IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ensure object names are properly escaped for external process management. Fixes #2405

Browse Source
This commit is contained in:
Murtuza Zabuawala 2017-05-15 13:01:12 +01:00 committed by Dave Page
parent f0e78309cb
commit 1cb2a62fa8
4 changed files with 64 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/pgadmin/misc/bgprocess/static/js/bgprocess.js
View File

@ -310,7 +310,7 @@ define([
panel = this.panel =
pgBrowser.BackgroundProcessObsorver.create_panel();
panel.title('Process Watcher - ' + self.desc);
panel.title('Process Watcher - ' + _.escape(self.desc));
panel.focus();
}

46
web/pgadmin/tools/backup/__init__.py
View File

@ -113,18 +113,26 @@ class BackupMessage(IProcessDesc):
if self.backup_type == BACKUP.OBJECT:
return _(
"Backing up an object on the server '{0}' from database '{1}'..."
"Backing up an object on the server '{0}' "
"from database '{1}'..."
).format(
"{0} ({1}:{2})".format(s.name, s.host, s.port),
"{0} ({1}:{2})".format(
s.name, s.host, s.port
),
self.database
)
if self.backup_type == BACKUP.GLOBALS:
return _("Backing up the global objects on the server '{0}'...").format(
"{0} ({1}:{2})".format(s.name, s.host, s.port)
return _("Backing up the global objects on "
"the server '{0}'...").format(
"{0} ({1}:{2})".format(
s.name, s.host, s.port
)
)
elif self.backup_type == BACKUP.SERVER:
return _("Backing up the server '{0}'...").format(
"{0} ({1}:{2})".format(s.name, s.host, s.port)
"{0} ({1}:{2})".format(
s.name, s.host, s.port
)
)
else:
# It should never reach here.
@ -140,18 +148,32 @@ class BackupMessage(IProcessDesc):
if self.backup_type == BACKUP.OBJECT:
res += _(
"Backing up an object on the server '{0}' from database '{1}'..."
"Backing up an object on the server '{0}' "
"from database '{1}'..."
).format(
"{0} ({1}:{2})".format(s.name, s.host, s.port),
self.database
"{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port),
),
html.safe_str(self.database)
)
elif self.backup_type == BACKUP.GLOBALS:
res += _("Backing up the global objects on the server '{0}'...").format(
"{0} ({1}:{2})".format(s.name, s.host, s.port)
res += _("Backing up the global objects on "
"the server '{0}'...").format(
"{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port)
)
)
elif self.backup_type == BACKUP.SERVER:
res += _("Backing up the server '{0}'...").format(
"{0} ({1}:{2})".format(s.name, s.host, s.port)
"{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port)
)
)
else:
# It should never reach here.
@ -160,7 +182,7 @@ class BackupMessage(IProcessDesc):
res += '</div><div class="h5">'
res += _("Running command:")
res += '</b><br><span class="pg-bg-cmd enable-selection">'
res += self.cmd
res += html.safe_str(self.cmd)
res += '</span></div>'
return res

21
web/pgadmin/tools/import_export/__init__.py
View File

@ -96,8 +96,7 @@ class IEMessage(IProcessDesc):
arg = arg.replace(_storage, '<STORAGE_DIR>')
self._cmd += ' "' + arg + '"'
else:
self._cmd+= cmdArg(arg)
self._cmd += cmdArg(arg)
@property
def message(self):
@ -107,7 +106,8 @@ class IEMessage(IProcessDesc):
).first()
return _(
"Copying table data '{0}.{1}' on database '{2}' and server ({3}:{4})..."
"Copying table data '{0}.{1}' on database '{2}' "
"and server ({3}:{4})..."
).format(
self.schema, self.table, self.database, s.host, s.port
)
@ -120,16 +120,23 @@ class IEMessage(IProcessDesc):
res = '<div class="h5">'
res += _(
"Copying table data '{0}.{1}' on database '{2}' for the server '{3}'..."
"Copying table data '{0}.{1}' on database '{2}' "
"for the server '{3}'..."
).format(
self.schema, self.table, self.database,
"{0} ({1}:{2})".format(s.name, s.host, s.port)
html.safe_str(self.schema),
html.safe_str(self.table),
html.safe_str(self.database),
"{0} ({1}:{2})".format(
html.safe_str(s.name),
html.safe_str(s.host),
html.safe_str(s.port)
)
)
res += '</div><div class="h5">'
res += _("Running command:")
res += '</b><br><span class="pg-bg-cmd enable-selection">'
res += self._cmd
res += html.safe_str(self._cmd)
res += '</span></div>'
return res

14
web/pgadmin/utils/html.py
View File

@ -15,7 +15,19 @@ from pgadmin.utils import IS_PY2
def safe_str(x):
try:
x = x.encode('ascii', 'xmlcharrefreplace') if hasattr(x, 'encode') else x
# For Python2, it can be int, long, float
if IS_PY2:
if isinstance(x, (int, long, float)):
x = str(x)
else:
# For Python3, it can be int, float
if isinstance(x, (int, float)):
x = str(x)
x = x.encode(
'ascii', 'xmlcharrefreplace'
) if hasattr(x, 'encode') else x
if not IS_PY2:
x = x.decode('utf-8')
except: