Re: Patch for RM1911 Direct file navigation [pgAdmin4] [Feature]

Hi,

Pls find updated patch (V7) for direct file navigation with below bug fixes.

--
*Harshal Dhumal*
*Software Engineer*

EnterpriseDB India: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Mon, Jan 16, 2017 at 8:42 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Hi
>
> On Sat, Jan 14, 2017 at 2:27 PM, Harshal Dhumal
> <harshal(dot)dhumal(at)enterprisedb(dot)com> wrote:
> > Hi,
> >
> > Pls updated patch for RM1911.
> >
> > 1. This includes fix for issue index out of range when user enters path
> of
> > folder without trailing slash (showed by Dave).
> > 2. To make this functionality compatible with save last used directory
> > feature.
>
> - The first test I ran gave the error seen in the attachment (running
> in server mode, clicking the Browse button on the backup dialogue).
>
Fixed.

>
> - I also noticed in reviewing the changes again, that you've got code
> in sqleditor/__init__.py to stop the user moving outside of the
> storage sandbox in server mode. That code should be part of the file
> manager - none of the modules using it should be doing that kind of
> check.
>
> Fixed.

> - If I do try to navigate outside of the sandbox, I get a nice error:
> "Error: Access Denied (/Users/dpage/.pgadmin)" for example, if I enter
> /../../. Whilst it's good to be informative, it's also a security
> leak. It should only tell me the path that the user sees, not the path
> as it actually is on the server - e.g. "Error: Access Denied
> (/../../../)"
>
> Fixed.

> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>