IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ensure object names are properly escaped for external process management. Fixes #2405

Browse Source
This commit is contained in:
Murtuza Zabuawala 2017-05-15 13:01:12 +01:00 committed by Dave Page
parent f0e78309cb
commit 1cb2a62fa8
4 changed files with 64 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/pgadmin/misc/bgprocess/static/js/bgprocess.js
View File

@ -310,7 +310,7 @@ define([
panel = this.panel = panel = this.panel =
pgBrowser.BackgroundProcessObsorver.create_panel(); pgBrowser.BackgroundProcessObsorver.create_panel();
panel.title('Process Watcher - ' + self.desc); panel.title('Process Watcher - ' + _.escape(self.desc));
panel.focus(); panel.focus();
} }

48
web/pgadmin/tools/backup/__init__.py
View File

@ -95,7 +95,7 @@ class BackupMessage(IProcessDesc):
x = x.replace('"', '\\"') x = x.replace('"', '\\"')
x = x.replace('""', '\\"') x = x.replace('""', '\\"')
return ' "' + x + '"' return ' "' + x + '"'
return '' return ''
for arg in _args: for arg in _args:
@ -113,18 +113,26 @@ class BackupMessage(IProcessDesc):
if self.backup_type == BACKUP.OBJECT: if self.backup_type == BACKUP.OBJECT:
return _( return _(
"Backing up an object on the server '{0}' from database '{1}'..." "Backing up an object on the server '{0}' "
"from database '{1}'..."
).format( ).format(
"{0} ({1}:{2})".format(s.name, s.host, s.port), "{0} ({1}:{2})".format(
s.name, s.host, s.port
),
self.database self.database
) )
if self.backup_type == BACKUP.GLOBALS: if self.backup_type == BACKUP.GLOBALS:
return _("Backing up the global objects on the server '{0}'...").format( return _("Backing up the global objects on "
"{0} ({1}:{2})".format(s.name, s.host, s.port) "the server '{0}'...").format(
"{0} ({1}:{2})".format(
s.name, s.host, s.port
)
) )
elif self.backup_type == BACKUP.SERVER: elif self.backup_type == BACKUP.SERVER:
return _("Backing up the server '{0}'...").format( return _("Backing up the server '{0}'...").format(
"{0} ({1}:{2})".format(s.name, s.host, s.port) "{0} ({1}:{2})".format(
s.name, s.host, s.port
)
) )
else: else:
# It should never reach here. # It should never reach here.
@ -140,18 +148,32 @@ class BackupMessage(IProcessDesc):
if self.backup_type == BACKUP.OBJECT: if self.backup_type == BACKUP.OBJECT:
res += _( res += _(
"Backing up an object on the server '{0}' from database '{1}'..." "Backing up an object on the server '{0}' "
"from database '{1}'..."
).format( ).format(
"{0} ({1}:{2})".format(s.name, s.host, s.port), "{0} ({1}:{2})".format(
self.database html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port),
),
html.safe_str(self.database)
) )
elif self.backup_type == BACKUP.GLOBALS: elif self.backup_type == BACKUP.GLOBALS:
res += _("Backing up the global objects on the server '{0}'...").format( res += _("Backing up the global objects on "
"{0} ({1}:{2})".format(s.name, s.host, s.port) "the server '{0}'...").format(
"{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port)
)
) )
elif self.backup_type == BACKUP.SERVER: elif self.backup_type == BACKUP.SERVER:
res += _("Backing up the server '{0}'...").format( res += _("Backing up the server '{0}'...").format(
"{0} ({1}:{2})".format(s.name, s.host, s.port) "{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port)
)
) )
else: else:
# It should never reach here. # It should never reach here.
@ -160,7 +182,7 @@ class BackupMessage(IProcessDesc):
res += '</div><div class="h5">' res += '</div><div class="h5">'
res += _("Running command:") res += _("Running command:")
res += '</b><br><span class="pg-bg-cmd enable-selection">' res += '</b><br><span class="pg-bg-cmd enable-selection">'
res += self.cmd res += html.safe_str(self.cmd)
res += '</span></div>' res += '</span></div>'
return res return res

23
web/pgadmin/tools/import_export/__init__.py
View File

@ -94,10 +94,9 @@ class IEMessage(IProcessDesc):
arg = cmdArg(arg) arg = cmdArg(arg)
if _storage is not None: if _storage is not None:
arg = arg.replace(_storage, '<STORAGE_DIR>') arg = arg.replace(_storage, '<STORAGE_DIR>')
self._cmd += ' "' + arg + '"' self._cmd += ' "' + arg + '"'
else: else:
self._cmd+= cmdArg(arg) self._cmd += cmdArg(arg)
@property @property
def message(self): def message(self):
@ -107,7 +106,8 @@ class IEMessage(IProcessDesc):
).first() ).first()
return _( return _(
"Copying table data '{0}.{1}' on database '{2}' and server ({3}:{4})..." "Copying table data '{0}.{1}' on database '{2}' "
"and server ({3}:{4})..."
).format( ).format(
self.schema, self.table, self.database, s.host, s.port self.schema, self.table, self.database, s.host, s.port
) )
@ -120,16 +120,23 @@ class IEMessage(IProcessDesc):
res = '<div class="h5">' res = '<div class="h5">'
res += _( res += _(
"Copying table data '{0}.{1}' on database '{2}' for the server '{3}'..." "Copying table data '{0}.{1}' on database '{2}' "
"for the server '{3}'..."
).format( ).format(
self.schema, self.table, self.database, html.safe_str(self.schema),
"{0} ({1}:{2})".format(s.name, s.host, s.port) html.safe_str(self.table),
html.safe_str(self.database),
"{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port)
)
) )
res += '</div><div class="h5">' res += '</div><div class="h5">'
res += _("Running command:") res += _("Running command:")
res += '</b><br><span class="pg-bg-cmd enable-selection">' res += '</b><br><span class="pg-bg-cmd enable-selection">'
res += self._cmd res += html.safe_str(self._cmd)
res += '</span></div>' res += '</span></div>'
return res return res

14
web/pgadmin/utils/html.py
View File

@ -15,7 +15,19 @@ from pgadmin.utils import IS_PY2
def safe_str(x): def safe_str(x):
try: try:
x = x.encode('ascii', 'xmlcharrefreplace') if hasattr(x, 'encode') else x # For Python2, it can be int, long, float
if IS_PY2:
if isinstance(x, (int, long, float)):
x = str(x)
else:
# For Python3, it can be int, float
if isinstance(x, (int, float)):
x = str(x)
x = x.encode(
'ascii', 'xmlcharrefreplace'
) if hasattr(x, 'encode') else x
if not IS_PY2: if not IS_PY2:
x = x.decode('utf-8') x = x.decode('utf-8')
except: except: