Обсуждение: [pgAdmin4][Patch]: Fixed RM 1603 & RM 1220
Hi,
Please find the attached patch to fix the below 2 bugs.
RM 1603: [Web Based] Export database failed if object contains double quotes.
RM 1220: Backup database is not working with special characters
The issues which were fixed:
1. Client side data were not unescaped
2. Required command line arguments were quoted twice
Thanks,
Khushboo
Вложения
Hi,
The fix does not include a special case when database name has an equal to (=) character in it.
Thanks,
Khushboo
On Fri, Oct 14, 2016 at 6:58 PM, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:
Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twiceThanks,Khushboo
Hi
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:
Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twice
This is not working for me: I tested using Table Export as per Fahar's instructions. As I'm in desktop mode, the first problem was that we get an error at line 210 of import_export/__init__.py, because get_server_directory returned None for the directory. If I fix that, then the job says it's created, but as far as I can see, nothing else happens.
Secondly, this patch seems to push quoting responsibilty to the front end. This doesn't seem right, because we might want to use the RESTful APIs for another purpose in the future, which would mean needing to re-implement quoting if something else uses an affected API.
Thanks.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Friday, October 14, 2016, Dave Page <dpage@pgadmin.org> wrote:
Hi
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote: Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twiceThis is not working for me: I tested using Table Export as per Fahar's instructions. As I'm in desktop mode, the first problem was that we get an error at line 210 of import_export/__init__.py, because get_server_directory returned None for the directory. If I fix that, then the job says it's created, but as far as I can see, nothing else happens.
Oh, oh, oh - 30 minutes later I restarted pgAdmin and got a failed job message!
Copying table data 'q m g r o c k s.q m g r o c k s ' on database 'q m g r o c k s' for the server - 'EPAS 9.5 (172.16.254.22:5444)'
Running command:
/Library/PostgreSQL/9.6/bin/psql --host "172.16.254.22" --port "5444" --username "enterprisedb" --dbname "q m g r o c k s" --command "\copy "q m g r o c k s"."q m g r o c k s " ("q m g r o c k s") TO 'Users/dpage/foo.csv' DELIMITER ';' CSV QUOTE '"' ESCAPE '''';"
Start time: Fri Oct 14 2016 16:21:06 GMT-0700 (PDT)
Users/dpage/foo.csv: No such file or directory
Looks like it lost the leading / on the path, so that might have been my hacky fix for the first issue.
Secondly, this patch seems to push quoting responsibilty to the front end. This doesn't seem right, because we might want to use the RESTful APIs for another purpose in the future, which would mean needing to re-implement quoting if something else uses an affected API.Thanks.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote:
Hi
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote: Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twiceThis is not working for me: I tested using Table Export as per Fahar's instructions. As I'm in desktop mode, the first problem was that we get an error at line 210 of import_export/__init__.py, because get_server_directory returned None for the directory. If I fix that, then the job says it's created, but as far as I can see, nothing else happens.
hmm..
Secondly, this patch seems to push quoting responsibilty to the front end.
No - that's not the case, we're using _.escape(..) function on the node's label to fix the issue of XSS vulnerability on client side.
Hence - during sending back the data, we're using _.unescape(..) function to return the same data coming sent by the server.
Though - IIRC - we have a original label stored in another variable '_label', which we can use it instead of unescape it again.
This doesn't seem right, because we might want to use the RESTful APIs for another purpose in the future, which would mean needing to re-implement quoting if something else uses an affected API.
As I explained above, it wont affect the RESTful API.
--
Thanks & Regards,
Ashesh Vashi
Thanks.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Friday, October 14, 2016, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote:
Hi
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote: Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twiceThis is not working for me: I tested using Table Export as per Fahar's instructions. As I'm in desktop mode, the first problem was that we get an error at line 210 of import_export/__init__.py, because get_server_directory returned None for the directory. If I fix that, then the job says it's created, but as far as I can see, nothing else happens.hmm..
Yes, but please see my followup message. There's clearly something funky going on with the process tracking - for whatever reason it didn't pick up this process until after a restart, and per the bug I escalated earlier (which I think is essential to fix for 1.1 in a little over a week), it doesn't always detect completed processes and then keeps re-showing the alert.
Secondly, this patch seems to push quoting responsibilty to the front end.No - that's not the case, we're using _.escape(..) function on the node's label to fix the issue of XSS vulnerability on client side.Hence - during sending back the data, we're using _.unescape(..) function to return the same data coming sent by the server.
