From bcb1392a1a77b5bd6791039bcc241941f5dec522 Mon Sep 17 00:00:00 2001 From: Aditya Toshniwal Date: Thu, 1 Aug 2019 13:17:00 +0100 Subject: [PATCH] Ensure type names are properly encoded in the results grid. Fixes #4401 --- docs/en_US/release_notes_4_12.rst | 1 + .../xss_checks_panels_and_query_tool_test.py | 9 ++++- .../tools/sqleditor/static/js/sqleditor.js | 5 ++- .../python_test_utils/test_utils.py | 38 +++++++++++++++++++ 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/docs/en_US/release_notes_4_12.rst b/docs/en_US/release_notes_4_12.rst index 720b72bc4..aa1c7831e 100644 --- a/docs/en_US/release_notes_4_12.rst +++ b/docs/en_US/release_notes_4_12.rst @@ -21,6 +21,7 @@ Bug fixes ********* | `Issue #4179 `_ - Fix generation of reverse engineered SQL for tables with Greenplum 5.x. +| `Issue #4401 `_ - Ensure type names are properly encoded in the results grid. | `Issue #4490 `_ - Fix accessibility issue for checkbox in IE11. | `Issue #4496 `_ - Ensure columns can be created when they are IDENTITY fields with the CYCLE option enabled. | `Issue #4497 `_ - Ensure purely numeric comments can be saved on new columns. diff --git a/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py b/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py index c7eb39fab..c01d16b91 100644 --- a/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py +++ b/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py @@ -33,11 +33,18 @@ class CheckForXssFeatureTest(BaseFeatureTest): ("Test XSS check for panels and query tool", dict()) ] test_table_name = "

X" + test_type_name = '""' def before(self): + test_utils.create_type( + self.server, self.test_db, self.test_type_name, + ['"" "char"', + '"1" "char"'] + ) test_utils.create_table( self.server, self.test_db, self.test_table_name, - ['"" char'] + ['"" char', + 'typcol '+self.test_type_name] ) # This is needed to test dependents tab (eg: BackGrid) test_utils.create_constraint( diff --git a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js index 217344107..5e2d71a6c 100644 --- a/web/pgadmin/tools/sqleditor/static/js/sqleditor.js +++ b/web/pgadmin/tools/sqleditor/static/js/sqleditor.js @@ -752,12 +752,15 @@ define('tools.querytool', [ column_size[table_name] = column_size[table_name] || {}; _.each(columns, function(c) { + c.display_name = _.escape(c.display_name); + c.column_type = _.escape(c.column_type); + var options = { id: c.name, pos: c.pos, field: c.name, name: c.label, - display_name: _.escape(c.display_name), + display_name: c.display_name, column_type: c.column_type, column_type_internal: c.column_type_internal, not_null: c.not_null, diff --git a/web/regression/python_test_utils/test_utils.py b/web/regression/python_test_utils/test_utils.py index 4413705e5..ea24456c7 100644 --- a/web/regression/python_test_utils/test_utils.py +++ b/web/regression/python_test_utils/test_utils.py @@ -255,6 +255,44 @@ def create_constraint(server, traceback.print_exc(file=sys.stderr) +def create_type(server, db_name, type_name, type_fields=[]): + """ + This function create the type in given database name + :param server: server details + :type server: dict + :param db_name: database name + :type db_name: str + :param type_name: type name + :type type_name: str + :param type_fields: type fields + :type type_fields: list + :return: None + """ + try: + connection = get_db_connection( + db_name, + server['username'], + server['db_password'], + server['host'], + server['port'], + server['sslmode'] + ) + old_isolation_level = connection.isolation_level + connection.set_isolation_level(0) + + type_fields_sql = ", ".join(type_fields) + + pg_cursor = connection.cursor() + pg_cursor.execute( + '''CREATE TYPE %s AS (%s)''' % (type_name, type_fields_sql)) + + connection.set_isolation_level(old_isolation_level) + connection.commit() + + except Exception: + traceback.print_exc(file=sys.stderr) + + def create_debug_function(server, db_name, function_name="test_func"): try: connection = get_db_connection(