commit/galaxy-central: natefoo: Update tag latest_2014.10.06 for changeset acb2548443ae
by commits-noreply@bitbucket.org
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/26aab19109ce/
Changeset: 26aab19109ce
Branch: stable
User: natefoo
Date: 2014-11-27 14:00:14+00:00
Summary: Update tag latest_2014.10.06 for changeset acb2548443ae
Affected #: 1 file
diff -r acb2548443ae42d39ef200d035ccc0481d6b930c -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 .hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -20,4 +20,4 @@
ca45b78adb4152fc6e7395514d46eba6b7d0b838 release_2014.08.11
548ab24667d6206780237bd807f7d857a484c461 latest_2014.08.11
2092948937ac30ef82f71463a235c66d34987088 release_2014.10.06
-adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 latest_2014.10.06
+acb2548443ae42d39ef200d035ccc0481d6b930c latest_2014.10.06
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: dannon: Merge next-stable.
by commits-noreply@bitbucket.org
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/3975b317ffdc/
Changeset: 3975b317ffdc
User: dannon
Date: 2014-11-26 18:25:30+00:00
Summary: Merge next-stable.
Affected #: 1 file
diff -r c5321f66c314cdfcaeb0aaedcc65c479558abf3a -r 3975b317ffdcbaa6c8dcb4b2b52404bfa34edbc2 lib/galaxy/workflow/modules.py
--- a/lib/galaxy/workflow/modules.py
+++ b/lib/galaxy/workflow/modules.py
@@ -148,7 +148,7 @@
"""
raise TypeError( "Abstract method" )
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
""" Determine the runtime state (potentially different from self.state
which describes configuration state). This (again unlike self.state) is
currently always a `DefaultToolState` object.
@@ -259,7 +259,7 @@
errors[ name ] = error
return errors
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
if step_updates and "tool_state" in step_updates:
# Fix this for multiple inputs
state = self.decode_runtime_state( trans, step_updates.pop( "tool_state" ) )
@@ -716,7 +716,7 @@
def check_and_update_state( self ):
return self.tool.check_and_update_param_values( self.state.inputs, self.trans, allow_workflow_parameters=True )
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
# Warning: This method destructively modifies existing step state.
step_errors = None
state = self.state
@@ -727,7 +727,7 @@
old_errors = state.inputs.pop( "__errors__", {} )
# Update the state
step_errors = tool.update_state( trans, tool.inputs, state.inputs, step_updates,
- update_only=True, old_errors=old_errors, source="json" )
+ update_only=True, old_errors=old_errors, source=source )
return state, step_errors
def execute( self, trans, progress, invocation, step ):
@@ -956,7 +956,7 @@
def __init__( self, trans ):
self.trans = trans
- def inject( self, step, step_args=None ):
+ def inject( self, step, step_args=None, source="html" ):
""" Pre-condition: `step` is an ORM object coming from the database, if
supplied `step_args` is the representation of the inputs for that step
supplied via web form.
@@ -998,7 +998,7 @@
# are not persisted so we need to do it every time)
module.add_dummy_datasets( connections=step.input_connections )
- state, step_errors = module.compute_runtime_state( trans, step_args )
+ state, step_errors = module.compute_runtime_state( trans, step_args, source=source )
step.state = state
return step_errors
@@ -1011,7 +1011,7 @@
module_injector = WorkflowModuleInjector( trans )
for step in workflow.steps:
step_args = param_map.get( step.id, {} )
- step_errors = module_injector.inject( step, step_args=step_args )
+ step_errors = module_injector.inject( step, step_args=step_args, source="json" )
if step.type == 'tool' or step.type is None:
if step_errors:
message = "Workflow cannot be run because of validation errors in some steps: %s" % step_errors
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: jmchilton: Fix boolean parameter handling at workflow runtime.
by commits-noreply@bitbucket.org
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/3a30a79840d4/
Changeset: 3a30a79840d4
Branch: next-stable
User: jmchilton
Date: 2014-11-26 17:42:00+00:00
Summary: Fix boolean parameter handling at workflow runtime.
Broken with 011c8b2118be778eaf1ba952730ff876d6447ba9.
Note to self - update pause module when merging into next-stable.
Affected #: 1 file
diff -r d94fef1095439d5cf7145ca6eb13b9f12f453874 -r 3a30a79840d4e5e4896910dcf2f161a38d7977b0 lib/galaxy/workflow/modules.py
--- a/lib/galaxy/workflow/modules.py
+++ b/lib/galaxy/workflow/modules.py
@@ -148,7 +148,7 @@
"""
raise TypeError( "Abstract method" )
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
""" Determine the runtime state (potentially different from self.state
which describes configuration state). This (again unlike self.state) is
currently always a `DefaultToolState` object.
@@ -259,7 +259,7 @@
errors[ name ] = error
return errors
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
if step_updates and "tool_state" in step_updates:
# Fix this for multiple inputs
state = self.decode_runtime_state( trans, step_updates.pop( "tool_state" ) )
@@ -716,7 +716,7 @@
def check_and_update_state( self ):
return self.tool.check_and_update_param_values( self.state.inputs, self.trans, allow_workflow_parameters=True )
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
# Warning: This method destructively modifies existing step state.
step_errors = None
state = self.state
@@ -727,7 +727,7 @@
old_errors = state.inputs.pop( "__errors__", {} )
# Update the state
step_errors = tool.update_state( trans, tool.inputs, state.inputs, step_updates,
- update_only=True, old_errors=old_errors, source="json" )
+ update_only=True, old_errors=old_errors, source=source )
return state, step_errors
def execute( self, trans, progress, invocation, step ):
@@ -956,7 +956,7 @@
def __init__( self, trans ):
self.trans = trans
- def inject( self, step, step_args=None ):
+ def inject( self, step, step_args=None, source="html" ):
""" Pre-condition: `step` is an ORM object coming from the database, if
supplied `step_args` is the representation of the inputs for that step
supplied via web form.
