Re: [pgadmin-hackers] Patch for RM1911 Direct file navigation[pgAdmin4] [Feature]
| От | Harshal Dhumal |
|---|---|
| Тема | Re: [pgadmin-hackers] Patch for RM1911 Direct file navigation[pgAdmin4] [Feature] |
| Дата | |
| Msg-id | CAFiP3vy2ZbOnMtaVNQQ0jeFTAYvmTGsHB_k7RmoEPUKDyBfA-Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [pgadmin-hackers] Patch for RM1911 Direct file navigation [pgAdmin4] [Feature] (Dave Page <dpage@pgadmin.org>) |
| Список | pgadmin-hackers |
Hi,
Pls find updated patch (V7) for direct file navigation with below bug fixes.
--
Harshal Dhumal
Software Engineer
On Mon, Jan 16, 2017 at 8:42 PM, Dave Page <dpage@pgadmin.org> wrote:
Hi
On Sat, Jan 14, 2017 at 2:27 PM, Harshal Dhumal
<harshal.dhumal@enterprisedb.com> wrote:
> Hi,
>
> Pls updated patch for RM1911.
>
> 1. This includes fix for issue index out of range when user enters path of
> folder without trailing slash (showed by Dave).
> 2. To make this functionality compatible with save last used directory
> feature.
- The first test I ran gave the error seen in the attachment (running
in server mode, clicking the Browse button on the backup dialogue).
Fixed.
- I also noticed in reviewing the changes again, that you've got code
in sqleditor/__init__.py to stop the user moving outside of the
storage sandbox in server mode. That code should be part of the file
manager - none of the modules using it should be doing that kind of
check.
Fixed.
- If I do try to navigate outside of the sandbox, I get a nice error:
"Error: Access Denied (/Users/dpage/.pgadmin)" for example, if I enter
/../../. Whilst it's good to be informative, it's also a security
leak. It should only tell me the path that the user sees, not the path
as it actually is on the server - e.g. "Error: Access Denied
(/../../../)"
Fixed.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Вложения
В списке pgadmin-hackers по дате отправления: