November 2014 - galaxy-commits - lists.galaxyproject.org

commit/galaxy-central: natefoo: Update tag latest_2014.10.06 for changeset acb2548443ae

by commits-noreply＠bitbucket.org

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/26aab19109ce/ Changeset: 26aab19109ce Branch: stable User: natefoo Date: 2014-11-27 14:00:14+00:00 Summary: Update tag latest_2014.10.06 for changeset acb2548443ae Affected #: 1 file diff -r acb2548443ae42d39ef200d035ccc0481d6b930c -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 .hgtags --- a/.hgtags +++ b/.hgtags @@ -20,4 +20,4 @@ ca45b78adb4152fc6e7395514d46eba6b7d0b838 release_2014.08.11 548ab24667d6206780237bd807f7d857a484c461 latest_2014.08.11 2092948937ac30ef82f71463a235c66d34987088 release_2014.10.06 -adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 latest_2014.10.06 +acb2548443ae42d39ef200d035ccc0481d6b930c latest_2014.10.06 Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

[galaxyproject/usegalaxy-playbook] 49ee6f: Update Test.

by GitHub

Branch: refs/heads/master Home: https://github.com/galaxyproject/usegalaxy-playbook Commit: 49ee6f1dff6ade330d324428197fdc1674963b6f https://github.com/galaxyproject/usegalaxy-playbook/commit/49ee6f1dff6ade... Author: dannon <dannon.baker(a)gmail.com> Date: 2014-11-26 (Wed, 26 Nov 2014) Changed paths: M files/galaxy/test.galaxyproject.org/var/integrated_tool_panel.xml M stage/group_vars/all.yml Log Message: ----------- Update Test.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: dannon: Merge next-stable.

by commits-noreply＠bitbucket.org

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/3975b317ffdc/ Changeset: 3975b317ffdc User: dannon Date: 2014-11-26 18:25:30+00:00 Summary: Merge next-stable. Affected #: 1 file diff -r c5321f66c314cdfcaeb0aaedcc65c479558abf3a -r 3975b317ffdcbaa6c8dcb4b2b52404bfa34edbc2 lib/galaxy/workflow/modules.py --- a/lib/galaxy/workflow/modules.py +++ b/lib/galaxy/workflow/modules.py @@ -148,7 +148,7 @@ """ raise TypeError( "Abstract method" ) - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): """ Determine the runtime state (potentially different from self.state which describes configuration state). This (again unlike self.state) is currently always a `DefaultToolState` object. @@ -259,7 +259,7 @@ errors[ name ] = error return errors - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): if step_updates and "tool_state" in step_updates: # Fix this for multiple inputs state = self.decode_runtime_state( trans, step_updates.pop( "tool_state" ) ) @@ -716,7 +716,7 @@ def check_and_update_state( self ): return self.tool.check_and_update_param_values( self.state.inputs, self.trans, allow_workflow_parameters=True ) - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): # Warning: This method destructively modifies existing step state. step_errors = None state = self.state @@ -727,7 +727,7 @@ old_errors = state.inputs.pop( "__errors__", {} ) # Update the state step_errors = tool.update_state( trans, tool.inputs, state.inputs, step_updates, - update_only=True, old_errors=old_errors, source="json" ) + update_only=True, old_errors=old_errors, source=source ) return state, step_errors def execute( self, trans, progress, invocation, step ): @@ -956,7 +956,7 @@ def __init__( self, trans ): self.trans = trans - def inject( self, step, step_args=None ): + def inject( self, step, step_args=None, source="html" ): """ Pre-condition: `step` is an ORM object coming from the database, if supplied `step_args` is the representation of the inputs for that step supplied via web form. @@ -998,7 +998,7 @@ # are not persisted so we need to do it every time) module.add_dummy_datasets( connections=step.input_connections ) - state, step_errors = module.compute_runtime_state( trans, step_args ) + state, step_errors = module.compute_runtime_state( trans, step_args, source=source ) step.state = state return step_errors @@ -1011,7 +1011,7 @@ module_injector = WorkflowModuleInjector( trans ) for step in workflow.steps: step_args = param_map.get( step.id, {} ) - step_errors = module_injector.inject( step, step_args=step_args ) + step_errors = module_injector.inject( step, step_args=step_args, source="json" ) if step.type == 'tool' or step.type is None: if step_errors: message = "Workflow cannot be run because of validation errors in some steps: %s" % step_errors Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: jmchilton: Fix boolean parameter handling at workflow runtime.

