IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-01-23 23:13:38 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed the cross-site scripting vulnerability. #5405

Browse Source
This commit is contained in:
Khushboo Vashi 2022-10-06 17:30:41 +05:30 committed by GitHub
parent b519af280b
commit e3a172e0e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/en_US/release_notes_6_15.rst
View File

@ -48,3 +48,4 @@ Bug fixes
| `Issue #5367 <https://github.com/pgadmin-org/pgadmin4/issues/5367>`_ - Ensure that the correct value should be returned if an exception occurs while decoding the password.
| `Issue #5368 <https://github.com/pgadmin-org/pgadmin4/issues/5368>`_ - Fixed the issue while downloading the file from the file manager.
| `Issue #5402 <https://github.com/pgadmin-org/pgadmin4/issues/5402>`_ - Ensure that scroll bar on browser tree should be visible on windows resize.
| `Issue #5405 <https://github.com/pgadmin-org/pgadmin4/issues/5405>`_ - Fixed the cross-site scripting vulnerability.

4
web/pgadmin/misc/file_manager/static/js/components/FileManager.jsx
View File

@ -32,7 +32,7 @@ import convert from 'convert-units';
import PropTypes from 'prop-types';
import { downloadBlob } from '../../../../../static/js/utils';
import ErrorBoundary from '../../../../../static/js/helpers/ErrorBoundary';
import _ from 'lodash';
const useStyles = makeStyles((theme)=>({
footerSaveAs: {
@ -729,7 +729,7 @@ export default function FileManager({params, closeModal, onOK, onCancel}) {
{viewMode == 'grid' &&
<GridView key={fmUtilsObj.currPath} items={filteredItems} operation={operation} onItemEnter={onItemEnter}
onItemSelect={onItemSelect} />}
<FormFooterMessage type={MESSAGE_TYPE.ERROR} message={errorMsg} closable onClose={()=>setErrorMsg('')} />
<FormFooterMessage type={MESSAGE_TYPE.ERROR} message={_.escape(errorMsg)} closable onClose={()=>setErrorMsg('')} />
{params.dialog_type == 'create_file' &&
<Box className={clsx(modalClasses.footer, classes.footerSaveAs)}>
<span style={{whiteSpace: 'nowrap', marginRight: '4px'}}>Save As</span>

2
web/pgadmin/static/js/Dialogs/ConnectServerContent.jsx
View File

@ -102,7 +102,7 @@ export default function ConnectServerContent({closeModal, data, onOK, setHeight}
onChange={(e)=>onTextChange(e.target.checked, 'save_password')} disabled={!data.allow_save_password} />
</Box>
</>}
<FormFooterMessage type={MESSAGE_TYPE.ERROR} message={data.errmsg} closable={false} style={{
<FormFooterMessage type={MESSAGE_TYPE.ERROR} message={_.escape(data.errmsg)} closable={false} style={{
position: 'unset', padding: '12px 0px 0px'
}}/>
</Box>