Prevent the Windows installer accepting paths containing invalid characters. Fixes #1365

2025-02-25 18:55:31 -06:00 · 2017-11-20 16:37:18 +00:00
parent 4568fe22f7
commit 8ff753deb8
3 changed files with 122 additions and 34 deletions
--- a/pkg/win32/README.txt
+++ b/pkg/win32/README.txt
@@ -12,7 +12,7 @@ To generate a pgAdmin 4 installer for Windows bit, the following packages must b
 3. PostgreSQL installation
  - PostgreSQL 9.1 or above from http://www.postgresql.org/

-4. Inno Setup Installer
+4. Inno Setup Installer (unicode)
   - 5.0 and above from http://www.jrsoftware.org/isdl.php

 5. Microsoft visual studio (2008 and above)
--- a/pkg/win32/installer.iss.in
+++ b/pkg/win32/installer.iss.in
@@ -7,6 +7,8 @@
 #define MyAppFullVersion MYAPP_FULLVERSION
 #define MyAppArchitecturesMode MYAPP_ARCHITECTURESMODE
 #define MyAppVCDist MYAPP_VCDIST
+#define MyAppInvalidPath "Please provide a valid path."
+
 [Setup]
 AppId={#MyAppName}{#MyAppVersion}
 AppName={#MyAppName}
@@ -32,6 +34,15 @@ ArchitecturesInstallIn64BitMode={#MyAppArchitecturesMode}
 [Languages]
 Name: "english"; MessagesFile: "compiler:Default.isl"

+;This section will override the standered error message by default which is called internally and  we don't have a controll over this.
+[Messages]
+InvalidPath={#MyAppInvalidPath}
+
+;This section would be used for customized error message display.
+[CustomMessages]
+english.NewerVersionExists=A newer version of {#MyAppName}
+english.InvalidPath={#MyAppInvalidPath}
+
 [Icons]
 Name: {group}\{#MyAppName} {#MyAppVersion}; Filename: {app}\runtime\{#MyAppExeName}; IconFilename: {app}\pgAdmin4.ico; WorkingDir: {app}\runtime;

@@ -42,9 +53,6 @@ Source: "..\..\win-build\*"; DestDir: "{app}"; Flags: ignoreversion recursesubdi
 Filename: "{app}\installer\{#MyAppVCDist}"; StatusMsg: "VC runtime redistributable package"; Parameters: "/passive /verysilent /norestart"; Check: InstallVC;
 Filename: "{app}\runtime\{#MyAppExeName}"; Description: "{cm:LaunchProgram,{#StringChange(MyAppName, '&', '&&')}}"; Flags: runascurrentuser nowait postinstall skipifsilent

-[CustomMessages]
-english.NewerVersionExists=A newer version of {#MyAppName}
-
 [Registry]
 Root: HKLM; Subkey: "Software\{#MyAppName}\{#MyAppVersion}"; Flags: uninsdeletekeyifempty
 Root: HKLM; Subkey: "Software\{#MyAppName}\{#MyAppVersion}"; Flags: uninsdeletekey
@@ -52,28 +60,68 @@ Root: HKLM; Subkey: "Software\{#MyAppName}\{#MyAppVersion}"; ValueType: string;
 Root: HKLM; Subkey: "Software\{#MyAppName}\{#MyAppVersion}"; ValueType: string; ValueName: "Version"; ValueData: "{#MyAppFullVersion}"

 [Code]
-// find current version before installation
+var
+  UpgradeMode: Boolean;
+
+function IsPathValid(Path: string): Boolean;
+var
+  I: Integer;
+  Ret: Boolean;
+begin
+  Ret := True;
+  Path := Uppercase(Path);
+  Result :=
+    (Length(Path) >= 3) and
+    (Path[1] >= 'A') and (Path[1] <= 'Z') and
+    (Path[2] = ':') and
+    (Path[3] = '\');
+
+  if Result then
+  begin
+    for I := 3 to Length(Path) do
+      begin
+        case Path[I] of
+          '0'..'9', 'A'..'Z', '\', ' ', '.', '-', '(', ')':
+          else
+          begin
+            Ret := False;
+            break;
+          end;
+      end;
+    end;
+  end;
+  Result := Ret;
+end;
+
+// Find current version before installation
 function InitializeSetup: Boolean;
 var
  Version: String;
 begin
  if RegValueExists(HKEY_LOCAL_MACHINE,'Software\{#MyAppName}\{#MyAppVersion}', 'Version') then
+  begin
+	UpgradeMode := True;
+    RegQueryStringValue(HKEY_LOCAL_MACHINE,'Software\{#MyAppName}\{#MyAppVersion}', 'Version', Version);
+    if Version > '{#MyAppFullVersion}' then
    begin
-      RegQueryStringValue(HKEY_LOCAL_MACHINE,'Software\{#MyAppName}\{#MyAppVersion}', 'Version', Version);
-      if Version > '{#MyAppFullVersion}' then
-        begin
-          MsgBox(ExpandConstant('{cm:NewerVersionExists}' + '(v' + Version + ') is already installed' ), mbInformation, MB_OK);
-          Result := False;
-        end
-      else
-        begin
-          Result := True;
-        end
+      MsgBox(ExpandConstant('{cm:NewerVersionExists}' + '(v' + Version + ') is already installed' ), mbInformation, MB_OK);
+      Result := False;
    end
-  else
+    else
    begin
      Result := True;
-    end
+    end;
+  end
+  else
+  begin
+    Result := True;
+	UpgradeMode := False;
+  end;
+end;
+
+function IsUpgradeMode(): Boolean;
+begin
+  Result := UpgradeMode;
 end;

 function InstallVC: Boolean;
@@ -103,24 +151,45 @@ begin
            end
          end
          else
-          begin
-            DelWebfolder(FilePath);
-            RemoveDir(FilePath);
-          end
-        end;
+            begin
+              DelWebfolder(FilePath);
+              RemoveDir(FilePath);
+            end;
+          end;
        until not FindNext(FindRec);
-    finally
-    FindClose(FindRec);
-    end
-  end
+      finally
+      FindClose(FindRec);
+    end;
+  end;
 end;

-procedure CurPageChanged(CurPageID: Integer);
+//procedure CurPageChanged(CurPageID: Integer);
+function NextButtonClick(CurPageID: Integer): Boolean;
+var
+  Ret: Boolean;
 begin
-  if CurPageID=wpReady then
-  begin
-    DelWebfolder(ExpandConstant('{app}\web'));
-  end
+  Ret := True;
+  case CurPageID of
+    wpSelectDir:
+      begin
+        // Validate InstallDir path
+        if Not IsPathValid(ExpandConstant('{app}')) then
+        begin
+          MsgBox(ExpandConstant('{cm:InvalidPath}'), mbError, MB_OK);
+          Ret := False;
+        end;
+      end;
+
+    wpReady:
+	begin
+      if (IsUpgradeMode) then
+      begin
+        DelWebfolder(ExpandConstant('{app}\web'));
+      end;
+	end;
+  end;
+
+  Result := Ret;
 end;

 // End of program