Quick Links

pgAdmin 4 commit: Fixed CSRF security vulnerability issue. per Alvin Li

From:	Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
To:	pgadmin-hackers(at)lists(dot)postgresql(dot)org
Subject:	pgAdmin 4 commit: Fixed CSRF security vulnerability issue. per Alvin Li
Date:	2019-05-28 05:33:09
Message-ID:	E1hVUjV-0002IJ-5q@gothos.postgresql.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-hackers

Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217
Initial patch by: Khushboo Vashi
Modified by: Ashesh Vashi and Murtuza Zabuawala

Branch
------
master

Details
-------
https://git.postgresql.org/gitweb?p=pgadmin4.git;a=commitdiff;h=6f0eafb2233feacd26951551393c4f1d0b7204dc
Author: Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com>

Modified Files
--------------
docs/en_US/release_notes_4_7.rst | 1 +
web/config.py | 7 +-
web/pgadmin/__init__.py | 14 ++-
web/pgadmin/browser/__init__.py | 39 ++-----
web/pgadmin/browser/static/js/browser.js | 15 ++-
web/pgadmin/browser/static/js/collection.js | 3 +-
web/pgadmin/browser/static/js/preferences.js | 7 +-
web/pgadmin/browser/templates/browser/index.html | 1 -
web/pgadmin/browser/templates/browser/js/utils.js | 3 +
web/pgadmin/browser/tests/test_change_password.py | 15 +--
.../browser/tests/test_gravatar_image_display.py | 13 +--
web/pgadmin/browser/tests/test_login.py | 34 ++++--
web/pgadmin/browser/tests/test_reset_password.py | 12 +-
web/pgadmin/browser/tests/utils.py | 7 +-
web/pgadmin/misc/__init__.py | 2 +
.../misc/dependencies/static/js/dependencies.js | 7 +-
.../misc/dependents/static/js/dependents.js | 7 +-
web/pgadmin/misc/file_manager/static/js/utility.js | 6 +-
web/pgadmin/misc/sql/static/js/sql.js | 5 +-
.../misc/statistics/static/js/statistics.js | 9 +-
.../setup/tests/test_export_import_servers.py | 13 ++-
web/pgadmin/static/js/csrf.js | 60 ++++++++++
web/pgadmin/static/js/sqleditor/execute_query.js | 6 +-
.../static/js/tree/pgadmin_tree_save_state.js | 2 +-
.../tools/backup/static/js/backup_dialog.js | 3 +-
.../backup/static/js/backup_dialog_wrapper.js | 3 +-
web/pgadmin/tools/debugger/static/js/direct.js | 5 +-
.../tools/restore/static/js/restore_dialog.js | 3 +-
.../restore/static/js/restore_dialog_wrapper.js | 3 +-
web/pgadmin/tools/sqleditor/static/js/sqleditor.js | 6 +-
web/pgadmin/tools/user_management/__init__.py | 2 +
web/pgadmin/utils/csrf.py | 43 +++++++
web/pgadmin/utils/session.py | 2 +-
.../python_test_utils/csrf_test_client.py | 124 +++++++++++++++++++++
web/regression/python_test_utils/test_utils.py | 18 +--
web/regression/runtests.py | 11 +-
36 files changed, 387 insertions(+), 124 deletions(-)

Browse pgadmin-hackers by date

	From	Date	Subject
Next Message	Akshay Joshi	2019-05-28 06:31:31	pgAdmin 4 commit: 1. Added Master Password to increase the security of
Previous Message	Akshay Joshi	2019-05-27 07:40:35	pgAdmin 4 commit: 1. Fix syntax error when adding more than one column