Postgres Pro
Downloads
Home   >   mailing lists

Re: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<';* - Mailing list pgadmin-hackers

From Akshay Joshi
Subject Re: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<';*
Date
Msg-id CANxoLDec1bkUHJcep-650Z9snhdfuHoexkQJsuzAMJ0xk=CJRw@mail.gmail.com
Whole thread Raw
In response to Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<';*  (Yogesh Mahajan <yogesh.mahajan@enterprisedb.com>)
List pgadmin-hackers
Tree view
Thanks, patch applied.

On Wed, Aug 5, 2020 at 1:39 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:
Hello,

Please find patch which fixes 2 issues reported in Bug #4387 
  1.Incorrect Column name when column name is like *'SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>;*''
  2.Unable to enter data when the above column is primary key.

Thanks,
Yogesh Mahajan
QA - Team
EnterpriseDB Corporation

Phone: +91-9741705709


--
Thanks & Regards
Akshay Joshi
pgAdmin Hacker | Sr. Software Architect
EDB Postgres
Mobile: +91 976-788-8246

pgadmin-hackers by date:

Previous
From: Akshay Joshi
Date:
Subject: pgAdmin 4 commit: Fixed cognitive complexity issues reported by SonarQu
Next
From: Akshay Joshi
Date:
Subject: Re: [pgAdmin4][Patch] - SonarQube Issues - 13 (String literals should not be duplicated)