Обсуждение: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<';*

Поиск
Список
Период
Сортировка

Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<';*

От
Yogesh Mahajan
Дата:
Hello,

Please find patch which fixes 2 issues reported in Bug #4387 
  1.Incorrect Column name when column name is like *'SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>;*''
  2.Unable to enter data when the above column is primary key.

Thanks,
Yogesh Mahajan
QA - Team
EnterpriseDB Corporation

Phone: +91-9741705709
Вложения

Re: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<';*

От
Akshay Joshi
Дата:
Thanks, patch applied.

On Wed, Aug 5, 2020 at 1:39 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:
Hello,

Please find patch which fixes 2 issues reported in Bug #4387 
  1.Incorrect Column name when column name is like *'SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>;*''
  2.Unable to enter data when the above column is primary key.

Thanks,
Yogesh Mahajan
QA - Team
EnterpriseDB Corporation

Phone: +91-9741705709


--
Thanks & Regards
Akshay Joshi
pgAdmin Hacker | Sr. Software Architect
EDB Postgres
Mobile: +91 976-788-8246