December 2014 - galaxy-commits - lists.galaxyproject.org

commit/galaxy-central: 4 new changesets
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

4 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/b0d60614d255/ Changeset: b0d60614d255 Branch: stable User: natefoo Date: 2014-12-02 15:42:44+00:00 Summary: Prevent XSS in various user-related templates (OpenID, password reset, manage user, user addresses, admin management of user API keys). Also fix places where the redirect URL used by OpenID methods could point to a site external to Galaxy. Affected #: 7 files diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -28,7 +28,7 @@ from galaxy.web.base.controller import CreatesApiKeysMixin from galaxy.web.form_builder import CheckboxField from galaxy.web.form_builder import build_select_field -from galaxy.web.framework.helpers import time_ago, grids +from galaxy.web.framework.helpers import time_ago, grids, escape from datetime import datetime, timedelta from galaxy.util import hash_util, biostar @@ -164,7 +164,7 @@ user_openid.provider = openid_provider if trans.user: if user_openid.user and user_openid.user.id != trans.user.id: - message = "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( display_identifier, user_openid.user.email ) + message = escape( "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( display_identifier, user_openid.user.email ) ) if not trans.user.active and trans.app.config.user_activation_on: # Account activation is ON and the user is INACTIVE. if ( trans.app.config.activation_grace_period != 0 ): # grace period is ON if self.is_outside_grace_period( trans, trans.user.create_time ): # User is outside the grace period. Login is disabled and he will have the activation email resent. @@ -179,23 +179,23 @@ user_openid.session = trans.galaxy_session if not openid_provider_obj.never_associate_with_user: if not auto_associate and ( user_openid.user and user_openid.user.id == trans.user.id ): - message = "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) + message = escape( "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) ) status = "warning" else: - message = "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) + message = escape( "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) ) status = "done" user_openid.user = trans.user trans.sa_session.add( user_openid ) trans.sa_session.flush() trans.log_event( "User associated OpenID: %s" % display_identifier ) else: - message = "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % ( openid_provider_obj.name ) + message = escape( "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % ( openid_provider_obj.name ) ) status = "info" openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if redirect: - message = '%s<br>Click <a href="%s"><strong>here</strong></a> to return to the page you were previously viewing.' % ( message, redirect ) + message = '%s<br>Click <a href="%s"><strong>here</strong></a> to return to the page you were previously viewing.' % ( message, escape( self.__get_redirect_url( redirect ) ) ) if redirect and status != "error": - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=True, @@ -208,6 +208,7 @@ openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if not redirect: redirect = url_for( '/' ) + redirect = self.__get_redirect_url( redirect ) return trans.response.send_redirect( redirect ) trans.sa_session.add( user_openid ) trans.sa_session.flush() @@ -449,13 +450,7 @@ @web.expose def login( self, trans, refresh_frames=[], **kwd ): '''Handle Galaxy Log in''' - redirect = kwd.get( 'redirect', trans.request.referer ).strip() - root_url = url_for( '/', qualified=True ) - redirect_url = '' # always start with redirect_url being empty - # compare urls, to prevent a redirect from pointing (directly) outside of galaxy - # or to enter a logout/login loop - if not util.compare_urls( root_url, redirect, compare_path=False ) or util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): - redirect = root_url + redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) message = kwd.get( 'message', '' ) status = kwd.get( 'status', 'done' ) @@ -908,7 +903,7 @@ username = util.restore_text( params.get( 'username', '' ) ) if not username: username = user.username - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) if trans.webapp.name == 'galaxy': user_type_form_definition = self.__get_user_type_form_definition( trans, user=user, **kwd ) @@ -1096,7 +1091,7 @@ if trans.app.config.smtp_server is None: return trans.show_error_message( "Mail is not configured for this Galaxy instance. Please contact your local Galaxy administrator." ) message = util.sanitize_text(util.restore_text( kwd.get( 'message', '' ) )) - status = 'done' + status = kwd.get( 'status', 'done' ) if kwd.get( 'reset_password_button', False ): reset_user = trans.sa_session.query( trans.app.model.User ).filter( trans.app.model.User.table.c.email == email ).first() user = trans.get_user() @@ -1123,7 +1118,7 @@ trans.sa_session.add( reset_user ) trans.sa_session.flush() trans.log_event( "User reset password: %s" % email ) - message = "Password has been reset and emailed to: %s. <a href='%s'>Click here</a> to return to the login form." % ( email, web.url_for( controller='user', action='login' ) ) + message = "Password has been reset and emailed to: %s. <a href='%s'>Click here</a> to return to the login form." % ( escape( email ), web.url_for( controller='user', action='login' ) ) except Exception, e: message = 'Failed to reset password: %s' % str( e ) status = 'error' @@ -1439,7 +1434,7 @@ @web.expose def edit_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() user_id = params.get( 'user_id', False ) @@ -1709,7 +1704,7 @@ @web.require_login() def api_keys( self, trans, cntrller, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) if params.get( 'new_api_key_button', False ): self.create_api_key( trans, trans.user ) @@ -1721,6 +1716,18 @@ message=message, status=status ) + def __get_redirect_url( self, redirect ): + root_url = url_for( '/', qualified=True ) + redirect_url = '' # always start with redirect_url being empty + # compare urls, to prevent a redirect from pointing (directly) outside of galaxy + # or to enter a logout/login loop + if not util.compare_urls( root_url, redirect, compare_path=False ) or util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): + log.warning('Redirect URL is outside of Galaxy, will redirect to Galaxy root instead: %s', redirect) + redirect = root_url + elif util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): + redirect = root_url + return redirect + # ===== Methods for building SelectFields ================================ def __build_user_type_fd_id_select_field( self, trans, selected_value ): # Get all the user information forms diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 lib/galaxy/webapps/galaxy/controllers/userskeys.py --- a/lib/galaxy/webapps/galaxy/controllers/userskeys.py +++ b/lib/galaxy/webapps/galaxy/controllers/userskeys.py @@ -3,12 +3,11 @@ """ import logging -import pprint from galaxy import web from galaxy import util, model from galaxy.web.base.controller import BaseUIController, UsesFormDefinitionsMixin -from galaxy.web.framework.helpers import time_ago, grids +from galaxy.web.framework.helpers import time_ago, grids, escape from inspect import getmembers @@ -21,65 +20,46 @@ <p/> """ -class UserOpenIDGrid( grids.Grid ): - use_panels = False - title = "OpenIDs linked to your account" - model_class = model.UserOpenID - template = '/user/openid_manage.mako' - default_filter = { "openid" : "All" } - default_sort_key = "-create_time" - columns = [ - grids.TextColumn( "OpenID URL", key="openid", link=( lambda x: dict( action='openid_auth', login_button="Login", openid_url=x.openid if not x.provider else '', openid_provider=x.provider, auto_associate=True ) ) ), - grids.GridColumn( "Created", key="create_time", format=time_ago ), - ] - operations = [ - grids.GridOperation( "Delete", async_compatible=True ), - ] - def build_initial_query( self, trans, **kwd ): - return trans.sa_session.query( self.model_class ).filter( self.model_class.user_id == trans.user.id ) +# FIXME: This controller is using unencoded IDs, but I am not going to address +# this now since it is admin-side and should be reimplemented in the API +# anyway. + class User( BaseUIController, UsesFormDefinitionsMixin ): - user_openid_grid = UserOpenIDGrid() - installed_len_files = None - - @web.expose @web.require_login() @web.require_admin def index( self, trans, cntrller, **kwd ): return trans.fill_template( 'webapps/galaxy/user/list_users.mako', action='all_users', cntrller=cntrller ) - - @web.expose @web.require_login() @web.require_admin def admin_api_keys( self, trans, cntrller, uid, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) uid = params.get('uid', uid) - pprint.pprint(uid) if params.get( 'new_api_key_button', False ): new_key = trans.app.model.APIKeys() new_key.user_id = uid new_key.key = trans.app.security.get_new_guid() trans.sa_session.add( new_key ) trans.sa_session.flush() - message = "Generated a new web API key" + message = "A new web API key has been generated for (%s)" % escape( new_key.user.email ) status = "done" - return trans.fill_template( 'webapps/galaxy/user/ok_admin_api_keys.mako', - cntrller=cntrller, - message=message, - status=status ) - - + return trans.response.send_redirect( web.url_for( controller='userskeys', + action='all_users', + cntrller=cntrller, + message=message, + status=status ) ) + @web.expose @web.require_login() @web.require_admin def all_users( self, trans, cntrller="userskeys", **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) users = [] for user in trans.sa_session.query( trans.app.model.User ) \ diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 templates/user/edit_address.mako --- a/templates/user/edit_address.mako +++ b/templates/user/edit_address.mako @@ -20,7 +20,7 @@ <div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="short_desc" value="${address_obj.desc}" size="40"> + <input type="text" name="short_desc" value="${address_obj.desc | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -28,7 +28,7 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${address_obj.name}" size="40"> + <input type="text" name="name" value="${address_obj.name | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -36,7 +36,7 @@ <div class="form-row"><label>Institution:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="institution" value="${address_obj.institution}" size="40"> + <input type="text" name="institution" value="${address_obj.institution | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -44,7 +44,7 @@ <div class="form-row"><label>Address:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="address" value="${address_obj.address}" size="40"> + <input type="text" name="address" value="${address_obj.address | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -52,7 +52,7 @@ <div class="form-row"><label>City:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="city" value="${address_obj.city}" size="40"> + <input type="text" name="city" value="${address_obj.city | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -60,7 +60,7 @@ <div class="form-row"><label>State/Province/Region:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="state" value="${address_obj.state}" size="40"> + <input type="text" name="state" value="${address_obj.state | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -68,7 +68,7 @@ <div class="form-row"><label>Postal Code:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="postal_code" value="${address_obj.postal_code}" size="40"> + <input type="text" name="postal_code" value="${address_obj.postal_code | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -76,7 +76,7 @@ <div class="form-row"><label>Country:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="country" value="${address_obj.country}" size="40"> + <input type="text" name="country" value="${address_obj.country | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -84,7 +84,7 @@ <div class="form-row"><label>Phone:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="phone" value="${address_obj.phone}" size="40"> + <input type="text" name="phone" value="${address_obj.phone | h}" size="40"></div><div style="clear: both"></div></div> diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 templates/user/index.mako --- a/templates/user/index.mako +++ b/templates/user/index.mako @@ -1,9 +1,4 @@ <%inherit file="/base.mako"/> -<%namespace