lists.galaxyproject.org
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
May
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
April
March
February
January
2021
December
November
October
September
August
July
June
May
April
March
February
January
2020
December
November
October
September
August
July
June
May
April
March
February
January
2019
December
November
October
September
August
July
June
May
April
March
February
January
2018
December
November
October
September
August
July
June
May
April
March
February
January
2017
December
November
October
September
August
July
June
May
April
March
February
January
2016
December
November
October
September
August
July
June
May
April
March
February
January
2015
December
November
October
September
August
July
June
May
April
March
February
January
2014
December
November
October
September
August
July
June
May
April
March
February
January
2013
December
November
October
September
August
July
June
May
April
March
February
January
2012
December
November
October
September
August
July
June
May
April
March
February
January
2011
December
November
October
September
August
July
June
May
April
March
February
January
2010
December
November
October
September
August
July
June
May
List overview
Download
galaxy-commits
December 2014
----- 2024 -----
May 2024
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
----- 2021 -----
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
----- 2020 -----
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
----- 2019 -----
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
----- 2018 -----
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
----- 2017 -----
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
----- 2016 -----
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
----- 2015 -----
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
----- 2014 -----
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
----- 2013 -----
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
----- 2012 -----
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
----- 2011 -----
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
----- 2010 -----
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
galaxy-commits@lists.galaxyproject.org
2 participants
245 discussions
Start a n
N
ew thread
commit/galaxy-central: jmchilton: Merged in martenson/galaxy-central-marten/stable (pull request #592)
by commits-noreply@bitbucket.org
06 Dec '14
06 Dec '14
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/8e45b1cefba1/
Changeset: 8e45b1cefba1 Branch: stable User: jmchilton Date: 2014-12-05 16:57:27+00:00 Summary: Merged in martenson/galaxy-central-marten/stable (pull request #592) [STABLE] disable mobile version of the website Affected #: 1 file diff -r f76fb3c40d55adf4f84acfdf26194d323f860df6 -r 8e45b1cefba16727d4d3a7d0dceaaaf1ef400a0c lib/galaxy/webapps/galaxy/controllers/mobile.py --- a/lib/galaxy/webapps/galaxy/controllers/mobile.py +++ b/lib/galaxy/webapps/galaxy/controllers/mobile.py @@ -1,60 +1,71 @@ +from galaxy import web from galaxy.web.base.controller import * + class Mobile( BaseUIController ): + @web.expose def index( self, trans, **kwargs ): - return trans.fill_template( "mobile/index.mako" ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # return trans.fill_template( "mobile/index.mako" ) @web.expose def history_list( self, trans ): - return trans.fill_template( "mobile/history/list.mako" ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # return trans.fill_template( "mobile/history/list.mako" ) @web.expose def history_detail( self, trans, id ): - history = trans.sa_session.query( trans.app.model.History ).get( id ) - assert history.user == trans.user - return trans.fill_template( "mobile/history/detail.mako", history=history ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # history = trans.sa_session.query( trans.app.model.History ).get( id ) + # assert history.user == trans.user + # return trans.fill_template( "mobile/history/detail.mako", history=history ) @web.expose def dataset_detail( self, trans, id ): - dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) - assert dataset.history.user == trans.user - return trans.fill_template( "mobile/dataset/detail.mako", dataset=dataset ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) + # assert dataset.history.user == trans.user + # return trans.fill_template( "mobile/dataset/detail.mako", dataset=dataset ) @web.expose def dataset_peek( self, trans, id ): - dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) - assert dataset.history.user == trans.user - return trans.fill_template( "mobile/dataset/peek.mako", dataset=dataset ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) + # assert dataset.history.user == trans.user + # return trans.fill_template( "mobile/dataset/peek.mako", dataset=dataset ) @web.expose def settings( self, trans, email=None, password=None ): - message = None - if email is not None and password is not None: - if email == "": - self.__logout( trans ) - message = "Logged out" - else: - error = self.__login( trans, email, password ) - message = error or "Login changed" - return trans.fill_template( "mobile/settings.mako", message=message ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # message = None + # if email is not None and password is not None: + # if email == "": + # self.__logout( trans ) + # message = "Logged out" + # else: + # error = self.__login( trans, email, password ) + # message = error or "Login changed" + # return trans.fill_template( "mobile/settings.mako", message=message ) def __logout( self, trans ): - trans.log_event( "User logged out" ) - trans.handle_user_logout() + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # trans.log_event( "User logged out" ) + # trans.handle_user_logout() def __login( self, trans, email="", password="" ): - error = password_error = None - user = trans.sa_session.query( model.User ).filter_by( email = email ).first() - if not user: - error = "No such user (please note that login is case sensitive)" - elif user.deleted: - error = "This account has been marked deleted, contact your Galaxy administrator to restore the account." - elif user.external: - error = "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it." - elif not user.check_password( password ): - error = "Invalid password" - else: - trans.handle_user_login( user ) - trans.log_event( "User logged in" ) - return error + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # error = password_error = None + # user = trans.sa_session.query( model.User ).filter_by( email = email ).first() + # if not user: + # error = "No such user (please note that login is case sensitive)" + # elif user.deleted: + # error = "This account has been marked deleted, contact your Galaxy administrator to restore the account." + # elif user.external: + # error = "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it." + # elif not user.check_password( password ): + # error = "Invalid password" + # else: + # trans.handle_user_login( user ) + # trans.log_event( "User logged in" ) + # return error Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: 2 new changesets
by commits-noreply@bitbucket.org
06 Dec '14
06 Dec '14
2 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/4835a8c8f01f/
Changeset: 4835a8c8f01f Branch: stable User: martenson Date: 2014-12-04 17:00:38+00:00 Summary: Mobile version of galaxy at /mobile can't be navigated (many dead links etc.), the templates/controllers are completely unescaped so I am disabling it completely for now, until we fix or remove it. Redirect to index from every used URL. Affected #: 1 file diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r 4835a8c8f01f7a20a956bccec928c02f47cfe321 lib/galaxy/webapps/galaxy/controllers/mobile.py --- a/lib/galaxy/webapps/galaxy/controllers/mobile.py +++ b/lib/galaxy/webapps/galaxy/controllers/mobile.py @@ -1,60 +1,71 @@ +from galaxy import web from galaxy.web.base.controller import * + class Mobile( BaseUIController ): + @web.expose def index( self, trans, **kwargs ): - return trans.fill_template( "mobile/index.mako" ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # return trans.fill_template( "mobile/index.mako" ) @web.expose def history_list( self, trans ): - return trans.fill_template( "mobile/history/list.mako" ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # return trans.fill_template( "mobile/history/list.mako" ) @web.expose def history_detail( self, trans, id ): - history = trans.sa_session.query( trans.app.model.History ).get( id ) - assert history.user == trans.user - return trans.fill_template( "mobile/history/detail.mako", history=history ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # history = trans.sa_session.query( trans.app.model.History ).get( id ) + # assert history.user == trans.user + # return trans.fill_template( "mobile/history/detail.mako", history=history ) @web.expose def dataset_detail( self, trans, id ): - dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) - assert dataset.history.user == trans.user - return trans.fill_template( "mobile/dataset/detail.mako", dataset=dataset ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) + # assert dataset.history.user == trans.user + # return trans.fill_template( "mobile/dataset/detail.mako", dataset=dataset ) @web.expose def dataset_peek( self, trans, id ): - dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) - assert dataset.history.user == trans.user - return trans.fill_template( "mobile/dataset/peek.mako", dataset=dataset ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) + # assert dataset.history.user == trans.user + # return trans.fill_template( "mobile/dataset/peek.mako", dataset=dataset ) @web.expose def settings( self, trans, email=None, password=None ): - message = None - if email is not None and password is not None: - if email == "": - self.__logout( trans ) - message = "Logged out" - else: - error = self.__login( trans, email, password ) - message = error or "Login changed" - return trans.fill_template( "mobile/settings.mako", message=message ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # message = None + # if email is not None and password is not None: + # if email == "": + # self.__logout( trans ) + # message = "Logged out" + # else: + # error = self.__login( trans, email, password ) + # message = error or "Login changed" + # return trans.fill_template( "mobile/settings.mako", message=message ) def __logout( self, trans ): - trans.log_event( "User logged out" ) - trans.handle_user_logout() + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # trans.log_event( "User logged out" ) + # trans.handle_user_logout() def __login( self, trans, email="", password="" ): - error = password_error = None - user = trans.sa_session.query( model.User ).filter_by( email = email ).first() - if not user: - error = "No such user (please note that login is case sensitive)" - elif user.deleted: - error = "This account has been marked deleted, contact your Galaxy administrator to restore the account." - elif user.external: - error = "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it." - elif not user.check_password( password ): - error = "Invalid password" - else: - trans.handle_user_login( user ) - trans.log_event( "User logged in" ) - return error + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # error = password_error = None + # user = trans.sa_session.query( model.User ).filter_by( email = email ).first() + # if not user: + # error = "No such user (please note that login is case sensitive)" + # elif user.deleted: + # error = "This account has been marked deleted, contact your Galaxy administrator to restore the account." + # elif user.external: + # error = "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it." + # elif not user.check_password( password ): + # error = "Invalid password" + # else: + # trans.handle_user_login( user ) + # trans.log_event( "User logged in" ) + # return error
https://bitbucket.org/galaxy/galaxy-central/commits/8e45b1cefba1/
Changeset: 8e45b1cefba1 Branch: stable User: jmchilton Date: 2014-12-05 16:57:27+00:00 Summary: Merged in martenson/galaxy-central-marten/stable (pull request #592) [STABLE] disable mobile version of the website Affected #: 1 file diff -r f76fb3c40d55adf4f84acfdf26194d323f860df6 -r 8e45b1cefba16727d4d3a7d0dceaaaf1ef400a0c lib/galaxy/webapps/galaxy/controllers/mobile.py --- a/lib/galaxy/webapps/galaxy/controllers/mobile.py +++ b/lib/galaxy/webapps/galaxy/controllers/mobile.py @@ -1,60 +1,71 @@ +from galaxy import web from galaxy.web.base.controller import * + class Mobile( BaseUIController ): + @web.expose def index( self, trans, **kwargs ): - return trans.fill_template( "mobile/index.mako" ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # return trans.fill_template( "mobile/index.mako" ) @web.expose def history_list( self, trans ): - return trans.fill_template( "mobile/history/list.mako" ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # return trans.fill_template( "mobile/history/list.mako" ) @web.expose def history_detail( self, trans, id ): - history = trans.sa_session.query( trans.app.model.History ).get( id ) - assert history.user == trans.user - return trans.fill_template( "mobile/history/detail.mako", history=history ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # history = trans.sa_session.query( trans.app.model.History ).get( id ) + # assert history.user == trans.user + # return trans.fill_template( "mobile/history/detail.mako", history=history ) @web.expose def dataset_detail( self, trans, id ): - dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) - assert dataset.history.user == trans.user - return trans.fill_template( "mobile/dataset/detail.mako", dataset=dataset ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) + # assert dataset.history.user == trans.user + # return trans.fill_template( "mobile/dataset/detail.mako", dataset=dataset ) @web.expose def dataset_peek( self, trans, id ): - dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) - assert dataset.history.user == trans.user - return trans.fill_template( "mobile/dataset/peek.mako", dataset=dataset ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # dataset = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( id ) + # assert dataset.history.user == trans.user + # return trans.fill_template( "mobile/dataset/peek.mako", dataset=dataset ) @web.expose def settings( self, trans, email=None, password=None ): - message = None - if email is not None and password is not None: - if email == "": - self.__logout( trans ) - message = "Logged out" - else: - error = self.__login( trans, email, password ) - message = error or "Login changed" - return trans.fill_template( "mobile/settings.mako", message=message ) + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # message = None + # if email is not None and password is not None: + # if email == "": + # self.__logout( trans ) + # message = "Logged out" + # else: + # error = self.__login( trans, email, password ) + # message = error or "Login changed" + # return trans.fill_template( "mobile/settings.mako", message=message ) def __logout( self, trans ): - trans.log_event( "User logged out" ) - trans.handle_user_logout() + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # trans.log_event( "User logged out" ) + # trans.handle_user_logout() def __login( self, trans, email="", password="" ): - error = password_error = None - user = trans.sa_session.query( model.User ).filter_by( email = email ).first() - if not user: - error = "No such user (please note that login is case sensitive)" - elif user.deleted: - error = "This account has been marked deleted, contact your Galaxy administrator to restore the account." - elif user.external: - error = "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it." - elif not user.check_password( password ): - error = "Invalid password" - else: - trans.handle_user_login( user ) - trans.log_event( "User logged in" ) - return error + return trans.response.send_redirect( web.url_for(controller='root', action='index' ) ) + # error = password_error = None + # user = trans.sa_session.query( model.User ).filter_by( email = email ).first() + # if not user: + # error = "No such user (please note that login is case sensitive)" + # elif user.deleted: + # error = "This account has been marked deleted, contact your Galaxy administrator to restore the account." + # elif user.external: + # error = "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it." + # elif not user.check_password( password ): + # error = "Invalid password" + # else: + # trans.handle_user_login( user ) + # trans.log_event( "User logged in" ) + # return error Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: martenson: Merged in natefoo/galaxy-central/stable (pull request #588)
by commits-noreply@bitbucket.org
06 Dec '14
06 Dec '14
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/f76fb3c40d55/
Changeset: f76fb3c40d55 Branch: stable User: martenson Date: 2014-12-05 16:54:22+00:00 Summary: Merged in natefoo/galaxy-central/stable (pull request #588) [STABLE] XSS fixes for remaining user templates and a few other security fixes Affected #: 6 files diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 lib/galaxy/tools/filters/__init__.py --- a/lib/galaxy/tools/filters/__init__.py +++ b/lib/galaxy/tools/filters/__init__.py @@ -1,6 +1,10 @@ +import logging from galaxy.util import listify from copy import deepcopy +log = logging.getLogger( __name__ ) + + class FilterFactory( object ): """ An instance of this class is responsible for filtering the list @@ -37,17 +41,21 @@ elif name == 'toolbox_label_filters': category = "label" if category: - self.__init_filters( category, user_filters, filters ) + validate = getattr( trans.app.config, 'user_%s_filters' % category, [] ) + self.__init_filters( category, user_filters, filters, validate=validate ) else: if kwds.get( "trackster", False ): filters[ "tool" ].append( _has_trackster_conf ) return filters - def __init_filters( self, key, filters, toolbox_filters ): + def __init_filters( self, key, filters, toolbox_filters, validate=None ): for filter in filters: - filter_function = self.__build_filter_function( filter ) - toolbox_filters[ key ].append( filter_function ) + if validate is None or filter in validate or filter in self.default_filters: + filter_function = self.__build_filter_function( filter ) + toolbox_filters[ key ].append( filter_function ) + else: + log.warning( "Refusing to load %s filter '%s' which is not defined in config", key, filter ) return toolbox_filters def __build_filter_function( self, filter_name ): diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -295,7 +295,7 @@ message=message, status='info' ) ) if redirect: - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=use_panels, @@ -347,7 +347,7 @@ message=message, status='info' ) ) if redirect: - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=use_panels, @@ -453,7 +453,7 @@ redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) redirect_url = '' # always start with redirect_url being empty use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) - message = kwd.get( 'message', '' ) + message = escape( kwd.get( 'message', '' ) ) status = kwd.get( 'status', 'done' ) header = '' user = trans.user @@ -606,7 +606,7 @@ refresh_frames = [ 'masthead' ] trans.handle_user_logout( logout_all=logout_all ) message = 'You have been logged out.<br>You can log in again, <a target="_top" href="%s">go back to the page you were visiting</a> or <a target="_top" href="%s">go to the home page</a>.' % \ - ( trans.request.referer, url_for( '/' ) ) + ( escape( trans.request.referer ), url_for( '/' ) ) if biostar.biostar_logged_in( trans ): biostar_url = biostar.biostar_logout( trans ) if biostar_url: @@ -629,7 +629,7 @@ if honeypot_field != '': return trans.show_error_message( "You've been flagged as a possible bot. If you are not, please try registering again and fill the form out carefully. <a target=\"_top\" href=\"%s\">Go to the home page</a>." ) % url_for( '/' ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) use_panels = util.string_as_bool( kwd.get( 'use_panels', True ) ) email = util.restore_text( params.get( 'email', '' ) ) @@ -659,9 +659,11 @@ # Create the user, save all the user info and login to Galaxy if params.get( 'create_user_button', False ): # Check email and password validity + # Note: message does not need to be escaped (it is clean) message = self.__validate( trans, params, email, password, confirm, username ) if not message: # All the values are valid + # message does not need to be escaped here either message, status, user, success = self.__register( trans, cntrller, subscribe_checked, @@ -675,7 +677,7 @@ trans.log_event( "User created a new account" ) trans.log_event( "User logged in" ) if success and is_admin: - message = 'Created new user account (%s)' % user.email + message = 'Created new user account (%s)' % escape( user.email ) trans.response.send_redirect( web.url_for( controller='admin', action='users', cntrller=cntrller, @@ -743,7 +745,7 @@ if subscribe_checked: # subscribe user to email list if trans.app.config.smtp_server is None: - error = "Now logged in as " + user.email + ". However, subscribing to the mailing list has failed because mail is not configured for this Galaxy instance. <br>Please contact your local Galaxy administrator." + error = "Now logged in as " + escape( user.email ) + ". However, subscribing to the mailing list has failed because mail is not configured for this Galaxy instance. <br>Please contact your local Galaxy administrator." else: body = 'Join Mailing list.\n' to = trans.app.config.mailing_join_addr @@ -752,7 +754,7 @@ try: util.send_mail( frm, to, subject, body, trans.app.config ) except: - error = "Now logged in as " + user.email + ". However, subscribing to the mailing list has failed." + error = "Now logged in as " + escape( user.email ) + ". However, subscribing to the mailing list has failed." if not error and not is_admin: # The handle_user_login() method has a call to the history_set_default_permissions() method # (needed when logging in with a history), user needs to have default permissions set before logging in @@ -762,7 +764,7 @@ elif not error: trans.response.send_redirect( web.url_for( controller='admin', action='users', - message='Created new user account (%s)' % user.email, + message='Created new user account (%s)' % escape( user.email ), status=status ) ) if error: message = error @@ -772,7 +774,7 @@ if trans.webapp.name == 'galaxy' and trans.app.config.user_activation_on: is_activation_sent = self.send_verification_email( trans, email, username ) if is_activation_sent: - message = 'Now logged in as %s.<br>Verification email has been sent to your email address. Please verify it by clicking the activation link in the email.<br>Please check your spam/trash folder in case you cannot find the message.<br><a target="_top" href="%s">Return to the home page.</a>' % ( user.email, url_for( '/' ) ) + message = 'Now logged in as %s.<br>Verification email has been sent to your email address. Please verify it by clicking the activation link in the email.<br>Please check your spam/trash folder in case you cannot find the message.<br><a target="_top" href="%s">Return to the home page.</a>' % ( escape( user.email ), url_for( '/' ) ) success = True else: message = 'Unable to send activation email, please contact your local Galaxy administrator.' @@ -780,7 +782,7 @@ message += ' Contact: %s' % trans.app.config.error_email_to success = False else: # User activation is OFF, proceed without sending the activation email. - message = 'Now logged in as %s.<br><a target="_top" href="%s">Return to the home page.</a>' % ( user.email, url_for( '/' ) ) + message = 'Now logged in as %s.<br><a target="_top" href="%s">Return to the home page.</a>' % ( escape( user.email ), url_for( '/' ) ) success = True return ( message, status, user, success ) @@ -970,7 +972,7 @@ user.username = username trans.sa_session.add( user ) trans.sa_session.flush() - message = 'The username has been updated with the changes.' + message = 'The username has been updated to: %s' % escape( username ) return trans.fill_template( '/user/username.mako', cntrller=cntrller, user=user, @@ -1177,7 +1179,7 @@ message = 'Default new history permissions have been changed.' return trans.fill_template( 'user/permissions.mako', cntrller=cntrller, - message=message, + message=escape( message ), status=status ) else: # User not logged in, history group must be only public @@ -1228,57 +1230,48 @@ filters.append( dict( filterpath=filter_name, short_desc=sdesc, desc=description, checked=False ) ) return filters - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) + saved_user_tool_filters = list() + saved_user_section_filters = list() + saved_user_label_filters = list() - user_id = params.get( 'user_id', False ) - if user_id: - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) - else: - user = trans.user + for name, value in trans.user.preferences.items(): + if name == 'toolbox_tool_filters': + saved_user_tool_filters = listify( value, do_strip=True ) + elif name == 'toolbox_section_filters': + saved_user_section_filters = listify( value, do_strip=True ) + elif name == 'toolbox_label_filters': + saved_user_label_filters = listify( value, do_strip=True ) - if user: - saved_user_tool_filters = list() - saved_user_section_filters = list() - saved_user_label_filters = list() + tool_filters = get_filter_mapping( saved_user_tool_filters, trans.app.config.user_tool_filters ) + section_filters = get_filter_mapping( saved_user_section_filters, trans.app.config.user_section_filters ) + label_filters = get_filter_mapping( saved_user_label_filters, trans.app.config.user_label_filters ) - for name, value in user.preferences.items(): - if name == 'toolbox_tool_filters': - saved_user_tool_filters = listify( value, do_strip=True ) - elif name == 'toolbox_section_filters': - saved_user_section_filters = listify( value, do_strip=True ) - elif name == 'toolbox_label_filters': - saved_user_label_filters = listify( value, do_strip=True ) + message = escape( util.restore_text( kwd.get( 'message', '' ) ) ) + status = util.restore_text( kwd.get( 'status', 'done' ) ) - tool_filters = get_filter_mapping( saved_user_tool_filters, trans.app.config.user_tool_filters ) - section_filters = get_filter_mapping( saved_user_section_filters, trans.app.config.user_section_filters ) - label_filters = get_filter_mapping( saved_user_label_filters, trans.app.config.user_label_filters ) - - return trans.fill_template( 'user/toolbox_filters.mako', - cntrller=cntrller, - message=message, - tool_filters=tool_filters, - section_filters=section_filters, - label_filters=label_filters, - user=user, - status=status ) - else: - # User not logged in, history group must be only public - return trans.show_error_message( "You must be logged in to change private toolbox filters." ) + return trans.fill_template( 'user/toolbox_filters.mako', + cntrller=cntrller, + message=message, + tool_filters=tool_filters, + section_filters=section_filters, + label_filters=label_filters, + user=trans.user, + status=status) @web.expose @web.require_login( "to change the private toolbox filters" ) def edit_toolbox_filters( self, trans, cntrller, **kwd ): + def validate( user_filters, filter_type ): + rval = [] + config_filters = getattr( trans.app.config, 'user_%s_filters' % filter_type, [] ) + for f in user_filters: + if f not in config_filters: + log.warning( 'User provided filter %s which is not in user_%s_filters', f, filter_type ) + else: + rval.append( f ) + return rval + params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to change the ToolBox filters." ) - - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) - if params.get( 'edit_toolbox_filter_button', False ): tool_filters = list() section_filters = list() @@ -1291,13 +1284,13 @@ label_filters.append( name[2:] ) elif name.startswith('s_'): section_filters.append( name[2:] ) - user.preferences['toolbox_tool_filters'] = ','.join( tool_filters ) - user.preferences['toolbox_section_filters'] = ','.join( section_filters ) - user.preferences['toolbox_label_filters'] = ','.join( label_filters ) + trans.user.preferences['toolbox_tool_filters'] = ','.join( validate( tool_filters, 'tool' ) ) + trans.user.preferences['toolbox_section_filters'] = ','.join( validate( section_filters, 'section' ) ) + trans.user.preferences['toolbox_label_filters'] = ','.join( validate( label_filters, 'label' ) ) - trans.sa_session.add( user ) + trans.sa_session.add( trans.user ) trans.sa_session.flush() - message = 'ToolBox filters has been updated.' + message = 'ToolBox filters have been updated.' kwd = dict( message=message, status='done' ) # Display the ToolBox filters form with the current values filled in diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/dbkeys.mako --- a/templates/user/dbkeys.mako +++ b/templates/user/dbkeys.mako @@ -148,7 +148,7 @@ Processing % endif </td> - <td><form action="dbkeys" method="post"><input type="hidden" name="key" value="${key}" /><input type="submit" name="delete" value="Delete" /></form></td> + <td><form action="dbkeys" method="post"><input type="hidden" name="key" value="${key | h}" /><input type="submit" name="delete" value="Delete" /></form></td></tr> % endfor </table> @@ -194,7 +194,7 @@ <div style="clear: both; padding-bottom: 0.5em"></div><select id="fasta_input" name="dataset_id"> %for dataset in fasta_hdas: - <option value="${trans.security.encode_id( dataset.id )}">${dataset.hid}: ${dataset.name}</option> + <option value="${trans.security.encode_id( dataset.id )}">${dataset.hid | h}: ${dataset.name | h}</option> %endfor </select><input type="file" id="len_file_input" name="len_file" /></input> diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/openid_associate.mako --- a/templates/user/openid_associate.mako +++ b/templates/user/openid_associate.mako @@ -48,13 +48,13 @@ The following OpenIDs will be associated with the account chosen or created below. <ul> %for openid in openids: - <li>${openid.openid}</li> + <li>${openid.openid | h}</li> %endfor </ul></div> %else: <div> - The OpenID <strong>${openids[0].openid}</strong> will be associated with the account chosen or created. + The OpenID <strong>${openids[0].openid | h}</strong> will be associated with the account chosen or created. </div> %endif <br/> diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/toolbox_filters.mako --- a/templates/user/toolbox_filters.mako +++ b/templates/user/toolbox_filters.mako @@ -15,7 +15,7 @@ %if tool_filters or section_filters or label_filters: <div class="toolForm"> - <form name="toolbox_filter" id="toolbox_filter" action="${h.url_for( controller='user', action='edit_toolbox_filters', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="toolbox_filter" id="toolbox_filter" action="${h.url_for( controller='user', action='edit_toolbox_filters', cntrller=cntrller )}" method="post" > % if tool_filters: <div class="toolFormTitle">Edit ToolBox filters :: Tools</div><div class="toolFormBody"> @@ -87,5 +87,5 @@ </form></div> %else: - ${render_msg( 'No filter available. Contact you system administrator or check your configuration file.', 'info' )} + ${render_msg( 'No filters available. Contact your system administrator or check your configuration file.', 'info' )} %endif diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/username.mako --- a/templates/user/username.mako +++ b/templates/user/username.mako @@ -1,4 +1,9 @@ <%inherit file="/base.mako"/> +<%namespace file="/message.mako" import="render_msg" /> + +%if message: + ${render_msg( message, status )} +%endif <% is_admin = cntrller == 'admin' and trans.user_is_admin() %> Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: 3 new changesets
by commits-noreply@bitbucket.org
06 Dec '14
06 Dec '14
3 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/98ed01f41e80/
Changeset: 98ed01f41e80 Branch: stable User: natefoo Date: 2014-12-03 17:23:01+00:00 Summary: Validate that toolbox filters specified by the user have been configured by the administrator. Affected #: 3 files diff -r 546ff6ef27b4b83e26ae228c292fd981173ac550 -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 lib/galaxy/tools/filters/__init__.py --- a/lib/galaxy/tools/filters/__init__.py +++ b/lib/galaxy/tools/filters/__init__.py @@ -1,6 +1,10 @@ +import logging from galaxy.util import listify from copy import deepcopy +log = logging.getLogger( __name__ ) + + class FilterFactory( object ): """ An instance of this class is responsible for filtering the list @@ -37,17 +41,21 @@ elif name == 'toolbox_label_filters': category = "label" if category: - self.__init_filters( category, user_filters, filters ) + validate = getattr( trans.app.config, 'user_%s_filters' % category, [] ) + self.__init_filters( category, user_filters, filters, validate=validate ) else: if kwds.get( "trackster", False ): filters[ "tool" ].append( _has_trackster_conf ) return filters - def __init_filters( self, key, filters, toolbox_filters ): + def __init_filters( self, key, filters, toolbox_filters, validate=None ): for filter in filters: - filter_function = self.__build_filter_function( filter ) - toolbox_filters[ key ].append( filter_function ) + if validate is None or filter in validate or filter in self.default_filters: + filter_function = self.__build_filter_function( filter ) + toolbox_filters[ key ].append( filter_function ) + else: + log.warning( "Refusing to load %s filter '%s' which is not defined in config", key, filter ) return toolbox_filters def __build_filter_function( self, filter_name ): diff -r 546ff6ef27b4b83e26ae228c292fd981173ac550 -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -1228,57 +1228,48 @@ filters.append( dict( filterpath=filter_name, short_desc=sdesc, desc=description, checked=False ) ) return filters - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) + saved_user_tool_filters = list() + saved_user_section_filters = list() + saved_user_label_filters = list() - user_id = params.get( 'user_id', False ) - if user_id: - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) - else: - user = trans.user + for name, value in trans.user.preferences.items(): + if name == 'toolbox_tool_filters': + saved_user_tool_filters = listify( value, do_strip=True ) + elif name == 'toolbox_section_filters': + saved_user_section_filters = listify( value, do_strip=True ) + elif name == 'toolbox_label_filters': + saved_user_label_filters = listify( value, do_strip=True ) - if user: - saved_user_tool_filters = list() - saved_user_section_filters = list() - saved_user_label_filters = list() + tool_filters = get_filter_mapping( saved_user_tool_filters, trans.app.config.user_tool_filters ) + section_filters = get_filter_mapping( saved_user_section_filters, trans.app.config.user_section_filters ) + label_filters = get_filter_mapping( saved_user_label_filters, trans.app.config.user_label_filters ) - for name, value in user.preferences.items(): - if name == 'toolbox_tool_filters': - saved_user_tool_filters = listify( value, do_strip=True ) - elif name == 'toolbox_section_filters': - saved_user_section_filters = listify( value, do_strip=True ) - elif name == 'toolbox_label_filters': - saved_user_label_filters = listify( value, do_strip=True ) + message = escape( util.restore_text( kwd.get( 'message', '' ) ) ) + status = util.restore_text( kwd.get( 'status', 'done' ) ) - tool_filters = get_filter_mapping( saved_user_tool_filters, trans.app.config.user_tool_filters ) - section_filters = get_filter_mapping( saved_user_section_filters, trans.app.config.user_section_filters ) - label_filters = get_filter_mapping( saved_user_label_filters, trans.app.config.user_label_filters ) - - return trans.fill_template( 'user/toolbox_filters.mako', - cntrller=cntrller, - message=message, - tool_filters=tool_filters, - section_filters=section_filters, - label_filters=label_filters, - user=user, - status=status ) - else: - # User not logged in, history group must be only public - return trans.show_error_message( "You must be logged in to change private toolbox filters." ) + return trans.fill_template( 'user/toolbox_filters.mako', + cntrller=cntrller, + message=message, + tool_filters=tool_filters, + section_filters=section_filters, + label_filters=label_filters, + user=trans.user, + status=status) @web.expose @web.require_login( "to change the private toolbox filters" ) def edit_toolbox_filters( self, trans, cntrller, **kwd ): + def validate( user_filters, filter_type ): + rval = [] + config_filters = getattr( trans.app.config, 'user_%s_filters' % filter_type, [] ) + for f in user_filters: + if f not in config_filters: + log.warning( 'User provided filter %s which is not in user_%s_filters', f, filter_type ) + else: + rval.append( f ) + return rval + params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to change the ToolBox filters." ) - - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) - if params.get( 'edit_toolbox_filter_button', False ): tool_filters = list() section_filters = list() @@ -1291,13 +1282,13 @@ label_filters.append( name[2:] ) elif name.startswith('s_'): section_filters.append( name[2:] ) - user.preferences['toolbox_tool_filters'] = ','.join( tool_filters ) - user.preferences['toolbox_section_filters'] = ','.join( section_filters ) - user.preferences['toolbox_label_filters'] = ','.join( label_filters ) + trans.user.preferences['toolbox_tool_filters'] = ','.join( validate( tool_filters, 'tool' ) ) + trans.user.preferences['toolbox_section_filters'] = ','.join( validate( section_filters, 'section' ) ) + trans.user.preferences['toolbox_label_filters'] = ','.join( validate( label_filters, 'label' ) ) - trans.sa_session.add( user ) + trans.sa_session.add( trans.user ) trans.sa_session.flush() - message = 'ToolBox filters has been updated.' + message = 'ToolBox filters have been updated.' kwd = dict( message=message, status='done' ) # Display the ToolBox filters form with the current values filled in diff -r 546ff6ef27b4b83e26ae228c292fd981173ac550 -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 templates/user/toolbox_filters.mako --- a/templates/user/toolbox_filters.mako +++ b/templates/user/toolbox_filters.mako @@ -15,7 +15,7 @@ %if tool_filters or section_filters or label_filters: <div class="toolForm"> - <form name="toolbox_filter" id="toolbox_filter" action="${h.url_for( controller='user', action='edit_toolbox_filters', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="toolbox_filter" id="toolbox_filter" action="${h.url_for( controller='user', action='edit_toolbox_filters', cntrller=cntrller )}" method="post" > % if tool_filters: <div class="toolFormTitle">Edit ToolBox filters :: Tools</div><div class="toolFormBody"> @@ -87,5 +87,5 @@ </form></div> %else: - ${render_msg( 'No filter available. Contact you system administrator or check your configuration file.', 'info' )} + ${render_msg( 'No filters available. Contact your system administrator or check your configuration file.', 'info' )} %endif
https://bitbucket.org/galaxy/galaxy-central/commits/c0e27e99def9/
Changeset: c0e27e99def9 Branch: stable User: natefoo Date: 2014-12-03 20:57:58+00:00 Summary: Remaining user function template XSS cleanup. Also fix login redirection security in the OpenID methods. Affected #: 4 files diff -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 -r c0e27e99def95496603c9c63aee17ac48203de50 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -295,7 +295,7 @@ message=message, status='info' ) ) if redirect: - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=use_panels, @@ -347,7 +347,7 @@ message=message, status='info' ) ) if redirect: - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=use_panels, @@ -453,7 +453,7 @@ redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) redirect_url = '' # always start with redirect_url being empty use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) - message = kwd.get( 'message', '' ) + message = escape( kwd.get( 'message', '' ) ) status = kwd.get( 'status', 'done' ) header = '' user = trans.user @@ -606,7 +606,7 @@ refresh_frames = [ 'masthead' ] trans.handle_user_logout( logout_all=logout_all ) message = 'You have been logged out.<br>You can log in again, <a target="_top" href="%s">go back to the page you were visiting</a> or <a target="_top" href="%s">go to the home page</a>.' % \ - ( trans.request.referer, url_for( '/' ) ) + ( escape( trans.request.referer ), url_for( '/' ) ) if biostar.biostar_logged_in( trans ): biostar_url = biostar.biostar_logout( trans ) if biostar_url: @@ -629,7 +629,7 @@ if honeypot_field != '': return trans.show_error_message( "You've been flagged as a possible bot. If you are not, please try registering again and fill the form out carefully. <a target=\"_top\" href=\"%s\">Go to the home page</a>." ) % url_for( '/' ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) use_panels = util.string_as_bool( kwd.get( 'use_panels', True ) ) email = util.restore_text( params.get( 'email', '' ) ) @@ -659,9 +659,11 @@ # Create the user, save all the user info and login to Galaxy if params.get( 'create_user_button', False ): # Check email and password validity + # Note: message does not need to be escaped (it is clean) message = self.__validate( trans, params, email, password, confirm, username ) if not message: # All the values are valid + # message does not need to be escaped here either message, status, user, success = self.__register( trans, cntrller, subscribe_checked, @@ -675,7 +677,7 @@ trans.log_event( "User created a new account" ) trans.log_event( "User logged in" ) if success and is_admin: - message = 'Created new user account (%s)' % user.email + message = 'Created new user account (%s)' % escape( user.email ) trans.response.send_redirect( web.url_for( controller='admin', action='users', cntrller=cntrller, @@ -743,7 +745,7 @@ if subscribe_checked: # subscribe user to email list if trans.app.config.smtp_server is None: - error = "Now logged in as " + user.email + ". However, subscribing to the mailing list has failed because mail is not configured for this Galaxy instance. <br>Please contact your local Galaxy administrator." + error = "Now logged in as " + escape( user.email ) + ". However, subscribing to the mailing list has failed because mail is not configured for this Galaxy instance. <br>Please contact your local Galaxy administrator." else: body = 'Join Mailing list.\n' to = trans.app.config.mailing_join_addr @@ -752,7 +754,7 @@ try: util.send_mail( frm, to, subject, body, trans.app.config ) except: - error = "Now logged in as " + user.email + ". However, subscribing to the mailing list has failed." + error = "Now logged in as " + escape( user.email ) + ". However, subscribing to the mailing list has failed." if not error and not is_admin: # The handle_user_login() method has a call to the history_set_default_permissions() method # (needed when logging in with a history), user needs to have default permissions set before logging in @@ -762,7 +764,7 @@ elif not error: trans.response.send_redirect( web.url_for( controller='admin', action='users', - message='Created new user account (%s)' % user.email, + message='Created new user account (%s)' % escape( user.email ), status=status ) ) if error: message = error @@ -772,7 +774,7 @@ if trans.webapp.name == 'galaxy' and trans.app.config.user_activation_on: is_activation_sent = self.send_verification_email( trans, email, username ) if is_activation_sent: - message = 'Now logged in as %s.<br>Verification email has been sent to your email address. Please verify it by clicking the activation link in the email.<br>Please check your spam/trash folder in case you cannot find the message.<br><a target="_top" href="%s">Return to the home page.</a>' % ( user.email, url_for( '/' ) ) + message = 'Now logged in as %s.<br>Verification email has been sent to your email address. Please verify it by clicking the activation link in the email.<br>Please check your spam/trash folder in case you cannot find the message.<br><a target="_top" href="%s">Return to the home page.</a>' % ( escape( user.email ), url_for( '/' ) ) success = True else: message = 'Unable to send activation email, please contact your local Galaxy administrator.' @@ -780,7 +782,7 @@ message += ' Contact: %s' % trans.app.config.error_email_to success = False else: # User activation is OFF, proceed without sending the activation email. - message = 'Now logged in as %s.<br><a target="_top" href="%s">Return to the home page.</a>' % ( user.email, url_for( '/' ) ) + message = 'Now logged in as %s.<br><a target="_top" href="%s">Return to the home page.</a>' % ( escape( user.email ), url_for( '/' ) ) success = True return ( message, status, user, success ) @@ -970,7 +972,7 @@ user.username = username trans.sa_session.add( user ) trans.sa_session.flush() - message = 'The username has been updated with the changes.' + message = 'The username has been updated to: %s' % escape( username ) return trans.fill_template( '/user/username.mako', cntrller=cntrller, user=user, @@ -1177,7 +1179,7 @@ message = 'Default new history permissions have been changed.' return trans.fill_template( 'user/permissions.mako', cntrller=cntrller, - message=message, + message=escape( message ), status=status ) else: # User not logged in, history group must be only public diff -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 -r c0e27e99def95496603c9c63aee17ac48203de50 templates/user/dbkeys.mako --- a/templates/user/dbkeys.mako +++ b/templates/user/dbkeys.mako @@ -148,7 +148,7 @@ Processing % endif </td> - <td><form action="dbkeys" method="post"><input type="hidden" name="key" value="${key}" /><input type="submit" name="delete" value="Delete" /></form></td> + <td><form action="dbkeys" method="post"><input type="hidden" name="key" value="${key | h}" /><input type="submit" name="delete" value="Delete" /></form></td></tr> % endfor </table> @@ -194,7 +194,7 @@ <div style="clear: both; padding-bottom: 0.5em"></div><select id="fasta_input" name="dataset_id"> %for dataset in fasta_hdas: - <option value="${trans.security.encode_id( dataset.id )}">${dataset.hid}: ${dataset.name}</option> + <option value="${trans.security.encode_id( dataset.id )}">${dataset.hid | h}: ${dataset.name | h}</option> %endfor </select><input type="file" id="len_file_input" name="len_file" /></input> diff -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 -r c0e27e99def95496603c9c63aee17ac48203de50 templates/user/openid_associate.mako --- a/templates/user/openid_associate.mako +++ b/templates/user/openid_associate.mako @@ -48,13 +48,13 @@ The following OpenIDs will be associated with the account chosen or created below. <ul> %for openid in openids: - <li>${openid.openid}</li> + <li>${openid.openid | h}</li> %endfor </ul></div> %else: <div> - The OpenID <strong>${openids[0].openid}</strong> will be associated with the account chosen or created. + The OpenID <strong>${openids[0].openid | h}</strong> will be associated with the account chosen or created. </div> %endif <br/> diff -r 98ed01f41e8005d7165a78db25ccab3e0bbe2291 -r c0e27e99def95496603c9c63aee17ac48203de50 templates/user/username.mako --- a/templates/user/username.mako +++ b/templates/user/username.mako @@ -1,4 +1,9 @@ <%inherit file="/base.mako"/> +<%namespace file="/message.mako" import="render_msg" /> + +%if message: + ${render_msg( message, status )} +%endif <% is_admin = cntrller == 'admin' and trans.user_is_admin() %>
https://bitbucket.org/galaxy/galaxy-central/commits/f76fb3c40d55/
Changeset: f76fb3c40d55 Branch: stable User: martenson Date: 2014-12-05 16:54:22+00:00 Summary: Merged in natefoo/galaxy-central/stable (pull request #588) [STABLE] XSS fixes for remaining user templates and a few other security fixes Affected #: 6 files diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 lib/galaxy/tools/filters/__init__.py --- a/lib/galaxy/tools/filters/__init__.py +++ b/lib/galaxy/tools/filters/__init__.py @@ -1,6 +1,10 @@ +import logging from galaxy.util import listify from copy import deepcopy +log = logging.getLogger( __name__ ) + + class FilterFactory( object ): """ An instance of this class is responsible for filtering the list @@ -37,17 +41,21 @@ elif name == 'toolbox_label_filters': category = "label" if category: - self.__init_filters( category, user_filters, filters ) + validate = getattr( trans.app.config, 'user_%s_filters' % category, [] ) + self.__init_filters( category, user_filters, filters, validate=validate ) else: if kwds.get( "trackster", False ): filters[ "tool" ].append( _has_trackster_conf ) return filters - def __init_filters( self, key, filters, toolbox_filters ): + def __init_filters( self, key, filters, toolbox_filters, validate=None ): for filter in filters: - filter_function = self.__build_filter_function( filter ) - toolbox_filters[ key ].append( filter_function ) + if validate is None or filter in validate or filter in self.default_filters: + filter_function = self.__build_filter_function( filter ) + toolbox_filters[ key ].append( filter_function ) + else: + log.warning( "Refusing to load %s filter '%s' which is not defined in config", key, filter ) return toolbox_filters def __build_filter_function( self, filter_name ): diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -295,7 +295,7 @@ message=message, status='info' ) ) if redirect: - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=use_panels, @@ -347,7 +347,7 @@ message=message, status='info' ) ) if redirect: - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=use_panels, @@ -453,7 +453,7 @@ redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) redirect_url = '' # always start with redirect_url being empty use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) - message = kwd.get( 'message', '' ) + message = escape( kwd.get( 'message', '' ) ) status = kwd.get( 'status', 'done' ) header = '' user = trans.user @@ -606,7 +606,7 @@ refresh_frames = [ 'masthead' ] trans.handle_user_logout( logout_all=logout_all ) message = 'You have been logged out.<br>You can log in again, <a target="_top" href="%s">go back to the page you were visiting</a> or <a target="_top" href="%s">go to the home page</a>.' % \ - ( trans.request.referer, url_for( '/' ) ) + ( escape( trans.request.referer ), url_for( '/' ) ) if biostar.biostar_logged_in( trans ): biostar_url = biostar.biostar_logout( trans ) if biostar_url: @@ -629,7 +629,7 @@ if honeypot_field != '': return trans.show_error_message( "You've been flagged as a possible bot. If you are not, please try registering again and fill the form out carefully. <a target=\"_top\" href=\"%s\">Go to the home page</a>." ) % url_for( '/' ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) use_panels = util.string_as_bool( kwd.get( 'use_panels', True ) ) email = util.restore_text( params.get( 'email', '' ) ) @@ -659,9 +659,11 @@ # Create the user, save all the user info and login to Galaxy if params.get( 'create_user_button', False ): # Check email and password validity + # Note: message does not need to be escaped (it is clean) message = self.__validate( trans, params, email, password, confirm, username ) if not message: # All the values are valid + # message does not need to be escaped here either message, status, user, success = self.__register( trans, cntrller, subscribe_checked, @@ -675,7 +677,7 @@ trans.log_event( "User created a new account" ) trans.log_event( "User logged in" ) if success and is_admin: - message = 'Created new user account (%s)' % user.email + message = 'Created new user account (%s)' % escape( user.email ) trans.response.send_redirect( web.url_for( controller='admin', action='users', cntrller=cntrller, @@ -743,7 +745,7 @@ if subscribe_checked: # subscribe user to email list if trans.app.config.smtp_server is None: - error = "Now logged in as " + user.email + ". However, subscribing to the mailing list has failed because mail is not configured for this Galaxy instance. <br>Please contact your local Galaxy administrator." + error = "Now logged in as " + escape( user.email ) + ". However, subscribing to the mailing list has failed because mail is not configured for this Galaxy instance. <br>Please contact your local Galaxy administrator." else: body = 'Join Mailing list.\n' to = trans.app.config.mailing_join_addr @@ -752,7 +754,7 @@ try: util.send_mail( frm, to, subject, body, trans.app.config ) except: - error = "Now logged in as " + user.email + ". However, subscribing to the mailing list has failed." + error = "Now logged in as " + escape( user.email ) + ". However, subscribing to the mailing list has failed." if not error and not is_admin: # The handle_user_login() method has a call to the history_set_default_permissions() method # (needed when logging in with a history), user needs to have default permissions set before logging in @@ -762,7 +764,7 @@ elif not error: trans.response.send_redirect( web.url_for( controller='admin', action='users', - message='Created new user account (%s)' % user.email, + message='Created new user account (%s)' % escape( user.email ), status=status ) ) if error: message = error @@ -772,7 +774,7 @@ if trans.webapp.name == 'galaxy' and trans.app.config.user_activation_on: is_activation_sent = self.send_verification_email( trans, email, username ) if is_activation_sent: - message = 'Now logged in as %s.<br>Verification email has been sent to your email address. Please verify it by clicking the activation link in the email.<br>Please check your spam/trash folder in case you cannot find the message.<br><a target="_top" href="%s">Return to the home page.</a>' % ( user.email, url_for( '/' ) ) + message = 'Now logged in as %s.<br>Verification email has been sent to your email address. Please verify it by clicking the activation link in the email.<br>Please check your spam/trash folder in case you cannot find the message.<br><a target="_top" href="%s">Return to the home page.</a>' % ( escape( user.email ), url_for( '/' ) ) success = True else: message = 'Unable to send activation email, please contact your local Galaxy administrator.' @@ -780,7 +782,7 @@ message += ' Contact: %s' % trans.app.config.error_email_to success = False else: # User activation is OFF, proceed without sending the activation email. - message = 'Now logged in as %s.<br><a target="_top" href="%s">Return to the home page.</a>' % ( user.email, url_for( '/' ) ) + message = 'Now logged in as %s.<br><a target="_top" href="%s">Return to the home page.</a>' % ( escape( user.email ), url_for( '/' ) ) success = True return ( message, status, user, success ) @@ -970,7 +972,7 @@ user.username = username trans.sa_session.add( user ) trans.sa_session.flush() - message = 'The username has been updated with the changes.' + message = 'The username has been updated to: %s' % escape( username ) return trans.fill_template( '/user/username.mako', cntrller=cntrller, user=user, @@ -1177,7 +1179,7 @@ message = 'Default new history permissions have been changed.' return trans.fill_template( 'user/permissions.mako', cntrller=cntrller, - message=message, + message=escape( message ), status=status ) else: # User not logged in, history group must be only public @@ -1228,57 +1230,48 @@ filters.append( dict( filterpath=filter_name, short_desc=sdesc, desc=description, checked=False ) ) return filters - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) + saved_user_tool_filters = list() + saved_user_section_filters = list() + saved_user_label_filters = list() - user_id = params.get( 'user_id', False ) - if user_id: - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) - else: - user = trans.user + for name, value in trans.user.preferences.items(): + if name == 'toolbox_tool_filters': + saved_user_tool_filters = listify( value, do_strip=True ) + elif name == 'toolbox_section_filters': + saved_user_section_filters = listify( value, do_strip=True ) + elif name == 'toolbox_label_filters': + saved_user_label_filters = listify( value, do_strip=True ) - if user: - saved_user_tool_filters = list() - saved_user_section_filters = list() - saved_user_label_filters = list() + tool_filters = get_filter_mapping( saved_user_tool_filters, trans.app.config.user_tool_filters ) + section_filters = get_filter_mapping( saved_user_section_filters, trans.app.config.user_section_filters ) + label_filters = get_filter_mapping( saved_user_label_filters, trans.app.config.user_label_filters ) - for name, value in user.preferences.items(): - if name == 'toolbox_tool_filters': - saved_user_tool_filters = listify( value, do_strip=True ) - elif name == 'toolbox_section_filters': - saved_user_section_filters = listify( value, do_strip=True ) - elif name == 'toolbox_label_filters': - saved_user_label_filters = listify( value, do_strip=True ) + message = escape( util.restore_text( kwd.get( 'message', '' ) ) ) + status = util.restore_text( kwd.get( 'status', 'done' ) ) - tool_filters = get_filter_mapping( saved_user_tool_filters, trans.app.config.user_tool_filters ) - section_filters = get_filter_mapping( saved_user_section_filters, trans.app.config.user_section_filters ) - label_filters = get_filter_mapping( saved_user_label_filters, trans.app.config.user_label_filters ) - - return trans.fill_template( 'user/toolbox_filters.mako', - cntrller=cntrller, - message=message, - tool_filters=tool_filters, - section_filters=section_filters, - label_filters=label_filters, - user=user, - status=status ) - else: - # User not logged in, history group must be only public - return trans.show_error_message( "You must be logged in to change private toolbox filters." ) + return trans.fill_template( 'user/toolbox_filters.mako', + cntrller=cntrller, + message=message, + tool_filters=tool_filters, + section_filters=section_filters, + label_filters=label_filters, + user=trans.user, + status=status) @web.expose @web.require_login( "to change the private toolbox filters" ) def edit_toolbox_filters( self, trans, cntrller, **kwd ): + def validate( user_filters, filter_type ): + rval = [] + config_filters = getattr( trans.app.config, 'user_%s_filters' % filter_type, [] ) + for f in user_filters: + if f not in config_filters: + log.warning( 'User provided filter %s which is not in user_%s_filters', f, filter_type ) + else: + rval.append( f ) + return rval + params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to change the ToolBox filters." ) - - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) - if params.get( 'edit_toolbox_filter_button', False ): tool_filters = list() section_filters = list() @@ -1291,13 +1284,13 @@ label_filters.append( name[2:] ) elif name.startswith('s_'): section_filters.append( name[2:] ) - user.preferences['toolbox_tool_filters'] = ','.join( tool_filters ) - user.preferences['toolbox_section_filters'] = ','.join( section_filters ) - user.preferences['toolbox_label_filters'] = ','.join( label_filters ) + trans.user.preferences['toolbox_tool_filters'] = ','.join( validate( tool_filters, 'tool' ) ) + trans.user.preferences['toolbox_section_filters'] = ','.join( validate( section_filters, 'section' ) ) + trans.user.preferences['toolbox_label_filters'] = ','.join( validate( label_filters, 'label' ) ) - trans.sa_session.add( user ) + trans.sa_session.add( trans.user ) trans.sa_session.flush() - message = 'ToolBox filters has been updated.' + message = 'ToolBox filters have been updated.' kwd = dict( message=message, status='done' ) # Display the ToolBox filters form with the current values filled in diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/dbkeys.mako --- a/templates/user/dbkeys.mako +++ b/templates/user/dbkeys.mako @@ -148,7 +148,7 @@ Processing % endif </td> - <td><form action="dbkeys" method="post"><input type="hidden" name="key" value="${key}" /><input type="submit" name="delete" value="Delete" /></form></td> + <td><form action="dbkeys" method="post"><input type="hidden" name="key" value="${key | h}" /><input type="submit" name="delete" value="Delete" /></form></td></tr> % endfor </table> @@ -194,7 +194,7 @@ <div style="clear: both; padding-bottom: 0.5em"></div><select id="fasta_input" name="dataset_id"> %for dataset in fasta_hdas: - <option value="${trans.security.encode_id( dataset.id )}">${dataset.hid}: ${dataset.name}</option> + <option value="${trans.security.encode_id( dataset.id )}">${dataset.hid | h}: ${dataset.name | h}</option> %endfor </select><input type="file" id="len_file_input" name="len_file" /></input> diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/openid_associate.mako --- a/templates/user/openid_associate.mako +++ b/templates/user/openid_associate.mako @@ -48,13 +48,13 @@ The following OpenIDs will be associated with the account chosen or created below. <ul> %for openid in openids: - <li>${openid.openid}</li> + <li>${openid.openid | h}</li> %endfor </ul></div> %else: <div> - The OpenID <strong>${openids[0].openid}</strong> will be associated with the account chosen or created. + The OpenID <strong>${openids[0].openid | h}</strong> will be associated with the account chosen or created. </div> %endif <br/> diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/toolbox_filters.mako --- a/templates/user/toolbox_filters.mako +++ b/templates/user/toolbox_filters.mako @@ -15,7 +15,7 @@ %if tool_filters or section_filters or label_filters: <div class="toolForm"> - <form name="toolbox_filter" id="toolbox_filter" action="${h.url_for( controller='user', action='edit_toolbox_filters', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="toolbox_filter" id="toolbox_filter" action="${h.url_for( controller='user', action='edit_toolbox_filters', cntrller=cntrller )}" method="post" > % if tool_filters: <div class="toolFormTitle">Edit ToolBox filters :: Tools</div><div class="toolFormBody"> @@ -87,5 +87,5 @@ </form></div> %else: - ${render_msg( 'No filter available. Contact you system administrator or check your configuration file.', 'info' )} + ${render_msg( 'No filters available. Contact your system administrator or check your configuration file.', 'info' )} %endif diff -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 -r f76fb3c40d55adf4f84acfdf26194d323f860df6 templates/user/username.mako --- a/templates/user/username.mako +++ b/templates/user/username.mako @@ -1,4 +1,9 @@ <%inherit file="/base.mako"/> +<%namespace file="/message.mako" import="render_msg" /> + +%if message: + ${render_msg( message, status )} +%endif <% is_admin = cntrller == 'admin' and trans.user_is_admin() %> Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: martenson: Merged in dan/galaxy-central-prs/stable (pull request #593)
by commits-noreply@bitbucket.org
06 Dec '14
06 Dec '14
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/de92a7b85033/
Changeset: de92a7b85033 Branch: stable User: martenson Date: 2014-12-05 16:49:14+00:00 Summary: Merged in dan/galaxy-central-prs/stable (pull request #593) [STABLE] Some web sanitization for Data Managers and Biostar redirect. Affected #: 4 files diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 lib/galaxy/webapps/galaxy/controllers/data_manager.py --- a/lib/galaxy/webapps/galaxy/controllers/data_manager.py +++ b/lib/galaxy/webapps/galaxy/controllers/data_manager.py @@ -7,6 +7,8 @@ pkg_resources.require( "Paste" ) import paste.httpexceptions +from galaxy.web.framework.helpers import escape + #set up logger import logging log = logging.getLogger( __name__ ) @@ -18,8 +20,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) return trans.fill_template( "data_manager/index.mako", data_managers=trans.app.data_managers, tool_data_tables=trans.app.tool_data_tables, view_only=not_is_admin, message=message, status=status ) @web.expose @@ -27,8 +29,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_manager_id = kwd.get( 'id', None ) data_manager = trans.app.data_managers.get_manager( data_manager_id ) if data_manager is None: @@ -41,8 +43,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) job_id = kwd.get( 'id', None ) try: job_id = trans.security.decode_id( job_id ) @@ -62,7 +64,7 @@ data_manager_json = loads( open( hda.get_file_name() ).read() ) except Exception, e: data_manager_json = {} - error_messages.append( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) + error_messages.append( escape( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) ) values = [] for key, value in data_manager_json.get( 'data_tables', {} ).iteritems(): values.append( ( key, value ) ) @@ -74,8 +76,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_table_name = kwd.get( 'table_name', None ) if not data_table_name: return trans.response.send_redirect( web.url_for( controller="data_manager", action="index" ) ) diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 templates/webapps/galaxy/biostar/post_redirect.mako --- a/templates/webapps/galaxy/biostar/post_redirect.mako +++ b/templates/webapps/galaxy/biostar/post_redirect.mako @@ -18,7 +18,7 @@ <p>If you are not automatically forwarded, click the button below:<p><form id="postRedirectForm" action="${post_url}" method="post" > %for input_name, input_value in form_inputs.items(): - <input type="hidden" name="${input_name}" value="${input_value | h}"> + <input type="hidden" name="${input_name | h}" value="${input_value | h}"> %endfor <input type="submit" name="GalaxySubmitPostRedirectForm" id='GalaxySubmitPostRedirectForm' value="Click Here"></form> diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 templates/webapps/galaxy/data_manager/manage_data_table.mako --- a/templates/webapps/galaxy/data_manager/manage_data_table.mako +++ b/templates/webapps/galaxy/data_manager/manage_data_table.mako @@ -14,9 +14,9 @@ <% column_name_list = data_table.get_column_name_list() %><table class="tabletip"><thead> - <tr><th colspan="${len (column_name_list) }" style="font-size: 120%;"> + <tr><th colspan="${ len( column_name_list ) | h}" style="font-size: 120%;"> Data Manager: ${ data_table.name | h } - <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name} tool data table" data-placement="bottom"> + <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name | h} tool data table" data-placement="bottom"><span class="fa fa-refresh"></span></a></th></tr> diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 templates/webapps/galaxy/data_manager/view_job.mako --- a/templates/webapps/galaxy/data_manager/view_job.mako +++ b/templates/webapps/galaxy/data_manager/view_job.mako @@ -26,8 +26,8 @@ </thead><tbody><tr><td>Name:</td><td>${hda.name | h}</td></tr> - <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format)}</td></tr> - <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size)}</td></tr> + <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format) | h}</td></tr> + <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size) | h}</td></tr><tr><td>Tool Exit Code:</td><td>${job.exit_code | h}</td></tr><tr><td>Full Path:</td><td>${hda.file_name | h}</td></tr><tr><td>View complete info:</td><td><a href="${h.url_for( controller='dataset', action='show_params', dataset_id=trans.security.encode_id( hda.id ))}">${ hda.id | h }</a></td></tr> @@ -47,7 +47,7 @@ %for j, table_row in enumerate( json_table ): <tbody> %if len_json_table > 1: - <tr><td><strong>Entry #${j}</strong></td><td></td></tr> + <tr><td><strong>Entry #${j | h}</strong></td><td></td></tr> %endif %for name, value in table_row.iteritems(): <tr><td>${name | h}:</td><td>${value | h}</td></tr> Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: 2 new changesets
by commits-noreply@bitbucket.org
06 Dec '14
06 Dec '14
2 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/ed67b05dc040/
