mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2024-07-07 04:53:25 -05:00
Ensure that the load file paths are children of the storage directory. #5522
This commit is contained in:
parent
998c0cb7b3
commit
c5e9aa6357
|
@ -1,35 +1,37 @@
|
||||||
.. _external_database:
|
.. _external_database:
|
||||||
|
|
||||||
****************************************************
|
****************************************************
|
||||||
`External database for pgAdmin configuration`:index:
|
`External database for pgAdmin user settings`:index:
|
||||||
****************************************************
|
****************************************************
|
||||||
|
|
||||||
The configurations used by pgAdmin are stored in the SQLite database.
|
The user settings used by pgAdmin are stored in a SQLite database. In this
|
||||||
There are many settings stored in this database, like preferences,
|
database, many settings are stored, such as preferences, user accounts,
|
||||||
user accounts, auto-discovered servers, and many more.
|
auto-discovered servers, and many more.
|
||||||
|
|
||||||
In SQLite, the database is stored in a single file that may be located anywhere
|
As SQLite is a file-based database and it can be anywhere in the file system,
|
||||||
in the directory, which means it is not prepared for failure (no HA support).
|
so it is not designed to take care of failures (no HA support). Furthermore,
|
||||||
In addition, it is not designed to handle many connections reading/writing data
|
it isn't designed to handle multiple connections concurrently reading/writing
|
||||||
concurrently.
|
data to it. Example: In environments such as Kubernetes it may be useful to
|
||||||
|
use an alternate backend to avoid using SQLite on non-ephemeral storage and to
|
||||||
|
allow HA of the settings database.
|
||||||
|
|
||||||
pgAdmin added support for storing configurations in an external database to
|
In order to prevent this, pgAdmin now supports storing user settings in an
|
||||||
prevent this.
|
external database using the new 'CONFIG_DATABASE_URI' parameter in the
|
||||||
|
:ref:`config.py <config_py>` file.
|
||||||
Added the 'CONFIG_DATABASE_URI' parameter in the :ref:`config.py <config_py>`
|
|
||||||
file.
|
|
||||||
|
|
||||||
Use SQLite Database
|
Use SQLite Database
|
||||||
*******************
|
*******************
|
||||||
|
|
||||||
To use SQLite Database, make sure CONFIG_DATABASE_URI is empty string, such as
|
In order to use SQLite Database, make sure CONFIG_DATABASE_URI parameter is
|
||||||
''.
|
set to an empty string like ''. By default it is set to an empty string in the
|
||||||
|
config.py so if you would like to use SQLite database then no need to change
|
||||||
|
anything.
|
||||||
|
|
||||||
Use External Database
|
Use External Database
|
||||||
*********************
|
*********************
|
||||||
|
|
||||||
If you want to use an external database, make sure the CONFIG_DATABASE_URI
|
In order to use an external database, make sure CONFIG_DATABASE_URI parameter
|
||||||
format is "dialect+driver://username:password@host:port/database".
|
is set like "dialect+driver://username:password@host:port/database".
|
||||||
|
|
||||||
**Note** It is recommended to create the database in advance.
|
**Note** It is recommended to create the database in advance.
|
||||||
|
|
||||||
|
|
|
@ -43,3 +43,5 @@ Bug fixes
|
||||||
| `Issue #5465 <https://github.com/pgadmin-org/pgadmin4/issues/5465>`_ - Fixed an issue where the screen was freezing while closing the wcDocker panel.
|
| `Issue #5465 <https://github.com/pgadmin-org/pgadmin4/issues/5465>`_ - Fixed an issue where the screen was freezing while closing the wcDocker panel.
|
||||||
| `Issue #5473 <https://github.com/pgadmin-org/pgadmin4/issues/5473>`_ - Fixed an issue where AutoComplete was not working correctly due to incorrect regex.
|
| `Issue #5473 <https://github.com/pgadmin-org/pgadmin4/issues/5473>`_ - Fixed an issue where AutoComplete was not working correctly due to incorrect regex.
|
||||||
| `Issue #5475 <https://github.com/pgadmin-org/pgadmin4/issues/5475>`_ - Fixed an issue where the 'Confirm on close or refresh' setting was ignored when closing the query/ERD tool opened in the new tab.
|
| `Issue #5475 <https://github.com/pgadmin-org/pgadmin4/issues/5475>`_ - Fixed an issue where the 'Confirm on close or refresh' setting was ignored when closing the query/ERD tool opened in the new tab.
|
||||||
|
| `Issue #5507 <https://github.com/pgadmin-org/pgadmin4/issues/5507>`_ - Fixed an issue where pgadmin does not respect reverse proxy any more.
|
||||||
|
| `Issue #5522 <https://github.com/pgadmin-org/pgadmin4/issues/5522>`_ - Ensure that the load file paths are children of the storage directory.
|
||||||
|
|
|
@ -1792,7 +1792,7 @@ def script():
|
||||||
def load_file():
|
def load_file():
|
||||||
"""
|
"""
|
||||||
This function gets name of file from request data
|
This function gets name of file from request data
|
||||||
reads the data and sends back in reponse
|
reads the data and sends back in response
|
||||||
"""
|
"""
|
||||||
if request.data:
|
if request.data:
|
||||||
file_data = json.loads(request.data, encoding='utf-8')
|
file_data = json.loads(request.data, encoding='utf-8')
|
||||||
|
@ -1801,6 +1801,11 @@ def load_file():
|
||||||
|
|
||||||
# retrieve storage directory path
|
# retrieve storage directory path
|
||||||
storage_manager_path = get_storage_directory()
|
storage_manager_path = get_storage_directory()
|
||||||
|
try:
|
||||||
|
Filemanager.check_access_permission(storage_manager_path, file_path)
|
||||||
|
except Exception as e:
|
||||||
|
return internal_server_error(errormsg=str(e))
|
||||||
|
|
||||||
if storage_manager_path:
|
if storage_manager_path:
|
||||||
# generate full path of file
|
# generate full path of file
|
||||||
file_path = os.path.join(
|
file_path = os.path.join(
|
||||||
|
|
Loading…
Reference in New Issue
Block a user