@@ -998,7 +998,7 @@
# are not persisted so we need to do it every time)
module.add_dummy_datasets( connections=step.input_connections )
- state, step_errors = module.compute_runtime_state( trans, step_args )
+ state, step_errors = module.compute_runtime_state( trans, step_args, source=source )
step.state = state
return step_errors
@@ -1011,7 +1011,7 @@
module_injector = WorkflowModuleInjector( trans )
for step in workflow.steps:
step_args = param_map.get( step.id, {} )
- step_errors = module_injector.inject( step, step_args=step_args )
+ step_errors = module_injector.inject( step, step_args=step_args, source="json" )
if step.type == 'tool' or step.type is None:
if step_errors:
message = "Workflow cannot be run because of validation errors in some steps: %s" % step_errors
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: jmchilton: Fix boolean parameter handling at workflow runtime.
by commits-noreply@bitbucket.org
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/acb2548443ae/
Changeset: acb2548443ae
Branch: stable
User: jmchilton
Date: 2014-11-26 17:42:00+00:00
Summary: Fix boolean parameter handling at workflow runtime.
Broken with 011c8b2118be778eaf1ba952730ff876d6447ba9.
Note to self - update pause module when merging into next-stable.
Affected #: 1 file
diff -r c50a228167b0a1a4541f46bb19b8d67c9010248d -r acb2548443ae42d39ef200d035ccc0481d6b930c lib/galaxy/workflow/modules.py
--- a/lib/galaxy/workflow/modules.py
+++ b/lib/galaxy/workflow/modules.py
@@ -147,7 +147,7 @@
"""
raise TypeError( "Abstract method" )
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
""" Determine the runtime state (potentially different from self.state
which describes configuration state). This (again unlike self.state) is
currently always a `DefaultToolState` object.
@@ -258,7 +258,7 @@
errors[ name ] = error
return errors
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
if step_updates:
# Fix this for multiple inputs
state = self.decode_runtime_state( trans, step_updates.pop( "tool_state" ) )
@@ -598,7 +598,7 @@
def check_and_update_state( self ):
return self.tool.check_and_update_param_values( self.state.inputs, self.trans, allow_workflow_parameters=True )
- def compute_runtime_state( self, trans, step_updates=None ):
+ def compute_runtime_state( self, trans, step_updates=None, source="html" ):
# Warning: This method destructively modifies existing step state.
step_errors = None
state = self.state
@@ -609,7 +609,7 @@
old_errors = state.inputs.pop( "__errors__", {} )
# Update the state
step_errors = tool.update_state( trans, tool.inputs, state.inputs, step_updates,
- update_only=True, old_errors=old_errors, source="json" )
+ update_only=True, old_errors=old_errors, source=source )
return state, step_errors
def execute( self, trans, progress, invocation, step ):
@@ -784,7 +784,7 @@
def __init__( self, trans ):
self.trans = trans
- def inject( self, step, step_args=None ):
+ def inject( self, step, step_args=None, source="html" ):
""" Pre-condition: `step` is an ORM object coming from the database, if
supplied `step_args` is the representation of the inputs for that step
supplied via web form.
@@ -827,7 +827,7 @@
# are not persisted so we need to do it every time)
module.add_dummy_datasets( connections=step.input_connections )
- state, step_errors = module.compute_runtime_state( trans, step_args )
+ state, step_errors = module.compute_runtime_state( trans, step_args, source=source )
step.state = state
return step_errors
@@ -840,7 +840,7 @@
module_injector = WorkflowModuleInjector( trans )
for step in workflow.steps:
step_args = param_map.get( step.id, {} )
- step_errors = module_injector.inject( step, step_args=step_args )
+ step_errors = module_injector.inject( step, step_args=step_args, source="json" )
if step.type == 'tool' or step.type is None:
if step_errors:
message = "Workflow cannot be run because of validation errors in some steps: %s" % step_errors
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: 2 new changesets
by commits-noreply@bitbucket.org
2 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/d94fef109543/
Changeset: d94fef109543
Branch: next-stable
User: guerler
Date: 2014-11-26 17:42:46+00:00
Summary: ToolForm: Ensure that the correct definition for booleans is used
Affected #: 1 file
diff -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 -r d94fef1095439d5cf7145ca6eb13b9f12f453874 lib/galaxy/webapps/galaxy/api/tools.py
--- a/lib/galaxy/webapps/galaxy/api/tools.py
+++ b/lib/galaxy/webapps/galaxy/api/tools.py
@@ -587,7 +587,7 @@
error = 'State validation failed.'
try:
# resolves the inconsistent definition of boolean parameters (see base.py) without modifying shared code
- if input.type == 'boolean':
+ if input.type == 'boolean' and isinstance(default_value, basestring):
value, error = [util.string_as_bool(default_value), None]
else:
value, error = check_param(trans, input, default_value, context)
https://bitbucket.org/galaxy/galaxy-central/commits/c5321f66c314/
Changeset: c5321f66c314
User: guerler
Date: 2014-11-26 17:43:05+00:00
Summary: Merge
Affected #: 1 file
diff -r 5f178251e9b579f62ceb172ab562d67d1c841b73 -r c5321f66c314cdfcaeb0aaedcc65c479558abf3a lib/galaxy/webapps/galaxy/api/tools.py
--- a/lib/galaxy/webapps/galaxy/api/tools.py
+++ b/lib/galaxy/webapps/galaxy/api/tools.py
@@ -594,7 +594,7 @@
error = 'State validation failed.'