Changeset: ed67b05dc040 Branch: stable User: dan Date: 2014-12-04 21:14:28+00:00 Summary: Some web sanitization for Data Managers and Biostar redirect. Affected #: 4 files diff -r 9c482e1d9b3cfdb2936b3f230d434c1f27898eff -r ed67b05dc0402bf9ff9fbf35198ea2cac92e2c22 lib/galaxy/webapps/galaxy/controllers/data_manager.py --- a/lib/galaxy/webapps/galaxy/controllers/data_manager.py +++ b/lib/galaxy/webapps/galaxy/controllers/data_manager.py @@ -7,6 +7,8 @@ pkg_resources.require( "Paste" ) import paste.httpexceptions +from galaxy.web.framework.helpers import escape + #set up logger import logging log = logging.getLogger( __name__ ) @@ -18,8 +20,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) return trans.fill_template( "data_manager/index.mako", data_managers=trans.app.data_managers, tool_data_tables=trans.app.tool_data_tables, view_only=not_is_admin, message=message, status=status ) @web.expose @@ -27,8 +29,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_manager_id = kwd.get( 'id', None ) data_manager = trans.app.data_managers.get_manager( data_manager_id ) if data_manager is None: @@ -41,8 +43,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) job_id = kwd.get( 'id', None ) try: job_id = trans.security.decode_id( job_id ) @@ -62,7 +64,7 @@ data_manager_json = loads( open( hda.get_file_name() ).read() ) except Exception, e: data_manager_json = {} - error_messages.append( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) + error_messages.append( escape( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) ) values = [] for key, value in data_manager_json.get( 'data_tables', {} ).iteritems(): values.append( ( key, value ) ) @@ -74,8 +76,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_table_name = kwd.get( 'table_name', None ) if not data_table_name: return trans.response.send_redirect( web.url_for( controller="data_manager", action="index" ) ) diff -r 9c482e1d9b3cfdb2936b3f230d434c1f27898eff -r ed67b05dc0402bf9ff9fbf35198ea2cac92e2c22 templates/webapps/galaxy/biostar/post_redirect.mako --- a/templates/webapps/galaxy/biostar/post_redirect.mako +++ b/templates/webapps/galaxy/biostar/post_redirect.mako @@ -18,7 +18,7 @@ <p>If you are not automatically forwarded, click the button below:<p><form id="postRedirectForm" action="${post_url}" method="post" > %for input_name, input_value in form_inputs.items(): - <input type="hidden" name="${input_name}" value="${input_value | h}"> + <input type="hidden" name="${input_name | h}" value="${input_value | h}"> %endfor <input type="submit" name="GalaxySubmitPostRedirectForm" id='GalaxySubmitPostRedirectForm' value="Click Here"></form> diff -r 9c482e1d9b3cfdb2936b3f230d434c1f27898eff -r ed67b05dc0402bf9ff9fbf35198ea2cac92e2c22 templates/webapps/galaxy/data_manager/manage_data_table.mako --- a/templates/webapps/galaxy/data_manager/manage_data_table.mako +++ b/templates/webapps/galaxy/data_manager/manage_data_table.mako @@ -14,9 +14,9 @@ <% column_name_list = data_table.get_column_name_list() %><table class="tabletip"><thead> - <tr><th colspan="${len (column_name_list) }" style="font-size: 120%;"> + <tr><th colspan="${ len( column_name_list ) | h}" style="font-size: 120%;"> Data Manager: ${ data_table.name | h } - <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name} tool data table" data-placement="bottom"> + <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name | h} tool data table" data-placement="bottom"><span class="fa fa-refresh"></span></a></th></tr> diff -r 9c482e1d9b3cfdb2936b3f230d434c1f27898eff -r ed67b05dc0402bf9ff9fbf35198ea2cac92e2c22 templates/webapps/galaxy/data_manager/view_job.mako --- a/templates/webapps/galaxy/data_manager/view_job.mako +++ b/templates/webapps/galaxy/data_manager/view_job.mako @@ -26,8 +26,8 @@ </thead><tbody><tr><td>Name:</td><td>${hda.name | h}</td></tr> - <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format)}</td></tr> - <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size)}</td></tr> + <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format) | h}</td></tr> + <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size) | h}</td></tr><tr><td>Tool Exit Code:</td><td>${job.exit_code | h}</td></tr><tr><td>Full Path:</td><td>${hda.file_name | h}</td></tr><tr><td>View complete info:</td><td><a href="${h.url_for( controller='dataset', action='show_params', dataset_id=trans.security.encode_id( hda.id ))}">${ hda.id | h }</a></td></tr> @@ -47,7 +47,7 @@ %for j, table_row in enumerate( json_table ): <tbody> %if len_json_table > 1: - <tr><td><strong>Entry #${j}</strong></td><td></td></tr> + <tr><td><strong>Entry #${j | h}</strong></td><td></td></tr> %endif %for name, value in table_row.iteritems(): <tr><td>${name | h}:</td><td>${value | h}</td></tr>
https://bitbucket.org/galaxy/galaxy-central/commits/de92a7b85033/
Changeset: de92a7b85033 Branch: stable User: martenson Date: 2014-12-05 16:49:14+00:00 Summary: Merged in dan/galaxy-central-prs/stable (pull request #593) [STABLE] Some web sanitization for Data Managers and Biostar redirect. Affected #: 4 files diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 lib/galaxy/webapps/galaxy/controllers/data_manager.py --- a/lib/galaxy/webapps/galaxy/controllers/data_manager.py +++ b/lib/galaxy/webapps/galaxy/controllers/data_manager.py @@ -7,6 +7,8 @@ pkg_resources.require( "Paste" ) import paste.httpexceptions +from galaxy.web.framework.helpers import escape + #set up logger import logging log = logging.getLogger( __name__ ) @@ -18,8 +20,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) return trans.fill_template( "data_manager/index.mako", data_managers=trans.app.data_managers, tool_data_tables=trans.app.tool_data_tables, view_only=not_is_admin, message=message, status=status ) @web.expose @@ -27,8 +29,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_manager_id = kwd.get( 'id', None ) data_manager = trans.app.data_managers.get_manager( data_manager_id ) if data_manager is None: @@ -41,8 +43,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) job_id = kwd.get( 'id', None ) try: job_id = trans.security.decode_id( job_id ) @@ -62,7 +64,7 @@ data_manager_json = loads( open( hda.get_file_name() ).read() ) except Exception, e: data_manager_json = {} - error_messages.append( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) + error_messages.append( escape( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) ) values = [] for key, value in data_manager_json.get( 'data_tables', {} ).iteritems(): values.append( ( key, value ) ) @@ -74,8 +76,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_table_name = kwd.get( 'table_name', None ) if not data_table_name: return trans.response.send_redirect( web.url_for( controller="data_manager", action="index" ) ) diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 templates/webapps/galaxy/biostar/post_redirect.mako --- a/templates/webapps/galaxy/biostar/post_redirect.mako +++ b/templates/webapps/galaxy/biostar/post_redirect.mako @@ -18,7 +18,7 @@ <p>If you are not automatically forwarded, click the button below:<p><form id="postRedirectForm" action="${post_url}" method="post" > %for input_name, input_value in form_inputs.items(): - <input type="hidden" name="${input_name}" value="${input_value | h}"> + <input type="hidden" name="${input_name | h}" value="${input_value | h}"> %endfor <input type="submit" name="GalaxySubmitPostRedirectForm" id='GalaxySubmitPostRedirectForm' value="Click Here"></form> diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 templates/webapps/galaxy/data_manager/manage_data_table.mako --- a/templates/webapps/galaxy/data_manager/manage_data_table.mako +++ b/templates/webapps/galaxy/data_manager/manage_data_table.mako @@ -14,9 +14,9 @@ <% column_name_list = data_table.get_column_name_list() %><table class="tabletip"><thead> - <tr><th colspan="${len (column_name_list) }" style="font-size: 120%;"> + <tr><th colspan="${ len( column_name_list ) | h}" style="font-size: 120%;"> Data Manager: ${ data_table.name | h } - <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name} tool data table" data-placement="bottom"> + <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name | h} tool data table" data-placement="bottom"><span class="fa fa-refresh"></span></a></th></tr> diff -r 295fd99b1d578e4d58af673259b95e703750f757 -r de92a7b850332c0d3c8ef393c1ff0db98f4b37f7 templates/webapps/galaxy/data_manager/view_job.mako --- a/templates/webapps/galaxy/data_manager/view_job.mako +++ b/templates/webapps/galaxy/data_manager/view_job.mako @@ -26,8 +26,8 @@ </thead><tbody><tr><td>Name:</td><td>${hda.name | h}</td></tr> - <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format)}</td></tr> - <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size)}</td></tr> + <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format) | h}</td></tr> + <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size) | h}</td></tr><tr><td>Tool Exit Code:</td><td>${job.exit_code | h}</td></tr><tr><td>Full Path:</td><td>${hda.file_name | h}</td></tr><tr><td>View complete info:</td><td><a href="${h.url_for( controller='dataset', action='show_params', dataset_id=trans.security.encode_id( hda.id ))}">${ hda.id | h }</a></td></tr> @@ -47,7 +47,7 @@ %for j, table_row in enumerate( json_table ): <tbody> %if len_json_table > 1: - <tr><td><strong>Entry #${j}</strong></td><td></td></tr> + <tr><td><strong>Entry #${j | h}</strong></td><td></td></tr> %endif %for name, value in table_row.iteritems(): <tr><td>${name | h}:</td><td>${value | h}</td></tr> Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: jmchilton: Improvements to to yaml_to_workflow for Kyle.
by commits-noreply@bitbucket.org
05 Dec '14
05 Dec '14
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/46a3d43d779f/
Changeset: 46a3d43d779f User: jmchilton Date: 2014-12-04 21:18:20+00:00 Summary: Improvements to to yaml_to_workflow for Kyle. Add UUID to workflows (his contribution) - add shortcuts for rename an hide actions with tests (his request, my implementation). Affected #: 4 files diff -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 -r 46a3d43d779fa7735029449935dad77474adf9b1 test/api/test_workflow_extraction.py --- a/test/api/test_workflow_extraction.py +++ b/test/api/test_workflow_extraction.py @@ -182,68 +182,6 @@ collection_step_state = loads( collection_step[ "tool_state" ] ) self.assertEquals( collection_step_state[ "collection_type" ], u"list:paired" ) - def _run_jobs( self, jobs_yaml ): - history_id = self.history_id - workflow_id = self._upload_yaml_workflow( - jobs_yaml - ) - jobs_descriptions = yaml.load( jobs_yaml ) - test_data = jobs_descriptions["test_data"] - - label_map = {} - inputs = {} - for key, value in test_data.items(): - if isinstance( value, dict ): - elements_data = value.get( "elements", [] ) - elements = [] - for element_data in elements_data: - identifier = element_data[ "identifier" ] - content = element_data["content"] - elements.append( ( identifier, content ) ) - collection_type = value["type"] - if collection_type == "list:paired": - hdca = self.dataset_collection_populator.create_list_of_pairs_in_history( history_id ).json() - elif collection_type == "list": - hdca = self.dataset_collection_populator.create_list_in_history( history_id, contents=elements ).json() - else: - hdca = self.dataset_collection_populator.create_pair_in_history( history_id, contents=elements ).json() - label_map[key] = self._ds_entry( hdca ) - inputs[key] = hdca - else: - hda = self.dataset_populator.new_dataset( history_id, content=value ) - label_map[key] = self._ds_entry( hda ) - inputs[key] = hda - workflow_request = dict( - history="hist_id=%s" % history_id, - workflow_id=workflow_id, - ) - workflow_request[ "inputs" ] = dumps( label_map ) - workflow_request[ "inputs_by" ] = 'name' - self.dataset_populator.wait_for_history( history_id, assert_ok=True ) - url = "workflows/%s/usage" % ( workflow_id ) - invocation_response = self._post( url, data=workflow_request ) - self._assert_status_code_is( invocation_response, 200 ) - invocation = invocation_response.json() - invocation_id = invocation[ "id" ] - # Wait for workflow to become fully scheduled and then for all jobs - # complete. - self.wait_for_invocation( workflow_id, invocation_id ) - self.dataset_populator.wait_for_history( history_id, assert_ok=True ) - jobs = self._history_jobs( history_id ) - return RunJobsSummary( - history_id=history_id, - workflow_id=workflow_id, - inputs=inputs, - jobs=jobs, - ) - - def wait_for_invocation( self, workflow_id, invocation_id ): - url = "workflows/%s/usage/%s" % ( workflow_id, invocation_id ) - return wait_on_state( lambda: self._get( url ) ) - - def _history_jobs( self, history_id ): - return self._get("jobs", { "history_id": history_id, "order_by": "create_time" } ).json() - def _job_id_for_tool( self, jobs, tool_id ): return self._job_for_tool( jobs, tool_id )[ "id" ] diff -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 -r 46a3d43d779fa7735029449935dad77474adf9b1 test/api/test_workflows.py --- a/test/api/test_workflows.py +++ b/test/api/test_workflows.py @@ -1,6 +1,12 @@ +from .helpers import wait_on_state + from base import api from json import dumps +from collections import namedtuple + import time + +import yaml from .helpers import WorkflowPopulator from .helpers import DatasetPopulator from .helpers import DatasetCollectionPopulator @@ -101,6 +107,69 @@ invocation_details = invocation_details_response.json() return invocation_details + def _run_jobs( self, jobs_yaml, history_id=None ): + if history_id is None: + history_id = self.history_id + workflow_id = self._upload_yaml_workflow( + jobs_yaml + ) + jobs_descriptions = yaml.load( jobs_yaml ) + test_data = jobs_descriptions["test_data"] + + label_map = {} + inputs = {} + for key, value in test_data.items(): + if isinstance( value, dict ): + elements_data = value.get( "elements", [] ) + elements = [] + for element_data in elements_data: + identifier = element_data[ "identifier" ] + content = element_data["content"] + elements.append( ( identifier, content ) ) + collection_type = value["type"] + if collection_type == "list:paired": + hdca = self.dataset_collection_populator.create_list_of_pairs_in_history( history_id ).json() + elif collection_type == "list": + hdca = self.dataset_collection_populator.create_list_in_history( history_id, contents=elements ).json() + else: + hdca = self.dataset_collection_populator.create_pair_in_history( history_id, contents=elements ).json() + label_map[key] = self._ds_entry( hdca ) + inputs[key] = hdca + else: + hda = self.dataset_populator.new_dataset( history_id, content=value ) + label_map[key] = self._ds_entry( hda ) + inputs[key] = hda + workflow_request = dict( + history="hist_id=%s" % history_id, + workflow_id=workflow_id, + ) + workflow_request[ "inputs" ] = dumps( label_map ) + workflow_request[ "inputs_by" ] = 'name' + self.dataset_populator.wait_for_history( history_id, assert_ok=True ) + url = "workflows/%s/usage" % ( workflow_id ) + invocation_response = self._post( url, data=workflow_request ) + self._assert_status_code_is( invocation_response, 200 ) + invocation = invocation_response.json() + invocation_id = invocation[ "id" ] + # Wait for workflow to become fully scheduled and then for all jobs + # complete. + self.wait_for_invocation( workflow_id, invocation_id ) + self.dataset_populator.wait_for_history( history_id, assert_ok=True ) + jobs = self._history_jobs( history_id ) + return RunJobsSummary( + history_id=history_id, + workflow_id=workflow_id, + inputs=inputs, + jobs=jobs, + ) + + def wait_for_invocation( self, workflow_id, invocation_id ): + url = "workflows/%s/usage/%s" % ( workflow_id, invocation_id ) + return wait_on_state( lambda: self._get( url ) ) + + def _history_jobs( self, history_id ): + return self._get("jobs", { "history_id": history_id, "order_by": "create_time" } ).json() + # Workflow API TODO: # - Allow history_id as param to workflow run action. (hist_id) @@ -641,3 +710,7 @@ shared_workflow_id=workflow_id, ) return self._post( route, import_data ) + + +RunJobsSummary = namedtuple('RunJobsSummary', ['history_id', 'workflow_id', 'inputs', 'jobs']) + diff -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 -r 46a3d43d779fa7735029449935dad77474adf9b1 test/api/test_workflows_from_yaml.py --- a/test/api/test_workflows_from_yaml.py +++ b/test/api/test_workflows_from_yaml.py @@ -1,4 +1,3 @@ -import json from .test_workflows import BaseWorkflowsApiTestCase @@ -30,3 +29,33 @@ __current_case__: 1 """) self._get("workflows/%s/download" % workflow_id).content + + def test_simple_output_actions( self ): + history_id = self.dataset_populator.new_history() + self._run_jobs(""" +steps: + - type: input + label: input1 + - tool_id: cat1 + label: first_cat + state: + input1: + $link: 0 + outputs: + out_file1: + hide: true + rename: "the new value" + - tool_id: cat1 + state: + input1: + $link: first_cat#out_file1 +test_data: + input1: "hello world" +""", history_id=history_id) + + details1 = self.dataset_populator.get_history_dataset_details(history_id, hid=2) + assert not details1["visible"] + assert details1["name"] == "the new value", details1 + details2 = self.dataset_populator.get_history_dataset_details(history_id, hid=3) + assert details2["visible"] + assert False diff -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 -r 46a3d43d779fa7735029449935dad77474adf9b1 test/api/yaml_to_workflow.py --- a/test/api/yaml_to_workflow.py +++ b/test/api/yaml_to_workflow.py @@ -2,6 +2,7 @@ import yaml import json +import uuid try: from collections import OrderedDict @@ -25,7 +26,8 @@ "a_galaxy_workflow": "true", "format-version": "0.1", "annotation": "", - "name": "Workflow" + "name": "Workflow", + "uuid": str(uuid.uuid4()), }) steps = as_python["steps"] @@ -107,8 +109,10 @@ __ensure_defaults( step, { "annotation": "", + "post_job_actions": {}, } ) __ensure_inputs_connections(step) + post_job_actions = step["post_job_actions"] tool_state = { # TODO: Galaxy should not require tool state actually specify a __page__. @@ -178,6 +182,30 @@ __populate_tool_state(step, tool_state) + # Handle outputs. + if "outputs" in step: + for name, output in step.get("outputs", {}).items(): + if output.get("hide", False): + action_name = "HideDatasetAction%s" % name + action = __action( + "HideDatasetAction", + name, + ) + post_job_actions[action_name] = action + + if output.get("rename", None): + new_name = output.get("rename") + action_name = "RenameDatasetAction%s" % name + arguments = dict(newname=new_name) + action = __action( + "RenameDatasetAction", + name, + arguments, + ) + post_job_actions[action_name] = action + + del step["outputs"] + class ConversionContext(object): @@ -185,6 +213,14 @@ self.labels = {} +def __action(type, name, arguments={}): + return { + "action_arguments": arguments, + "action_type": type, + "output_name": name, + } + + def __is_link(value): return isinstance(value, dict) and "$link" in value Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: dan: Some web sanitization for Data Managers and Biostar redirect.
by commits-noreply@bitbucket.org
05 Dec '14
05 Dec '14
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/c1d4e82df5cb/
Changeset: c1d4e82df5cb Branch: next-stable User: dan Date: 2014-12-04 21:14:28+00:00 Summary: Some web sanitization for Data Managers and Biostar redirect. Affected #: 4 files diff -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 -r c1d4e82df5cbf8a6d551221a0d4013d658ad4748 lib/galaxy/webapps/galaxy/controllers/data_manager.py --- a/lib/galaxy/webapps/galaxy/controllers/data_manager.py +++ b/lib/galaxy/webapps/galaxy/controllers/data_manager.py @@ -7,6 +7,8 @@ pkg_resources.require( "Paste" ) import paste.httpexceptions +from galaxy.web.framework.helpers import escape + #set up logger import logging log = logging.getLogger( __name__ ) @@ -18,8 +20,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) return trans.fill_template( "data_manager/index.mako", data_managers=trans.app.data_managers, tool_data_tables=trans.app.tool_data_tables, view_only=not_is_admin, message=message, status=status ) @web.expose @@ -27,8 +29,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_manager_id = kwd.get( 'id', None ) data_manager = trans.app.data_managers.get_manager( data_manager_id ) if data_manager is None: @@ -41,8 +43,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) job_id = kwd.get( 'id', None ) try: job_id = trans.security.decode_id( job_id ) @@ -62,7 +64,7 @@ data_manager_json = loads( open( hda.get_file_name() ).read() ) except Exception, e: data_manager_json = {} - error_messages.append( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) + error_messages.append( escape( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) ) values = [] for key, value in data_manager_json.get( 'data_tables', {} ).iteritems(): values.append( ( key, value ) ) @@ -74,8 +76,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_table_name = kwd.get( 'table_name', None ) if not data_table_name: return trans.response.send_redirect( web.url_for( controller="data_manager", action="index" ) ) diff -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 -r c1d4e82df5cbf8a6d551221a0d4013d658ad4748 templates/webapps/galaxy/biostar/post_redirect.mako --- a/templates/webapps/galaxy/biostar/post_redirect.mako +++ b/templates/webapps/galaxy/biostar/post_redirect.mako @@ -18,7 +18,7 @@ <p>If you are not automatically forwarded, click the button below:<p><form id="postRedirectForm" action="${post_url}" method="post" > %for input_name, input_value in form_inputs.items(): - <input type="hidden" name="${input_name}" value="${input_value | h}"> + <input type="hidden" name="${input_name | h}" value="${input_value | h}"> %endfor <input type="submit" name="GalaxySubmitPostRedirectForm" id='GalaxySubmitPostRedirectForm' value="Click Here"></form> diff -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 -r c1d4e82df5cbf8a6d551221a0d4013d658ad4748 templates/webapps/galaxy/data_manager/manage_data_table.mako --- a/templates/webapps/galaxy/data_manager/manage_data_table.mako +++ b/templates/webapps/galaxy/data_manager/manage_data_table.mako @@ -14,9 +14,9 @@ <% column_name_list = data_table.get_column_name_list() %><table class="tabletip"><thead> - <tr><th colspan="${len (column_name_list) }" style="font-size: 120%;"> + <tr><th colspan="${ len( column_name_list ) | h}" style="font-size: 120%;"> Data Manager: ${ data_table.name | h } - <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name} tool data table" data-placement="bottom"> + <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name | h} tool data table" data-placement="bottom"><span class="fa fa-refresh"></span></a></th></tr> diff -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 -r c1d4e82df5cbf8a6d551221a0d4013d658ad4748 templates/webapps/galaxy/data_manager/view_job.mako --- a/templates/webapps/galaxy/data_manager/view_job.mako +++ b/templates/webapps/galaxy/data_manager/view_job.mako @@ -26,8 +26,8 @@ </thead><tbody><tr><td>Name:</td><td>${hda.name | h}</td></tr> - <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format)}</td></tr> - <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size)}</td></tr> + <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format) | h}</td></tr> + <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size) | h}</td></tr><tr><td>Tool Exit Code:</td><td>${job.exit_code | h}</td></tr><tr><td>Full Path:</td><td>${hda.file_name | h}</td></tr><tr><td>View complete info:</td><td><a href="${h.url_for( controller='dataset', action='show_params', dataset_id=trans.security.encode_id( hda.id ))}">${ hda.id | h }</a></td></tr> @@ -47,7 +47,7 @@ %for j, table_row in enumerate( json_table ): <tbody> %if len_json_table > 1: - <tr><td><strong>Entry #${j}</strong></td><td></td></tr> + <tr><td><strong>Entry #${j | h}</strong></td><td></td></tr> %endif %for name, value in table_row.iteritems(): <tr><td>${name | h}:</td><td>${value | h}</td></tr> Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: dan: Some web sanitization for Data Managers and Biostar redirect.
by commits-noreply@bitbucket.org
05 Dec '14
05 Dec '14
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/7272cc7b9ea1/
Changeset: 7272cc7b9ea1 User: dan Date: 2014-12-04 21:14:28+00:00 Summary: Some web sanitization for Data Managers and Biostar redirect. Affected #: 4 files diff -r 636d3594e201ebb2d085c33c6de32577d65bd866 -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 lib/galaxy/webapps/galaxy/controllers/data_manager.py --- a/lib/galaxy/webapps/galaxy/controllers/data_manager.py +++ b/lib/galaxy/webapps/galaxy/controllers/data_manager.py @@ -7,6 +7,8 @@ pkg_resources.require( "Paste" ) import paste.httpexceptions +from galaxy.web.framework.helpers import escape + #set up logger import logging log = logging.getLogger( __name__ ) @@ -18,8 +20,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) return trans.fill_template( "data_manager/index.mako", data_managers=trans.app.data_managers, tool_data_tables=trans.app.tool_data_tables, view_only=not_is_admin, message=message, status=status ) @web.expose @@ -27,8 +29,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_manager_id = kwd.get( 'id', None ) data_manager = trans.app.data_managers.get_manager( data_manager_id ) if data_manager is None: @@ -41,8 +43,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) job_id = kwd.get( 'id', None ) try: job_id = trans.security.decode_id( job_id ) @@ -62,7 +64,7 @@ data_manager_json = loads( open( hda.get_file_name() ).read() ) except Exception, e: data_manager_json = {} - error_messages.append( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) + error_messages.append( escape( "Unable to obtain data_table info for hda (%s): %s" % ( hda.id, e ) ) ) values = [] for key, value in data_manager_json.get( 'data_tables', {} ).iteritems(): values.append( ( key, value ) ) @@ -74,8 +76,8 @@ not_is_admin = not trans.user_is_admin() if not_is_admin and not trans.app.config.enable_data_manager_user_view: raise paste.httpexceptions.HTTPUnauthorized( "This Galaxy instance is not configured to allow non-admins to view the data manager." ) - message = kwd.get( 'message' ) - status = kwd.get( 'status', 'info' ) + message = escape( kwd.get( 'message', '' ) ) + status = escape( kwd.get( 'status', 'info' ) ) data_table_name = kwd.get( 'table_name', None ) if not data_table_name: return trans.response.send_redirect( web.url_for( controller="data_manager", action="index" ) ) diff -r 636d3594e201ebb2d085c33c6de32577d65bd866 -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 templates/webapps/galaxy/biostar/post_redirect.mako --- a/templates/webapps/galaxy/biostar/post_redirect.mako +++ b/templates/webapps/galaxy/biostar/post_redirect.mako @@ -18,7 +18,7 @@ <p>If you are not automatically forwarded, click the button below:<p><form id="postRedirectForm" action="${post_url}" method="post" > %for input_name, input_value in form_inputs.items(): - <input type="hidden" name="${input_name}" value="${input_value | h}"> + <input type="hidden" name="${input_name | h}" value="${input_value | h}"> %endfor <input type="submit" name="GalaxySubmitPostRedirectForm" id='GalaxySubmitPostRedirectForm' value="Click Here"></form> diff -r 636d3594e201ebb2d085c33c6de32577d65bd866 -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 templates/webapps/galaxy/data_manager/manage_data_table.mako --- a/templates/webapps/galaxy/data_manager/manage_data_table.mako +++ b/templates/webapps/galaxy/data_manager/manage_data_table.mako @@ -14,9 +14,9 @@ <% column_name_list = data_table.get_column_name_list() %><table class="tabletip"><thead> - <tr><th colspan="${len (column_name_list) }" style="font-size: 120%;"> + <tr><th colspan="${ len( column_name_list ) | h}" style="font-size: 120%;"> Data Manager: ${ data_table.name | h } - <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name} tool data table" data-placement="bottom"> + <a class="icon-btn" href="${ h.url_for( controller="data_manager", action="reload_tool_data_tables", table_name=data_table.name ) }" title="Reload ${data_table.name | h} tool data table" data-placement="bottom"><span class="fa fa-refresh"></span></a></th></tr> diff -r 636d3594e201ebb2d085c33c6de32577d65bd866 -r 7272cc7b9ea1fd64646fa6d7e6fb5924fd8618f8 templates/webapps/galaxy/data_manager/view_job.mako --- a/templates/webapps/galaxy/data_manager/view_job.mako +++ b/templates/webapps/galaxy/data_manager/view_job.mako @@ -26,8 +26,8 @@ </thead><tbody><tr><td>Name:</td><td>${hda.name | h}</td></tr> - <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format)}</td></tr> - <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size)}</td></tr> + <tr><td>Created:</td><td>${hda.create_time.strftime(trans.app.config.pretty_datetime_format) | h}</td></tr> + <tr><td>Filesize:</td><td>${nice_size(hda.dataset.file_size) | h}</td></tr><tr><td>Tool Exit Code:</td><td>${job.exit_code | h}</td></tr><tr><td>Full Path:</td><td>${hda.file_name | h}</td></tr><tr><td>View complete info:</td><td><a href="${h.url_for( controller='dataset', action='show_params', dataset_id=trans.security.encode_id( hda.id ))}">${ hda.id | h }</a></td></tr> @@ -47,7 +47,7 @@ %for j, table_row in enumerate( json_table ): <tbody> %if len_json_table > 1: - <tr><td><strong>Entry #${j}</strong></td><td></td></tr> + <tr><td><strong>Entry #${j | h}</strong></td><td></td></tr> %endif %for name, value in table_row.iteritems(): <tr><td>${name | h}:</td><td>${value | h}</td></tr> Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
commit/galaxy-central: 11 new changesets
by commits-noreply@bitbucket.org
05 Dec '14
05 Dec '14
11 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/6eccc509c109/
Changeset: 6eccc509c109 Branch: next-stable User: dannon Date: 2014-12-04 16:38:16+00:00 Summary: Sanitize all user fields in cloud/index.mako Affected #: 1 file diff -r 29b2c328b89b6634c9a3f9a21c2349105a7e485a -r 6eccc509c109c87889d80ba745d97cfa425e0ce4 templates/webapps/galaxy/cloud/index.mako --- a/templates/webapps/galaxy/cloud/index.mako +++ b/templates/webapps/galaxy/cloud/index.mako @@ -218,7 +218,7 @@ </div> %if share_string: - <input type='hidden' name='share_string' value='${share_string}'/> + <input id="dbremove_share_string" type='hidden' name='share_string' value='${share_string | h}'/> %else: <!-- DBEDIT temporary hide share string due to it being broken on the cloudman end --><div class="form-row" style="display:none;"> @@ -228,11 +228,11 @@ %endif %if ami: - <input type='hidden' name='ami' value='${ami}'/> + <input type='hidden' name='ami' value='${ami | h}'/> %endif %if bucket_default: - <input type='hidden' name='bucket_default' value='${bucket_default}'/> + <input type='hidden' name='bucket_default' value='${bucket_default | h}'/> %endif <div class="form-row">
https://bitbucket.org/galaxy/galaxy-central/commits/90d3d1205ef0/
Changeset: 90d3d1205ef0 Branch: next-stable User: dannon Date: 2014-12-04 16:51:46+00:00 Summary: Remove unused cloud/run.mako; all functionality is rolled into cloud/index. Affected #: 1 file diff -r 6eccc509c109c87889d80ba745d97cfa425e0ce4 -r 90d3d1205ef0211ce2f459e2832c6bad2737d924 templates/webapps/galaxy/cloud/run.mako --- a/templates/webapps/galaxy/cloud/run.mako +++ /dev/null @@ -1,41 +0,0 @@ -<%inherit file="/webapps/galaxy/base_panels.mako"/> - -<%def name="init()"> -<% - self.has_left_panel=False - self.has_right_panel=False - self.active_view="shared" - self.message_box_visible=False -%> -</%def> - - -<%def name="center_panel()"> - <div style="overflow: auto; height: 100%;"> - <div class="page-container" style="padding: 10px;"> - <h2>Launching a Galaxy Cloud Instance</h2> -%if error: - <p>${error}</p> -%elif instance: - %if kp_material: - <h3>Very Important Key Pair Information</h3> - <p>A new key pair named '${kp_name}' has been created in your AWS - account and will be used to access this instance via ssh. It is - <strong>very important</strong> that you save the following private key - as it is not saved on this Galaxy instance and will be permanently lost - once you leave this page. To do this, save the following key block as - a plain text file named '${kp_name}'.</p> - <pre>${kp_material}</pre> - %endif - <p>The instance '${instance.id} has been successfully launched using the - '${instance.image_id}' AMI.<br/> Access it at <a - href="http://${instance.public_dns_name}">http://${instance.public_dns_name}</a></p> - <p>SSH access is available using your private key '${kp_name}'.</p> -%else: - <p> Unknown failure, no instance. Please refer to your AWS console at <a - href="