Ahh, OK - I see.
Though - IIRC - we have a original label stored in another variable '_label', which we can use it instead of unescape it again.
Right, as we've done in many other places.
This doesn't seem right, because we might want to use the RESTful APIs for another purpose in the future, which would mean needing to re-implement quoting if something else uses an affected API.As I explained above, it wont affect the RESTful API.
Yep. Thanks for setting me straight.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Sat, Oct 15, 2016 at 11:52 AM, Dave Page <dpage@pgadmin.org> wrote:
On Friday, October 14, 2016, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote: On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote:
Hi
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote: Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twiceThis is not working for me: I tested using Table Export as per Fahar's instructions. As I'm in desktop mode, the first problem was that we get an error at line 210 of import_export/__init__.py, because get_server_directory returned None for the directory. If I fix that, then the job says it's created, but as far as I can see, nothing else happens.hmm..Yes, but please see my followup message. There's clearly something funky going on with the process tracking - for whatever reason it didn't pick up this process until after a restart, and per the bug I escalated earlier (which I think is essential to fix for 1.1 in a little over a week), it doesn't always detect completed processes and then keeps re-showing the alert.
The problem here is that, until we click the "Click for details here" link and close the another details dialogue, the acknowledgement does not send to the server. So, it keeps re-showing the alert.
I think, we need to clearly mention the steps on the alertify notifier itself, so the user can get the idea.
Dave/Ashesh,
Any other suggestion?
Secondly, this patch seems to push quoting responsibilty to the front end.No - that's not the case, we're using _.escape(..) function on the node's label to fix the issue of XSS vulnerability on client side.Hence - during sending back the data, we're using _.unescape(..) function to return the same data coming sent by the server.Ahh, OK - I see.Though - IIRC - we have a original label stored in another variable '_label', which we can use it instead of unescape it again.Right, as we've done in many other places.
I have replaced _. unescape with _label
This doesn't seem right, because we might want to use the RESTful APIs for another purpose in the future, which would mean needing to re-implement quoting if something else uses an affected API.As I explained above, it wont affect the RESTful API.Yep. Thanks for setting me straight.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:
On Sat, Oct 15, 2016 at 11:52 AM, Dave Page <dpage@pgadmin.org> wrote:
On Friday, October 14, 2016, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote: On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote:
Hi
On Friday, October 14, 2016, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote: Hi,Please find the attached patch to fix the below 2 bugs.RM 1603: [Web Based] Export database failed if object contains double quotes.RM 1220: Backup database is not working with special charactersThe issues which were fixed:1. Client side data were not unescaped2. Required command line arguments were quoted twiceThis is not working for me: I tested using Table Export as per Fahar's instructions. As I'm in desktop mode, the first problem was that we get an error at line 210 of import_export/__init__.py, because get_server_directory returned None for the directory. If I fix that, then the job says it's created, but as far as I can see, nothing else happens.hmm..Yes, but please see my followup message. There's clearly something funky going on with the process tracking - for whatever reason it didn't pick up this process until after a restart, and per the bug I escalated earlier (which I think is essential to fix for 1.1 in a little over a week), it doesn't always detect completed processes and then keeps re-showing the alert.The problem here is that, until we click the "Click for details here" link and close the another details dialogue, the acknowledgement does not send to the server. So, it keeps re-showing the alert.I think, we need to clearly mention the steps on the alertify notifier itself, so the user can get the idea.Dave/Ashesh,Any other suggestion?
We can give a acknowledge link along with 'Click here for details' link to delete the status, logs, when clicked.
Dave?