try:
# resolves the inconsistent definition of boolean parameters (see base.py) without modifying shared code
- if input.type == 'boolean':
+ if input.type == 'boolean' and isinstance(default_value, basestring):
value, error = [util.string_as_bool(default_value), None]
else:
value, error = check_param(trans, input, default_value, context)
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: carlfeberhard: merge
by commits-noreply@bitbucket.org
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/5f178251e9b5/
Changeset: 5f178251e9b5
User: carlfeberhard
Date: 2014-11-26 17:29:18+00:00
Summary: merge
Affected #: 18 files
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 client/galaxy/scripts/mvc/annotations.js
--- a/client/galaxy/scripts/mvc/annotations.js
+++ b/client/galaxy/scripts/mvc/annotations.js
@@ -56,7 +56,7 @@
'<label class="prompt">', _l( 'Annotation' ), '</label>',
// set up initial tags by adding as CSV to input vals (necc. to init select2)
'<div class="annotation" title="', _l( 'Edit annotation' ), '">',
- annotation,
+ _.escape( annotation ),
'</div>'
].join( '' );
},
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 client/galaxy/scripts/mvc/tags.js
--- a/client/galaxy/scripts/mvc/tags.js
+++ b/client/galaxy/scripts/mvc/tags.js
@@ -56,7 +56,9 @@
if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){
return '';
}
- return tagsArray.sort().join( ',' );
+ return tagsArray.map( function( tag ){
+ return _.escape( tag );
+ }).sort().join( ',' );
},
/** @returns {jQuery} the input for this view */
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/mvc/annotations.js
--- a/static/scripts/mvc/annotations.js
+++ b/static/scripts/mvc/annotations.js
@@ -56,7 +56,7 @@
'<label class="prompt">', _l( 'Annotation' ), '</label>',
// set up initial tags by adding as CSV to input vals (necc. to init select2)
'<div class="annotation" title="', _l( 'Edit annotation' ), '">',
- annotation,
+ _.escape( annotation ),
'</div>'
].join( '' );
},
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/mvc/tags.js
--- a/static/scripts/mvc/tags.js
+++ b/static/scripts/mvc/tags.js
@@ -56,7 +56,9 @@
if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){
return '';
}
- return tagsArray.sort().join( ',' );
+ return tagsArray.map( function( tag ){
+ return _.escape( tag );
+ }).sort().join( ',' );
},
/** @returns {jQuery} the input for this view */
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/packed/mvc/annotations.js
--- a/static/scripts/packed/mvc/annotations.js
+++ b/static/scripts/packed/mvc/annotations.js
@@ -1,1 +1,1 @@
-define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',d,"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}});
\ No newline at end of file
+define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',_.escape(d),"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}});
\ No newline at end of file
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 static/scripts/packed/mvc/tags.js
--- a/static/scripts/packed/mvc/tags.js
+++ b/static/scripts/packed/mvc/tags.js
@@ -1,1 +1,1 @@
-define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}});
\ No newline at end of file
+define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.map(function(e){return _.escape(e)}).sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}});
\ No newline at end of file
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/copy_view.mako
--- a/templates/webapps/galaxy/dataset/copy_view.mako
+++ b/templates/webapps/galaxy/dataset/copy_view.mako
@@ -53,7 +53,7 @@
%><option value="${trans.security.encode_id(hist.id)}" ${selected}>
- ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30)}${current_history_text}
+ ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30) | h}${current_history_text}
</option>
%endfor
</select>
@@ -70,7 +70,7 @@
%><div class="form-row"><input type="checkbox" name="source_content_ids" id="${input_id}" value="${input_id}"${checked}/>
- <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name)}</label>
+ <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name) | h}</label></div>
%endfor
%else:
@@ -95,7 +95,7 @@
if encoded_id == target_history_id:
selected = " selected='selected'"
%>
- <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30)}${source_history_text}</option>
+ <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30) | h}${source_history_text}</option>
%endfor
</select><br /><br /><a style="margin-left: 10px;" href="javascript:void(0);" id="select-multiple">Choose multiple histories</a>
@@ -110,7 +110,7 @@
%><div class="form-row"><input type="checkbox" name="target_history_ids" id="hist_${encoded_id}" value="${encoded_id}"/>
- <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) }${cur_history_text}</label>
+ <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) | h }${cur_history_text}</label></div>
%endfor
</div>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/display.mako
--- a/templates/webapps/galaxy/dataset/display.mako
+++ b/templates/webapps/galaxy/dataset/display.mako
@@ -26,13 +26,11 @@
data.createTabularDatasetChunkedView({
// TODO: encode id.
dataset_config:
- _.extend( ${h.dumps( item.to_dict() )},
- {
- chunk_url: "${h.url_for( controller='/dataset', action='display',
- dataset_id=trans.security.encode_id( item.id ))}",
- first_data_chunk: ${first_chunk}
- }
- ),
+ _.extend( ${h.dumps( item.to_dict() )}, {
+ chunk_url: "${h.url_for( controller='/dataset', action='display',
+ dataset_id=trans.security.encode_id( item.id ))}",
+ first_data_chunk: ${first_chunk}
+ }),
parent_elt: $('.page-body')
});
});
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/embed.mako
--- a/templates/webapps/galaxy/dataset/embed.mako
+++ b/templates/webapps/galaxy/dataset/embed.mako
@@ -4,10 +4,13 @@
%><%def name="render_item_links( dataset )">
- <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}" title="Save dataset" class="icon-button disk"></a>
+ <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}"
+ title="Save dataset" class="icon-button disk"></a>
## Links for importing and viewing an item.
- <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}" title="Import dataset" class="icon-button import"></a>
- <a class="icon-button go-to-full-screen" href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}" title="Go to dataset"></a>
+ <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}"
+ title="Import dataset" class="icon-button import"></a>
+ <a href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}"
+ title="Go to dataset" class="icon-button go-to-full-screen"></a></%def>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/errors.mako
--- a/templates/webapps/galaxy/dataset/errors.mako
+++ b/templates/webapps/galaxy/dataset/errors.mako
@@ -49,7 +49,7 @@
<body><h2>Dataset generation errors</h2>
- <p><b>Dataset ${hda.hid}: ${hda.display_name()}</b></p>
+ <p><b>Dataset ${hda.hid}: ${hda.display_name() | h}</b></p><% job = hda.creating_job %>
%if job:
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/security_common.mako
--- a/templates/webapps/galaxy/dataset/security_common.mako
+++ b/templates/webapps/galaxy/dataset/security_common.mako
@@ -77,7 +77,7 @@
else:
current_actions = []
permitted_actions = {}.items()
- obj_str = 'unknown object %s' %obj_name
+ obj_str = 'unknown object %s' % obj_name
obj_type = ''
%><script type="text/javascript">
@@ -104,7 +104,7 @@
});
</script><div class="toolForm">
- <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str}</div>
+ <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str | h}</div><div class="toolFormBody"><form name="edit_role_associations" id="edit_role_associations" action="${form_url}" method="post"><div class="form-row"></div>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/dataset/tabular_chunked.mako
--- a/templates/webapps/galaxy/dataset/tabular_chunked.mako
+++ b/templates/webapps/galaxy/dataset/tabular_chunked.mako
@@ -15,14 +15,12 @@
}
});
- require(['mvc/data'], function(data) {
+ require([ 'mvc/data' ], function( data ) {
data.createTabularDatasetChunkedView({
- dataset_config: _.extend( ${h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )},
- {
- first_data_chunk: ${chunk}
- }
- ),
- parent_elt: $('body')
+ dataset_config : _.extend( ${ h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )}, {
+ first_data_chunk: ${ chunk }
+ }),
+ parent_elt : $( 'body' )
});
});
</script>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/embed.mako
--- a/templates/webapps/galaxy/history/embed.mako
+++ b/templates/webapps/galaxy/history/embed.mako
@@ -23,7 +23,7 @@
</a></h4>
%if hasattr( item, "annotation") and item.annotation:
- <div class="annotation">${item.annotation}</div>
+ <div class="annotation">${item.annotation | h}</div>
%endif
</div><div class='summary-content'>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/history_panel.mako
--- a/templates/webapps/galaxy/history/history_panel.mako
+++ /dev/null
@@ -1,14 +0,0 @@
-## shortcuts for script tags that create history panels
-## ----------------------------------------------------------------------------
-<%def name="current_history_panel( selector_to_attach_to=None, options )">
-</%def>
-
-
-## ----------------------------------------------------------------------------
-<%def name="history_panel( history_id, selector_to_attach_to=None, options )">
-</%def>
-
-
-## ----------------------------------------------------------------------------
-<%def name="bootstrapped_history_panel( history, hdas, selector_to_attach_to=None, options )">
-</%def>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/share.mako
--- a/templates/webapps/galaxy/history/share.mako
+++ b/templates/webapps/galaxy/history/share.mako
@@ -20,7 +20,7 @@
<tr><td><input type="hidden" name="id" value="${trans.security.encode_id( history.id )}">
- ${ util.unicodify( history.name )}
+ ${ util.unicodify( history.name ) | h }
</td><td>
%if len( history.datasets ) < 1:
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/history/view.mako
--- a/templates/webapps/galaxy/history/view.mako
+++ b/templates/webapps/galaxy/history/view.mako
@@ -1,4 +1,4 @@
-<%namespace file="/galaxy.masthead.mako" import="get_user_json" />
+<%namespace file="/galaxy_client_app.mako" import="get_user_json" />
## ----------------------------------------------------------------------------
<%!
@@ -166,9 +166,9 @@
// use_panels effects where the the center_panel() is rendered:
// w/o it renders to the body, w/ it renders to #center - we need to adjust a few things for scrolling to work
var hasMasthead = ${ 'true' if use_panels else 'false' },
- userIsOwner = ${'true' if user_is_owner else 'false'},
- historyJSON = ${h.dumps( history )},
- hdaJSON = ${h.dumps( hdas )},
+ userIsOwner = ${ 'true' if user_is_owner else 'false' },
+ historyJSON = ${ h.dumps( history ) },
+ hdaJSON = ${ h.dumps( hdas ) },
panelToUse = ( userIsOwner )?