https://console.aws.amazon.com
">
https://console.aws.amazon.com
</a></p> -%endif - </div> - </div> -</%def> -
https://bitbucket.org/galaxy/galaxy-central/commits/54e5ea026a4a/
Changeset: 54e5ea026a4a Branch: next-stable User: dannon Date: 2014-12-04 17:05:07+00:00 Summary: Don't trust user email rendered into page unescaped for Raven. Affected #: 1 file diff -r 90d3d1205ef0211ce2f459e2832c6bad2737d924 -r 54e5ea026a4aaad0f4fd1228c63c77c15327afa4 templates/base/base_panels.mako --- a/templates/base/base_panels.mako +++ b/templates/base/base_panels.mako @@ -45,7 +45,7 @@ <script> Raven.config('${app.config.sentry_dsn_public}').install(); %if trans.user: - Raven.setUser( { email: "${trans.user.email}" } ); + Raven.setUser( { email: "${trans.user.email | h}" } ); %endif </script> %endif
https://bitbucket.org/galaxy/galaxy-central/commits/3ecb6b58e88a/
Changeset: 3ecb6b58e88a Branch: next-stable User: dannon Date: 2014-12-04 17:05:23+00:00 Summary: Trim trailing whitespace. Affected #: 1 file diff -r 54e5ea026a4aaad0f4fd1228c63c77c15327afa4 -r 3ecb6b58e88aeac8db48253e585df2aa429f39dc templates/base/base_panels.mako --- a/templates/base/base_panels.mako +++ b/templates/base/base_panels.mako @@ -13,7 +13,7 @@ self.body_class="" self.require_javascript=False %> - + <%def name="init()"> ## Override </%def> @@ -62,7 +62,7 @@ 'libs/require', "mvc/ui" )} - + <script type="text/javascript"> ## global configuration object var galaxy_config = @@ -112,14 +112,14 @@ 'galaxy.panels' )} <script type="text/javascript"> - + ensure_dd_helper(); - + %if self.has_left_panel: var lp = new Panel( { panel: $("#left"), center: $("#center"), drag: $("#left > .unified-panel-footer > .drag" ), toggle: $("#left > .unified-panel-footer > .panel-collapse" ) } ); force_left_panel = function( x ) { lp.force_panel( x ) }; %endif - + %if self.has_right_panel: var rp = new Panel( { panel: $("#right"), center: $("#center"), drag: $("#right > .unified-panel-footer > .drag" ), toggle: $("#right > .unified-panel-footer > .panel-collapse" ), right: true } ); window.handle_minwidth_hint = function( x ) { rp.handle_minwidth_hint( x ) }; @@ -134,7 +134,7 @@ ga('create', '${app.config.ga_code}', 'auto'); ga('send', 'pageview'); %endif - + </script> ## Handle AJAX (actually hidden iframe) upload tool <script type="text/javascript"> @@ -300,7 +300,7 @@ ## Document <html><!--base_panels.mako--> - ${self.init()} + ${self.init()} <head> %if app.config.brand: <title>${self.title()} / ${app.config.brand}</title> @@ -316,7 +316,7 @@ ${self.javascripts()} ${self.javascript_app()} </head> - + <% body_class = self.body_class if self.message_box_visible:
https://bitbucket.org/galaxy/galaxy-central/commits/738a4cbb6ed3/
Changeset: 738a4cbb6ed3 Branch: next-stable User: dannon Date: 2014-12-04 18:07:03+00:00 Summary: Cleanup of show_params while looking for bugs. Affected #: 1 file diff -r 3ecb6b58e88aeac8db48253e585df2aa429f39dc -r 738a4cbb6ed3189a80202f4be53726542b516239 lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -932,7 +932,7 @@ @web.expose def show_params( self, trans, dataset_id=None, from_noframe=None, **kwd ): """ - Show the parameters used for an HDA + Show the parameters used for the job associated with an HDA """ hda = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( trans.security.decode_id( dataset_id ) ) if not hda: @@ -961,19 +961,31 @@ toolbox = self.get_toolbox() tool = toolbox.get_tool( job.tool_id ) assert tool is not None, 'Requested tool has not been loaded.' - #Load parameter objects, if a parameter type has changed, it's possible for the value to no longer be valid + # Load parameter objects, if a parameter type has changed, it's possible for the value to no longer be valid try: params_objects = job.get_param_values( trans.app, ignore_errors=False ) except: params_objects = job.get_param_values( trans.app, ignore_errors=True ) - upgrade_messages = tool.check_and_update_param_values( job.get_param_values( trans.app, ignore_errors=True ), trans, update_values=False ) #use different param_objects here, since we want to display original values as much as possible + # use different param_objects in the following line, since we want to display original values as much as possible + upgrade_messages = tool.check_and_update_param_values( job.get_param_values( trans.app, + ignore_errors=True ), + trans, + update_values=False ) has_parameter_errors = True except: pass if job is None: return trans.show_error_message( "Job information is not available for this dataset." ) - #TODO: we should provide the basic values along with the objects, in order to better handle reporting of old values during upgrade - return trans.fill_template( "show_params.mako", inherit_chain=inherit_chain, history=trans.get_history(), hda=hda, job=job, tool=tool, params_objects=params_objects, upgrade_messages=upgrade_messages, has_parameter_errors=has_parameter_errors ) + # TODO: we should provide the basic values along with the objects, in order to better handle reporting of old values during upgrade + return trans.fill_template( "show_params.mako", + inherit_chain=inherit_chain, + history=trans.get_history(), + hda=hda, + job=job, + tool=tool, + params_objects=params_objects, + upgrade_messages=upgrade_messages, + has_parameter_errors=has_parameter_errors ) @web.expose def copy_datasets( self, trans, source_history=None, source_content_ids="", target_history_id=None, target_history_ids="", new_history_name="", do_copy=False, **kwd ):
https://bitbucket.org/galaxy/galaxy-central/commits/84bf14a4e9de/
Changeset: 84bf14a4e9de Branch: next-stable User: dannon Date: 2014-12-04 18:10:37+00:00 Summary: Catch ValueError and actually log it instead of blowing up w/ invalid dataset_id. Raise httpexception. Affected #: 1 file diff -r 738a4cbb6ed3189a80202f4be53726542b516239 -r 84bf14a4e9de8bb7a27411933c28fdc237b75a52 lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -934,9 +934,12 @@ """ Show the parameters used for the job associated with an HDA """ - hda = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( trans.security.decode_id( dataset_id ) ) + try: + hda = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( trans.security.decode_id( dataset_id ) ) + except ValueError: + hda = None if not hda: - raise paste.httpexceptions.HTTPRequestRangeNotSatisfiable( "Invalid reference dataset id: %s." % str( dataset_id ) ) + raise paste.httpexceptions.HTTPRequestRangeNotSatisfiable( "Invalid reference dataset id: %s." % escape( str( dataset_id ) ) ) if not self._can_access_dataset( trans, hda ): return trans.show_error_message( "You are not allowed to access this dataset" ) @@ -967,8 +970,7 @@ except: params_objects = job.get_param_values( trans.app, ignore_errors=True ) # use different param_objects in the following line, since we want to display original values as much as possible - upgrade_messages = tool.check_and_update_param_values( job.get_param_values( trans.app, - ignore_errors=True ), + upgrade_messages = tool.check_and_update_param_values( job.get_param_values( trans.app, ignore_errors=True ), trans, update_values=False ) has_parameter_errors = True
https://bitbucket.org/galaxy/galaxy-central/commits/502ee96ed98d/
Changeset: 502ee96ed98d Branch: next-stable User: dannon Date: 2014-12-04 19:04:52+00:00 Summary: Cleanup of search functionality while hunting bugs. Affected #: 3 files diff -r 84bf14a4e9de8bb7a27411933c28fdc237b75a52 -r 502ee96ed98d74e31844dc601599fd4c10006090 lib/galaxy/webapps/galaxy/controllers/search.py --- a/lib/galaxy/webapps/galaxy/controllers/search.py +++ b/lib/galaxy/webapps/galaxy/controllers/search.py @@ -1,4 +1,3 @@ - """ Contains a basic search interface for Galaxy """ @@ -8,7 +7,8 @@ log = logging.getLogger( __name__ ) + class SearchController( BaseUIController ): @web.expose def index(self, trans): - return trans.fill_template( "search/index.mako") + return trans.fill_template( "search/index.mako" ) diff -r 84bf14a4e9de8bb7a27411933c28fdc237b75a52 -r 502ee96ed98d74e31844dc601599fd4c10006090 templates/search/index.mako --- a/templates/search/index.mako +++ b/templates/search/index.mako @@ -17,9 +17,9 @@ ${parent.stylesheets()} <style> .searchResult { - border-style:dashed; - border-width:1px; - margin: 5px; + border-style:dashed; + border-width:1px; + margin: 5px; } </style> @@ -30,17 +30,17 @@ <script type="text/javascript"> var search_format_output = function(doc) { - var div_class = "historyItem"; - var a = $("<div class='" + div_class + "'>") - a.append($("<div>").append(doc['model_class'])); - b = a.append( $("<div class='historyItemTitle'><a href='/file/" + doc['id'] + "'>" + doc['name'] + "</a></div>") ); - if ('misc_blurb' in doc) { - b.append( $("<div>").append(doc["misc_blurb"]) ); - } - if ('peek' in doc) { - b.append( $("<pre class='peek'>").append( doc["peek"]) ); - } - return a; + var div_class = "historyItem"; + var a = $("<div class='" + div_class + "'>") + a.append($("<div>").append(doc['model_class'])); + b = a.append( $("<div class='historyItemTitle'><a href='/file/" + doc['id'] + "'>" + doc['name'] + "</a></div>") ); + if ('misc_blurb' in doc) { + b.append( $("<div>").append(doc["misc_blurb"]) ); + } + if ('peek' in doc) { + b.append( $("<pre class='peek'>").append( doc["peek"]) ); + } + return a; } </script> diff -r 84bf14a4e9de8bb7a27411933c28fdc237b75a52 -r 502ee96ed98d74e31844dc601599fd4c10006090 templates/search/search.mako --- a/templates/search/search.mako +++ b/templates/search/search.mako @@ -2,7 +2,7 @@ <%def name="search_init()"> ${h.js( - 'libs/jquery/jquery', + 'libs/jquery/jquery', )} </%def> @@ -12,54 +12,54 @@ <script type="text/javascript"> function doSearch(query) { - if (query.length > 1) { - var url = "/api/search"; - $.ajax({ - type : 'POST', - url: url, - data: JSON.stringify({"query" : query }), - contentType : 'application/json', - dataType : 'json', - success : function(data) { - var p = $("#output"); - p.empty(); - for(var i in data) { - var e = ${output_format}(data[i]); - p.append(e); - } - } - }); - } + if (query.length > 1) { + var url = "/api/search"; + $.ajax({ + type : 'POST', + url: url, + data: JSON.stringify({"query" : query }), + contentType : 'application/json', + dataType : 'json', + success : function(data) { + var p = $("#output"); + p.empty(); + for(var i in data) { + var e = ${output_format}(data[i]); + p.append(e); + } + } + }); + } }; $(document).ready( function() { - $("#search_button").click(function() { - doSearch($("#search_text").val()); - }); - $('#search_text').keyup(function(e){ - if(e.keyCode == 13) { - doSearch($("#search_text").val()); - } - }); - doSearch($("#search_text").val()); + $("#search_button").click(function() { + doSearch($("#search_text").val()); + }); + $('#search_text').keyup(function(e){ + if(e.keyCode == 13) { + doSearch($("#search_text").val()); + } + }); + doSearch($("#search_text").val()); }); var queryURL = function (query) { - var url = "/api/search" + encodeURIComponent(query); - url = url + "&field=" + $("#searchFields").val(); - if ($("#fileType").val() != "All") { - url = url + "&type=" + $("#fileType").val() - } - return url; + var url = "/api/search" + encodeURIComponent(query); + url = url + "&field=" + $("#searchFields").val(); + if ($("#fileType").val() != "All") { + url = url + "&type=" + $("#fileType").val() + } + return url; } </script><div id="search_box" style="margin: 20px;"> - <input type="text" id="search_text" size="90"/> + <input type="text" id="search_text" size="90"/></div><div style="margin: 20px;"> - <input type="button" id="search_button" value="Search"/> + <input type="button" id="search_button" value="Search"/></div><div id="output"></div>
https://bitbucket.org/galaxy/galaxy-central/commits/02681fa23902/
