Hi, Pls find updated patch (V7) for direct file navigation with below bug fixes.
-- *Harshal Dhumal* *Software Engineer* EnterpriseDB India: http://www.enterprisedb.com The Enterprise PostgreSQL Company On Mon, Jan 16, 2017 at 8:42 PM, Dave Page <dp...@pgadmin.org> wrote: > Hi > > On Sat, Jan 14, 2017 at 2:27 PM, Harshal Dhumal > <harshal.dhu...@enterprisedb.com> wrote: > > Hi, > > > > Pls updated patch for RM1911. > > > > 1. This includes fix for issue index out of range when user enters path > of > > folder without trailing slash (showed by Dave). > > 2. To make this functionality compatible with save last used directory > > feature. > > - The first test I ran gave the error seen in the attachment (running > in server mode, clicking the Browse button on the backup dialogue). > Fixed. > > - I also noticed in reviewing the changes again, that you've got code > in sqleditor/__init__.py to stop the user moving outside of the > storage sandbox in server mode. That code should be part of the file > manager - none of the modules using it should be doing that kind of > check. > > Fixed. > - If I do try to navigate outside of the sandbox, I get a nice error: > "Error: Access Denied (/Users/dpage/.pgadmin)" for example, if I enter > /../../. Whilst it's good to be informative, it's also a security > leak. It should only tell me the path that the user sees, not the path > as it actually is on the server - e.g. "Error: Access Denied > (/../../../)" > > Fixed. > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EnterpriseDB UK: http://www.enterprisedb.com > The Enterprise PostgreSQL Company >
RM1911_V7_20_Jan.patch
Description: Binary data
-- Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgadmin-hackers
