Fix an issue where user login is not working if username/email contains single quote in server mode. #6865

2025-02-25 18:55:31 -06:00 · 2023-10-17 13:49:18 +05:30 · 2023-10-17 13:49:18 +05:30 · b4b2a4ff67
commit b4b2a4ff67
parent 205a661922
3 changed files with 5 additions and 4 deletions
--- a/docs/en_US/release_notes_7_8.rst
+++ b/docs/en_US/release_notes_7_8.rst
@ -46,4 +46,5 @@ Bug fixes
  | `Issue #6799 <https://github.com/pgadmin-org/pgadmin4/issues/6799>`_ -  Fixed an issue where the user is unable to select objects on the backup dialog due to tree flickering.
  | `Issue #6836 <https://github.com/pgadmin-org/pgadmin4/issues/6836>`_ -  Fixed an issue where non-super PostgreSQL users are not able to terminate their own connections from dashboard.
  | `Issue #6851 <https://github.com/pgadmin-org/pgadmin4/issues/6851>`_ -  Fix an issue where scale in columns is not allowed to have value as 0 or below.
-  | `Issue #6858 <https://github.com/pgadmin-org/pgadmin4/issues/6858>`_ -  Fix an issue in graphical explain plan where query tool crashes when the plan has parallel workers details and sort node is clicked for details.
+  | `Issue #6858 <https://github.com/pgadmin-org/pgadmin4/issues/6858>`_ -  Fix an issue in graphical explain plan where query tool crashes when the plan has parallel workers details and sort node is clicked for details.
+  | `Issue #6865 <https://github.com/pgadmin-org/pgadmin4/issues/6865>`_ -  Fix an issue where user login is not working if username/email contains single quote in server mode.
--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -668,7 +668,7 @@ def utils():
            mfa_enabled=is_mfa_enabled(),
            is_admin=current_user.has_role("Administrator"),
            login_url=login_url,
-            username=current_user.username,
+            username=current_user.username.replace("'","\\'"),
            auth_source=auth_source,
            heartbeat_timeout=config.SERVER_HEARTBEAT_TIMEOUT,
            password_length_min=config.PASSWORD_LENGTH_MIN,
--- a/web/pgadmin/tools/user_management/init.py
+++ b/web/pgadmin/tools/user_management/init.py
@ -103,9 +103,9 @@ def current_user_info():
            is_admin='true' if current_user.has_role(
                "Administrator") else 'false',
            user_id=current_user.id,
-            email=current_user.email,
+            email=current_user.email.replace("'","\\'"),
            name=(
-                current_user.username.split('@')[0] if
+                current_user.username.split('@')[0].replace("'","\\'") if
                config.SERVER_MODE is True
                else 'postgres'
            ),