//TODO: change class names
({ location: 'mvc/history/history-panel-edit', className: 'HistoryPanelEdit' }):
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/page/editor.mako
--- a/templates/webapps/galaxy/page/editor.mako
+++ b/templates/webapps/galaxy/page/editor.mako
@@ -47,7 +47,7 @@
<a id="close-button" class="panel-header-button">Close</a></div><div class="unified-panel-header-inner">
- Page Editor <span style="font-weight: normal">| Title : ${page.title}</span>
+ Page Editor <span style="font-weight: normal">| Title : ${page.title | h}</span></div></div>
diff -r d32c333831cc36c13430ca17ab893cab79554873 -r 5f178251e9b579f62ceb172ab562d67d1c841b73 templates/webapps/galaxy/page/index.mako
--- a/templates/webapps/galaxy/page/index.mako
+++ b/templates/webapps/galaxy/page/index.mako
@@ -30,7 +30,7 @@
<% page = association.page %><tr><td>
- <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title}</a>
+ <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title | h}</a></td><td>${page.user.username}</td><td>
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: carlfeberhard: Security, UI: minor fixes to history, dataset, and page escaping; escape js tag and annotation displays
by commits-noreply@bitbucket.org
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/9dc543bfedd7/
Changeset: 9dc543bfedd7
Branch: next-stable
User: carlfeberhard
Date: 2014-11-26 17:28:28+00:00
Summary: Security, UI: minor fixes to history, dataset, and page escaping; escape js tag and annotation displays
Affected #: 18 files
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 client/galaxy/scripts/mvc/annotations.js
--- a/client/galaxy/scripts/mvc/annotations.js
+++ b/client/galaxy/scripts/mvc/annotations.js
@@ -56,7 +56,7 @@
'<label class="prompt">', _l( 'Annotation' ), '</label>',
// set up initial tags by adding as CSV to input vals (necc. to init select2)
'<div class="annotation" title="', _l( 'Edit annotation' ), '">',
- annotation,
+ _.escape( annotation ),
'</div>'
].join( '' );
},
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 client/galaxy/scripts/mvc/tags.js
--- a/client/galaxy/scripts/mvc/tags.js
+++ b/client/galaxy/scripts/mvc/tags.js
@@ -56,7 +56,9 @@
if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){
return '';
}
- return tagsArray.sort().join( ',' );
+ return tagsArray.map( function( tag ){
+ return _.escape( tag );
+ }).sort().join( ',' );
},
/** @returns {jQuery} the input for this view */
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/mvc/annotations.js
--- a/static/scripts/mvc/annotations.js
+++ b/static/scripts/mvc/annotations.js
@@ -56,7 +56,7 @@
'<label class="prompt">', _l( 'Annotation' ), '</label>',
// set up initial tags by adding as CSV to input vals (necc. to init select2)
'<div class="annotation" title="', _l( 'Edit annotation' ), '">',
- annotation,
+ _.escape( annotation ),
'</div>'
].join( '' );
},
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/mvc/tags.js
--- a/static/scripts/mvc/tags.js
+++ b/static/scripts/mvc/tags.js
@@ -56,7 +56,9 @@
if( !_.isArray( tagsArray ) || _.isEmpty( tagsArray ) ){
return '';
}
- return tagsArray.sort().join( ',' );
+ return tagsArray.map( function( tag ){
+ return _.escape( tag );
+ }).sort().join( ',' );
},
/** @returns {jQuery} the input for this view */
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/packed/mvc/annotations.js
--- a/static/scripts/packed/mvc/annotations.js
+++ b/static/scripts/packed/mvc/annotations.js
@@ -1,1 +1,1 @@
-define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',d,"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}});
\ No newline at end of file
+define(["mvc/base-mvc","utils/localization"],function(a,c){var b=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"annotation-display",initialize:function(d){d=d||{};this.tooltipConfig=d.tooltipConfig||{placement:"bottom"};this.listenTo(this.model,"change:annotation",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$el.find("[title]").tooltip(this.tooltipConfig);this.$annotation().make_text_editable({use_textarea:true,on_finish:function(e){d.$annotation().text(e);d.model.save({annotation:e},{silent:true}).fail(function(){d.$annotation().text(d.model.previous("annotation"))})}});return this},_template:function(){var d=this.model.get("annotation");return['<label class="prompt">',c("Annotation"),"</label>",'<div class="annotation" title="',c("Edit annotation"),'">',_.escape(d),"</div>"].join("")},$annotation:function(){return this.$el.find(".annotation")},remove:function(){this.$annotation.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["AnnotationEditor(",this.model+"",")"].join("")}});return{AnnotationEditor:b}});
\ No newline at end of file
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 static/scripts/packed/mvc/tags.js
--- a/static/scripts/packed/mvc/tags.js
+++ b/static/scripts/packed/mvc/tags.js
@@ -1,1 +1,1 @@
-define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}});
\ No newline at end of file
+define(["mvc/base-mvc","utils/localization"],function(a,b){var c=Backbone.View.extend(a.LoggableMixin).extend(a.HiddenUntilActivatedViewMixin).extend({tagName:"div",className:"tags-display",initialize:function(d){this.listenTo(this.model,"change:tags",function(){this.render()});this.hiddenUntilActivated(d.$activator,d)},render:function(){var d=this;this.$el.html(this._template());this.$input().select2({placeholder:"Add tags",width:"100%",tags:function(){return d._getTagsUsed()}});this._setUpBehaviors();return this},_template:function(){return['<label class="prompt">',b("Tags"),"</label>",'<input class="tags-input" value="',this.tagsToCSV(),'" />'].join("")},tagsToCSV:function(){var d=this.model.get("tags");if(!_.isArray(d)||_.isEmpty(d)){return""}return d.map(function(e){return _.escape(e)}).sort().join(",")},$input:function(){return this.$el.find("input.tags-input")},_getTagsUsed:function(){return Galaxy.currUser.get("tags_used")},_setUpBehaviors:function(){var d=this;this.$input().on("change",function(e){d.model.save({tags:e.val},{silent:true});if(e.added){d._addNewTagToTagsUsed(e.added.text+"")}})},_addNewTagToTagsUsed:function(d){var e=Galaxy.currUser.get("tags_used");if(!_.contains(e,d)){e.push(d);e.sort();Galaxy.currUser.set("tags_used",e)}},remove:function(){this.$input.off();this.stopListening(this.model);Backbone.View.prototype.remove.call(this)},toString:function(){return["TagsEditor(",this.model+"",")"].join("")}});return{TagsEditor:c}});
\ No newline at end of file
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/copy_view.mako
--- a/templates/webapps/galaxy/dataset/copy_view.mako
+++ b/templates/webapps/galaxy/dataset/copy_view.mako
@@ -53,7 +53,7 @@
%><option value="${trans.security.encode_id(hist.id)}" ${selected}>
- ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30)}${current_history_text}
+ ${i + 1}: ${h.truncate(util.unicodify( hist.name ), 30) | h}${current_history_text}
</option>
%endfor
</select>
@@ -70,7 +70,7 @@
%><div class="form-row"><input type="checkbox" name="source_content_ids" id="${input_id}" value="${input_id}"${checked}/>
- <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name)}</label>
+ <label for="${input_id}" style="display: inline;font-weight:normal;"> ${data.hid}: ${h.to_unicode(data.name) | h}</label></div>
%endfor
%else:
@@ -95,7 +95,7 @@
if encoded_id == target_history_id:
selected = " selected='selected'"
%>
- <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30)}${source_history_text}</option>
+ <option value="${encoded_id}"${selected}>${i + 1}: ${h.truncate( util.unicodify( hist.name ), 30) | h}${source_history_text}</option>
%endfor
</select><br /><br /><a style="margin-left: 10px;" href="javascript:void(0);" id="select-multiple">Choose multiple histories</a>
@@ -110,7 +110,7 @@
%><div class="form-row"><input type="checkbox" name="target_history_ids" id="hist_${encoded_id}" value="${encoded_id}"/>
- <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) }${cur_history_text}</label>
+ <label for="hist_${encoded_id}" style="display: inline; font-weight:normal;">${i + 1}: ${ util.unicodify( hist.name ) | h }${cur_history_text}</label></div>
%endfor
</div>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/display.mako
--- a/templates/webapps/galaxy/dataset/display.mako
+++ b/templates/webapps/galaxy/dataset/display.mako
@@ -26,13 +26,11 @@
data.createTabularDatasetChunkedView({
// TODO: encode id.
dataset_config:
- _.extend( ${h.dumps( item.to_dict() )},
- {
- chunk_url: "${h.url_for( controller='/dataset', action='display',
- dataset_id=trans.security.encode_id( item.id ))}",
- first_data_chunk: ${first_chunk}
- }
- ),
+ _.extend( ${h.dumps( item.to_dict() )}, {
+ chunk_url: "${h.url_for( controller='/dataset', action='display',
+ dataset_id=trans.security.encode_id( item.id ))}",
+ first_data_chunk: ${first_chunk}
+ }),
parent_elt: $('.page-body')
});
});
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/embed.mako
--- a/templates/webapps/galaxy/dataset/embed.mako
+++ b/templates/webapps/galaxy/dataset/embed.mako
@@ -4,10 +4,13 @@
%><%def name="render_item_links( dataset )">
- <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}" title="Save dataset" class="icon-button disk"></a>
+ <a href="${h.url_for( controller='/dataset', action='display', dataset_id=trans.security.encode_id( dataset.id ), to_ext=dataset.ext )}"
+ title="Save dataset" class="icon-button disk"></a>
## Links for importing and viewing an item.
- <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}" title="Import dataset" class="icon-button import"></a>
- <a class="icon-button go-to-full-screen" href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}" title="Go to dataset"></a>
+ <a href="${h.url_for( controller='/dataset', action='imp', dataset_id=trans.security.encode_id( item.id ) )}"
+ title="Import dataset" class="icon-button import"></a>
+ <a href="${h.url_for( controller='/dataset', action='display_by_username_and_slug', username=dataset.history.user.username, slug=trans.security.encode_id( dataset.id ) )}"
+ title="Go to dataset" class="icon-button go-to-full-screen"></a></%def>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/errors.mako
--- a/templates/webapps/galaxy/dataset/errors.mako
+++ b/templates/webapps/galaxy/dataset/errors.mako
@@ -49,7 +49,7 @@
<body><h2>Dataset generation errors</h2>
- <p><b>Dataset ${hda.hid}: ${hda.display_name()}</b></p>
+ <p><b>Dataset ${hda.hid}: ${hda.display_name() | h}</b></p><% job = hda.creating_job %>
%if job:
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/security_common.mako
--- a/templates/webapps/galaxy/dataset/security_common.mako
+++ b/templates/webapps/galaxy/dataset/security_common.mako
@@ -77,7 +77,7 @@
else:
current_actions = []
permitted_actions = {}.items()
- obj_str = 'unknown object %s' %obj_name
+ obj_str = 'unknown object %s' % obj_name
obj_type = ''
%><script type="text/javascript">
@@ -104,7 +104,7 @@
});
</script><div class="toolForm">
- <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str}</div>
+ <div class="toolFormTitle">Manage ${obj_type} permissions on ${obj_str | h}</div><div class="toolFormBody"><form name="edit_role_associations" id="edit_role_associations" action="${form_url}" method="post"><div class="form-row"></div>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/dataset/tabular_chunked.mako
--- a/templates/webapps/galaxy/dataset/tabular_chunked.mako
+++ b/templates/webapps/galaxy/dataset/tabular_chunked.mako
@@ -15,14 +15,12 @@
}
});
- require(['mvc/data'], function(data) {
+ require([ 'mvc/data' ], function( data ) {
data.createTabularDatasetChunkedView({
- dataset_config: _.extend( ${h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )},
- {
- first_data_chunk: ${chunk}
- }
- ),
- parent_elt: $('body')
+ dataset_config : _.extend( ${ h.dumps( trans.security.encode_dict_ids( dataset.to_dict() ) )}, {
+ first_data_chunk: ${ chunk }
+ }),
+ parent_elt : $( 'body' )
});
});
</script>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/embed.mako
--- a/templates/webapps/galaxy/history/embed.mako
+++ b/templates/webapps/galaxy/history/embed.mako
@@ -23,7 +23,7 @@
</a></h4>
%if hasattr( item, "annotation") and item.annotation:
- <div class="annotation">${item.annotation}</div>
+ <div class="annotation">${item.annotation | h}</div>
%endif
</div><div class='summary-content'>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/history_panel.mako
--- a/templates/webapps/galaxy/history/history_panel.mako
+++ /dev/null
@@ -1,14 +0,0 @@
-## shortcuts for script tags that create history panels
-## ----------------------------------------------------------------------------
-<%def name="current_history_panel( selector_to_attach_to=None, options )">
-</%def>
-
-
-## ----------------------------------------------------------------------------
-<%def name="history_panel( history_id, selector_to_attach_to=None, options )">
-</%def>
-
-
-## ----------------------------------------------------------------------------
-<%def name="bootstrapped_history_panel( history, hdas, selector_to_attach_to=None, options )">
-</%def>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/share.mako
--- a/templates/webapps/galaxy/history/share.mako
+++ b/templates/webapps/galaxy/history/share.mako
@@ -20,7 +20,7 @@
<tr><td><input type="hidden" name="id" value="${trans.security.encode_id( history.id )}">
- ${ util.unicodify( history.name )}
+ ${ util.unicodify( history.name ) | h }
</td><td>
%if len( history.datasets ) < 1:
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/history/view.mako
--- a/templates/webapps/galaxy/history/view.mako
+++ b/templates/webapps/galaxy/history/view.mako
@@ -1,4 +1,4 @@
-<%namespace file="/galaxy.masthead.mako" import="get_user_json" />
+<%namespace file="/galaxy_client_app.mako" import="get_user_json" />
## ----------------------------------------------------------------------------
<%!
@@ -166,9 +166,9 @@
// use_panels effects where the the center_panel() is rendered:
// w/o it renders to the body, w/ it renders to #center - we need to adjust a few things for scrolling to work
var hasMasthead = ${ 'true' if use_panels else 'false' },
- userIsOwner = ${'true' if user_is_owner else 'false'},
- historyJSON = ${h.dumps( history )},
- hdaJSON = ${h.dumps( hdas )},
+ userIsOwner = ${ 'true' if user_is_owner else 'false' },
+ historyJSON = ${ h.dumps( history ) },
+ hdaJSON = ${ h.dumps( hdas ) },
panelToUse = ( userIsOwner )?
//TODO: change class names
({ location: 'mvc/history/history-panel-edit', className: 'HistoryPanelEdit' }):
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/page/editor.mako
--- a/templates/webapps/galaxy/page/editor.mako
+++ b/templates/webapps/galaxy/page/editor.mako
@@ -47,7 +47,7 @@
<a id="close-button" class="panel-header-button">Close</a></div><div class="unified-panel-header-inner">
- Page Editor <span style="font-weight: normal">| Title : ${page.title}</span>
+ Page Editor <span style="font-weight: normal">| Title : ${page.title | h}</span></div></div>
diff -r 06100e9a5626c38f3182e353470e882c29564c63 -r 9dc543bfedd7121cecb0e3f5a980fa387b09ff10 templates/webapps/galaxy/page/index.mako
--- a/templates/webapps/galaxy/page/index.mako
+++ b/templates/webapps/galaxy/page/index.mako
@@ -30,7 +30,7 @@
<% page = association.page %><tr><td>
- <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title}</a>
+ <a class="menubutton" id="shared-${i}-popup" href="${h.url_for(controller='page', action='display_by_username_and_slug', username=page.user.username, slug=page.slug)}">${page.title | h}</a></td><td>${page.user.username}</td><td>
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: 2 new changesets
by commits-noreply@bitbucket.org
2 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/06100e9a5626/
Changeset: 06100e9a5626
Branch: next-stable
User: jmchilton
Date: 2014-11-26 13:57:49+00:00
Summary: galaxy.ini.sample doc clarifications.
Fix typo caught by Martin. Add warning message about why public servers should not disable sanitize_all_html.
Affected #: 1 file
diff -r 9925a5adf6c4b65d3242d99bc16138839ad7ef21 -r 06100e9a5626c38f3182e353470e882c29564c63 config/galaxy.ini.sample
--- a/config/galaxy.ini.sample
+++ b/config/galaxy.ini.sample
@@ -523,13 +523,14 @@
# it faster on the fly.
#upstream_gzip = False
-# The following default adds a header to web request responses that will cause
-# modern web browsers to not allow Galaxy to be embedded in the frames of web
-# applications hosted at other hosts - this can help prevent a class of attack
-# called clickjacking (https://www.owasp.org/index.php/Clickjacking). If you
-# configuring a proxy to sit infront of Galaxy - please ensure this header
-# remains intact to protect your users. Uncomment and leave empty to not set
-# the `X-Frame-Options` header.
+# The following default adds a header to web request responses that
+# will cause modern web browsers to not allow Galaxy to be embedded in
+# the frames of web applications hosted at other hosts - this can help
+# prevent a class of attack called clickjacking
+# (https://www.owasp.org/index.php/Clickjacking). If you configure a
+# proxy in front of Galaxy - please ensure this header remains intact
+# to protect your users. Uncomment and leave empty to not set the
+# `X-Frame-Options` header.
#x_frame_options = SAMEORIGIN
# nginx can also handle file uploads (user-to-Galaxy) via nginx_upload_module.
@@ -586,10 +587,11 @@
# log_events and log_actions functionality will eventually be merged.
#log_actions = True
-# Sanitize All HTML Tool Output
-# By default, all tool output served as 'text/html' will be sanitized
-# thoroughly. This can be disabled if you have special tools that require
-# unaltered output.
+# Sanitize All HTML Tool Output By default, all tool output served as
+# 'text/html' will be sanitized thoroughly. This can be disabled if
+# you have special tools that require unaltered output. WARNING:
+# Disabling this does make the Galxy instance susceptible to XSS
+# attacks initiated by your users.
#sanitize_all_html = True
# By default Galaxy will serve non-HTML tool output that may potentially
https://bitbucket.org/galaxy/galaxy-central/commits/d32c333831cc/
Changeset: d32c333831cc
User: jmchilton
Date: 2014-11-26 13:58:14+00:00
Summary: Merge next-stable.
Affected #: 1 file
diff -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 -r d32c333831cc36c13430ca17ab893cab79554873 config/galaxy.ini.sample
--- a/config/galaxy.ini.sample
+++ b/config/galaxy.ini.sample
@@ -523,13 +523,14 @@
# it faster on the fly.
#upstream_gzip = False
-# The following default adds a header to web request responses that will cause
-# modern web browsers to not allow Galaxy to be embedded in the frames of web
-# applications hosted at other hosts - this can help prevent a class of attack
-# called clickjacking (https://www.owasp.org/index.php/Clickjacking). If you
-# configuring a proxy to sit infront of Galaxy - please ensure this header
-# remains intact to protect your users. Uncomment and leave empty to not set
-# the `X-Frame-Options` header.
+# The following default adds a header to web request responses that
+# will cause modern web browsers to not allow Galaxy to be embedded in
+# the frames of web applications hosted at other hosts - this can help
+# prevent a class of attack called clickjacking
+# (https://www.owasp.org/index.php/Clickjacking). If you configure a
+# proxy in front of Galaxy - please ensure this header remains intact
+# to protect your users. Uncomment and leave empty to not set the
+# `X-Frame-Options` header.
#x_frame_options = SAMEORIGIN
# nginx can also handle file uploads (user-to-Galaxy) via nginx_upload_module.
@@ -586,10 +587,11 @@
# log_events and log_actions functionality will eventually be merged.
#log_actions = True
-# Sanitize All HTML Tool Output
-# By default, all tool output served as 'text/html' will be sanitized
-# thoroughly. This can be disabled if you have special tools that require
-# unaltered output.
+# Sanitize All HTML Tool Output By default, all tool output served as
+# 'text/html' will be sanitized thoroughly. This can be disabled if
+# you have special tools that require unaltered output. WARNING:
+# Disabling this does make the Galxy instance susceptible to XSS
+# attacks initiated by your users.
#sanitize_all_html = True
# By default Galaxy will serve non-HTML tool output that may potentially
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months
commit/galaxy-central: 3 new changesets
by commits-noreply@bitbucket.org
3 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/1d43f611d5a9/
Changeset: 1d43f611d5a9
Branch: next-stable
User: jmchilton
Date: 2014-11-26 04:02:05+00:00
Summary: Skip galaxy.tools.watcher test if watchdog unavailable.
Instead of failing.
Affected #: 1 file
diff -r c16fea918b33fd4e1ec52c3b5c38981d9c88cfa0 -r 1d43f611d5a98003c7d3b488bdb6a3ba9e982d8a test/unit/tools/test_watcher.py
--- a/test/unit/tools/test_watcher.py
+++ b/test/unit/tools/test_watcher.py
@@ -9,6 +9,10 @@
def test_watcher():
+ if not watcher.can_watch:
+ from nose.plugins.skip import SkipTest
+ raise SkipTest()
+
with __test_directory() as t:
tool_path = path.join(t, "test.xml")
toolbox = Toolbox()
https://bitbucket.org/galaxy/galaxy-central/commits/9925a5adf6c4/
Changeset: 9925a5adf6c4
Branch: next-stable
User: jmchilton
Date: 2014-11-26 04:02:05+00:00
Summary: Attempt fix of test/unit/test_lazy_process.py which transiently fails.
Affected #: 1 file
diff -r 1d43f611d5a98003c7d3b488bdb6a3ba9e982d8a -r 9925a5adf6c4b65d3242d99bc16138839ad7ef21 test/unit/test_lazy_process.py
--- a/test/unit/test_lazy_process.py
+++ b/test/unit/test_lazy_process.py
@@ -11,9 +11,8 @@
lazy_process = LazyProcess(["bash", "-c", "touch %s; sleep 100" % t.name])
assert not os.path.exists(t.name)
lazy_process.start_process()
- time.sleep(.02)
+ while not os.path.exists(t.name):
+ time.sleep(.01)
assert lazy_process.process.poll() is None
- assert os.path.exists(t.name)
lazy_process.shutdown()
- time.sleep(.02)
assert lazy_process.process.poll()
https://bitbucket.org/galaxy/galaxy-central/commits/bf6fe8748b4d/
Changeset: bf6fe8748b4d
User: jmchilton
Date: 2014-11-26 04:03:03+00:00
Summary: Merge next-stable.
Affected #: 2 files
diff -r 30132ca365effac14fe5fd419ed39d20b83fcbc6 -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 test/unit/test_lazy_process.py
--- a/test/unit/test_lazy_process.py
+++ b/test/unit/test_lazy_process.py
@@ -11,9 +11,8 @@
lazy_process = LazyProcess(["bash", "-c", "touch %s; sleep 100" % t.name])
assert not os.path.exists(t.name)
lazy_process.start_process()
- time.sleep(.02)
+ while not os.path.exists(t.name):
+ time.sleep(.01)
assert lazy_process.process.poll() is None
- assert os.path.exists(t.name)
lazy_process.shutdown()
- time.sleep(.02)
assert lazy_process.process.poll()
diff -r 30132ca365effac14fe5fd419ed39d20b83fcbc6 -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 test/unit/tools/test_watcher.py
--- a/test/unit/tools/test_watcher.py
+++ b/test/unit/tools/test_watcher.py
@@ -9,6 +9,10 @@
def test_watcher():
+ if not watcher.can_watch:
+ from nose.plugins.skip import SkipTest
+ raise SkipTest()
+
with __test_directory() as t:
tool_path = path.join(t, "test.xml")
toolbox = Toolbox()
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
8 years, 2 months