file="/message.mako" import="render_msg" /> - -%if message: - ${render_msg( message, status )} -%endif %if trans.user: <h2>${_('User preferences')}</h2> diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 templates/user/info.mako --- a/templates/user/info.mako +++ b/templates/user/info.mako @@ -16,19 +16,19 @@ <div class="toolFormTitle">Login Information</div><div class="form-row"><label>Email address:</label> - <input type="text" name="email" value="${email}" size="40"/> + <input type="text" name="email" value="${email | h}" size="40"/></div><div class="form-row"><label>Public name:</label> %if t.webapp.name == 'tool_shed': %if user.active_repositories: - <input type="hidden" name="username" value="${username}"/> - ${username} + <input type="hidden" name="username" value="${username | h}"/> + ${username | h} <div class="toolParamHelp" style="clear: both;"> You cannot change your public name after you have created a repository in this tool shed. </div> %else: - <input type="text" name="username" size="40" value="${username}"/> + <input type="text" name="username" size="40" value="${username | h}"/><div class="toolParamHelp" style="clear: both;"> Your public name provides a means of identifying you publicly within this tool shed. Public names must be at least four characters in length and contain only lower-case letters, numbers, @@ -37,7 +37,7 @@ </div> %endif %else: - <input type="text" name="username" size="40" value="${username}"/> + <input type="text" name="username" size="40" value="${username | h}"/><div class="toolParamHelp" style="clear: both;"> Your public name is an optional identifier that will be used to generate addresses for information you share publicly. Public names must be at least four characters in length and contain only lower-case diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 templates/webapps/galaxy/user/list_users.mako --- a/templates/webapps/galaxy/user/list_users.mako +++ b/templates/webapps/galaxy/user/list_users.mako @@ -1,4 +1,5 @@ <%inherit file="/base.mako"/> +<%namespace file="/message.mako" import="render_msg" /> %if message: ${render_msg( message, status )} diff -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 -r b0d60614d255354f0be66a0ae2434165f5406cb8 templates/webapps/galaxy/user/ok_admin_api_keys.mako --- a/templates/webapps/galaxy/user/ok_admin_api_keys.mako +++ /dev/null @@ -1,28 +0,0 @@ -<%inherit file="/base.mako"/> -<%namespace file="/message.mako" import="render_msg" /> - -<br/><br/> -<ul class="manage-table-actions"> - <li> - <a class="action-button" href="${h.url_for( controller='userskeys', action='all_users', cntrller=cntrller )}">List users API keys</a> - </li> -</ul> - -%if message: - ${render_msg( message, status )} -%endif - - <div> - <div style="clear: both;"> - SUCCESS. A new API key has been generated. - </div> - - - <div style="clear: both;"> - An API key will allow you to access Galaxy via its web - API (documentation forthcoming). Please note that - <strong>this key acts as an alternate means to access - your account, and should be treated with the same care - as your login password</strong>. - </div> - </div> https://bitbucket.org/galaxy/galaxy-central/commits/eb0a5dcc9d63/ Changeset: eb0a5dcc9d63 Branch: stable User: natefoo Date: 2014-12-02 17:06:24+00:00 Summary: Fix various bugs and security (XSS and other) issues with user address handling. Affected #: 4 files diff -r b0d60614d255354f0be66a0ae2434165f5406cb8 -r eb0a5dcc9d633fa8122cca5525a6beb1d9940e62 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -451,6 +451,7 @@ def login( self, trans, refresh_frames=[], **kwd ): '''Handle Galaxy Log in''' redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) + redirect_url = '' # always start with redirect_url being empty use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) message = kwd.get( 'message', '' ) status = kwd.get( 'status', 'done' ) @@ -1346,17 +1347,20 @@ # User not logged in, history group must be only public return trans.show_error_message( "You must be logged in to change your default permitted actions." ) + @web.require_login( "to add addresses" ) @web.expose def new_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to create a new address." ) - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + user_id = params.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to add a new address to." ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user short_desc = util.restore_text( params.get( 'short_desc', '' ) ) name = util.restore_text( params.get( 'name', '' ) ) institution = util.restore_text( params.get( 'institution', '' ) ) @@ -1407,10 +1411,10 @@ phone=phone ) trans.sa_session.add( user_address ) trans.sa_session.flush() - message = 'Address (%s) has been added' % user_address.desc + message = 'Address (%s) has been added' % escape( user_address.desc ) new_kwd = dict( message=message, status=status ) if is_admin: - new_kwd[ 'user_id' ] = trans.security.encode_id( user.id ) + new_kwd[ 'id' ] = trans.security.encode_id( user.id ) return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, @@ -1428,24 +1432,29 @@ postal_code=postal_code, country=country, phone=phone, - message=message, + message=escape(message), status=status ) + @web.require_login( "to edit addresses" ) @web.expose def edit_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) - message = escape( util.restore_text( params.get( 'message', '' ) ) ) + message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to create a new address." ) - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + user_id = params.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to add a new address to." ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user address_id = params.get( 'address_id', None ) if not address_id: - return trans.show_error_message( "No address id received for editing." ) + return trans.show_error_message( "Invalid address id." ) address_obj = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) + if address_obj.user_id != user.id: + return trans.show_error_message( "Invalid address id." ) if params.get( 'edit_address_button', False ): short_desc = util.restore_text( params.get( 'short_desc', '' ) ) name = util.restore_text( params.get( 'name', '' ) ) @@ -1493,10 +1502,10 @@ address_obj.phone = phone trans.sa_session.add( address_obj ) trans.sa_session.flush() - message = 'Address (%s) has been updated.' % address_obj.desc + message = 'Address (%s) has been updated.' % escape( address_obj.desc ) new_kwd = dict( message=message, status=status ) if is_admin: - new_kwd[ 'user_id' ] = trans.security.encode_id( user.id ) + new_kwd[ 'id' ] = trans.security.encode_id( user.id ) return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, @@ -1506,45 +1515,44 @@ cntrller=cntrller, user=user, address_obj=address_obj, - message=message, + message=escape( message ), status=status ) + @web.require_login( "to delete addresses" ) @web.expose - def delete_address( self, trans, cntrller, address_id=None, user_id=None ): + def delete_address( self, trans, cntrller, address_id=None, **kwd ): + return self.__delete_undelete_address( trans, cntrller, 'delete', address_id=address_id, **kwd ) + + @web.require_login( "to undelete addresses" ) + @web.expose + def undelete_address( self, trans, cntrller, address_id=None, **kwd ): + return self.__delete_undelete_address( trans, cntrller, 'undelete', address_id=address_id, **kwd ) + + def __delete_undelete_address( self, trans, cntrller, op, address_id=None, **kwd ): + is_admin = cntrller == 'admin' and trans.user_is_admin() + user_id = kwd.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to %s an address from." % op ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user try: user_address = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) except: - message = 'Invalid address is (%s)' % address_id - status = 'error' + return trans.show_error_message( "Invalid address id." ) if user_address: - user_address.deleted = True + if user_address.user_id != user.id: + return trans.show_error_message( "Invalid address id." ) + user_address.deleted = True if op == 'delete' else False trans.sa_session.add( user_address ) trans.sa_session.flush() - message = 'Address (%s) deleted' % user_address.desc + message = 'Address (%s) %sd' % ( escape( user_address.desc ), op ) status = 'done' return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, - user_id=user_id, - message=message, - status=status ) ) - - @web.expose - def undelete_address( self, trans, cntrller, address_id=None, user_id=None ): - try: - user_address = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) - except: - message = 'Invalid address is (%s)' % address_id - status = 'error' - if user_address: - user_address.deleted = False - trans.sa_session.flush() - message = 'Address (%s) undeleted' % user_address.desc - status = 'done' - return trans.response.send_redirect( web.url_for( controller='user', - action='manage_user_info', - cntrller=cntrller, - user_id=user_id, + id=trans.security.encode_id( user.id ), message=message, status=status ) ) diff -r b0d60614d255354f0be66a0ae2434165f5406cb8 -r eb0a5dcc9d633fa8122cca5525a6beb1d9940e62 templates/user/edit_address.mako --- a/templates/user/edit_address.mako +++ b/templates/user/edit_address.mako @@ -10,13 +10,13 @@ <ul class="manage-table-actions"><li> - <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, user_id=trans.security.encode_id( user.id) )}">Manage user information</a> + <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, id=trans.security.encode_id( user.id) )}">Manage user information</a></li></ul><div class="toolForm"><div class="toolFormTitle">Edit address</div><div class="toolFormBody"> - <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address_obj.id ), user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address_obj.id ), id=trans.security.encode_id( user.id ) )}" method="post" ><div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> diff -r b0d60614d255354f0be66a0ae2434165f5406cb8 -r eb0a5dcc9d633fa8122cca5525a6beb1d9940e62 templates/user/new_address.mako --- a/templates/user/new_address.mako +++ b/templates/user/new_address.mako @@ -10,14 +10,14 @@ <ul class="manage-table-actions"><li> - <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, user_id=trans.security.encode_id( user.id) )}"> + <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, id=trans.security.encode_id( user.id) )}"><span>Manage User Information</span></a></li></ul><div class="toolForm"><div class="toolFormTitle">Add new address</div><div class="toolFormBody"> - <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, id=trans.security.encode_id( user.id ) )}" method="post" ><div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> diff -r b0d60614d255354f0be66a0ae2434165f5406cb8 -r eb0a5dcc9d633fa8122cca5525a6beb1d9940e62 templates/webapps/galaxy/user/manage_info.mako --- a/templates/webapps/galaxy/user/manage_info.mako +++ b/templates/webapps/galaxy/user/manage_info.mako @@ -42,7 +42,7 @@ <p/><div class="toolForm"> - <form name="user_addresses" id="user_addresses" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="user_addresses" id="user_addresses" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, id=trans.security.encode_id( user.id ) )}" method="post" ><div class="toolFormTitle">User Addresses</div><div class="toolFormBody"> %if user.addresses: @@ -53,9 +53,9 @@ <span>|</span> %endif %if show_filter == filter: - <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, user_id=trans.security.encode_id( user.id ) )}"><b>${filter}</b></a></span> + <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, id=trans.security.encode_id( user.id ) )}"><b>${filter}</b></a></span> %else: - <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, user_id=trans.security.encode_id( user.id ) )}">${filter}</a></span> + <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, id=trans.security.encode_id( user.id ) )}">${filter}</a></span> %endif %endfor </div> @@ -73,10 +73,10 @@ <ul class="manage-table-actions"><li> %if not address.deleted: - <a class="action-button" href="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Edit</a> - <a class="action-button" href="${h.url_for( controller='user', action='delete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Delete</a> + <a class="action-button" href="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Edit</a> + <a class="action-button" href="${h.url_for( controller='user', action='delete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Delete</a> %else: - <a class="action-button" href="${h.url_for( controller='user', action='undelete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Undelete</a> + <a class="action-button" href="${h.url_for( controller='user', action='undelete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Undelete</a> %endif </li></ul> https://bitbucket.org/galaxy/galaxy-central/commits/c4276377c37e/ Changeset: c4276377c37e Branch: stable User: natefoo Date: 2014-12-02 17:17:42+00:00 Summary: Escape input values in new user address form. Affected #: 1 file diff -r eb0a5dcc9d633fa8122cca5525a6beb1d9940e62 -r c4276377c37e6ecd1f7b8de39336bde35d302450 templates/user/new_address.mako --- a/templates/user/new_address.mako +++ b/templates/user/new_address.mako @@ -21,7 +21,7 @@ <div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="short_desc" value="${short_desc}" size="40"> + <input type="text" name="short_desc" value="${short_desc | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -29,7 +29,7 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${name}" size="40"> + <input type="text" name="name" value="${name | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -37,7 +37,7 @@ <div class="form-row"><label>Institution:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="institution" value="${institution}" size="40"> + <input type="text" name="institution" value="${institution | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -45,7 +45,7 @@ <div class="form-row"><label>Address:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="address" value="${address}" size="40"> + <input type="text" name="address" value="${address | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -53,7 +53,7 @@ <div class="form-row"><label>City:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="city" value="${city}" size="40"> + <input type="text" name="city" value="${city | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -61,7 +61,7 @@ <div class="form-row"><label>State/Province/Region:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="state" value="${state}" size="40"> + <input type="text" name="state" value="${state | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -69,7 +69,7 @@ <div class="form-row"><label>Postal Code:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="postal_code" value="${postal_code}" size="40"> + <input type="text" name="postal_code" value="${postal_code | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -77,7 +77,7 @@ <div class="form-row"><label>Country:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="country" value="${country}" size="40"> + <input type="text" name="country" value="${country | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -85,7 +85,7 @@ <div class="form-row"><label>Phone:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="phone" value="${phone}" size="40"> + <input type="text" name="phone" value="${phone | h}" size="40"></div><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/commits/546ff6ef27b4/ Changeset: 546ff6ef27b4 Branch: stable User: natefoo Date: 2014-12-02 18:50:32+00:00 Summary: Don't escape full strings containing desired html. Affected #: 1 file diff -r c4276377c37e6ecd1f7b8de39336bde35d302450 -r 546ff6ef27b4b83e26ae228c292fd981173ac550 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -164,7 +164,7 @@ user_openid.provider = openid_provider if trans.user: if user_openid.user and user_openid.user.id != trans.user.id: - message = escape( "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( display_identifier, user_openid.user.email ) ) + message = "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( escape( display_identifier ), escape( user_openid.user.email ) ) if not trans.user.active and trans.app.config.user_activation_on: # Account activation is ON and the user is INACTIVE. if ( trans.app.config.activation_grace_period != 0 ): # grace period is ON if self.is_outside_grace_period( trans, trans.user.create_time ): # User is outside the grace period. Login is disabled and he will have the activation email resent. @@ -179,17 +179,17 @@ user_openid.session = trans.galaxy_session if not openid_provider_obj.never_associate_with_user: if not auto_associate and ( user_openid.user and user_openid.user.id == trans.user.id ): - message = escape( "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) ) + message = "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( escape( display_identifier ), escape( trans.user.email ) ) status = "warning" else: - message = escape( "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) ) + message = "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( escape( display_identifier ), escape( trans.user.email ) ) status = "done" user_openid.user = trans.user trans.sa_session.add( user_openid ) trans.sa_session.flush() trans.log_event( "User associated OpenID: %s" % display_identifier ) else: - message = escape( "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % ( openid_provider_obj.name ) ) + message = "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % escape( openid_provider_obj.name ) status = "info" openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if redirect: Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: dan: Specify the third argument for HdaImplicitMatch.
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/f7e9759b27a0/ Changeset: f7e9759b27a0 User: dan Date: 2014-12-03 17:18:38+00:00 Summary: Specify the third argument for HdaImplicitMatch. Affected #: 1 file diff -r 0273de7467e0f42a56ffa018c5fb9a53a6396e76 -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 lib/galaxy/tools/parameters/dataset_matcher.py --- a/lib/galaxy/tools/parameters/dataset_matcher.py +++ b/lib/galaxy/tools/parameters/dataset_matcher.py @@ -53,11 +53,12 @@ return False target_ext, converted_dataset = hda.find_conversion_destination( formats ) if target_ext: + original_hda = hda if converted_dataset: hda = converted_dataset if check_security and not self.__can_access_dataset( hda.dataset ): return False - rval = HdaImplicitMatch( hda, target_ext ) + rval = HdaImplicitMatch( hda, target_ext, original_hda ) else: return False if self.filter( hda ): Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: dan: Specify the third argument for HdaImplicitMatch.
