pgAdmin 4 commit: Fixed CSRF security vulnerability issue. per Alvin Li

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Dave Page <[email protected]>
To: [email protected]
Subject: pgAdmin 4 commit: Fixed CSRF security vulnerability issue. per Alvin Li
Date: Thu, 25 Jul 2019 09:23:18 +0000
Message-ID: <[email protected]> (raw)

Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217
Initial patch by: Khushboo Vashi
Modified by: Ashesh Vashi and Murtuza Zabuawala

Branch
------
electron2

Details
-------
https://git.postgresql.org/gitweb?p=pgadmin4.git;a=commitdiff;h=687cd1193bc97da3b2c4144d8f1f6f05da40...
Author: Khushboo Vashi <[email protected]>

Modified Files
--------------
docs/en_US/release_notes_4_7.rst                   |   1 +
web/config.py                                      |   7 +-
web/pgadmin/__init__.py                            |  14 ++-
web/pgadmin/browser/__init__.py                    |  39 ++-----
web/pgadmin/browser/static/js/browser.js           |  15 ++-
web/pgadmin/browser/static/js/collection.js        |   3 +-
web/pgadmin/browser/static/js/preferences.js       |   7 +-
web/pgadmin/browser/templates/browser/index.html   |   1 -
web/pgadmin/browser/templates/browser/js/utils.js  |   3 +
web/pgadmin/browser/tests/test_change_password.py  |  15 +--
.../browser/tests/test_gravatar_image_display.py   |  13 +--
web/pgadmin/browser/tests/test_login.py            |  34 ++++--
web/pgadmin/browser/tests/test_reset_password.py   |  12 +-
web/pgadmin/browser/tests/utils.py                 |   7 +-
web/pgadmin/misc/__init__.py                       |   2 +
.../misc/dependencies/static/js/dependencies.js    |   7 +-
.../misc/dependents/static/js/dependents.js        |   7 +-
web/pgadmin/misc/file_manager/static/js/utility.js |   6 +-
web/pgadmin/misc/sql/static/js/sql.js              |   5 +-
.../misc/statistics/static/js/statistics.js        |   9 +-
.../setup/tests/test_export_import_servers.py      |  13 ++-
web/pgadmin/static/js/csrf.js                      |  60 ++++++++++
web/pgadmin/static/js/sqleditor/execute_query.js   |   6 +-
.../static/js/tree/pgadmin_tree_save_state.js      |   2 +-
.../tools/backup/static/js/backup_dialog.js        |   3 +-
.../backup/static/js/backup_dialog_wrapper.js      |   3 +-
web/pgadmin/tools/debugger/static/js/direct.js     |   5 +-
.../tools/restore/static/js/restore_dialog.js      |   3 +-
.../restore/static/js/restore_dialog_wrapper.js    |   3 +-
web/pgadmin/tools/sqleditor/static/js/sqleditor.js |   6 +-
web/pgadmin/tools/user_management/__init__.py      |   2 +
web/pgadmin/utils/csrf.py                          |  43 +++++++
web/pgadmin/utils/session.py                       |   2 +-
.../python_test_utils/csrf_test_client.py          | 124 +++++++++++++++++++++
web/regression/python_test_utils/test_utils.py     |  18 +--
web/regression/runtests.py                         |  11 +-
36 files changed, 387 insertions(+), 124 deletions(-)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: pgAdmin 4 commit: Fixed CSRF security vulnerability issue. per Alvin Li
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox