diff --git a/web/pgadmin/tools/psql/__init__.py b/web/pgadmin/tools/psql/__init__.py index cb10d5db..e99d169b 100644 --- a/web/pgadmin/tools/psql/__init__.py +++ b/web/pgadmin/tools/psql/__init__.py @@ -495,8 +495,9 @@ def invalid_cmd(): def check_valid_cmd(user_input): """ - Check if user entered a valid cmd and \\! command is preset as a string - only in current executing command. if \\! is present as command don't + Check if user entered a valid cmd and \\!, \\copy, \\e and \\ef command is + preset as a string only in current executing command. + if \\!, \\copy, \\e and \\ef is present as command don't allow the execution of command. :param user_input: :return: @@ -512,6 +513,26 @@ def check_valid_cmd(user_input): if re.search("\\\!", sub_str): stop_execution = False # break + if re.search("\\\copy", sub_str.lower()): + stop_execution = False + if re.search("\\\e", sub_str.lower()): + stop_execution = False + if re.search("\\\ef", sub_str.lower()): + stop_execution = False + if re.search("\\\i", sub_str.lower()): + stop_execution = False + if re.search("\\\lo_import", sub_str.lower()) or \ + re.search("lo_import", sub_str.lower()): + stop_execution = False + if re.search("\\\lo_export", sub_str.lower()) or \ + re.search("lo_export", sub_str.lower()): + stop_execution = False + if re.search("\\\g", sub_str.lower()): + stop_execution = False + if re.search("\\\o", sub_str.lower()): + stop_execution = False + if re.search("\\\w", sub_str.lower()): + stop_execution = False if stop_execution: session_last_cmd[request.sid]['invalid_cmd'] = True @@ -570,8 +591,87 @@ def enter_key_press(data): not config.ALLOW_PSQL_SHELL_COMMANDS and\ not session_last_cmd[request.sid]['is_new_connection']: check_valid_cmd(user_input) - elif user_input == '\q' or user_input == 'q\\q' or user_input in ['exit', - 'exit;']: + elif (user_input.lower().startswith('\copy') and + re.match("^\\\copy$", user_input.lower()))\ + and not config.ALLOW_PSQL_SHELL_COMMANDS: + invalid_cmd() + elif re.search("\\\copy", user_input.lower()) \ + and not config.ALLOW_PSQL_SHELL_COMMANDS \ + and not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif (user_input.lower().startswith('\e') and + re.match("^\\\e$", user_input.lower())) and\ + not config.ALLOW_PSQL_SHELL_COMMANDS: + invalid_cmd() + elif re.search("\\\e", user_input.lower()) \ + and not config.ALLOW_PSQL_SHELL_COMMANDS \ + and not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif (user_input.lower().startswith('\ef') and + re.match("^\\\ef$", user_input.lower())) and\ + not config.ALLOW_PSQL_SHELL_COMMANDS: + invalid_cmd() + elif re.search("\\\ef", user_input.lower()) \ + and not config.ALLOW_PSQL_SHELL_COMMANDS \ + and not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif user_input.lower().startswith('\i') and \ + re.match("^\\\i$", user_input) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and not is_new_connection: + invalid_cmd() + elif re.search("\\\i", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and \ + not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif (user_input.lower().startswith('\lo_import') or + user_input.lower().startswith('lo_import')) and \ + (re.match("^\\\lo_import$", user_input.lower()) or + re.match("^lo_import$", user_input.lower())) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and not is_new_connection: + invalid_cmd() + elif (re.search("\\\lo_import", user_input.lower()) or + re.search("lo_import", user_input.lower())) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and \ + not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif (user_input.lower().startswith('\lo_export') or + user_input.lower().startswith('lo_export')) and \ + (re.match("^\\\lo_export$", user_input.lower()) or + re.match("^lo_export$", user_input.lower())) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and not is_new_connection: + invalid_cmd() + elif (re.search("\\\lo_export", user_input.lower()) or + re.search("lo_export", user_input.lower())) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and \ + not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif user_input.lower().startswith('\g') and \ + re.match("^\\\g$", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and not is_new_connection: + invalid_cmd() + elif re.search("\\\g", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and \ + not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif user_input.lower().startswith('\o') and \ + re.match("^\\\o$", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and not is_new_connection: + invalid_cmd() + elif re.search("\\\o", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and \ + not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + elif user_input.lower().startswith('\w') and \ + re.match("^\\\w$", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and not is_new_connection: + invalid_cmd() + elif re.search("\\\w", user_input.lower()) and \ + not config.ALLOW_PSQL_SHELL_COMMANDS and \ + not session_last_cmd[request.sid]['is_new_connection']: + check_valid_cmd(user_input) + + elif user_input == '\q' or user_input == 'q\\q' or user_input in\ + ['\quit','exit', 'exit;']: # If user enter \q to terminate the PSQL, emit the msg to # notify user connection is terminated. sio.emit('pty-output',