REFACTOR (pgpass): Refactor escaping

Author: RostislavDugin

backend/internal/features/backups/backups/usecases/postgresql/create_backup_uc.go

@@ -719,17 +719,14 @@ func (uc *CreatePostgresqlBackupUsecase) createTempPgpassFile(
 		return "", nil
 	}
 
-	// Escape special characters in password as per PostgreSQL .pgpass format
-	// Per official PostgreSQL documentation: only backslash and colon need escaping
-	escapedPassword := strings.NewReplacer(
-		"\\", "\\\\",
-		":", "\\:",
-	).Replace(password)
+	escapedHost := tools.EscapePgpassField(pgConfig.Host)
+	escapedUsername := tools.EscapePgpassField(pgConfig.Username)
+	escapedPassword := tools.EscapePgpassField(password)
 
 	pgpassContent := fmt.Sprintf("%s:%d:*:%s:%s",
-		pgConfig.Host,
+		escapedHost,
 		pgConfig.Port,
-		pgConfig.Username,
+		escapedUsername,
 		escapedPassword,
 	)
 

backend/internal/features/restores/usecases/postgresql/restore_backup_uc.go

@@ -564,17 +564,14 @@ func (uc *RestorePostgresqlBackupUsecase) createTempPgpassFile(
 		return "", nil
 	}
 
-	// Escape special characters in password as per PostgreSQL .pgpass format
-	// Per official PostgreSQL documentation: only backslash and colon need escaping
-	escapedPassword := strings.NewReplacer(
-		"\\", "\\\\",
-		":", "\\:",
-	).Replace(password)
+	escapedHost := tools.EscapePgpassField(pgConfig.Host)
+	escapedUsername := tools.EscapePgpassField(pgConfig.Username)
+	escapedPassword := tools.EscapePgpassField(password)
 
 	pgpassContent := fmt.Sprintf("%s:%d:*:%s:%s",
-		pgConfig.Host,
+		escapedHost,
 		pgConfig.Port,
-		pgConfig.Username,
+		escapedUsername,
 		escapedPassword,
 	)
 

backend/internal/util/tools/postgresql.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"strings"
 
 	env_utils "postgresus-backend/internal/util/env"
 )
@@ -151,6 +152,24 @@ func VerifyPostgresesInstallation(
 	logger.Info("All PostgreSQL version-specific client tools verification completed successfully!")
 }
 
+// EscapePgpassField escapes special characters in a field value for .pgpass file format.
+// According to PostgreSQL documentation, the .pgpass file format requires:
+// - Backslash (\) must be escaped as \\
+// - Colon (:) must be escaped as \:
+// Additionally, newlines and carriage returns are removed to prevent format corruption.
+func EscapePgpassField(field string) string {
+	// Remove newlines and carriage returns that would break .pgpass format
+	field = strings.ReplaceAll(field, "\r", "")
+	field = strings.ReplaceAll(field, "\n", "")
+
+	// Escape backslashes first (order matters!)
+	// Then escape colons
+	field = strings.ReplaceAll(field, "\\", "\\\\")
+	field = strings.ReplaceAll(field, ":", "\\:")
+
+	return field
+}
+
 func getPostgresqlBasePath(
 	version PostgresqlVersion,
 	envMode env_utils.EnvMode,

frontend/src/shared/theme/ThemeProvider.tsx

@@ -16,10 +16,12 @@ function getSystemTheme(): ResolvedTheme {
 function getStoredTheme(): ThemeMode {
   if (typeof window !== 'undefined') {
     const stored = localStorage.getItem(THEME_STORAGE_KEY);
+
     if (stored === 'light' || stored === 'dark' || stored === 'system') {
       return stored;
     }
   }
+
   return 'system';
 }