Secondly, this patch seems to push quoting responsibilty to the front end.No - that's not the case, we're using _.escape(..) function on the node's label to fix the issue of XSS vulnerability on client side.Hence - during sending back the data, we're using _.unescape(..) function to return the same data coming sent by the server.Ahh, OK - I see.Though - IIRC - we have a original label stored in another variable '_label', which we can use it instead of unescape it again.Right, as we've done in many other places.I have replaced _. unescape with _labelThis doesn't seem right, because we might want to use the RESTful APIs for another purpose in the future, which would mean needing to re-implement quoting if something else uses an affected API.As I explained above, it wont affect the RESTful API.Yep. Thanks for setting me straight.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Thu, Oct 20, 2016 at 12:08 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote: > On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi > <khushboo.vashi@enterprisedb.com> wrote: >> >> >> >> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page <dpage@pgadmin.org> wrote: >>> >>> >>> >>> On Friday, October 14, 2016, Ashesh Vashi <ashesh.vashi@enterprisedb.com> >>> wrote: >>>> >>>> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote: >>>>> >>>>> Hi >>>>> >>>>> On Friday, October 14, 2016, Khushboo Vashi >>>>> <khushboo.vashi@enterprisedb.com> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Please find the attached patch to fix the below 2 bugs. >>>>>> >>>>>> RM 1603: [Web Based] Export database failed if object contains double >>>>>> quotes. >>>>>> RM 1220: Backup database is not working with special characters >>>>>> >>>>>> The issues which were fixed: >>>>>> >>>>>> 1. Client side data were not unescaped >>>>>> 2. Required command line arguments were quoted twice >>>>> >>>>> >>>>> This is not working for me: I tested using Table Export as per Fahar's >>>>> instructions. As I'm in desktop mode, the first problem was that we get an >>>>> error at line 210 of import_export/__init__.py, because get_server_directory >>>>> returned None for the directory. If I fix that, then the job says it's >>>>> created, but as far as I can see, nothing else happens. >>>> >>>> hmm.. >>> >>> >>> Yes, but please see my followup message. There's clearly something funky >>> going on with the process tracking - for whatever reason it didn't pick up >>> this process until after a restart, and per the bug I escalated earlier >>> (which I think is essential to fix for 1.1 in a little over a week), it >>> doesn't always detect completed processes and then keeps re-showing the >>> alert. >>> >> >> >> The problem here is that, until we click the "Click for details here" link >> and close the another details dialogue, the acknowledgement does not send to >> the server. So, it keeps re-showing the alert. >> >> I think, we need to clearly mention the steps on the alertify notifier >> itself, so the user can get the idea. >> >> Dave/Ashesh, >> Any other suggestion? > > We can give a acknowledge link along with 'Click here for details' link to > delete the status, logs, when clicked. > Dave? Sure, we can do that - but with so many instances being reported, clearly there's a root cause to fix first. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Hi,
Please find the attached patch to fix below RMs:
1603: [Web Based] Export database failed if object contains double quotes
1220: Backup database is not working with special characters
1221: Maintenance DB failed if database name contains special characters
In Desktop mode, the import/export didn't work that is also fixed.
Regarding, re-showing the dialogue multiple times, Murtuza is working on this issue,
Murtuza,
Please also look into this thread, so you can have more idea about the related bugs.
Thanks,
Khushboo
On Thu, Oct 20, 2016 at 9:40 PM, Dave Page <dpage@pgadmin.org> wrote:
On Thu, Oct 20, 2016 at 12:08 PM, Ashesh VashiSure, we can do that - but with so many instances being reported,<ashesh.vashi@enterprisedb.com> wrote:
> On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi
> <khushboo.vashi@enterprisedb.com> wrote:
>>
>>
>>
>> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page <dpage@pgadmin.org> wrote:
>>>
>>>
>>>
>>> On Friday, October 14, 2016, Ashesh Vashi <ashesh.vashi@enterprisedb.com>
>>> wrote:
>>>>
>>>> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> On Friday, October 14, 2016, Khushboo Vashi
>>>>> <khushboo.vashi@enterprisedb.com> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Please find the attached patch to fix the below 2 bugs.
>>>>>>
>>>>>> RM 1603: [Web Based] Export database failed if object contains double
>>>>>> quotes.
>>>>>> RM 1220: Backup database is not working with special characters
>>>>>>
>>>>>> The issues which were fixed:
>>>>>>
>>>>>> 1. Client side data were not unescaped
>>>>>> 2. Required command line arguments were quoted twice
>>>>>
>>>>>
>>>>> This is not working for me: I tested using Table Export as per Fahar's
>>>>> instructions. As I'm in desktop mode, the first problem was that we get an
>>>>> error at line 210 of import_export/__init__.py, because get_server_directory
>>>>> returned None for the directory. If I fix that, then the job says it's
>>>>> created, but as far as I can see, nothing else happens.
>>>>
>>>> hmm..
>>>
>>>
>>> Yes, but please see my followup message. There's clearly something funky
>>> going on with the process tracking - for whatever reason it didn't pick up
>>> this process until after a restart, and per the bug I escalated earlier
>>> (which I think is essential to fix for 1.1 in a little over a week), it
>>> doesn't always detect completed processes and then keeps re-showing the
>>> alert.
>>>
>>
>>
>> The problem here is that, until we click the "Click for details here" link
>> and close the another details dialogue, the acknowledgement does not send to
>> the server. So, it keeps re-showing the alert.
>>
>> I think, we need to clearly mention the steps on the alertify notifier
>> itself, so the user can get the idea.
>>
>> Dave/Ashesh,
>> Any other suggestion?
>
> We can give a acknowledge link along with 'Click here for details' link to
> delete the status, logs, when clicked.
> Dave?
clearly there's a root cause to fix first.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Вложения
Thanks, patch applied. On Fri, Oct 21, 2016 at 6:14 AM, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote: > Hi, > > Please find the attached patch to fix below RMs: > > 1603: [Web Based] Export database failed if object contains double quotes > 1220: Backup database is not working with special characters > 1221: Maintenance DB failed if database name contains special characters > > In Desktop mode, the import/export didn't work that is also fixed. > > Regarding, re-showing the dialogue multiple times, Murtuza is working on > this issue, > > Murtuza, > Please also look into this thread, so you can have more idea about the > related bugs. > > Thanks, > Khushboo > > > On Thu, Oct 20, 2016 at 9:40 PM, Dave Page <dpage@pgadmin.org> wrote: >> >> On Thu, Oct 20, 2016 at 12:08 PM, Ashesh Vashi >> <ashesh.vashi@enterprisedb.com> wrote: >> > On Thu, Oct 20, 2016 at 4:26 PM, Khushboo Vashi >> > <khushboo.vashi@enterprisedb.com> wrote: >> >> >> >> >> >> >> >> On Sat, Oct 15, 2016 at 11:52 AM, Dave Page <dpage@pgadmin.org> wrote: >> >>> >> >>> >> >>> >> >>> On Friday, October 14, 2016, Ashesh Vashi >> >>> <ashesh.vashi@enterprisedb.com> >> >>> wrote: >> >>>> >> >>>> On Sat, Oct 15, 2016 at 4:59 AM, Dave Page <dpage@pgadmin.org> wrote: >> >>>>> >> >>>>> Hi >> >>>>> >> >>>>> On Friday, October 14, 2016, Khushboo Vashi >> >>>>> <khushboo.vashi@enterprisedb.com> wrote: >> >>>>>> >> >>>>>> Hi, >> >>>>>> >> >>>>>> Please find the attached patch to fix the below 2 bugs. >> >>>>>> >> >>>>>> RM 1603: [Web Based] Export database failed if object contains >> >>>>>> double >> >>>>>> quotes. >> >>>>>> RM 1220: Backup database is not working with special characters >> >>>>>> >> >>>>>> The issues which were fixed: >> >>>>>> >> >>>>>> 1. Client side data were not unescaped >> >>>>>> 2. Required command line arguments were quoted twice >> >>>>> >> >>>>> >> >>>>> This is not working for me: I tested using Table Export as per >> >>>>> Fahar's >> >>>>> instructions. As I'm in desktop mode, the first problem was that we >> >>>>> get an >> >>>>> error at line 210 of import_export/__init__.py, because >> >>>>> get_server_directory >> >>>>> returned None for the directory. If I fix that, then the job says >> >>>>> it's >> >>>>> created, but as far as I can see, nothing else happens. >> >>>> >> >>>> hmm.. >> >>> >> >>> >> >>> Yes, but please see my followup message. There's clearly something >> >>> funky >> >>> going on with the process tracking - for whatever reason it didn't >> >>> pick up >> >>> this process until after a restart, and per the bug I escalated >> >>> earlier >> >>> (which I think is essential to fix for 1.1 in a little over a week), >> >>> it >> >>> doesn't always detect completed processes and then keeps re-showing >> >>> the >> >>> alert. >> >>> >> >> >> >> >> >> The problem here is that, until we click the "Click for details here" >> >> link >> >> and close the another details dialogue, the acknowledgement does not >> >> send to >> >> the server. So, it keeps re-showing the alert. >> >> >> >> I think, we need to clearly mention the steps on the alertify notifier >> >> itself, so the user can get the idea. >> >> >> >> Dave/Ashesh, >> >> Any other suggestion? >> > >> > We can give a acknowledge link along with 'Click here for details' link >> > to >> > delete the status, logs, when clicked. >> > Dave? >> >> Sure, we can do that - but with so many instances being reported, >> clearly there's a root cause to fix first. >> >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EnterpriseDB UK: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company > > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company