by commits-noreply＠bitbucket.org

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/3a30a79840d4/ Changeset: 3a30a79840d4 Branch: next-stable User: jmchilton Date: 2014-11-26 17:42:00+00:00 Summary: Fix boolean parameter handling at workflow runtime. Broken with 011c8b2118be778eaf1ba952730ff876d6447ba9. Note to self - update pause module when merging into next-stable. Affected #: 1 file diff -r d94fef1095439d5cf7145ca6eb13b9f12f453874 -r 3a30a79840d4e5e4896910dcf2f161a38d7977b0 lib/galaxy/workflow/modules.py --- a/lib/galaxy/workflow/modules.py +++ b/lib/galaxy/workflow/modules.py @@ -148,7 +148,7 @@ """ raise TypeError( "Abstract method" ) - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): """ Determine the runtime state (potentially different from self.state which describes configuration state). This (again unlike self.state) is currently always a `DefaultToolState` object. @@ -259,7 +259,7 @@ errors[ name ] = error return errors - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): if step_updates and "tool_state" in step_updates: # Fix this for multiple inputs state = self.decode_runtime_state( trans, step_updates.pop( "tool_state" ) ) @@ -716,7 +716,7 @@ def check_and_update_state( self ): return self.tool.check_and_update_param_values( self.state.inputs, self.trans, allow_workflow_parameters=True ) - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): # Warning: This method destructively modifies existing step state. step_errors = None state = self.state @@ -727,7 +727,7 @@ old_errors = state.inputs.pop( "__errors__", {} ) # Update the state step_errors = tool.update_state( trans, tool.inputs, state.inputs, step_updates, - update_only=True, old_errors=old_errors, source="json" ) + update_only=True, old_errors=old_errors, source=source ) return state, step_errors def execute( self, trans, progress, invocation, step ): @@ -956,7 +956,7 @@ def __init__( self, trans ): self.trans = trans - def inject( self, step, step_args=None ): + def inject( self, step, step_args=None, source="html" ): """ Pre-condition: `step` is an ORM object coming from the database, if supplied `step_args` is the representation of the inputs for that step supplied via web form. @@ -998,7 +998,7 @@ # are not persisted so we need to do it every time) module.add_dummy_datasets( connections=step.input_connections ) - state, step_errors = module.compute_runtime_state( trans, step_args ) + state, step_errors = module.compute_runtime_state( trans, step_args, source=source ) step.state = state return step_errors @@ -1011,7 +1011,7 @@ module_injector = WorkflowModuleInjector( trans ) for step in workflow.steps: step_args = param_map.get( step.id, {} ) - step_errors = module_injector.inject( step, step_args=step_args ) + step_errors = module_injector.inject( step, step_args=step_args, source="json" ) if step.type == 'tool' or step.type is None: if step_errors: message = "Workflow cannot be run because of validation errors in some steps: %s" % step_errors Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: jmchilton: Fix boolean parameter handling at workflow runtime.

by commits-noreply＠bitbucket.org

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/acb2548443ae/ Changeset: acb2548443ae Branch: stable User: jmchilton Date: 2014-11-26 17:42:00+00:00 Summary: Fix boolean parameter handling at workflow runtime. Broken with 011c8b2118be778eaf1ba952730ff876d6447ba9. Note to self - update pause module when merging into next-stable. Affected #: 1 file diff -r c50a228167b0a1a4541f46bb19b8d67c9010248d -r acb2548443ae42d39ef200d035ccc0481d6b930c lib/galaxy/workflow/modules.py --- a/lib/galaxy/workflow/modules.py +++ b/lib/galaxy/workflow/modules.py @@ -147,7 +147,7 @@ """ raise TypeError( "Abstract method" ) - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): """ Determine the runtime state (potentially different from self.state which describes configuration state). This (again unlike self.state) is currently always a `DefaultToolState` object. @@ -258,7 +258,7 @@ errors[ name ] = error return errors - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): if step_updates: # Fix this for multiple inputs state = self.decode_runtime_state( trans, step_updates.pop( "tool_state" ) ) @@ -598,7 +598,7 @@ def check_and_update_state( self ): return self.tool.check_and_update_param_values( self.state.inputs, self.trans, allow_workflow_parameters=True ) - def compute_runtime_state( self, trans, step_updates=None ): + def compute_runtime_state( self, trans, step_updates=None, source="html" ): # Warning: This method destructively modifies existing step state. step_errors = None state = self.state @@ -609,7 +609,7 @@ old_errors = state.inputs.pop( "__errors__", {} ) # Update the state step_errors = tool.update_state( trans, tool.inputs, state.inputs, step_updates, - update_only=True, old_errors=old_errors, source="json" ) + update_only=True, old_errors=old_errors, source=source ) return state, step_errors def execute( self, trans, progress, invocation, step ): @@ -784,7 +784,7 @@ def __init__( self, trans ): self.trans = trans - def inject( self, step, step_args=None ): + def inject( self, step, step_args=None, source="html" ): """ Pre-condition: `step` is an ORM object coming from the database, if supplied `step_args` is the representation of the inputs for that step supplied via web form. @@ -827,7 +827,7 @@ # are not persisted so we need to do it every time) module.add_dummy_datasets( connections=step.input_connections ) - state, step_errors = module.compute_runtime_state( trans, step_args ) + state, step_errors = module.compute_runtime_state( trans, step_args, source=source ) step.state = state return step_errors @@ -840,7 +840,7 @@ module_injector = WorkflowModuleInjector( trans ) for step in workflow.steps: step_args = param_map.get( step.id, {} ) - step_errors = module_injector.inject( step, step_args=step_args ) + step_errors = module_injector.inject( step, step_args=step_args, source="json" ) if step.type == 'tool' or step.type is None: if step_errors: message = "Workflow cannot be run because of validation errors in some steps: %s" % step_errors Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: 2 new changesets

by commits-noreply＠bitbucket.org

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/d94fef109543/ Changeset: d94fef109543 Branch: next-stable User: guerler Date: 2014-11-26 17:42:46+00:00 Summary: ToolForm: Ensure that the correct definition for booleans is used Affected #: 1 file diff -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 -r d94fef1095439d5cf7145ca6eb13b9f12f453874 lib/galaxy/webapps/galaxy/api/tools.py --- a/lib/galaxy/webapps/galaxy/api/tools.py +++ b/lib/galaxy/webapps/galaxy/api/tools.py @@ -587,7 +587,7 @@ error = 'State validation failed.' try: # resolves the inconsistent definition of boolean parameters (see base.py) without modifying shared code - if input.type == 'boolean': + if input.type == 'boolean' and isinstance(default_value, basestring): value, error = [util.string_as_bool(default_value), None] else: value, error = check_param(trans, input, default_value, context) https://bitbucket.org/galaxy/galaxy-central/commits/c5321f66c314/ Changeset: c5321f66c314 User: guerler Date: 2014-11-26 17:43:05+00:00 Summary: Merge Affected #: 1 file diff -r 5f178251e9b579f62ceb172ab562d67d1c841b73 -r c5321f66c314cdfcaeb0aaedcc65c479558abf3a lib/galaxy/webapps/galaxy/api/tools.py --- a/lib/galaxy/webapps/galaxy/api/tools.py +++ b/lib/galaxy/webapps/galaxy/api/tools.py @@ -594,7 +594,7 @@ error = 'State validation failed.' try: # resolves the inconsistent definition of boolean parameters (see base.py) without modifying shared code - if input.type == 'boolean': + if input.type == 'boolean' and isinstance(default_value, basestring): value, error = [util.string_as_bool(default_value), None] else: value, error = check_param(trans, input, default_value, context) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: carlfeberhard: merge

by commits-noreply＠bitbucket.org

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/5f178251e9b5/ Changeset: 5f178251e9b5 User: carlfeberhard Date: 2014-11-26 17:29:18+00:00 Summary: merge Affected #: 18 files diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 client/galaxy/scripts/mvc/annotations.js --- a/client/galaxy/scripts/mvc/annotations.js +++ b/client/galaxy/scripts/mvc/annotations.js @@ -56,7 +56,7 @@ '<label class="prompt">', _l( 'Annotation' ), '</label>', // set up initial tags by adding as CSV to input vals (necc. to init select2) '<div class="annotation" title="', _l( 'Edit annotation' ), '">', - annotation, + _.escape( annotation ), '</div>' ].join( '' ); }, diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 client/galaxy/scripts/mvc/tags.js --- a/client/galaxy/scripts/mvc/tags.js +++ b/client/galaxy/scripts/mvc/tags.js @@ -56,7 +56,9 @@ if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){ return ''; } - return tagsArray.sort().join( ',' ); + return tagsArray.map( function( tag ){ + return _.escape( tag ); + }).sort().join( ',' ); }, /** @returns {jQuery} the input for this view */ diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/mvc/annotations.js --- a/static/scripts/mvc/annotations.js +++ b/static/scripts/mvc/annotations.js @@ -56,7 +56,7 @@ '<label class="prompt">', _l( 'Annotation' ), '</label>', // set up initial tags by adding as CSV to input vals (necc. to init select2) '<div class="annotation" title="', _l( 'Edit annotation' ), '">', - annotation, + _.escape( annotation ), '</div>' ].join( '' ); }, diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/mvc/tags.js --- a/static/scripts/mvc/tags.js +++ b/static/scripts/mvc/tags.js @@ -56,7 +56,9 @@ if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){ return ''; } - return tagsArray.sort().join( ',' ); + return tagsArray.map( function( tag ){ + return _.escape( tag ); + }).sort().join( ',' ); }, /** @returns {jQuery} the input for this view */ diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/packed/mvc/annotations.js --- a/static/scripts/packed/mvc/annotations.js +++ b/static/scripts/packed/mvc/annotations.js @@ -1,1 +1,1 @@ -define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',d,"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}}); \ No newline at end of file +define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',_.escape(d),"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}}); \ No newline at end of file diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/packed/mvc/tags.js --- a/static/scripts/packed/mvc/tags.js +++ b/static/scripts/packed/mvc/tags.js @@ -1,1 +1,1 @@ -define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}}); \ No newline at end of file +define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.map(function(e){return _.escape(e)}).sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}}); \ No newline at end of file diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/copy_view.mako --- a/templates/webapps/galaxy/dataset/copy_view.mako +++ b/templates/webapps/galaxy/dataset/copy_view.mako @@ -53,7 +53,7 @@ %><option value="${trans.security.encode_id(hist.id)}" ${selected}> - ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30)}${current_history_text} + ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30) | h}${current_history_text} </option> %endfor </select> @@ -70,7 +70,7 @@ %><div class="form-row"><input type="checkbox" name="source_content_ids" id="${input_id}" value="${input_id}"${checked}/> - <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name)}</label> + <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name) | h}</label></div> %endfor %else: @@ -95,7 +95,7 @@ if encoded_id == target_history_id: selected = " selected='selected'" %> - <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30)}${source_history_text}</option> + <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30) | h}${source_history_text}</option> %endfor </select><br /><br /><a style="margin-left: 10px;" href="javascript:void(0);" id="select-multiple">Choose multiple histories</a> @@ -110,7 +110,7 @@ %><div class="form-row"><input type="checkbox" name="target_history_ids" id="hist_${encoded_id}" value="${encoded_id}"/> - <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) }${cur_history_text}</label> + <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) | h }${cur_history_text}</label></div> %endfor </div> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/display.mako --- a/templates/webapps/galaxy/dataset/display.mako +++ b/templates/webapps/galaxy/dataset/display.mako @@ -26,13 +26,11 @@ data.createTabularDatasetChunkedView({ // TODO: encode id. dataset_config: - _.extend( ${h.dumps( item.to_dict() )}, - { - chunk_url: "${h.url_for( controller='/dataset', action='display', - dataset_id=trans.security.encode_id( item.id ))}", - first_data_chunk: ${first_chunk} - } - ), + _.extend( ${h.dumps( item.to_dict() )}, { + chunk_url: "${h.url_for( controller='/dataset', action='display', + dataset_id=trans.security.encode_id( item.id ))}", + first_data_chunk: ${first_chunk} + }), parent_elt: $('.page-body') }); }); diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/embed.mako --- a/templates/webapps/galaxy/dataset/embed.mako +++ b/templates/webapps/galaxy/dataset/embed.mako @@ -4,10 +4,13 @@ %><%def name="render_item_links( dataset )"> - <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}" title="Save dataset" class="icon-button disk"></a> + <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}" + title="Save dataset" class="icon-button disk"></a> ## Links for importing and viewing an item. - <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}" title="Import dataset" class="icon-button import"></a> - <a class="icon-button go-to-full-screen" href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}" title="Go to dataset"></a> + <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}" + title="Import dataset" class="icon-button import"></a> + <a href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}" + title="Go to dataset" class="icon-button go-to-full-screen"></a></%def> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/errors.mako --- a/templates/webapps/galaxy/dataset/errors.mako +++ b/templates/webapps/galaxy/dataset/errors.mako @@ -49,7 +49,7 @@ <body><h2>Dataset generation errors</h2> - <p><b>Dataset ${hda.hid}: ${hda.display_name()}</b></p> + <p><b>Dataset ${hda.hid}: ${hda.display_name() | h}</b></p><% job = hda.creating_job %> %if job: diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/security_common.mako --- a/templates/webapps/galaxy/dataset/security_common.mako +++ b/templates/webapps/galaxy/dataset/security_common.mako @@ -77,7 +77,7 @@ else: current_actions = [] permitted_actions = {}.items() - obj_str = 'unknown object %s' %obj_name + obj_str = 'unknown object %s' % obj_name obj_type = '' %><script type="text/javascript"> @@ -104,7 +104,7 @@ }); </script><div class="toolForm"> - <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str}</div> + <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str | h}</div><div class="toolFormBody"><form name="edit_role_associations" id="edit_role_associations" action="${form_url}" method="post"><div class="form-row"></div> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/tabular_chunked.mako --- a/templates/webapps/galaxy/dataset/tabular_chunked.mako +++ b/templates/webapps/galaxy/dataset/tabular_chunked.mako @@ -15,14 +15,12 @@ } }); - require(['mvc/data'], function(data) { + require([ 'mvc/data' ], function( data ) { data.createTabularDatasetChunkedView({ - dataset_config: _.extend( ${h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )}, - { - first_data_chunk: ${chunk} - } - ), - parent_elt: $('body') + dataset_config : _.extend( ${ h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )}, { + first_data_chunk: ${ chunk } + }), + parent_elt : $( 'body' ) }); }); </script> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/embed.mako --- a/templates/webapps/galaxy/history/embed.mako +++ b/templates/webapps/galaxy/history/embed.mako @@ -23,7 +23,7 @@ </a></h4> %if hasattr( item, "annotation") and item.annotation: - <div class="annotation">${item.annotation}</div> + <div class="annotation">${item.annotation | h}</div> %endif </div><div class='summary-content'> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/history_panel.mako --- a/templates/webapps/galaxy/history/history_panel.mako +++ /dev/null @@ -1,14 +0,0 @@ -## shortcuts for script tags that create history panels -## ---------------------------------------------------------------------------- -<%def name="current_history_panel( selector_to_attach_to=None, options )"> -</%def> - - -## ---------------------------------------------------------------------------- -<%def name="history_panel( history_id, selector_to_attach_to=None, options )"> -</%def> - - -## ---------------------------------------------------------------------------- -<%def name="bootstrapped_history_panel( history, hdas, selector_to_attach_to=None, options )"> -</%def> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/share.mako --- a/templates/webapps/galaxy/history/share.mako +++ b/templates/webapps/galaxy/history/share.mako @@ -20,7 +20,7 @@ <tr><td><input type="hidden" name="id" value="${trans.security.encode_id( history.id )}"> - ${ util.unicodify( history.name )} + ${ util.unicodify( history.name ) | h } </td><td> %if len( history.datasets ) < 1: diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/view.mako --- a/templates/webapps/galaxy/history/view.mako +++ b/templates/webapps/galaxy/history/view.mako @@ -1,4 +1,4 @@ -<%namespace file="/galaxy.masthead.mako" import="get_user_json" /> +<%namespace file="/galaxy_client_app.mako" import="get_user_json" /> ## ---------------------------------------------------------------------------- <%! @@ -166,9 +166,9 @@ // use_panels effects where the the center_panel() is rendered: // w/o it renders to the body, w/ it renders to #center - we need to adjust a few things for scrolling to work var hasMasthead = ${ 'true' if use_panels else 'false' }, - userIsOwner = ${'true' if user_is_owner else 'false'}, - historyJSON = ${h.dumps( history )}, - hdaJSON = ${h.dumps( hdas )}, + userIsOwner = ${ 'true' if user_is_owner else 'false' }, + historyJSON = ${ h.dumps( history ) }, + hdaJSON = ${ h.dumps( hdas ) }, panelToUse = ( userIsOwner )? //TODO: change class names ({ location: 'mvc/history/history-panel-edit', className: 'HistoryPanelEdit' }): diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/page/editor.mako --- a/templates/webapps/galaxy/page/editor.mako +++ b/templates/webapps/galaxy/page/editor.mako @@ -47,7 +47,7 @@ <a id="close-button" class="panel-header-button">Close</a></div><div class="unified-panel-header-inner"> - Page Editor <span style="font-weight: normal">| Title : ${page.title}</span> + Page Editor <span style="font-weight: normal">| Title : ${page.title | h}</span></div></div> diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/page/index.mako --- a/templates/webapps/galaxy/page/index.mako +++ b/templates/webapps/galaxy/page/index.mako @@ -30,7 +30,7 @@ <% page = association.page %><tr><td> - <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title}</a> + <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title | h}</a></td><td>${page.user.username}</td><td> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: carlfeberhard: Security, UI: minor fixes to history, dataset, and page escaping; escape js tag and annotation displays

by commits-noreply＠bitbucket.org

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/9dc543bfedd7/ Changeset: 9dc543bfedd7 Branch: next-stable User: carlfeberhard Date: 2014-11-26 17:28:28+00:00 Summary: Security, UI: minor fixes to history, dataset, and page escaping; escape js tag and annotation displays Affected #: 18 files diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 client/galaxy/scripts/mvc/annotations.js --- a/client/galaxy/scripts/mvc/annotations.js +++ b/client/galaxy/scripts/mvc/annotations.js @@ -56,7 +56,7 @@ '<label class="prompt">', _l( 'Annotation' ), '</label>', // set up initial tags by adding as CSV to input vals (necc. to init select2) '<div class="annotation" title="', _l( 'Edit annotation' ), '">', - annotation, + _.escape( annotation ), '</div>' ].join( '' ); }, diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 client/galaxy/scripts/mvc/tags.js --- a/client/galaxy/scripts/mvc/tags.js +++ b/client/galaxy/scripts/mvc/tags.js @@ -56,7 +56,9 @@ if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){ return ''; } - return tagsArray.sort().join( ',' ); + return tagsArray.map( function( tag ){ + return _.escape( tag ); + }).sort().join( ',' ); }, /** @returns {jQuery} the input for this view */ diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/mvc/annotations.js --- a/static/scripts/mvc/annotations.js +++ b/static/scripts/mvc/annotations.js @@ -56,7 +56,7 @@ '<label class="prompt">', _l( 'Annotation' ), '</label>', // set up initial tags by adding as CSV to input vals (necc. to init select2) '<div class="annotation" title="', _l( 'Edit annotation' ), '">', - annotation, + _.escape( annotation ), '</div>' ].join( '' ); }, diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/mvc/tags.js --- a/static/scripts/mvc/tags.js +++ b/static/scripts/mvc/tags.js @@ -56,7 +56,9 @@ if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){ return ''; } - return tagsArray.sort().join( ',' ); + return tagsArray.map( function( tag ){ + return _.escape( tag ); + }).sort().join( ',' ); }, /** @returns {jQuery} the input for this view */ diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/packed/mvc/annotations.js --- a/static/scripts/packed/mvc/annotations.js +++ b/static/scripts/packed/mvc/annotations.js @@ -1,1 +1,1 @@ -define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',d,"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}}); \ No newline at end of file +define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',_.escape(d),"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}}); \ No newline at end of file diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/packed/mvc/tags.js --- a/static/scripts/packed/mvc/tags.js +++ b/static/scripts/packed/mvc/tags.js @@ -1,1 +1,1 @@ -define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}}); \ No newline at end of file +define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.map(function(e){return _.escape(e)}).sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}}); \ No newline at end of file diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/copy_view.mako --- a/templates/webapps/galaxy/dataset/copy_view.mako +++ b/templates/webapps/galaxy/dataset/copy_view.mako @@ -53,7 +53,7 @@ %><option value="${trans.security.encode_id(hist.id)}" ${selected}> - ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30)}${current_history_text} + ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30) | h}${current_history_text} </option> %endfor </select> @@ -70,7 +70,7 @@ %><div class="form-row"><input type="checkbox" name="source_content_ids" id="${input_id}" value="${input_id}"${checked}/> - <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name)}</label> + <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name) | h}</label></div> %endfor %else: @@ -95,7 +95,7 @@ if encoded_id == target_history_id: selected = " selected='selected'" %> - <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30)}${source_history_text}</option> + <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30) | h}${source_history_text}</option> %endfor </select><br /><br /><a style="margin-left: 10px;" href="javascript:void(0);" id="select-multiple">Choose multiple histories</a> @@ -110,7 +110,7 @@ %><div class="form-row"><input type="checkbox" name="target_history_ids" id="hist_${encoded_id}" value="${encoded_id}"/> - <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) }${cur_history_text}</label> + <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) | h }${cur_history_text}</label></div> %endfor </div> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/display.mako --- a/templates/webapps/galaxy/dataset/display.mako +++ b/templates/webapps/galaxy/dataset/display.mako @@ -26,13 +26,11 @@ data.createTabularDatasetChunkedView({ // TODO: encode id. dataset_config: - _.extend( ${h.dumps( item.to_dict() )}, - { - chunk_url: "${h.url_for( controller='/dataset', action='display', - dataset_id=trans.security.encode_id( item.id ))}", - first_data_chunk: ${first_chunk} - } - ), + _.extend( ${h.dumps( item.to_dict() )}, { + chunk_url: "${h.url_for( controller='/dataset', action='display', + dataset_id=trans.security.encode_id( item.id ))}", + first_data_chunk: ${first_chunk} + }), parent_elt: $('.page-body') }); }); diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/embed.mako --- a/templates/webapps/galaxy/dataset/embed.mako +++ b/templates/webapps/galaxy/dataset/embed.mako @@ -4,10 +4,13 @@ %><%def name="render_item_links( dataset )"> - <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}" title="Save dataset" class="icon-button disk"></a> + <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}" + title="Save dataset" class="icon-button disk"></a> ## Links for importing and viewing an