mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2024-11-27 03:00:22 -06:00
Ensure type names are properly encoded in the results grid. Fixes #4401
This commit is contained in:
parent
9a8a28e4f9
commit
bcb1392a1a
@ -21,6 +21,7 @@ Bug fixes
|
||||
*********
|
||||
|
||||
| `Issue #4179 <https://redmine.postgresql.org/issues/4179>`_ - Fix generation of reverse engineered SQL for tables with Greenplum 5.x.
|
||||
| `Issue #4401 <https://redmine.postgresql.org/issues/4401>`_ - Ensure type names are properly encoded in the results grid.
|
||||
| `Issue #4490 <https://redmine.postgresql.org/issues/4490>`_ - Fix accessibility issue for checkbox in IE11.
|
||||
| `Issue #4496 <https://redmine.postgresql.org/issues/4496>`_ - Ensure columns can be created when they are IDENTITY fields with the CYCLE option enabled.
|
||||
| `Issue #4497 <https://redmine.postgresql.org/issues/4497>`_ - Ensure purely numeric comments can be saved on new columns.
|
||||
|
@ -33,11 +33,18 @@ class CheckForXssFeatureTest(BaseFeatureTest):
|
||||
("Test XSS check for panels and query tool", dict())
|
||||
]
|
||||
test_table_name = "<h1>X"
|
||||
test_type_name = '"<script>alert(1)</script>"'
|
||||
|
||||
def before(self):
|
||||
test_utils.create_type(
|
||||
self.server, self.test_db, self.test_type_name,
|
||||
['"<script>alert(1)</script>" "char"',
|
||||
'"1<script>alert(1)</script>" "char"']
|
||||
)
|
||||
test_utils.create_table(
|
||||
self.server, self.test_db, self.test_table_name,
|
||||
['"<script>alert(1)</script>" char']
|
||||
['"<script>alert(1)</script>" char',
|
||||
'typcol '+self.test_type_name]
|
||||
)
|
||||
# This is needed to test dependents tab (eg: BackGrid)
|
||||
test_utils.create_constraint(
|
||||
|
@ -752,12 +752,15 @@ define('tools.querytool', [
|
||||
column_size[table_name] = column_size[table_name] || {};
|
||||
|
||||
_.each(columns, function(c) {
|
||||
c.display_name = _.escape(c.display_name);
|
||||
c.column_type = _.escape(c.column_type);
|
||||
|
||||
var options = {
|
||||
id: c.name,
|
||||
pos: c.pos,
|
||||
field: c.name,
|
||||
name: c.label,
|
||||
display_name: _.escape(c.display_name),
|
||||
display_name: c.display_name,
|
||||
column_type: c.column_type,
|
||||
column_type_internal: c.column_type_internal,
|
||||
not_null: c.not_null,
|
||||
|
@ -255,6 +255,44 @@ def create_constraint(server,
|
||||
traceback.print_exc(file=sys.stderr)
|
||||
|
||||
|
||||
def create_type(server, db_name, type_name, type_fields=[]):
|
||||
"""
|
||||
This function create the type in given database name
|
||||
:param server: server details
|
||||
:type server: dict
|
||||
:param db_name: database name
|
||||
:type db_name: str
|
||||
:param type_name: type name
|
||||
:type type_name: str
|
||||
:param type_fields: type fields
|
||||
:type type_fields: list
|
||||
:return: None
|
||||
"""
|
||||
try:
|
||||
connection = get_db_connection(
|
||||
db_name,
|
||||
server['username'],
|
||||
server['db_password'],
|
||||
server['host'],
|
||||
server['port'],
|
||||
server['sslmode']
|
||||
)
|
||||
old_isolation_level = connection.isolation_level
|
||||
connection.set_isolation_level(0)
|
||||
|
||||
type_fields_sql = ", ".join(type_fields)
|
||||
|
||||
pg_cursor = connection.cursor()
|
||||
pg_cursor.execute(
|
||||
'''CREATE TYPE %s AS (%s)''' % (type_name, type_fields_sql))
|
||||
|
||||
connection.set_isolation_level(old_isolation_level)
|
||||
connection.commit()
|
||||
|
||||
except Exception:
|
||||
traceback.print_exc(file=sys.stderr)
|
||||
|
||||
|
||||
def create_debug_function(server, db_name, function_name="test_func"):
|
||||
try:
|
||||
connection = get_db_connection(
|
||||
|
Loading…
Reference in New Issue
Block a user