Fix unsafe schema lookups for types. Fixes #1728

web/pgadmin/browser/server_groups/servers/databases/schemas/types/__init__.py

@@ -906,12 +906,13 @@ class TypeView(PGChildNodeView, DataTypeReader):
             if not status:
                 return internal_server_error(errormsg=res)
 
-            # we need scid to update in browser tree
+            if 'schema' in data:
-            SQL = render_template("/".join([self.template_path,
+                # we need scid to update in browser tree
-                                  'get_scid.sql']), tname=data['name'])
+                SQL = render_template("/".join([self.template_path,
-            status, scid = self.conn.execute_scalar(SQL)
+                                      'get_scid.sql']), schema=data['schema'])
-            if not status:
+                status, scid = self.conn.execute_scalar(SQL)
-                return internal_server_error(errormsg=scid)
+                if not status:
+                    return internal_server_error(errormsg=scid)
 
             # we need oid to to add object in tree at browser
             SQL = render_template("/".join([self.template_path,
@@ -956,7 +957,7 @@ class TypeView(PGChildNodeView, DataTypeReader):
                 return internal_server_error(errormsg=res)
 
             SQL = render_template("/".join([self.template_path,
-                                  'get_scid.sql']), tname=data['name'])
+                                  'get_scid.sql']), tid=tid)
 
             # Get updated schema oid
             status, scid = self.conn.execute_scalar(SQL)

web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/sql/9.1_plus/get_scid.sql

@@ -1,6 +1,15 @@
+{% if tid %}
 SELECT
     t.typnamespace as scid
 FROM
     pg_type t
 WHERE
-    t.typname = {{tname|qtLiteral}}::text;
+    t.oid = {{tid}}::oid;
+{% else %}
+SELECT
+    ns.oid as scid
+FROM
+    pg_namespace ns
+WHERE
+    ns.nspname = {{schema|qtLiteral}}::text;
+{% endif %}