public inbox for [email protected]
help / color / mirror / Atom feedFrom: Murtuza Zabuawala <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: PATCH: To fix the issue in various node for special character (pgAdmin4)
Date: Fri, 16 Sep 2016 19:52:30 +0530
Message-ID: <CAKKotZTP5dVPTr+Wn8wKxjCgLS_Rbb-WodFrmmoYujVmSFbxJw@mail.gmail.com> (raw)
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgadmin-hackers>
Hi,
PFA minor patch which will fix the issue where user was not able to create
objects if parent schema has special characters in it.
RM#1598
*Issue:*
We had escape special character in labels to prevent XSS Vulnerability in
node browser tree which cause this issue.
--
Regards,
Murtuza Zabuawala
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
Attachments:
[application/octet-stream] RM_1598.patch (6.9K, 3-RM_1598.patch)
download | inline diff:
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js
index eb331a4..05dad55 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js
@@ -73,7 +73,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({'owner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgAdmin.Browser.Node.Model.prototype.initialize.apply(this, arguments);
},
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js
index 230b6c2..7b75de1 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js
@@ -492,7 +492,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var isNew = (_.size(attrs) === 0);
if (isNew) {
// Set Selected Schema
- schema = args.node_info.schema.label
+ schema = args.node_info.schema._label
this.set({'basensp': schema}, {silent: true});
// Set Current User
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js
index 47ea217..c2f6fd1 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js
@@ -114,7 +114,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({'seqowner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgBrowser.Node.Model.prototype.initialize.apply(this, arguments);
},
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js
index 2d0be1f..c0de434 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js
@@ -65,8 +65,8 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({
'owner': userInfo.name,
- 'synobjschema': schemaInfo.label,
- 'schema': schemaInfo.label,
+ 'synobjschema': schemaInfo._label,
+ 'schema': schemaInfo._label,
'targettype': 'r'
}, {silent: true});
} else {
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js
index 50a9032..44b4521 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js
@@ -284,7 +284,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({'relowner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgBrowser.Node.Model.prototype.initialize.apply(this, arguments);
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js
index 2328531..08f1a3a 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js
@@ -311,7 +311,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify, Backgrid) {
var schemaInfo = args.node_info.schema;
this.set({'typeowner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgBrowser.Node.Model.prototype.initialize.apply(this, arguments);
},
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js
index 9f9c9b7..50e49884 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js
@@ -118,7 +118,7 @@ function($, _, S, pgAdmin, alertify, pgBrowser, CodeMirror) {
var isNew = (_.size(attrs) === 0);
if (isNew) {
// Set Selected Schema
- var schemaLabel = args.node_info.schema.label;
+ var schemaLabel = args.node_info.schema._label;
if (schemaLabel == '') {
this.set({'schema': 'public'}, {silent: true});
} else {
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js
index c77caff..7f87044 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js
@@ -92,7 +92,7 @@ function($, _, S, pgAdmin, pgBrowser, CodeMirror) {
var isNew = (_.size(attrs) === 0);
if (isNew) {
// Set Selected Schema
- var schemaLabel = args.node_info.schema.label;
+ var schemaLabel = args.node_info.schema._label;
if (schemaLabel == '') {
this.set({'schema': 'public'}, {silent: true});
} else {
view thread (2+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: PATCH: To fix the issue in various node for special character (pgAdmin4)
In-Reply-To: <CAKKotZTP5dVPTr+Wn8wKxjCgLS_Rbb-WodFrmmoYujVmSFbxJw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox