public inbox for [email protected]
help / color / mirror / Atom feedPATCH: To fix the issue in various node for special character (pgAdmin4)
2+ messages / 2 participants
[nested] [flat]
* PATCH: To fix the issue in various node for special character (pgAdmin4)
@ 2016-09-16 14:22 Murtuza Zabuawala <[email protected]>
2016-09-16 16:03 ` Re: PATCH: To fix the issue in various node for special character (pgAdmin4) Dave Page <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Murtuza Zabuawala @ 2016-09-16 14:22 UTC (permalink / raw)
To: pgadmin-hackers
Hi,
PFA minor patch which will fix the issue where user was not able to create
objects if parent schema has special characters in it.
RM#1598
*Issue:*
We had escape special character in labels to prevent XSS Vulnerability in
node browser tree which cause this issue.
--
Regards,
Murtuza Zabuawala
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
Attachments:
[application/octet-stream] RM_1598.patch (6.9K, 3-RM_1598.patch)
download | inline diff:
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js
index eb331a4..05dad55 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/collations/templates/collation/js/collation.js
@@ -73,7 +73,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({'owner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgAdmin.Browser.Node.Model.prototype.initialize.apply(this, arguments);
},
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js
index 230b6c2..7b75de1 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/foreign_tables/templates/foreign_tables/js/foreign_tables.js
@@ -492,7 +492,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var isNew = (_.size(attrs) === 0);
if (isNew) {
// Set Selected Schema
- schema = args.node_info.schema.label
+ schema = args.node_info.schema._label
this.set({'basensp': schema}, {silent: true});
// Set Current User
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js
index 47ea217..c2f6fd1 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/sequences/templates/sequence/js/sequence.js
@@ -114,7 +114,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({'seqowner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgBrowser.Node.Model.prototype.initialize.apply(this, arguments);
},
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js
index 2d0be1f..c0de434 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/synonyms/templates/synonym/js/synonym.js
@@ -65,8 +65,8 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({
'owner': userInfo.name,
- 'synobjschema': schemaInfo.label,
- 'schema': schemaInfo.label,
+ 'synobjschema': schemaInfo._label,
+ 'schema': schemaInfo._label,
'targettype': 'r'
}, {silent: true});
} else {
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js
index 50a9032..44b4521 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/templates/table/js/table.js
@@ -284,7 +284,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
var schemaInfo = args.node_info.schema;
this.set({'relowner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgBrowser.Node.Model.prototype.initialize.apply(this, arguments);
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js
index 2328531..08f1a3a 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/js/type.js
@@ -311,7 +311,7 @@ function($, _, S, pgAdmin, pgBrowser, alertify, Backgrid) {
var schemaInfo = args.node_info.schema;
this.set({'typeowner': userInfo.name}, {silent: true});
- this.set({'schema': schemaInfo.label}, {silent: true});
+ this.set({'schema': schemaInfo._label}, {silent: true});
}
pgBrowser.Node.Model.prototype.initialize.apply(this, arguments);
},
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js
index 9f9c9b7..50e49884 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/mview/js/mview.js
@@ -118,7 +118,7 @@ function($, _, S, pgAdmin, alertify, pgBrowser, CodeMirror) {
var isNew = (_.size(attrs) === 0);
if (isNew) {
// Set Selected Schema
- var schemaLabel = args.node_info.schema.label;
+ var schemaLabel = args.node_info.schema._label;
if (schemaLabel == '') {
this.set({'schema': 'public'}, {silent: true});
} else {
diff --git a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js
index c77caff..7f87044 100644
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/views/templates/view/js/view.js
@@ -92,7 +92,7 @@ function($, _, S, pgAdmin, pgBrowser, CodeMirror) {
var isNew = (_.size(attrs) === 0);
if (isNew) {
// Set Selected Schema
- var schemaLabel = args.node_info.schema.label;
+ var schemaLabel = args.node_info.schema._label;
if (schemaLabel == '') {
this.set({'schema': 'public'}, {silent: true});
} else {
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: PATCH: To fix the issue in various node for special character (pgAdmin4)
2016-09-16 14:22 PATCH: To fix the issue in various node for special character (pgAdmin4) Murtuza Zabuawala <[email protected]>
@ 2016-09-16 16:03 ` Dave Page <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Dave Page @ 2016-09-16 16:03 UTC (permalink / raw)
To: Murtuza Zabuawala <[email protected]>; +Cc: pgadmin-hackers
Thanks, applied.
On Fri, Sep 16, 2016 at 3:22 PM, Murtuza Zabuawala
<[email protected]> wrote:
> Hi,
>
> PFA minor patch which will fix the issue where user was not able to create
> objects if parent schema has special characters in it.
> RM#1598
>
> Issue:
> We had escape special character in labels to prevent XSS Vulnerability in
> node browser tree which cause this issue.
>
>
> --
> Regards,
> Murtuza Zabuawala
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
> --
> Sent via pgadmin-hackers mailing list ([email protected])
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgadmin-hackers
>
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2016-09-16 16:03 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2016-09-16 14:22 PATCH: To fix the issue in various node for special character (pgAdmin4) Murtuza Zabuawala <[email protected]>
2016-09-16 16:03 ` Dave Page <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox