:
>
>>
>>
>> On Friday, October 14, 2016, Ashesh Vashi <[email protected]>
>> wrote:
>>
>>> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <[email protected]> wrote:
>>>
>>>> Hi
>>>>
>>>> On Friday, October 14, 2016, Khushboo Vashi <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Please find the attached patch to fix the below 2 bugs.
>>>>>
>>>>> RM 1603: [Web Based] Export database failed if object contains double
>>>>> quotes.
>>>>> RM 1220: Backup database is not working with special characters
>>>>>
>>>>> The issues which were fixed:
>>>>>
>>>>> 1. Client side data were not unescaped
>>>>> 2. Required command line arguments were quoted twice
>>>>>
>>>>
>>>> This is not working for me: I tested using Table Export as per Fahar's
>>>> instructions. As I'm in desktop mode, the first problem was that we get an
>>>> error at line 210 of import_export/__init__.py, because
>>>> get_server_directory returned None for the directory. If I fix that, then
>>>> the job says it's created, but as far as I can see, nothing else happens.
>>>>
>>> hmm..
>>>
>>
>> Yes, but please see my followup message. There's clearly something funky
>> going on with the process tracking - for whatever reason it didn't pick up
>> this process until after a restart, and per the bug I escalated earlier
>> (which I think is essential to fix for 1.1 in a little over a week), it
>> doesn't always detect completed processes and then keeps re-showing the
>> alert.
>>
>>
>
> The problem here is that, until we click the "Click for details here" link
> and close the another details dialogue, the acknowledgement does not send
> to the server. So, it keeps re-showing the alert.
>
> I think, we need to clearly mention the steps on the alertify notifier
> itself, so the user can get the idea.
>
> Dave/Ashesh,
> Any other suggestion?
>
We can give a acknowledge link along with 'Click here for details' link to
delete the status, logs, when clicked.
Dave?
>
>
>>
>>>> Secondly, this patch seems to push quoting responsibilty to the front
>>>> end.
>>>>
>>> No - that's not the case, we're using _.escape(..) function on the
>>> node's label to fix the issue of XSS vulnerability on client side.
>>> Hence - during sending back the data, we're using _.unescape(..)
>>> function to return the same data coming sent by the server.
>>>
>>
>> Ahh, OK - I see.
>>
>>
>>>
>>> Though - IIRC - we have a original label stored in another variable
>>> '_label', which we can use it instead of unescape it again.
>>>
>>
>> Right, as we've done in many other places.
>>
>
> I have replaced _. unescape with _label
>
>
>>
>>> This doesn't seem right, because we might want to use the RESTful APIs
>>>> for another purpose in the future, which would mean needing to re-implement
>>>> quoting if something else uses an affected API.
>>>>
>>> As I explained above, it wont affect the RESTful API.
>>>
>>
>> Yep. Thanks for setting me straight.
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>>
>
view thread (11+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220
In-Reply-To: <CAG7mmozKKnLcoMhvFsYSrqKrQ0HkpLa099=zLinJC6jnu-3z+Q@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox