Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-21 Thread Dave Page 
Thanks, patch applied.

On Fri, Oct 21, 2016 at 6:14 AM, Khushboo Vashi
 wrote:
> Hi,
>
> Please find the attached patch to fix below RMs:
>
> 1603:  [Web Based] Export database failed if object contains double quotes
> 1220:  Backup database is not working with special characters
> 1221:  Maintenance DB failed if database name contains special characters
>
> In Desktop mode, the import/export didn't work that is also fixed.
>
> Regarding, re-showing the dialogue multiple times, Murtuza is working on
> this issue,
>
> Murtuza,
> Please also look into this thread, so you can have more idea about the
> related bugs.
>
> Thanks,
> Khushboo
>
>
> On Thu, Oct 20, 2016 at 9:40 PM, Dave Page  wrote:
>>
>> On Thu, Oct 20, 2016 at 12:08 PM, Ashesh Vashi
>>  wrote:
>> > On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi
>> >  wrote:
>> >>
>> >>
>> >>
>> >> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page  wrote:
>> >>>
>> >>>
>> >>>
>> >>> On Friday, October 14, 2016, Ashesh Vashi
>> >>> 
>> >>> wrote:
>> 
>>  On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  wrote:
>> >
>> > Hi
>> >
>> > On Friday, October 14, 2016, Khushboo Vashi
>> >  wrote:
>> >>
>> >> Hi,
>> >>
>> >> Please find the attached patch to fix the below 2 bugs.
>> >>
>> >> RM 1603: [Web Based] Export database failed if object contains
>> >> double
>> >> quotes.
>> >> RM 1220: Backup database is not working with special characters
>> >>
>> >> The issues which were fixed:
>> >>
>> >> 1. Client side data were not unescaped
>> >> 2. Required command line arguments were quoted twice
>> >
>> >
>> > This is not working for me: I tested using Table Export as per
>> > Fahar's
>> > instructions. As I'm in desktop mode, the first problem was that we
>> > get an
>> > error at line 210 of import_export/__init__.py, because
>> > get_server_directory
>> > returned None for the directory. If I fix that, then the job says
>> > it's
>> > created, but as far as I can see, nothing else happens.
>> 
>>  hmm..
>> >>>
>> >>>
>> >>> Yes, but please see my followup message. There's clearly something
>> >>> funky
>> >>> going on with the process tracking - for whatever reason it didn't
>> >>> pick up
>> >>> this process until after a restart, and per the bug I escalated
>> >>> earlier
>> >>> (which I think is essential to fix for 1.1 in a little over a week),
>> >>> it
>> >>> doesn't always detect completed processes and then keeps re-showing
>> >>> the
>> >>> alert.
>> >>>
>> >>
>> >>
>> >> The problem here is that, until we click the "Click for details here"
>> >> link
>> >> and close the another details dialogue, the acknowledgement does not
>> >> send to
>> >> the server. So, it keeps re-showing the alert.
>> >>
>> >> I think, we need to clearly mention the steps on the alertify notifier
>> >> itself, so the user can get the idea.
>> >>
>> >> Dave/Ashesh,
>> >> Any other suggestion?
>> >
>> > We can give a acknowledge link along with 'Click here for details' link
>> > to
>> > delete the status, logs, when clicked.
>> > Dave?
>>
>> Sure, we can do that - but with so many instances being reported,
>> clearly there's a root cause to fix first.
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>
>



-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-20 Thread Khushboo Vashi 
Hi,

Please find the attached patch to fix below RMs:

1603:  [Web Based] Export database failed if object contains double quotes
1220:  Backup database is not working with special characters
1221:  Maintenance DB failed if database name contains special characters

In Desktop mode, the import/export didn't work that is also fixed.

Regarding, re-showing the dialogue multiple times, Murtuza is working on
this issue,

Murtuza,
Please also look into this thread, so you can have more idea about the
related bugs.

Thanks,
Khushboo


On Thu, Oct 20, 2016 at 9:40 PM, Dave Page  wrote:

> On Thu, Oct 20, 2016 at 12:08 PM, Ashesh Vashi
>  wrote:
> > On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi
> >  wrote:
> >>
> >>
> >>
> >> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page  wrote:
> >>>
> >>>
> >>>
> >>> On Friday, October 14, 2016, Ashesh Vashi <
> ashesh.va...@enterprisedb.com>
> >>> wrote:
> 
>  On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  wrote:
> >
> > Hi
> >
> > On Friday, October 14, 2016, Khushboo Vashi
> >  wrote:
> >>
> >> Hi,
> >>
> >> Please find the attached patch to fix the below 2 bugs.
> >>
> >> RM 1603: [Web Based] Export database failed if object contains
> double
> >> quotes.
> >> RM 1220: Backup database is not working with special characters
> >>
> >> The issues which were fixed:
> >>
> >> 1. Client side data were not unescaped
> >> 2. Required command line arguments were quoted twice
> >
> >
> > This is not working for me: I tested using Table Export as per
> Fahar's
> > instructions. As I'm in desktop mode, the first problem was that we
> get an
> > error at line 210 of import_export/__init__.py, because
> get_server_directory
> > returned None for the directory. If I fix that, then the job says
> it's
> > created, but as far as I can see, nothing else happens.
> 
>  hmm..
> >>>
> >>>
> >>> Yes, but please see my followup message. There's clearly something
> funky
> >>> going on with the process tracking - for whatever reason it didn't
> pick up
> >>> this process until after a restart, and per the bug I escalated earlier
> >>> (which I think is essential to fix for 1.1 in a little over a week), it
> >>> doesn't always detect completed processes and then keeps re-showing the
> >>> alert.
> >>>
> >>
> >>
> >> The problem here is that, until we click the "Click for details here"
> link
> >> and close the another details dialogue, the acknowledgement does not
> send to
> >> the server. So, it keeps re-showing the alert.
> >>
> >> I think, we need to clearly mention the steps on the alertify notifier
> >> itself, so the user can get the idea.
> >>
> >> Dave/Ashesh,
> >> Any other suggestion?
> >
> > We can give a acknowledge link along with 'Click here for details' link
> to
> > delete the status, logs, when clicked.
> > Dave?
>
> Sure, we can do that - but with so many instances being reported,
> clearly there's a root cause to fix first.
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
diff --git a/web/pgadmin/tools/backup/__init__.py b/web/pgadmin/tools/backup/__init__.py
index 771b3ff..acfc6e1 100644
--- a/web/pgadmin/tools/backup/__init__.py
+++ b/web/pgadmin/tools/backup/__init__.py
@@ -276,7 +276,7 @@ def create_backup_job(sid):
 server.username,
 '--no-password',
 '--database',
-driver.qtIdent(conn, server.maintenance_db)
+server.maintenance_db
 ]
 if 'role' in data and data['role']:
 args.append('--role')
@@ -428,14 +428,14 @@ def create_backup_objects_job(sid):
 set_value('no_of_jobs', '--jobs', True)
 
 for s in data['schemas']:
-args.extend(['--schema', driver.qtIdent(conn, s)])
+args.extend(['--schema', s])
 
 for s, t in data['tables']:
 args.extend([
 '--table', driver.qtIdent(conn, s, t)
 ])
 
-args.append(driver.qtIdent(conn, data['database']))
+args.append(data['database'])
 
 try:
 p = BatchProcess(
diff --git a/web/pgadmin/tools/backup/templates/backup/js/backup.js b/web/pgadmin/tools/backup/templates/backup/js/backup.js
index a13a31c..9d86386 100644
--- a/web/pgadmin/tools/backup/templates/backup/js/backup.js
+++ b/web/pgadmin/tools/backup/templates/backup/js/backup.js
@@ -747,20 +747,20 @@ TODO LIST FOR BACKUP:
   var treeInfo = node.getTreeNodeHierarchy.apply(node, [i]);
 
   // Set current database into model
-  this.view.model.set('database', treeInfo.database.label);
+  this.view.model.set('database', treeInfo.database._label);
 
   // We will remove once object tree is implemented

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-20 Thread Dave Page 
On Thu, Oct 20, 2016 at 12:08 PM, Ashesh Vashi
 wrote:
> On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi
>  wrote:
>>
>>
>>
>> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page  wrote:
>>>
>>>
>>>
>>> On Friday, October 14, 2016, Ashesh Vashi 
>>> wrote:

 On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  wrote:
>
> Hi
>
> On Friday, October 14, 2016, Khushboo Vashi
>  wrote:
>>
>> Hi,
>>
>> Please find the attached patch to fix the below 2 bugs.
>>
>> RM 1603: [Web Based] Export database failed if object contains double
>> quotes.
>> RM 1220: Backup database is not working with special characters
>>
>> The issues which were fixed:
>>
>> 1. Client side data were not unescaped
>> 2. Required command line arguments were quoted twice
>
>
> This is not working for me: I tested using Table Export as per Fahar's
> instructions. As I'm in desktop mode, the first problem was that we get an
> error at line 210 of import_export/__init__.py, because 
> get_server_directory
> returned None for the directory. If I fix that, then the job says it's
> created, but as far as I can see, nothing else happens.

 hmm..
>>>
>>>
>>> Yes, but please see my followup message. There's clearly something funky
>>> going on with the process tracking - for whatever reason it didn't pick up
>>> this process until after a restart, and per the bug I escalated earlier
>>> (which I think is essential to fix for 1.1 in a little over a week), it
>>> doesn't always detect completed processes and then keeps re-showing the
>>> alert.
>>>
>>
>>
>> The problem here is that, until we click the "Click for details here" link
>> and close the another details dialogue, the acknowledgement does not send to
>> the server. So, it keeps re-showing the alert.
>>
>> I think, we need to clearly mention the steps on the alertify notifier
>> itself, so the user can get the idea.
>>
>> Dave/Ashesh,
>> Any other suggestion?
>
> We can give a acknowledge link along with 'Click here for details' link to
> delete the status, logs, when clicked.
> Dave?

Sure, we can do that - but with so many instances being reported,
clearly there's a root cause to fix first.


-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-20 Thread Ashesh Vashi 
On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi <
khushboo.va...@enterprisedb.com> wrote:

>
>
> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page  wrote:
>
>>
>>
>> On Friday, October 14, 2016, Ashesh Vashi 
>> wrote:
>>
>>> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  wrote:
>>>
 Hi

 On Friday, October 14, 2016, Khushboo Vashi <
 khushboo.va...@enterprisedb.com> wrote:

> Hi,
>
> Please find the attached patch to fix the below 2 bugs.
>
> RM 1603: [Web Based] Export database failed if object contains double
> quotes.
> RM 1220: Backup database is not working with special characters
>
> The issues which were fixed:
>
> 1. Client side data were not unescaped
> 2. Required command line arguments were quoted twice
>

 This is not working for me: I tested using Table Export as per Fahar's
 instructions. As I'm in desktop mode, the first problem was that we get an
 error at line 210 of import_export/__init__.py, because
 get_server_directory returned None for the directory. If I fix that, then
 the job says it's created, but as far as I can see, nothing else happens.

>>> hmm..
>>>
>>
>> Yes, but please see my followup message. There's clearly something funky
>> going on with the process tracking - for whatever reason it didn't pick up
>> this process until after a restart, and per the bug I escalated earlier
>> (which I think is essential to fix for 1.1 in a little over a week), it
>> doesn't always detect completed processes and then keeps re-showing the
>> alert.
>>
>>
>
> The problem here is that, until we click the "Click for details here" link
> and close the another details dialogue, the acknowledgement does not send
> to the server. So, it keeps re-showing the alert.
>
> I think, we need to clearly mention the steps on the alertify notifier
> itself, so the user can get the idea.
>
> Dave/Ashesh,
> Any other suggestion?
>
We can give a acknowledge link along with 'Click here for details' link to
delete the status, logs, when clicked.
Dave?

