pgadmin-org
/
pgadmin4
mirror of https://github.com/pgadmin-org/pgadmin4.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix unsafe schema lookups for types. Fixes #1728

pull/3/head
Surinder Kumar 2016-10-18 11:32:43 +01:00 committed by Dave Page
parent 345ce1b6d2
commit 11e486f96d
2 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/pgadmin/browser/server_groups/servers/databases/schemas/types/__init__.py
View File

@ -906,9 +906,10 @@ class TypeView(PGChildNodeView, DataTypeReader):
if not status:
return internal_server_error(errormsg=res)
if 'schema' in data:
# we need scid to update in browser tree
SQL = render_template("/".join([self.template_path,
'get_scid.sql']), tname=data['name'])
'get_scid.sql']), schema=data['schema'])
status, scid = self.conn.execute_scalar(SQL)
if not status:
return internal_server_error(errormsg=scid)
@ -956,7 +957,7 @@ class TypeView(PGChildNodeView, DataTypeReader):
return internal_server_error(errormsg=res)
SQL = render_template("/".join([self.template_path,
'get_scid.sql']), tname=data['name'])
'get_scid.sql']), tid=tid)
# Get updated schema oid
status, scid = self.conn.execute_scalar(SQL)

11
web/pgadmin/browser/server_groups/servers/databases/schemas/types/templates/type/sql/9.1_plus/get_scid.sql
View File

@ -1,6 +1,15 @@
{% if tid %}
SELECT
t.typnamespace as scid
FROM
pg_type t
WHERE
t.typname = {{tname|qtLiteral}}::text;
t.oid = {{tid}}::oid;
{% else %}
SELECT
ns.oid as scid
FROM
pg_namespace ns
WHERE
ns.nspname = {{schema|qtLiteral}}::text;
{% endif %}