Skip to content

Commit e384c96

Browse files
Fixed a XSS vulnerability in the /settings/store endpoint. #7282
1 parent 30d2d1b commit e384c96

3 files changed

Lines changed: 5 additions & 6 deletions

File tree

‎web/pgadmin/browser/static/js/node.js‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ define('pgadmin.browser.node', [
139139
},
140140
enable: _.isFunction(self.canEdit) ?
141141
function() {
142-
return !!(self.canEdit(arguments));
142+
return !!(self.canEdit(...arguments));
143143
} : (!!self.canEdit),
144144
}]);
145145
}
@@ -159,7 +159,7 @@ define('pgadmin.browser.node', [
159159
},
160160
enable: _.isFunction(self.canDrop) ?
161161
function() {
162-
return !!(self.canDrop(arguments));
162+
return !!(self.canDrop(...arguments));
163163
} : (!!self.canDrop),
164164
}]);
165165

@@ -177,7 +177,7 @@ define('pgadmin.browser.node', [
177177
},
178178
enable: _.isFunction(self.canDropCascade) ?
179179
function() {
180-
return self.canDropCascade(arguments);
180+
return self.canDropCascade(...arguments);
181181
} : (!!self.canDropCascade),
182182
}]);
183183
}

‎web/pgadmin/browser/templates/browser/js/utils.js‎

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,6 @@
3838

3939
define('pgadmin.browser.utils',
4040
['sources/pgadmin'], function(pgAdmin) {
41-
4241
let pgBrowser = pgAdmin.Browser = pgAdmin.Browser || {};
4342

4443
pgBrowser['MainMenus'] = [];
@@ -86,7 +85,7 @@ define('pgadmin.browser.utils',
8685
];
8786

8887
pgBrowser.utils = {
89-
layout: '{{ layout }}',
88+
layout: {{ layout|tojson }},
9089
theme: '{{ theme }}',
9190
pg_help_path: '{{ pg_help_path }}',
9291
tabSize: '{{ editor_tab_size }}',

‎web/pgadmin/static/js/tree/tree.js‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -408,7 +408,7 @@ export class Tree {
408408
}
409409

410410
findNodeByDomElement(domElement) {
411-
const path = domElement.path;
411+
const path = domElement?.path;
412412
if (!path?.[0]) {
413413
return undefined;
414414
}

0 commit comments

Comments
 (0)