item. - <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}" title="Import dataset" class="icon-button import"></a> - <a class="icon-button go-to-full-screen" href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}" title="Go to dataset"></a> + <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}" + title="Import dataset" class="icon-button import"></a> + <a href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}" + title="Go to dataset" class="icon-button go-to-full-screen"></a></%def> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/errors.mako --- a/templates/webapps/galaxy/dataset/errors.mako +++ b/templates/webapps/galaxy/dataset/errors.mako @@ -49,7 +49,7 @@ <body><h2>Dataset generation errors</h2> - <p><b>Dataset ${hda.hid}: ${hda.display_name()}</b></p> + <p><b>Dataset ${hda.hid}: ${hda.display_name() | h}</b></p><% job = hda.creating_job %> %if job: diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/security_common.mako --- a/templates/webapps/galaxy/dataset/security_common.mako +++ b/templates/webapps/galaxy/dataset/security_common.mako @@ -77,7 +77,7 @@ else: current_actions = [] permitted_actions = {}.items() - obj_str = 'unknown object %s' %obj_name + obj_str = 'unknown object %s' % obj_name obj_type = '' %><script type="text/javascript"> @@ -104,7 +104,7 @@ }); </script><div class="toolForm"> - <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str}</div> + <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str | h}</div><div class="toolFormBody"><form name="edit_role_associations" id="edit_role_associations" action="${form_url}" method="post"><div class="form-row"></div> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/tabular_chunked.mako --- a/templates/webapps/galaxy/dataset/tabular_chunked.mako +++ b/templates/webapps/galaxy/dataset/tabular_chunked.mako @@ -15,14 +15,12 @@ } }); - require(['mvc/data'], function(data) { + require([ 'mvc/data' ], function( data ) { data.createTabularDatasetChunkedView({ - dataset_config: _.extend( ${h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )}, - { - first_data_chunk: ${chunk} - } - ), - parent_elt: $('body') + dataset_config : _.extend( ${ h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )}, { + first_data_chunk: ${ chunk } + }), + parent_elt : $( 'body' ) }); }); </script> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/embed.mako --- a/templates/webapps/galaxy/history/embed.mako +++ b/templates/webapps/galaxy/history/embed.mako @@ -23,7 +23,7 @@ </a></h4> %if hasattr( item, "annotation") and item.annotation: - <div class="annotation">${item.annotation}</div> + <div class="annotation">${item.annotation | h}</div> %endif </div><div class='summary-content'> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/history_panel.mako --- a/templates/webapps/galaxy/history/history_panel.mako +++ /dev/null @@ -1,14 +0,0 @@ -## shortcuts for script tags that create history panels -## ---------------------------------------------------------------------------- -<%def name="current_history_panel( selector_to_attach_to=None, options )"> -</%def> - - -## ---------------------------------------------------------------------------- -<%def name="history_panel( history_id, selector_to_attach_to=None, options )"> -</%def> - - -## ---------------------------------------------------------------------------- -<%def name="bootstrapped_history_panel( history, hdas, selector_to_attach_to=None, options )"> -</%def> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/share.mako --- a/templates/webapps/galaxy/history/share.mako +++ b/templates/webapps/galaxy/history/share.mako @@ -20,7 +20,7 @@ <tr><td><input type="hidden" name="id" value="${trans.security.encode_id( history.id )}"> - ${ util.unicodify( history.name )} + ${ util.unicodify( history.name ) | h } </td><td> %if len( history.datasets ) < 1: diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/view.mako --- a/templates/webapps/galaxy/history/view.mako +++ b/templates/webapps/galaxy/history/view.mako @@ -1,4 +1,4 @@ -<%namespace file="/galaxy.masthead.mako" import="get_user_json" /> +<%namespace file="/galaxy_client_app.mako" import="get_user_json" /> ## ---------------------------------------------------------------------------- <%! @@ -166,9 +166,9 @@ // use_panels effects where the the center_panel() is rendered: // w/o it renders to the body, w/ it renders to #center - we need to adjust a few things for scrolling to work var hasMasthead = ${ 'true' if use_panels else 'false' }, - userIsOwner = ${'true' if user_is_owner else 'false'}, - historyJSON = ${h.dumps( history )}, - hdaJSON = ${h.dumps( hdas )}, + userIsOwner = ${ 'true' if user_is_owner else 'false' }, + historyJSON = ${ h.dumps( history ) }, + hdaJSON = ${ h.dumps( hdas ) }, panelToUse = ( userIsOwner )? //TODO: change class names ({ location: 'mvc/history/history-panel-edit', className: 'HistoryPanelEdit' }): diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/page/editor.mako --- a/templates/webapps/galaxy/page/editor.mako +++ b/templates/webapps/galaxy/page/editor.mako @@ -47,7 +47,7 @@ <a id="close-button" class="panel-header-button">Close</a></div><div class="unified-panel-header-inner"> - Page Editor <span style="font-weight: normal">| Title : ${page.title}</span> + Page Editor <span style="font-weight: normal">| Title : ${page.title | h}</span></div></div> diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/page/index.mako --- a/templates/webapps/galaxy/page/index.mako +++ b/templates/webapps/galaxy/page/index.mako @@ -30,7 +30,7 @@ <% page = association.page %><tr><td> - <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title}</a> + <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title | h}</a></td><td>${page.user.username}</td><td> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: 2 new changesets