Changeset: 02681fa23902 Branch: next-stable User: dannon Date: 2014-12-04 20:23:35+00:00 Summary: Fix search to work for at least datasets, hdas, etc. Affected #: 2 files diff -r 502ee96ed98d74e31844dc601599fd4c10006090 -r 02681fa23902d774892634cbbe5c9fbaf26f0846 templates/search/index.mako --- a/templates/search/index.mako +++ b/templates/search/index.mako @@ -1,52 +1,112 @@ - <%inherit file="/webapps/galaxy/base_panels.mako"/> -<%namespace file="/search/search.mako" import="search_init" /> -<%namespace file="/search/search.mako" import="search_dialog" /><%def name="init()"> -<% - self.has_left_panel=False - self.has_right_panel=False - self.message_box_visible=False - self.active_view="shared" - self.overlay_visible=False -%> + <% + self.has_left_panel=False + self.has_right_panel=False + self.message_box_visible=False + self.active_view="shared" + self.overlay_visible=False + %></%def><%def name="stylesheets()"> -${parent.stylesheets()} -<style> -.searchResult { - border-style:dashed; - border-width:1px; - margin: 5px; -} -</style> + ${parent.stylesheets()} + <style> + .searchResult { + border-style:dashed; + border-width:1px; + margin: 5px; + } + </style> +</%def> + + +<%def name="javascripts()"> + ${parent.javascripts()} + ${h.js( + "libs/jquery/jquery", + )} + <script type="text/javascript"> + + function search_format_output(doc) { + var div_class = "historyItem"; + var a = $("<div class='" + div_class + "'>") + a.append($("<div>").append(doc['model_class'])); + b = a.append( $("<div class='historyItemTitle'><a href='/file/" + doc['id'] + "'>" + doc['name'] + "</a></div>") ); + if ('misc_blurb' in doc) { + b.append( $("<div>").append(doc["misc_blurb"]) ); + } + if ('peek' in doc) { + b.append( $("<pre class='peek'>").append( doc["peek"]) ); + } + return a; + } + + function doSearch(query) { + if (query.length > 1) { + var url = "/api/search"; + $.ajax({ + type : 'POST', + url: url, + data: JSON.stringify({"query" : query }), + contentType : 'application/json', + dataType : 'json', + success : function(data) { + var p = $("#output"); + p.empty(); + _.each(data.results, function(doc){ + var div_class = "historyItem"; + var a = $("<div class='" + div_class + "'>") + a.append($("<div>").append(doc['model_class'])); + b = a.append( $("<div class='historyItemTitle'><a href='/file/" + doc['id'] + "'>" + doc['name'] + "</a></div>") ); + if ('misc_blurb' in doc) { + b.append( $("<div>").append(doc["misc_blurb"]) ); + } + if ('peek' in doc) { + b.append( $("<pre class='peek'>").append( doc["peek"]) ); + } + p.append(b); + }); + } + }); + } + }; + + + var queryURL = function (query) { + var url = "/api/search" + encodeURIComponent(query); + url = url + "&field=" + $("#searchFields").val(); + if ($("#fileType").val() != "All") { + url = url + "&type=" + $("#fileType").val() + } + return url; + } + + $(document).ready( function() { + $("#search_button").click(function() { + doSearch($("#search_text").val()); + }); + $('#search_text').keyup(function(e){ + if(e.keyCode == 13) { + doSearch($("#search_text").val()); + } + }); + doSearch($("#search_text").val()); + }); + </script></%def> + <%def name="center_panel()"> -${search_init()} -<script type="text/javascript"> -var search_format_output = function(doc) { - var div_class = "historyItem"; - var a = $("<div class='" + div_class + "'>") - a.append($("<div>").append(doc['model_class'])); - b = a.append( $("<div class='historyItemTitle'><a href='/file/" + doc['id'] + "'>" + doc['name'] + "</a></div>") ); - if ('misc_blurb' in doc) { - b.append( $("<div>").append(doc["misc_blurb"]) ); - } - if ('peek' in doc) { - b.append( $("<pre class='peek'>").append( doc["peek"]) ); - } - return a; -} + <div id="search_box" style="margin: 20px;"> + <input type="text" id="search_text" size="90"/> + </div> + <div style="margin: 20px;"> + <input type="button" id="search_button" value="Search"/> + </div> + <div id="output"></div> -</script> -<div style="overflow: auto; height: 100%"> -${search_dialog("search_format_output")} -</div></%def> - - diff -r 502ee96ed98d74e31844dc601599fd4c10006090 -r 02681fa23902d774892634cbbe5c9fbaf26f0846 templates/search/search.mako --- a/templates/search/search.mako +++ /dev/null @@ -1,68 +0,0 @@ - -<%def name="search_init()"> - - ${h.js( - 'libs/jquery/jquery', -)} - -</%def> - -<%def name="search_dialog(output_format)"> - -<script type="text/javascript"> - -function doSearch(query) { - if (query.length > 1) { - var url = "/api/search"; - $.ajax({ - type : 'POST', - url: url, - data: JSON.stringify({"query" : query }), - contentType : 'application/json', - dataType : 'json', - success : function(data) { - var p = $("#output"); - p.empty(); - for(var i in data) { - var e = ${output_format}(data[i]); - p.append(e); - } - } - }); - } -}; - -$(document).ready( function() { - $("#search_button").click(function() { - doSearch($("#search_text").val()); - }); - $('#search_text').keyup(function(e){ - if(e.keyCode == 13) { - doSearch($("#search_text").val()); - } - }); - doSearch($("#search_text").val()); -}); - -var queryURL = function (query) { - var url = "/api/search" + encodeURIComponent(query); - url = url + "&field=" + $("#searchFields").val(); - if ($("#fileType").val() != "All") { - url = url + "&type=" + $("#fileType").val() - } - return url; -} - -</script> - -<div id="search_box" style="margin: 20px;"> - <input type="text" id="search_text" size="90"/> -</div> -<div style="margin: 20px;"> - <input type="button" id="search_button" value="Search"/> -</div> - -<div id="output"></div> - - -</%def>
https://bitbucket.org/galaxy/galaxy-central/commits/ead3e859dda1/
Changeset: ead3e859dda1 Branch: next-stable User: dannon Date: 2014-12-04 20:27:19+00:00 Summary: Disable search interface for right now -- I made it not broken in the previous commit, but nobody should be using this yet. Affected #: 1 file diff -r 02681fa23902d774892634cbbe5c9fbaf26f0846 -r ead3e859dda102520ea706bb3a566723af33a90f lib/galaxy/webapps/galaxy/controllers/search.py --- a/lib/galaxy/webapps/galaxy/controllers/search.py +++ b/lib/galaxy/webapps/galaxy/controllers/search.py @@ -9,6 +9,11 @@ class SearchController( BaseUIController ): + @web.expose def index(self, trans): - return trans.fill_template( "search/index.mako" ) + """ + Not ready for human consumption, yet. Power users can still use the + search API. + """ + return trans.show_message("Sorry, the search interface isn't quite ready for use, yet.")
https://bitbucket.org/galaxy/galaxy-central/commits/a37ee286981b/
Changeset: a37ee286981b Branch: next-stable User: dannon Date: 2014-12-04 20:29:06+00:00 Summary: Tweak message and commentary for search controller. Affected #: 1 file diff -r ead3e859dda102520ea706bb3a566723af33a90f -r a37ee286981b363c0f8b644c3a40a7007648fffe lib/galaxy/webapps/galaxy/controllers/search.py --- a/lib/galaxy/webapps/galaxy/controllers/search.py +++ b/lib/galaxy/webapps/galaxy/controllers/search.py @@ -13,7 +13,7 @@ @web.expose def index(self, trans): """ - Not ready for human consumption, yet. Power users can still use the - search API. + Per the message, this is not ready for human consumption, yet. Power + users can still use the search API. """ - return trans.show_message("Sorry, the search interface isn't quite ready for use, yet.") + return trans.show_message("Sorry, the search interface isn't quite ready for use, yet. Watch the release notes and check back later!")
https://bitbucket.org/galaxy/galaxy-central/commits/b51526d2f9b4/
Changeset: b51526d2f9b4 Branch: next-stable User: dannon Date: 2014-12-04 20:40:51+00:00 Summary: Merge. Affected #: 3 files diff -r a37ee286981b363c0f8b644c3a40a7007648fffe -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 client/galaxy/scripts/mvc/tools/tools-tree.js --- a/client/galaxy/scripts/mvc/tools/tools-tree.js +++ b/client/galaxy/scripts/mvc/tools/tools-tree.js @@ -125,6 +125,9 @@ // handle default value if (!field.skip) { + if (input.optional && field.validate && !field.validate()) { + value = 'None'; + } add (job_input_id, input.id, value); } } diff -r a37ee286981b363c0f8b644c3a40a7007648fffe -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 static/scripts/mvc/tools/tools-tree.js --- a/static/scripts/mvc/tools/tools-tree.js +++ b/static/scripts/mvc/tools/tools-tree.js @@ -125,6 +125,9 @@ // handle default value if (!field.skip) { + if (input.optional && field.validate && !field.validate()) { + value = 'None'; + } add (job_input_id, input.id, value); } } diff -r a37ee286981b363c0f8b644c3a40a7007648fffe -r b51526d2f9b42a0bc64b55584e435ceebe7ceb31 static/scripts/packed/mvc/tools/tools-tree.js --- a/static/scripts/packed/mvc/tools/tools-tree.js +++ b/static/scripts/packed/mvc/tools/tools-tree.js @@ -1,1 +1,1 @@ -define([],function(){return Backbone.Model.extend({initialize:function(a){this.app=a},refresh:function(){this.dict={};this.xml=$("<div/>");if(!this.app.section){return{}}this._iterate(this.app.section.$el,this.dict,this.xml)},finalize:function(d){d=d||{};var a=this;this.job_def={};this.job_ids={};function c(g,f,e){a.job_def[g]=e;a.job_ids[g]=f}function b(l,o){for(var j in o){var g=o[j];if(g.input){var q=g.input;var k=l;if(l!=""){k+="|"}k+=q.name;switch(q.type){case"repeat":var f="section-";var t=[];var n=null;for(var s in g){var m=s.indexOf(f);if(m!=-1){m+=f.length;t.push(parseInt(s.substr(m)));if(!n){n=s.substr(0,m)}}}t.sort(function(u,i){return u-i});var j=0;for(var h in t){b(k+"_"+j++,g[n+t[h]])}break;case"conditional":var r=a.app.field_list[q.id].value();if(d[q.test_param.type]){r=d[q.test_param.type](r)}c(k+"|"+q.test_param.name,q.id,r);var e=a.matchCase(q,r);if(e!=-1){b(k,o[q.id+"-section-"+e])}break;default:var p=a.app.field_list[q.id];var r=p.value();if(d[q.type]){r=d[q.type](r)}if(!p.skip){c(k,q.id,r)}}}}}b("",this.dict);return this.job_def},match:function(a){return this.job_ids&&this.job_ids[a]},matchCase:function(a,c){if(a.test_param.type=="boolean"){if(c=="true"){c=a.test_param.truevalue||"true"}else{c=a.test_param.falsevalue||"false"}}for(var b in a.cases){if(a.cases[b].value==c){return b}}return -1},matchModel:function(c,e){var a={};var b=this;function d(f,o){for(var l in o){var h=o[l];var m=h.name;if(f!=""){m=f+"|"+m}switch(h.type){case"repeat":for(var k in h.cache){d(m+"_"+k,h.cache[k])}break;case"conditional":var p=h.test_param&&h.test_param.value;var g=b.matchCase(h,p);if(g!=-1){d(m,h.cases[g].inputs)}break;default:var n=b.app.tree.job_ids[m];if(n){e(n,h)}}}}d("",c.inputs);return a},matchResponse:function(c){var a={};var b=this;function d(k,h){if(typeof h==="string"){var f=b.app.tree.job_ids[k];if(f){a[f]=h}}else{for(var g in h){var e=g;if(k!==""){var j="|";if(h instanceof Array){j="_"}e=k+j+e}d(e,h[g])}}}d("",c);return a},references:function(c,e){var g=[];var b=this;function d(h,j){var i=$(j).children();var l=[];var k=false;i.each(function(){var o=this;var n=$(o).attr("id");if(n!==c){var m=b.app.input_list[n];if(m){if(m.name==h){k=true;return false}if(m.data_ref==h&&m.type==e){l.push(n)}}}});if(!k){g=g.concat(l);i.each(function(){d(h,this)})}}var f=this.xml.find("#"+c);if(f.length>0){var a=this.app.input_list[c];if(a){d(a.name,f.parent())}}return g},_iterate:function(d,e,b){var a=this;var c=$(d).children();c.each(function(){var i=this;var h=$(i).attr("id");if($(i).hasClass("section-row")){e[h]={};var f=a.app.input_list[h];if(f){e[h]={input:f}}var g=$('<div id="'+h+'"/>');b.append(g);a._iterate(i,e[h],g)}else{a._iterate(i,e,b)}})}})}); \ No newline at end of file +define([],function(){return Backbone.Model.extend({initialize:function(a){this.app=a},refresh:function(){this.dict={};this.xml=$("<div/>");if(!this.app.section){return{}}this._iterate(this.app.section.$el,this.dict,this.xml)},finalize:function(d){d=d||{};var a=this;this.job_def={};this.job_ids={};function c(g,f,e){a.job_def[g]=e;a.job_ids[g]=f}function b(l,o){for(var j in o){var g=o[j];if(g.input){var q=g.input;var k=l;if(l!=""){k+="|"}k+=q.name;switch(q.type){case"repeat":var f="section-";var t=[];var n=null;for(var s in g){var m=s.indexOf(f);if(m!=-1){m+=f.length;t.push(parseInt(s.substr(m)));if(!n){n=s.substr(0,m)}}}t.sort(function(u,i){return u-i});var j=0;for(var h in t){b(k+"_"+j++,g[n+t[h]])}break;case"conditional":var r=a.app.field_list[q.id].value();if(d[q.test_param.type]){r=d[q.test_param.type](r)}c(k+"|"+q.test_param.name,q.id,r);var e=a.matchCase(q,r);if(e!=-1){b(k,o[q.id+"-section-"+e])}break;default:var p=a.app.field_list[q.id];var r=p.value();if(d[q.type]){r=d[q.type](r)}if(!p.skip){if(q.optional&&p.validate&&!p.validate()){r="None"}c(k,q.id,r)}}}}}b("",this.dict);return this.job_def},match:function(a){return this.job_ids&&this.job_ids[a]},matchCase:function(a,c){if(a.test_param.type=="boolean"){if(c=="true"){c=a.test_param.truevalue||"true"}else{c=a.test_param.falsevalue||"false"}}for(var b in a.cases){if(a.cases[b].value==c){return b}}return -1},matchModel:function(c,e){var a={};var b=this;function d(f,o){for(var l in o){var h=o[l];var m=h.name;if(f!=""){m=f+"|"+m}switch(h.type){case"repeat":for(var k in h.cache){d(m+"_"+k,h.cache[k])}break;case"conditional":var p=h.test_param&&h.test_param.value;var g=b.matchCase(h,p);if(g!=-1){d(m,h.cases[g].inputs)}break;default:var n=b.app.tree.job_ids[m];if(n){e(n,h)}}}}d("",c.inputs);return a},matchResponse:function(c){var a={};var b=this;function d(k,h){if(typeof h==="string"){var f=b.app.tree.job_ids[k];if(f){a[f]=h}}else{for(var g in h){var e=g;if(k!==""){var j="|";if(h instanceof Array){j="_"}e=k+j+e}d(e,h[g])}}}d("",c);return a},references:function(c,e){var g=[];var b=this;function d(h,j){var i=$(j).children();var l=[];var k=false;i.each(function(){var o=this;var n=$(o).attr("id");if(n!==c){var m=b.app.input_list[n];if(m){if(m.name==h){k=true;return false}if(m.data_ref==h&&m.type==e){l.push(n)}}}});if(!k){g=g.concat(l);i.each(function(){d(h,this)})}}var f=this.xml.find("#"+c);if(f.length>0){var a=this.app.input_list[c];if(a){d(a.name,f.parent())}}return g},_iterate:function(d,e,b){var a=this;var c=$(d).children();c.each(function(){var i=this;var h=$(i).attr("id");if($(i).hasClass("section-row")){e[h]={};var f=a.app.input_list[h];if(f){e[h]={input:f}}var g=$('<div id="'+h+'"/>');b.append(g);a._iterate(i,e[h],g)}else{a._iterate(i,e,b)}})}})}); \ No newline at end of file Repository URL:
https://bitbucket.org/galaxy/galaxy-central/
-- This is a commit notification from
bitbucket.org
. You are receiving this because you have the service enabled, addressing the recipient of this email.
1
0
0
0
← Newer
1
...
16
17
18
19
20
21
22
...
25
Older →
Jump to page:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Results per page:
10
25
50
100
200