pgAdmin 4 commit: Fixed CSRF security vulnerability issue. per Alvin Li

Mon, 27 May 2019 22:34:09 -0700 

Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217
Initial patch by: Khushboo Vashi
Modified by: Ashesh Vashi and Murtuza Zabuawala

Branch
------
master

Details
-------
https://git.postgresql.org/gitweb?p=pgadmin4.git;a=commitdiff;h=6f0eafb2233feacd26951551393c4f1d0b7204dc
Author: Khushboo Vashi <khushboo.va...@enterprisedb.com>

Modified Files
--------------
docs/en_US/release_notes_4_7.rst                   |   1 +
web/config.py                                      |   7 +-
web/pgadmin/__init__.py                            |  14 ++-
web/pgadmin/browser/__init__.py                    |  39 ++-----
web/pgadmin/browser/static/js/browser.js           |  15 ++-
web/pgadmin/browser/static/js/collection.js        |   3 +-
web/pgadmin/browser/static/js/preferences.js       |   7 +-
web/pgadmin/browser/templates/browser/index.html   |   1 -
web/pgadmin/browser/templates/browser/js/utils.js  |   3 +
web/pgadmin/browser/tests/test_change_password.py  |  15 +--
.../browser/tests/test_gravatar_image_display.py   |  13 +--
web/pgadmin/browser/tests/test_login.py            |  34 ++++--
web/pgadmin/browser/tests/test_reset_password.py   |  12 +-
web/pgadmin/browser/tests/utils.py                 |   7 +-
web/pgadmin/misc/__init__.py                       |   2 +
.../misc/dependencies/static/js/dependencies.js    |   7 +-
.../misc/dependents/static/js/dependents.js        |   7 +-
web/pgadmin/misc/file_manager/static/js/utility.js |   6 +-
web/pgadmin/misc/sql/static/js/sql.js              |   5 +-
.../misc/statistics/static/js/statistics.js        |   9 +-
.../setup/tests/test_export_import_servers.py      |  13 ++-
web/pgadmin/static/js/csrf.js                      |  60 ++++++++++
web/pgadmin/static/js/sqleditor/execute_query.js   |   6 +-
.../static/js/tree/pgadmin_tree_save_state.js      |   2 +-
.../tools/backup/static/js/backup_dialog.js        |   3 +-
.../backup/static/js/backup_dialog_wrapper.js      |   3 +-
web/pgadmin/tools/debugger/static/js/direct.js     |   5 +-
.../tools/restore/static/js/restore_dialog.js      |   3 +-
.../restore/static/js/restore_dialog_wrapper.js    |   3 +-
web/pgadmin/tools/sqleditor/static/js/sqleditor.js |   6 +-
web/pgadmin/tools/user_management/__init__.py      |   2 +
web/pgadmin/utils/csrf.py                          |  43 +++++++
web/pgadmin/utils/session.py                       |   2 +-
.../python_test_utils/csrf_test_client.py          | 124 +++++++++++++++++++++
web/regression/python_test_utils/test_utils.py     |  18 +--
web/regression/runtests.py                         |  11 +-
36 files changed, 387 insertions(+), 124 deletions(-)

Reply via email to