by commits-noreply＠bitbucket.org

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/06100e9a5626/ Changeset: 06100e9a5626 Branch: next-stable User: jmchilton Date: 2014-11-26 13:57:49+00:00 Summary: galaxy.ini.sample doc clarifications. Fix typo caught by Martin. Add warning message about why public servers should not disable sanitize_all_html. Affected #: 1 file diff -r 9925a5adf6c4b65d3242d99bc16138839ad7ef21 -r 06100e9a5626c38f3182e353470e882c29564c63 config/galaxy.ini.sample --- a/config/galaxy.ini.sample +++ b/config/galaxy.ini.sample @@ -523,13 +523,14 @@ # it faster on the fly. #upstream_gzip = False -# The following default adds a header to web request responses that will cause -# modern web browsers to not allow Galaxy to be embedded in the frames of web -# applications hosted at other hosts - this can help prevent a class of attack -# called clickjacking (https://www.owasp.org/index.php/Clickjacking). If you -# configuring a proxy to sit infront of Galaxy - please ensure this header -# remains intact to protect your users. Uncomment and leave empty to not set -# the `X-Frame-Options` header. +# The following default adds a header to web request responses that +# will cause modern web browsers to not allow Galaxy to be embedded in +# the frames of web applications hosted at other hosts - this can help +# prevent a class of attack called clickjacking +# (https://www.owasp.org/index.php/Clickjacking). If you configure a +# proxy in front of Galaxy - please ensure this header remains intact +# to protect your users. Uncomment and leave empty to not set the +# `X-Frame-Options` header. #x_frame_options = SAMEORIGIN # nginx can also handle file uploads (user-to-Galaxy) via nginx_upload_module. @@ -586,10 +587,11 @@ # log_events and log_actions functionality will eventually be merged. #log_actions = True -# Sanitize All HTML Tool Output -# By default, all tool output served as 'text/html' will be sanitized -# thoroughly. This can be disabled if you have special tools that require -# unaltered output. +# Sanitize All HTML Tool Output By default, all tool output served as +# 'text/html' will be sanitized thoroughly. This can be disabled if +# you have special tools that require unaltered output. WARNING: +# Disabling this does make the Galxy instance susceptible to XSS +# attacks initiated by your users. #sanitize_all_html = True # By default Galaxy will serve non-HTML tool output that may potentially https://bitbucket.org/galaxy/galaxy-central/commits/d32c333831cc/ Changeset: d32c333831cc User: jmchilton Date: 2014-11-26 13:58:14+00:00 Summary: Merge next-stable. Affected #: 1 file diff -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 -r d32c333831cc36c13430ca17ab893cab79554873 config/galaxy.ini.sample --- a/config/galaxy.ini.sample +++ b/config/galaxy.ini.sample @@ -523,13 +523,14 @@ # it faster on the fly. #upstream_gzip = False -# The following default adds a header to web request responses that will cause -# modern web browsers to not allow Galaxy to be embedded in the frames of web -# applications hosted at other hosts - this can help prevent a class of attack -# called clickjacking (https://www.owasp.org/index.php/Clickjacking). If you -# configuring a proxy to sit infront of Galaxy - please ensure this header -# remains intact to protect your users. Uncomment and leave empty to not set -# the `X-Frame-Options` header. +# The following default adds a header to web request responses that +# will cause modern web browsers to not allow Galaxy to be embedded in +# the frames of web applications hosted at other hosts - this can help +# prevent a class of attack called clickjacking +# (https://www.owasp.org/index.php/Clickjacking). If you configure a +# proxy in front of Galaxy - please ensure this header remains intact +# to protect your users. Uncomment and leave empty to not set the +# `X-Frame-Options` header. #x_frame_options = SAMEORIGIN # nginx can also handle file uploads (user-to-Galaxy) via nginx_upload_module. @@ -586,10 +587,11 @@ # log_events and log_actions functionality will eventually be merged. #log_actions = True -# Sanitize All HTML Tool Output -# By default, all tool output served as 'text/html' will be sanitized -# thoroughly. This can be disabled if you have special tools that require -# unaltered output. +# Sanitize All HTML Tool Output By default, all tool output served as +# 'text/html' will be sanitized thoroughly. This can be disabled if +# you have special tools that require unaltered output. WARNING: +# Disabling this does make the Galxy instance susceptible to XSS +# attacks initiated by your users. #sanitize_all_html = True # By default Galaxy will serve non-HTML tool output that may potentially Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

