Fixed vulnerabilities and few design suspicions where two conditional structures are having the same implementation.

2025-02-25 18:55:31 -06:00 · 2020-06-17 17:15:09 +05:30 · 2020-06-17 17:15:09 +05:30 · df05efd7d9
commit df05efd7d9
parent 7c12ade161
9 changed files with 28 additions and 86 deletions
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/indexes/init.py
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/indexes/init.py
@ -1057,14 +1057,16 @@ class IndexesView(PGChildNodeView, SchemaDiffObjectCompare):

            for key in required_create_keys:
                if key in diff_dict:
-                    if (key == 'columns' and ((
+                    if key == 'columns' and ((
                            'added' in diff_dict[key] and
                            len(diff_dict[key]['added']) > 0
                    ) or ('changed' in diff_dict[key] and
                          len(diff_dict[key]['changed']) > 0) or (
                            'deleted' in diff_dict[key] and
                            len(diff_dict[key]['deleted']) > 0)
-                    )) or key != 'columns':
+                    ):
+                        create_req = True
+                    elif key != 'columns':
                        create_req = True

            if create_req:
--- a/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/utils.py
+++ b/web/pgadmin/browser/server_groups/servers/databases/schemas/tables/utils.py
@ -757,9 +757,9 @@ class BaseTableView(PGChildNodeView, BasePartitionTable):
        elif key == 'foreign_key':
            if 'oid' not in data:
                for arg in ['columns']:
-                    if arg not in data:
-                        return False
-                    elif isinstance(data[arg], list) and len(data[arg]) < 1:
+                    if arg not in data or \
+                            (isinstance(data[arg], list) and
+                             len(data[arg]) < 1):
                        return False

                if 'autoindex' in data and \
--- a/web/pgadmin/browser/server_groups/servers/static/js/privilege.js
+++ b/web/pgadmin/browser/server_groups/servers/static/js/privilege.js
@ -626,16 +626,8 @@ define(['sources/gettext', 'underscore', 'jquery', 'backbone', 'backform',
          commonUtils.handleKeyNavigation(event);
        }

-        if (command.moveUp() || command.moveDown() || command.save()) {
-          // backgrid vertical navigation (Up/Down arrow key)
-          ev.preventDefault();
-          ev.stopPropagation();
-          this.model.trigger('backgrid:edited', this.model, this.column, command);
-          // model.trigger('backgrid:edited', model, column, command);
-          return;
-        }
-        // esc
-        else if (command.cancel()) {
+        if (command.moveUp() || command.moveDown() || command.save() || command.cancel() ||
+          (command.moveLeft() && ev.target.name === 'privilege' && $(ev.target).attr('privilege') === 'ALL')) {
          // undo
          ev.stopPropagation();
          model.trigger('backgrid:edited', model, column, command);
@ -650,12 +642,6 @@ define(['sources/gettext', 'underscore', 'jquery', 'backbone', 'backform',
              return;
            }
          }
-        } else if (command.moveLeft() && ev.target.name === 'privilege' &&
-          $(ev.target).attr('privilege') === 'ALL') {
-          // If we are at the fist privilege then we should move to previous cell
-          ev.stopPropagation();
-          model.trigger('backgrid:edited', model, column, command);
-          return;
        }

        /*
--- a/web/pgadmin/tools/debugger/static/js/debugger_ui.js
+++ b/web/pgadmin/tools/debugger/static/js/debugger_ui.js
@ -472,20 +472,11 @@ define([
                // If there is default arguments
                //Below logic will assign default values to "Default value" column
                for (j = (myargname.length - 1); j >= 0; j--) {
-                  if (debug_info['proargmodes'] == null) {
-                    if (arg_cnt) {
-                      arg_cnt = arg_cnt - 1;
-                      def_val_list[j] = default_args[arg_cnt];
-                    } else {
-                      def_val_list[j] = '<No default value>';
-                    }
+                  if (arg_cnt) {
+                    arg_cnt = arg_cnt - 1;
+                    def_val_list[j] = default_args[arg_cnt];
                  } else {
-                    if (arg_cnt) {
-                      arg_cnt = arg_cnt - 1;
-                      def_val_list[j] = default_args[arg_cnt];
-                    } else {
-                      def_val_list[j] = '<No default value>';
-                    }
+                    def_val_list[j] = '<No default value>';
                  }
                }

@ -923,22 +914,11 @@ define([
                let node = pgBrowser.Nodes[item_data._type];
                let treeInfo = node.getTreeNodeHierarchy.call(node, selected_item);