>
>
>>
 Secondly, this patch seems to push quoting responsibilty to the front
 end.

>>> No - that's not the case, we're using _.escape(..) function on the
>>> node's label to fix the issue of XSS vulnerability on client side.
>>> Hence - during sending back the data, we're using _.unescape(..)
>>> function to return the same data coming sent by the server.
>>>
>>
>> Ahh, OK - I see.
>>
>>
>>>
>>> Though - IIRC - we have a original label stored in another variable
>>> '_label', which we can use it instead of unescape it again.
>>>
>>
>> Right, as we've done in many other places.
>>
>
> I have replaced  _. unescape with _label
>
>
>>
>>> This doesn't seem right, because we might want to use the RESTful APIs
 for another purpose in the future, which would mean needing to re-implement
 quoting if something else uses an affected API.

>>> As I explained above, it wont affect the RESTful API.
>>>
>>
>> Yep. Thanks for setting me straight.
>>
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>>
>

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-20 Thread Khushboo Vashi 
On Sat, Oct 15, 2016 at 11:52 AM, Dave Page  wrote:

>
>
> On Friday, October 14, 2016, Ashesh Vashi 
> wrote:
>
>> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  wrote:
>>
>>> Hi
>>>
>>> On Friday, October 14, 2016, Khushboo Vashi <
>>> khushboo.va...@enterprisedb.com> wrote:
>>>
 Hi,

 Please find the attached patch to fix the below 2 bugs.

 RM 1603: [Web Based] Export database failed if object contains double
 quotes.
 RM 1220: Backup database is not working with special characters

 The issues which were fixed:

 1. Client side data were not unescaped
 2. Required command line arguments were quoted twice

>>>
>>> This is not working for me: I tested using Table Export as per Fahar's
>>> instructions. As I'm in desktop mode, the first problem was that we get an
>>> error at line 210 of import_export/__init__.py, because
>>> get_server_directory returned None for the directory. If I fix that, then
>>> the job says it's created, but as far as I can see, nothing else happens.
>>>
>> hmm..
>>
>
> Yes, but please see my followup message. There's clearly something funky
> going on with the process tracking - for whatever reason it didn't pick up
> this process until after a restart, and per the bug I escalated earlier
> (which I think is essential to fix for 1.1 in a little over a week), it
> doesn't always detect completed processes and then keeps re-showing the
> alert.
>
>

The problem here is that, until we click the "Click for details here" link
and close the another details dialogue, the acknowledgement does not send
to the server. So, it keeps re-showing the alert.

I think, we need to clearly mention the steps on the alertify notifier
itself, so the user can get the idea.

Dave/Ashesh,
Any other suggestion?


>
>>> Secondly, this patch seems to push quoting responsibilty to the front
>>> end.
>>>
>> No - that's not the case, we're using _.escape(..) function on the node's
>> label to fix the issue of XSS vulnerability on client side.
>> Hence - during sending back the data, we're using _.unescape(..) function
>> to return the same data coming sent by the server.
>>
>
> Ahh, OK - I see.
>
>
>>
>> Though - IIRC - we have a original label stored in another variable
>> '_label', which we can use it instead of unescape it again.
>>
>
> Right, as we've done in many other places.
>

I have replaced  _. unescape with _label


>
>> This doesn't seem right, because we might want to use the RESTful APIs
>>> for another purpose in the future, which would mean needing to re-implement
>>> quoting if something else uses an affected API.
>>>
>> As I explained above, it wont affect the RESTful API.
>>
>
> Yep. Thanks for setting me straight.
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-15 Thread Dave Page 
On Friday, October 14, 2016, Ashesh Vashi 
wrote:

> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  > wrote:
>
>> Hi
>>
>> On Friday, October 14, 2016, Khushboo Vashi <
>> khushboo.va...@enterprisedb.com
>> > wrote:
>>
>>> Hi,
>>>
>>> Please find the attached patch to fix the below 2 bugs.
>>>
>>> RM 1603: [Web Based] Export database failed if object contains double
>>> quotes.
>>> RM 1220: Backup database is not working with special characters
>>>
>>> The issues which were fixed:
>>>
>>> 1. Client side data were not unescaped
>>> 2. Required command line arguments were quoted twice
>>>
>>
>> This is not working for me: I tested using Table Export as per Fahar's
>> instructions. As I'm in desktop mode, the first problem was that we get an
>> error at line 210 of import_export/__init__.py, because
>> get_server_directory returned None for the directory. If I fix that, then
>> the job says it's created, but as far as I can see, nothing else happens.
>>
> hmm..
>

Yes, but please see my followup message. There's clearly something funky
going on with the process tracking - for whatever reason it didn't pick up
this process until after a restart, and per the bug I escalated earlier
(which I think is essential to fix for 1.1 in a little over a week), it
doesn't always detect completed processes and then keeps re-showing the
alert.


>
>> Secondly, this patch seems to push quoting responsibilty to the front end.
>>
> No - that's not the case, we're using _.escape(..) function on the node's
> label to fix the issue of XSS vulnerability on client side.
> Hence - during sending back the data, we're using _.unescape(..) function
> to return the same data coming sent by the server.
>

Ahh, OK - I see.


>
> Though - IIRC - we have a original label stored in another variable
> '_label', which we can use it instead of unescape it again.
>

Right, as we've done in many other places.


> This doesn't seem right, because we might want to use the RESTful APIs for
>> another purpose in the future, which would mean needing to re-implement
>> quoting if something else uses an affected API.
>>
> As I explained above, it wont affect the RESTful API.
>

Yep. Thanks for setting me straight.


-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-14 Thread Ashesh Vashi 
On Sat, Oct 15, 2016 at 4:59 AM, Dave Page  wrote:

> Hi
>
> On Friday, October 14, 2016, Khushboo Vashi  com> wrote:
>
>> Hi,
>>
>> Please find the attached patch to fix the below 2 bugs.
>>
>> RM 1603: [Web Based] Export database failed if object contains double
>> quotes.
>> RM 1220: Backup database is not working with special characters
>>
>> The issues which were fixed:
>>
>> 1. Client side data were not unescaped
>> 2. Required command line arguments were quoted twice
>>
>
> This is not working for me: I tested using Table Export as per Fahar's
> instructions. As I'm in desktop mode, the first problem was that we get an
> error at line 210 of import_export/__init__.py, because
> get_server_directory returned None for the directory. If I fix that, then
> the job says it's created, but as far as I can see, nothing else happens.
>
hmm..

>
> Secondly, this patch seems to push quoting responsibilty to the front end.
>
No - that's not the case, we're using _.escape(..) function on the node's
label to fix the issue of XSS vulnerability on client side.
Hence - during sending back the data, we're using _.unescape(..) function
to return the same data coming sent by the server.

Though - IIRC - we have a original label stored in another variable
'_label', which we can use it instead of unescape it again.

> This doesn't seem right, because we might want to use the RESTful APIs for
> another purpose in the future, which would mean needing to re-implement
> quoting if something else uses an affected API.
>
As I explained above, it wont affect the RESTful API.

--
Thanks & Regards,

Ashesh Vashi

>
> Thanks.
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-14 Thread Dave Page 
On Friday, October 14, 2016, Dave Page  wrote:

> Hi
>
> On Friday, October 14, 2016, Khushboo Vashi  com >
> wrote:
>
>> Hi,
>>
>> Please find the attached patch to fix the below 2 bugs.
>>
>> RM 1603: [Web Based] Export database failed if object contains double
>> quotes.
>> RM 1220: Backup database is not working with special characters
>>
>> The issues which were fixed:
>>
>> 1. Client side data were not unescaped
>> 2. Required command line arguments were quoted twice
>>
>
> This is not working for me: I tested using Table Export as per Fahar's
> instructions. As I'm in desktop mode, the first problem was that we get an
> error at line 210 of import_export/__init__.py, because
> get_server_directory returned None for the directory. If I fix that, then
> the job says it's created, but as far as I can see, nothing else happens.
>

Oh, oh, oh - 30 minutes later I restarted pgAdmin and got a failed job
message!

Copying table data 'q m g r o c k s.q m g r o c k s ' on database 'q m g r
o c k s' for the server - 'EPAS 9.5 (172.16.254.22:5444)'
Running command:
/Library/PostgreSQL/9.6/bin/psql --host "172.16.254.22" --port "5444"
--username "enterprisedb" --dbname "q m g r o c k s" --command "\copy "q m
g r o c k s"."q m g r o c k s " ("q m g r o c k s") TO
'Users/dpage/foo.csv' DELIMITER ';' CSV QUOTE '"' ESCAPE ;"

Start time: Fri Oct 14 2016 16:21:06 GMT-0700 (PDT)
Users/dpage/foo.csv: No such file or directory


Looks like it lost the leading / on the path, so that might have been my
hacky fix for the first issue.


> Secondly, this patch seems to push quoting responsibilty to the front end.
> This doesn't seem right, because we might want to use the RESTful APIs for
> another purpose in the future, which would mean needing to re-implement
> quoting if something else uses an affected API.
>
> Thanks.
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-14 Thread Dave Page 
Hi

On Friday, October 14, 2016, Khushboo Vashi 
wrote:

> Hi,
>
> Please find the attached patch to fix the below 2 bugs.
>
> RM 1603: [Web Based] Export database failed if object contains double
> quotes.
> RM 1220: Backup database is not working with special characters
>
> The issues which were fixed:
>
> 1. Client side data were not unescaped
> 2. Required command line arguments were quoted twice
>

This is not working for me: I tested using Table Export as per Fahar's
instructions. As I'm in desktop mode, the first problem was that we get an
error at line 210 of import_export/__init__.py, because
get_server_directory returned None for the directory. If I fix that, then
the job says it's created, but as far as I can see, nothing else happens.

Secondly, this patch seems to push quoting responsibilty to the front end.
This doesn't seem right, because we might want to use the RESTful APIs for
another purpose in the future, which would mean needing to re-implement
quoting if something else uses an affected API.

Thanks.


-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: [pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-14 Thread Khushboo Vashi 
Hi,

The fix does not include a special case when database name has an equal to
(=) character in it.

Thanks,
Khushboo

On Fri, Oct 14, 2016 at 6:58 PM, Khushboo Vashi <
khushboo.va...@enterprisedb.com> wrote:

> Hi,
>
> Please find the attached patch to fix the below 2 bugs.
>
> RM 1603: [Web Based] Export database failed if object contains double
> quotes.
> RM 1220: Backup database is not working with special characters
>
> The issues which were fixed:
>
> 1. Client side data were not unescaped
> 2. Required command line arguments were quoted twice
>
> Thanks,
> Khushboo
>
>

[pgadmin-hackers] [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220

2016-10-14 Thread Khushboo Vashi 
Hi,

Please find the attached patch to fix the below 2 bugs.

RM 1603: [Web Based] Export database failed if object contains double
quotes.
RM 1220: Backup database is not working with special characters

The issues which were fixed:

1. Client side data were not unescaped
2. Required command line arguments were quoted twice

Thanks,
Khushboo
diff --git a/web/pgadmin/tools/backup/__init__.py b/web/pgadmin/tools/backup/__init__.py
index 771b3ff..acfc6e1 100644
--- a/web/pgadmin/tools/backup/__init__.py
+++ b/web/pgadmin/tools/backup/__init__.py
@@ -276,7 +276,7 @@ def create_backup_job(sid):
 server.username,
 '--no-password',
 '--database',
-driver.qtIdent(conn, server.maintenance_db)
+server.maintenance_db
 ]
 if 'role' in data and data['role']:
 args.append('--role')
@@ -428,14 +428,14 @@ def create_backup_objects_job(sid):
 set_value('no_of_jobs', '--jobs', True)
 
 for s in data['schemas']:
-args.extend(['--schema', driver.qtIdent(conn, s)])
+args.extend(['--schema', s])
 
 for s, t in data['tables']:
 args.extend([
 '--table', driver.qtIdent(conn, s, t)
 ])
 