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/3808622909a6/ Changeset: 3808622909a6 Branch: next-stable User: dan Date: 2014-12-03 17:17:25+00:00 Summary: Specify the third argument for HdaImplicitMatch. Affected #: 1 file diff -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 -r 3808622909a6bb561c46d2ff5a5675f1da589c8b lib/galaxy/tools/parameters/dataset_matcher.py --- a/lib/galaxy/tools/parameters/dataset_matcher.py +++ b/lib/galaxy/tools/parameters/dataset_matcher.py @@ -53,11 +53,12 @@ return False target_ext, converted_dataset = hda.find_conversion_destination( formats ) if target_ext: + original_hda = hda if converted_dataset: hda = converted_dataset if check_security and not self.__can_access_dataset( hda.dataset ): return False - rval = HdaImplicitMatch( hda, target_ext ) + rval = HdaImplicitMatch( hda, target_ext, original_hda ) else: return False if self.filter( hda ): Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: martenson: Merged in martenson/galaxy-central-marten/mako_escape_requests (pull request #579)
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/172f91ec31ef/ Changeset: 172f91ec31ef Branch: next-stable User: martenson Date: 2014-12-03 17:01:23+00:00 Summary: Merged in martenson/galaxy-central-marten/mako_escape_requests (pull request #579) [next-stable] escaping of the templates in the 'requests' and 'forms' sections Affected #: 18 files diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/forms/create_form.mako --- a/templates/admin/forms/create_form.mako +++ b/templates/admin/forms/create_form.mako @@ -9,7 +9,7 @@ <div class="toolFormTitle">Create a new form definition</div> %for label, input in inputs: <div class="form-row"> - <label>${label}</label> + <label>${label | h}</label> ${input.get_html()} <div style="clear: both"></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/forms/edit_form_definition.mako --- a/templates/admin/forms/edit_form_definition.mako +++ b/templates/admin/forms/edit_form_definition.mako @@ -96,14 +96,14 @@ <form id="edit_form_definition" name="edit_form_definition" action="${h.url_for( controller='forms', action='edit_form_definition', id=trans.security.encode_id( form_definition.current.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">Edit form definition "${form_definition.name}" (${form_definition.type})</div> + <div class="toolFormTitle">Edit form definition "${form_definition.name | h}" (${form_definition.type | h})</div> %if response_redirect: <input type="hidden" name="response_redirect" value="${response_redirect}" size="40" /> %endif %for label, input in form_details: <div class="form-row"> %if label != 'Type': - <label>${label}</label> + <label>${label | h}</label> %endif <div style="float: left; width: 250px; margin-right: 10px;"> ${input.get_html()} diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/common.mako --- a/templates/admin/request_type/common.mako +++ b/templates/admin/request_type/common.mako @@ -2,7 +2,7 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${element_count}" value="${state_name}" size="40"/> + <input type="text" name="state_name_${element_count}" value="${state_name | h}" size="40"/> ## Do not show remove button for the first state %if element_count > 0: <input type="submit" name="remove_state_button" value="Remove state ${1+element_count}"/> @@ -10,7 +10,7 @@ </div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${element_count}" value="${state_desc}" size="40"/> + <input type="text" name="state_desc_${element_count}" value="${state_desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/create_request_type.mako --- a/templates/admin/request_type/create_request_type.mako +++ b/templates/admin/request_type/create_request_type.mako @@ -23,7 +23,7 @@ <div class="toolFormTitle">Create a new request type</div> %for rt_info in rt_info_widgets: <div class="form-row"> - <label>${rt_info['label']}</label> + <label>${rt_info['label'] | h}</label><div style="float: left; width: 250px; margin-right: 10px;"> ${rt_info['widget'].get_html()} </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/edit_request_type.mako --- a/templates/admin/request_type/edit_request_type.mako +++ b/templates/admin/request_type/edit_request_type.mako @@ -32,26 +32,26 @@ <form name="edit_request_type" action="${h.url_for( controller='request_type', action='edit_request_type', id=trans.security.encode_id( request_type.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">"Edit ${request_type.name}" request type</div> + <div class="toolFormTitle">"Edit ${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - <input type="text" name="name" value="${request_type.name}" size="40"/> + <input type="text" name="name" value="${request_type.name | }" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - <input type="text" name="desc" value="${request_type.desc}" size="40"/> + <input type="text" name="desc" value="${request_type.desc | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="request_form_id" value="${trans.security.encode_id( request_type.request_form_id )}" size="40"/></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="sample_form_id" value="${trans.security.encode_id( request_type.sample_form_id )}" size="40"/></div> @@ -63,11 +63,11 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name}" size="40"/> + <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name | h}" size="40"/></div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc}" size="40"/> + <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/request_type_permissions.mako --- a/templates/admin/request_type/request_type_permissions.mako +++ b/templates/admin/request_type/request_type_permissions.mako @@ -48,7 +48,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Manage access permissions on request type "${request_type.name}"</div> + <div class="toolFormTitle">Manage access permissions on request type "${request_type.name | h}"</div><div