IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2024-12-01 21:09:10 -06:00
Code Issues Packages Projects Releases Wiki Activity
115d4afd9e
pgadmin4/web/pgadmin/utils/csrf.py

51 lines
1.6 KiB
Python
Raw Normal View History

Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
##########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
Update copyright notices for 2023
2023-01-02 00:23:55 -06:00
# Copyright (C) 2013 - 2023, The pgAdmin Development Team
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
# This software is released under the PostgreSQL Licence
#
#########################################################################
from flask_wtf.csrf import CSRFProtect
from flask import request, current_app
class _PGCSRFProtect(CSRFProtect):
def __init__(self, *args, **kwargs):
python 3 updates - Fix super() calls for python 3 - No need to inherit objects. - No need for u at the start of strings - Tidied up some brackets and f-strings too
2022-11-18 22:43:41 -06:00
super().__init__(*args, **kwargs)
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
def init_app(self, app):
python 3 updates - Fix super() calls for python 3 - No need to inherit objects. - No need for u at the start of strings - Tidied up some brackets and f-strings too
2022-11-18 22:43:41 -06:00
super().init_app(app)
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
self._pg_csrf_exempt(app)
def _pg_csrf_exempt(self, app):
"""Exempt some of the Views/blueprints from CSRF protection
"""
exempt_views = [
1) Replace Flask-BabelEx with Flask-Babel. Fixes #6088 2) Upgrade Flask to version 2. Fixes #7010
2021-11-24 05:52:57 -06:00
'flask.app.<lambda>',
'flask.scaffold.send_static_file',
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
'flask_security.views.login',
'flask_security.views.logout',
'pgadmin.tools.translations',
app.blueprints['redirects'],
'pgadmin.browser.server_groups.servers.supported_servers-js',
1) Port query tool to React. Fixes #6131 2) Added status bar to the Query Tool. Fixes #3253 3) Ensure that row numbers should be visible in view when scrolling horizontally. Fixes #3989 4) Allow removing a single query history. Refs #4113 5) Partially fixed Macros usability issues. Ref #6969 6) Fixed an issue where the Query tool opens on minimum size if the user opens multiple query tool Window quickly. Fixes #6725 7) Relocate GIS Viewer Button to the Left Side of the Results Table. Fixes #6830 8) Fixed an issue where the connection bar is not visible. Fixes #7188 9) Fixed an issue where an Empty message popup after running a query. Fixes #7260 10) Ensure that Autocomplete should work after changing the connection. Fixes #7262 11) Fixed an issue where the copy and paste row does not work if the first column contains no data. Fixes #7294
2022-04-07 07:06:56 -05:00
'pgadmin.tools.sqleditor.initialize_sqleditor',
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
'pgadmin.tools.datagrid.panel',
1) Port query tool to React. Fixes #6131 2) Added status bar to the Query Tool. Fixes #3253 3) Ensure that row numbers should be visible in view when scrolling horizontally. Fixes #3989 4) Allow removing a single query history. Refs #4113 5) Partially fixed Macros usability issues. Ref #6969 6) Fixed an issue where the Query tool opens on minimum size if the user opens multiple query tool Window quickly. Fixes #6725 7) Relocate GIS Viewer Button to the Left Side of the Results Table. Fixes #6830 8) Fixed an issue where the connection bar is not visible. Fixes #7188 9) Fixed an issue where an Empty message popup after running a query. Fixes #7260 10) Ensure that Autocomplete should work after changing the connection. Fixes #7262 11) Fixed an issue where the copy and paste row does not work if the first column contains no data. Fixes #7294
2022-04-07 07:06:56 -05:00
'pgadmin.tools.sqleditor.panel',
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
'pgadmin.tools.debugger.initialize_target',
'pgadmin.tools.debugger.direct_new',
Added Schema Diff tool to compare two schemas and generate the difference script.  Currently supported objects are Table, View, Materialized View, Function and Procedure. Backend comparison of two schemas implemented by: Akshay Joshi Fixes #3452.
2020-01-10 04:09:32 -06:00
'pgadmin.tools.schema_diff.panel',
'pgadmin.tools.schema_diff.ddl_compare',
Added ERD Diagram support with basic table fields, primary key, foreign key, and DDL SQL generation. Fixes #1802
2021-01-16 05:36:50 -06:00
'pgadmin.authenticate.login',
'pgadmin.tools.erd.panel',
Added support to launch PSQL for the connected database server. Fixes #2341
2021-05-25 09:42:57 -05:00
'pgadmin.tools.psql.panel',
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2019-05-28 00:29:51 -05:00
]
for exempt in exempt_views:
self.exempt(exempt)
pgCSRFProtect = _PGCSRFProtect()
Reference in New Issue Copy Permalink