-                let f_id;
-                if (item_data._type == 'function') {
-                  f_id = item_data._id;
-                } else if (item_data._type == 'procedure') {
-                  f_id = item_data._id;
-                } else if (item_data._type == 'edbfunc') {
-                  f_id = item_data._id;
-                } else if (item_data._type == 'edbproc') {
-                  f_id = item_data._id;
-                }
-
                baseUrl = url_for('debugger.clear_arguments', {
                  'sid': treeInfo.server._id,
                  'did': treeInfo.database._id,
                  'scid': treeInfo.schema._id,
-                  'func_id': f_id,
+                  'func_id': item_data._id,
                });
              } else {
                baseUrl = url_for('debugger.clear_arguments', {
--- a/web/pgadmin/tools/debugger/static/js/direct.js
+++ b/web/pgadmin/tools/debugger/static/js/direct.js
@ -391,18 +391,7 @@ define([
                  if (res.data.result == null || res.data.result.length == 0) {
                    self.poll_result(trans_id);
                  } else {
-                    if (res.data.result[0].src != undefined || res.data.result[0].src != null) {
-                      pgTools.DirectDebug.polling_timeout_idle = false;
-                      pgTools.DirectDebug.docker.finishLoading(50);
-                      if (res.data.result[0].src != pgTools.DirectDebug.editor.getValue()) {
-                        pgTools.DirectDebug.editor.setValue(res.data.result[0].src);
-                        self.UpdateBreakpoint(trans_id);
-                      }
-                      self.setActiveLine(res.data.result[0].linenumber - 2);
-                      // Update the stack, local variables and parameters information
-                      self.GetStackInformation(trans_id);
-
-                    } else if (!pgTools.DirectDebug.debug_type && !pgTools.DirectDebug.first_time_indirect_debug) {
+                    if (!pgTools.DirectDebug.debug_type && !pgTools.DirectDebug.first_time_indirect_debug) {
                      pgTools.DirectDebug.docker.finishLoading(50);
                      self.setActiveLine(-1);
                      self.clear_all_breakpoint(trans_id);
--- a/web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js
+++ b/web/pgadmin/tools/schema_diff/static/js/schema_diff_ui.js
@ -238,14 +238,8 @@ export default class SchemaDiffUI {
              generated_script = script_header + 'BEGIN;' + '\n' + self.model.get('diff_ddl') + '\n' + 'END;';
            }

-            let preferences = pgWindow.pgAdmin.Browser.get_preferences_for_module('schema_diff');
-            if (preferences.schema_diff_new_browser_tab) {
-              pgWindow.pgAdmin.ddl_diff = generated_script;
-              generateScript(server_data, pgWindow.pgAdmin.DataGrid);
-            } else {
-              pgWindow.pgAdmin.ddl_diff = generated_script;
-              generateScript(server_data, pgWindow.pgAdmin.DataGrid);
-            }
+            pgWindow.pgAdmin.ddl_diff = generated_script;
+            generateScript(server_data, pgWindow.pgAdmin.DataGrid);
          }

          $('#diff_fetching_data').find('.schema-diff-busy-text').text('');
--- a/web/pgadmin/tools/user_management/static/js/user_management.js
+++ b/web/pgadmin/tools/user_management/static/js/user_management.js
@ -843,15 +843,10 @@ define([
                  saveUser: function(m) {
                    var d = m.toJSON(true);

-                    if(m.isNew() && m.get('auth_source') == 'ldap' &&
-                     (!m.get('username') || !m.get('auth_source') || !m.get('role')) ) {
-                      return false;
-                    } else if (m.isNew() && m.get('auth_source') == DEFAULT_AUTH_SOURCE &&  (!m.get('email') || !m.get('role') ||
-                        !m.get('newPassword') || !m.get('confirmPassword') ||
-                        m.get('newPassword') != m.get('confirmPassword'))) {
-                      // New user model is valid but partially filled so return without saving.
-                      return false;
-                    } else if (!m.isNew() && m.get('newPassword') != m.get('confirmPassword')) {
+                    if((m.isNew() && m.get('auth_source') == 'ldap' && (!m.get('username') || !m.get('auth_source') || !m.get('role')))
+                      || (m.isNew() && m.get('auth_source') == DEFAULT_AUTH_SOURCE &&  (!m.get('email') || !m.get('role') ||
+                          !m.get('newPassword') || !m.get('confirmPassword') || m.get('newPassword') != m.get('confirmPassword')))
+                      || (!m.isNew() && m.get('newPassword') != m.get('confirmPassword'))) {
                      // For old user password change is in progress and user model is valid but admin has not added
                      // both the passwords so return without saving.
                      return false;
--- a/web/pgadmin/utils/session.py
+++ b/web/pgadmin/utils/session.py
@ -375,14 +375,11 @@ def cleanup_session_files():
    iterate_session_files = False

    global LAST_CHECK_SESSION_FILES
-    if LAST_CHECK_SESSION_FILES is None:
+    if LAST_CHECK_SESSION_FILES is None or \
+        datetime.datetime.now() >= LAST_CHECK_SESSION_FILES + \
+            datetime.timedelta(hours=config.CHECK_SESSION_FILES_INTERVAL):
        iterate_session_files = True
        LAST_CHECK_SESSION_FILES = datetime.datetime.now()
-    else:
-        if datetime.datetime.now() >= LAST_CHECK_SESSION_FILES + \
-                datetime.timedelta(hours=config.CHECK_SESSION_FILES_INTERVAL):
-            iterate_session_files = True
-            LAST_CHECK_SESSION_FILES = datetime.datetime.now()

    if iterate_session_files:
        for root, dirs, files in os.walk(
--- a/web/pgadmin/utils/sqlautocomplete/autocomplete.py
+++ b/web/pgadmin/utils/sqlautocomplete/autocomplete.py
@ -791,12 +791,11 @@ class SQLAutoComplete(object):
            'signature': self.signature_arg_style
        }[usage]
        args = func.args()
-        if not template:
-            return '()'
-        elif usage == 'call' and len(args) < 2:
-            return '()'
-        elif usage == 'call' and func.has_variadic():
+        if not template or (
+            usage == 'call' and (
+                len(args) < 2 or func.has_variadic())):
            return '()'
+
        multiline = usage == 'call' and len(args) > self.call_arg_oneliner_max
        max_arg_len = max(len(a.name) for a in args) if multiline else 0
        args = (