IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-09 23:15:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed escape/unescape issues in Query Tool and PSQL.

Browse Source
This commit is contained in:
Akshay Joshi 2023-07-13 17:02:51 +05:30
parent bd4e14da89
commit 75d14565e4
5 changed files with 17 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/pgadmin/browser/utils.py
View File

@ -37,7 +37,6 @@ def underscore_escape(text):
'<': "&lt;",
'>': "&gt;",
'"': "&quot;",
'`': "&#96;",
"'": "&#39;"
}
@ -62,7 +61,6 @@ def underscore_unescape(text):
"&lt;": '<',
"&gt;": '>',
"&quot;": '"',
"&#96;": '`',
"&#39;": "'"
}

7
web/pgadmin/tools/psql/__init__.py
View File

@ -101,13 +101,12 @@ def panel(trans_id):
if request.args:
params.update({k: v for k, v in request.args.items()})
o_db_name = _get_database(params['sid'], params['did'])
o_db_name = underscore_escape(_get_database(params['sid'], params['did']))
set_env_variables(is_win=_platform == 'win32')
return render_template('editor_template.html',
sid=params['sid'],
db=underscore_unescape(
o_db_name) if o_db_name else 'postgres',
db=o_db_name,
server_type=params['server_type'],
is_enable=config.ENABLE_PSQL,
title=underscore_unescape(params['title']),
@ -543,7 +542,7 @@ def _get_database(sid, did):
from pgadmin.utils.driver import get_driver
manager = get_driver(PG_DEFAULT_DRIVER).connection_manager(int(sid))
conn = manager.connection()
db_name = None
db_name = 'postgres'
is_connected = get_connection_status(conn)

19
web/pgadmin/tools/psql/static/js/psql_module.js
View File

@ -23,7 +23,7 @@ import {generateTitle, refresh_db_node} from 'tools/sqleditor/static/js/sqledito
export function setPanelTitle(psqlToolPanel, panelTitle) {
psqlToolPanel.title('<span title="'+panelTitle+'">'+panelTitle+'</span>');
psqlToolPanel.title('<span title="'+_.escape(panelTitle)+'">'+_.escape(panelTitle)+'</span>');
}
let wcDocker = window.wcDocker;
@ -114,7 +114,7 @@ export function initialize(gettext, url_for, _, pgAdmin, csrfToken, Browser) {
enable(gettext('PSQL Tool'), isEnabled);
return isEnabled;
},
psql_tool: function(data, treeIdentifier, gen=false) {
psql_tool: function(data, treeIdentifier) {
const serverInformation = retrieveAncestorOfTypeServer(pgBrowser, treeIdentifier, gettext('PSQL Error'));
if (!hasBinariesConfiguration(pgBrowser, serverInformation)) {
return;
@ -152,8 +152,8 @@ export function initialize(gettext, url_for, _, pgAdmin, csrfToken, Browser) {
let tab_title_placeholder = pgBrowser.get_preferences_for_module('browser').psql_tab_title_placeholder;
panelTitle = generateTitle(tab_title_placeholder, title_data);
const [panelUrl, panelCloseUrl, db_label] = this.getPanelUrls(transId, panelTitle, parentData, gen);
const escapedTitle = _.unescape(panelTitle);
const [panelUrl, panelCloseUrl, db_label] = this.getPanelUrls(transId, parentData);
const escapedTitle = _.escape(panelTitle);
let psqlToolForm = `
<form id="psqlToolForm" action="${panelUrl}" method="post">
<input id="title" name="title" hidden />
@ -178,7 +178,7 @@ export function initialize(gettext, url_for, _, pgAdmin, csrfToken, Browser) {
registerDetachEvent(psqlToolPanel);
// Set panel title and icon
setPanelTitle(psqlToolPanel, escapedTitle);
setPanelTitle(psqlToolPanel, _.unescape(panelTitle));
psqlToolPanel.icon('fas fa-terminal psql-tab-style');
psqlToolPanel.focus();
@ -213,7 +213,7 @@ export function initialize(gettext, url_for, _, pgAdmin, csrfToken, Browser) {
}
},
getPanelUrls: function(transId, panelTitle, pData) {
getPanelUrls: function(transId, pData) {
let openUrl = url_for('psql.panel', {
trans_id: transId,
});
@ -225,10 +225,9 @@ export function initialize(gettext, url_for, _, pgAdmin, csrfToken, Browser) {
+`&did=${pData.database._id}`
+`&server_type=${pData.server.server_type}`
+ `&theme=${theme}`;
let db_label = '';
if(pData.database && pData.database._id) {
db_label = _.escape(pData.database._label.replace('\\', '\\\\'));
openUrl += `&db=${db_label}`;
openUrl += `&db=${encodeURIComponent(pData.database._label)}`;
} else {
openUrl += `&db=${''}`;
}
@ -236,7 +235,7 @@ export function initialize(gettext, url_for, _, pgAdmin, csrfToken, Browser) {
let closeUrl = url_for('psql.close', {
trans_id: transId,
});
return [openUrl, closeUrl, db_label];
return [openUrl, closeUrl, pData.database._label];
},
psql_terminal: function() {
// theme colors

4
web/pgadmin/tools/psql/templates/editor_template.html
View File

@ -28,9 +28,9 @@ require(
term.open(document.getElementById('psql-terminal'));
<!-- Socket-->
const socket = self.pgAdmin.Browser.psql.psql_socket();
self.pgAdmin.Browser.psql.psql_socket_io(socket, '{{is_enable}}', '{{sid}}', '{{db | replace("'", "\'")| replace('"', '\"') | replace('\\', '\\\\')}}', '{{server_type}}', fitAddon, term);
self.pgAdmin.Browser.psql.psql_socket_io(socket, '{{is_enable}}', '{{sid}}', '{{db|safe}}', '{{server_type}}', fitAddon, term);
self.pgAdmin.Browser.psql.psql_terminal_io(term, socket, '{{platform}}');
self.pgAdmin.Browser.psql.check_db_name_change('{{db}}', '{{o_db_name}}');
self.pgAdmin.Browser.psql.check_db_name_change('{{db|safe}}', '{{o_db_name|safe}}');
<!-- Set terminal size -->
setTimeout(function(){
socket.emit("resize", {"cols": term.cols, "rows": term.rows})

6
web/pgadmin/tools/sqleditor/static/js/show_query_tool.js
View File

@ -28,11 +28,11 @@ export function generateUrl(trans_id, parentData, sqlId) {
if (hasDatabaseInformation(parentData)) {
url_endpoint += `&did=${parentData.database._id}`;
if(parentData.database.label) {
url_endpoint += `&database_name=${parentData.database.label}`;
if(parentData.database._label) {
url_endpoint += `&database_name=${encodeURIComponent(parentData.database._label)}`;
}
if(!parentData.server.username && parentData.server.user?.name) {
url_endpoint += `&user=${parentData.server.user?.name}`;
url_endpoint += `&user=${encodeURIComponent(parentData.server.user?.name)}`;
}
}