-args.append(driver.qtIdent(conn, data['database']))
+args.append(data['database'])
 
 try:
 p = BatchProcess(
diff --git a/web/pgadmin/tools/backup/templates/backup/js/backup.js b/web/pgadmin/tools/backup/templates/backup/js/backup.js
index a13a31c..8ddd4fc 100644
--- a/web/pgadmin/tools/backup/templates/backup/js/backup.js
+++ b/web/pgadmin/tools/backup/templates/backup/js/backup.js
@@ -747,20 +747,20 @@ TODO LIST FOR BACKUP:
   var treeInfo = node.getTreeNodeHierarchy.apply(node, [i]);
 
   // Set current database into model
-  this.view.model.set('database', treeInfo.database.label);
+  this.view.model.set('database', _.unescape(treeInfo.database.label));
 
   // We will remove once object tree is implemented
   // If selected node is Schema then add it in model
   if(d._type == 'schema') {
 var schemas = [];
-schemas.push(d.label);
+schemas.push(_.unescape(d.label));
 this.view.model.set('schemas', schemas);
   }
   // If selected node is Table then add it in model along with
   // its schema
   if(d._type == 'table') {
 this.view.model.set(
-  'tables', [[treeInfo.schema.label, d.label]]
+  'tables', [[_.unescape(treeInfo.schema.label), _.unescape(d.label)]]
 );
   }
 
diff --git a/web/pgadmin/tools/import_export/__init__.py b/web/pgadmin/tools/import_export/__init__.py
index e1dc061..bfae98b 100644
--- a/web/pgadmin/tools/import_export/__init__.py
+++ b/web/pgadmin/tools/import_export/__init__.py
@@ -254,8 +254,7 @@ def create_import_export_job(sid):
 
 args = [
 '--host', server.host, '--port', str(server.port),
-'--username', server.username, '--dbname',
-driver.qtIdent(conn, data['database']),
+'--username', server.username, '--dbname', data['database'],
 '--command', query
 ]
 
diff --git a/web/pgadmin/tools/import_export/templates/import_export/js/import_export.js b/web/pgadmin/tools/import_export/templates/import_export/js/import_export.js
index f564a0e..0859b16 100644
--- a/web/pgadmin/tools/import_export/templates/import_export/js/import_export.js
+++ b/web/pgadmin/tools/import_export/templates/import_export/js/import_export.js
@@ -400,9 +400,9 @@ define(
 treeInfo = n.getTreeNodeHierarchy.apply(n, [i])
 
   this.view.model.set({
-'database': treeInfo.database.label,
-'schema': treeInfo.schema.label,
-'table': treeInfo.table.label
+'database': _.unescape(treeInfo.database.label),
+'schema': _.unescape(treeInfo.schema.label),
+'table': _.unescape(treeInfo.table.label)
   });
   var self = this,
   baseUrl = "{{ url_for('import_export.index') }}" +
diff --git a/web/pgadmin/tools/restore/templates/restore/js/restore.js b/web/pgadmin/tools/restore/templates/restore/js/restore.js
index 2bc35e8..fe21a38 100644
--- a/web/pgadmin/tools/restore/templates/restore/js/restore.js
+++ b/web/pgadmin/tools/restore/templates/restore/js/restore.js
@@ -472,26 +472,26 @@ define([
   var info = node.getTreeNodeHierarchy.apply(node, [i]),
   m = this.view.model;
   // Set current node info into model
-  m.set('database', info.database.label);
+  m.set('database', _.unescape(info.database.label));
   if (!m.get('custom')) {