commit/galaxy-central: 3 new changesets

by commits-noreply＠bitbucket.org

3 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/1d43f611d5a9/ Changeset: 1d43f611d5a9 Branch: next-stable User: jmchilton Date: 2014-11-26 04:02:05+00:00 Summary: Skip galaxy.tools.watcher test if watchdog unavailable. Instead of failing. Affected #: 1 file diff -r c16fea918b33fd4e1ec52c3b5c38981d9c88cfa0 -r 1d43f611d5a98003c7d3b488bdb6a3ba9e982d8a test/unit/tools/test_watcher.py --- a/test/unit/tools/test_watcher.py +++ b/test/unit/tools/test_watcher.py @@ -9,6 +9,10 @@ def test_watcher(): + if not watcher.can_watch: + from nose.plugins.skip import SkipTest + raise SkipTest() + with __test_directory() as t: tool_path = path.join(t, "test.xml") toolbox = Toolbox() https://bitbucket.org/galaxy/galaxy-central/commits/9925a5adf6c4/ Changeset: 9925a5adf6c4 Branch: next-stable User: jmchilton Date: 2014-11-26 04:02:05+00:00 Summary: Attempt fix of test/unit/test_lazy_process.py which transiently fails. Affected #: 1 file diff -r 1d43f611d5a98003c7d3b488bdb6a3ba9e982d8a -r 9925a5adf6c4b65d3242d99bc16138839ad7ef21 test/unit/test_lazy_process.py --- a/test/unit/test_lazy_process.py +++ b/test/unit/test_lazy_process.py @@ -11,9 +11,8 @@ lazy_process = LazyProcess(["bash", "-c", "touch %s; sleep 100" % t.name]) assert not os.path.exists(t.name) lazy_process.start_process() - time.sleep(.02) + while not os.path.exists(t.name): + time.sleep(.01) assert lazy_process.process.poll() is None - assert os.path.exists(t.name) lazy_process.shutdown() - time.sleep(.02) assert lazy_process.process.poll() https://bitbucket.org/galaxy/galaxy-central/commits/bf6fe8748b4d/ Changeset: bf6fe8748b4d User: jmchilton Date: 2014-11-26 04:03:03+00:00 Summary: Merge next-stable. Affected #: 2 files diff -r 30132ca365effac14fe5fd419ed39d20b83fcbc6 -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 test/unit/test_lazy_process.py --- a/test/unit/test_lazy_process.py +++ b/test/unit/test_lazy_process.py @@ -11,9 +11,8 @@ lazy_process = LazyProcess(["bash", "-c", "touch %s; sleep 100" % t.name]) assert not os.path.exists(t.name) lazy_process.start_process() - time.sleep(.02) + while not os.path.exists(t.name): + time.sleep(.01) assert lazy_process.process.poll() is None - assert os.path.exists(t.name) lazy_process.shutdown() - time.sleep(.02) assert lazy_process.process.poll() diff -r 30132ca365effac14fe5fd419ed39d20b83fcbc6 -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 test/unit/tools/test_watcher.py --- a/test/unit/tools/test_watcher.py +++ b/test/unit/tools/test_watcher.py @@ -9,6 +9,10 @@ def test_watcher(): + if not watcher.can_watch: + from nose.plugins.skip import SkipTest + raise SkipTest() + with __test_directory() as t: tool_path = path.join(t, "test.xml") toolbox = Toolbox() Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

8 years, 2 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

galaxy-commits November 2014