class="toolFormBody"><form name="request_type_permissions" id="request_type_permissions" action="${h.url_for( controller='request_type', action='request_type_permissions', id=trans.security.encode_id( request_type.id ) )}" method="post"><div class="form-row"> @@ -65,13 +65,13 @@ in_roles.add( a.role ) out_roles = filter( lambda x: x not in in_roles, all_roles ) %> - ${action.description}<br/><br/> + ${action.description | h}<br/><br/><div style="width: 100%; white-space: nowrap;"><div style="float: left; width: 50%;"> Roles associated:<br/><select name="${action_key}_in" id="${action_key}_in_select" class="in_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in in_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><div style="width: 98%; text-align: right"><input type="submit" id="${action_key}_remove_button" class="role_remove_button" value=">>"/></div> @@ -80,7 +80,7 @@ Roles not associated:<br/><select name="${action_key}_out" id="${action_key}_out_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in out_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><input type="submit" id="${action_key}_add_button" class="role_add_button" value="<<"/> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/view_request_type.mako --- a/templates/admin/request_type/view_request_type.mako +++ b/templates/admin/request_type/view_request_type.mako @@ -30,24 +30,24 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">"${request_type.name}" request type</div> + <div class="toolFormTitle">"${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - ${request_type.name} + ${request_type.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${request_type.desc} + ${request_type.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a></div></div><p/> @@ -55,8 +55,8 @@ <div class="toolFormTitle">Sample states defined for this request type</div> %for state in request_type.states: <div class="form-row"> - <label>${state.name}</label> - ${state.desc} + <label>${state.name | h}</label> + ${state.desc | h} </div><div style="clear: both"></div> %endfor @@ -67,8 +67,8 @@ %if request_type.external_services: %for index, external_service in enumerate( request_type.external_services ): <div class="form-row"> - <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name}</a></label> - ${external_service.get_external_service_type( trans ).name} + <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name | h}</a></label> + ${external_service.get_external_service_type( trans ).name | h} </div> %endfor %else: diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/reject.mako --- a/templates/admin/requests/reject.mako +++ b/templates/admin/requests/reject.mako @@ -15,7 +15,7 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">Reject sequencing request "${request.name}"</div> + <div class="toolFormTitle">Reject sequencing request "${request.name | h}"</div><form name="event" action="${h.url_for( controller='requests_admin', action='reject_request', id=trans.security.encode_id( request.id ) )}" method="post" ><div class="form-row"> Rejecting this request will move the request state to <b>Rejected</b>. diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/rename_datasets.mako --- a/templates/admin/requests/rename_datasets.mako +++ b/templates/admin/requests/rename_datasets.mako @@ -3,7 +3,7 @@ <% from galaxy.webapps.galaxy.controllers.requests_admin import build_rename_datasets_for_sample_select_field %> -<h3>Rename datasets for Sample "${sample.name}"</h3> +<h3>Rename datasets for Sample "${sample.name | h}"</h3><ul class="manage-table-actions"><li><a class="action-button" href="${h.url_for( controller='requests_admin', action='manage_datasets', sample_id=trans.security.encode_id( sample.id ) )}">Browse datasets</a></li> @@ -35,7 +35,7 @@ ${rename_datasets_for_sample_select_field.get_html()} </td><td> - <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name}" size="100"/> + <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name | h}" size="100"/></td><td>${sample_dataset.file_path}</td></tr> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/view_sample_dataset.mako --- a/templates/admin/requests/view_sample_dataset.mako +++ b/templates/admin/requests/view_sample_dataset.mako @@ -21,19 +21,19 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">"${sample.name}" Dataset</div> + <div class="toolFormTitle">"${sample.name | h}" Dataset</div><div class="toolFormBody"><div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.name} + ${sample_dataset.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>External service:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.external_service.name} (${sample_dataset.external_service.get_external_service_type( trans ).name}) + ${sample_dataset.external_service.name | h} (${sample_dataset.external_service.get_external_service_type( trans ).name | h}) </div><div style="clear: both"></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/common.mako --- a/templates/webapps/galaxy/requests/common/common.mako +++ b/templates/webapps/galaxy/requests/common/common.mako @@ -257,18 +257,18 @@ <td valign="top"><input type="checkbox" name=select_sample_${sample.id} id="sample_checkbox" value="true" ${checked_str}/><input type="hidden" name=select_sample_${sample.id} id="sample_checkbox" value="true"/></td> %endif <td valign="top"> - <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name'] | h}" size="10"/><div class="toolParamHelp" style="clear: both;"> - <i>${' (required)' }</i> + <i>(required)</i></div></td> %if display_bar_code: <td valign="top"> %if is_admin and is_submitted: - <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}" size="10"/> %else: - ${sample_widget['bar_code']} - <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}"/> + ${sample_widget['bar_code'] | h} + <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}"/> %endif </td> %endif @@ -416,7 +416,7 @@ transferred_dataset_files = [] %><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="sample-${sample.id}-popup"> - <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name}</a> + <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name | h}</a></div><div popupmenu="sample-${sample.id}-popup"> %if can_select_datasets: @@ -439,11 +439,11 @@ %endif </div> %else: - ${sample_widget_name} + ${sample_widget_name | h} %endif </td> %if display_bar_code: - <td>${sample_widget_bar_code}</td> + <td>${sample_widget_bar_code | h}</td> %endif %if is_unsubmitted: <td>Unsubmitted</td> @@ -451,12 +451,12 @@ <td><a id="sampleState-${sample.id}" href="${h.url_for( controller='requests_common', action='view_sample_history', cntrller=cntrller, sample_id=trans.security.encode_id( sample.id ) )}">${render_sample_state( sample )}</a></td> %endif %if sample_widget_library and library_cntrller is not None: - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name}</a></td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name | h}</a></td> %else: <td></td> %endif %if sample_widget_folder: - <td>${sample_widget_folder.name}</td> + <td>${sample_widget_folder.name | h}</td> %else: <td></td> %endif @@ -464,11 +464,11 @@ %if trans.user == sample_widget_history.user: <td><a target='_parent' href="${h.url_for( controller='history', action='list', operation="Switch", id=trans.security.encode_id(sample_widget_history.id), use_panels=False )}"> - ${sample_widget_history.name} + ${sample_widget_history.name | h} </a></td> %else: - <td>${sample_widget_history.name}</td> + <td>${sample_widget_history.name | h}</td> %endif %else: <td></td> @@ -477,11 +477,11 @@ %if trans.user == sample_widget_workflow.stored_workflow.user: <td><a target='_parent' href="${h.url_for( controller='workflow', action='editor', id=trans.security.encode_id(sample_widget_workflow.stored_workflow.id) )}"> - ${sample_widget_workflow.name} + ${sample_widget_workflow.name | h} </a></td> %else: - <td>${sample_widget_workflow.name}</td> + <td>${sample_widget_workflow.name | h}</td> %endif %else: <td></td> @@ -519,7 +519,7 @@ <%def name="render_sample_form( index, sample_name, sample_values, fields_dict, display_only )"><tr> - <td>${sample_name}</td> + <td>${sample_name | h}</td> %for field_index, field in fields_dict.items(): <% field_type = field[ 'type' ] @@ -532,17 +532,17 @@ %if field_type == 'WorkflowField': %if str( field_value ) != 'none': <% workflow = trans.sa_session.query( trans.app.model.StoredWorkflow ).get( int( field_value ) ) %> - <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name}</a> + <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name | h}</a> %endif %else: - ${field_value} + ${field_value | h} %endif %else: <i>None</i> %endif %else: %if field_type == 'TextField': - <input type="text" name="sample_${index}_field_${field_index}" value="${field_value}" size="7"/> + <input type="text" name="sample_${index}_field_${field_index}" value="${field_value | h}" size="7"/> %elif field_type == 'SelectField': <select name="sample_${index}_field_${field_index}" last_selected_value="2"> %for option_index, option in enumerate(field[ 'selectlist' ]): @@ -695,7 +695,7 @@ %if is_admin: <span class="expandLink dataset-${dataset}-click"><span class="rowIcon"></span><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="dataset-${dataset.id}-popup"> - <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name}</a> + <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name | h}</a></div></span><div popupmenu="dataset-${dataset.id}-popup"> @@ -704,12 +704,12 @@ %endif </div> %else: - ${dataset.name} + ${dataset.name | h} %endif </td><td>${dataset.size}</td> - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name}</a></td> - <td>${dataset.sample.folder.name}</td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name | h}</a></td> + <td>${dataset.sample.folder.name | h}</td><td id="datasetTransferStatus-${encoded_id}">${dataset.status}</td></tr> %endfor @@ -723,7 +723,7 @@ <%def name="render_samples_messages( request, is_admin=False, is_submitted=False, message=None, status=None)"> %if request.is_rejected: <div class='errormessage'> - ${request.last_comment} + ${request.last_comment | h} </div><br/> %endif %if is_admin and is_submitted and request.samples_without_library_destinations: diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/create_request.mako --- a/templates/webapps/galaxy/requests/common/create_request.mako +++ b/templates/webapps/galaxy/requests/common/create_request.mako @@ -23,7 +23,7 @@ <div class="toolForm"><div class="toolFormTitle">Create a new sequencing request</div> %if len( request_type_select_field.options ) < 1: - There are no request types available for ${trans.user.email} to create sequencing requests. + There are no request types available for ${trans.user.email | h} to create sequencing requests. %else: <div class="toolFormBody"><form name="create_request" id="create_request" action="${h.url_for( controller='requests_common', action='create_request', cntrller=cntrller )}" method="post" > diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/edit_basic_request_info.mako --- a/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako +++ b/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako @@ -31,7 +31,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Edit sequencing request "${request.name}"</div> + <div class="toolFormTitle">Edit sequencing request "${request.name | h}"</div><div class="toolFormBody"><form name="edit_basic_request_info" id="edit_basic_request_info" action="${h.url_for( controller='requests_common', action='edit_basic_request_info', cntrller=cntrller, id=trans.security.encode_id( request.id ) )}" method="post" > %for i, field in enumerate( widgets ): @@ -70,11 +70,11 @@ %><div class="form-row"><label>Send to:</label> - <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email} (sequencing request owner)<input type="hidden" name="email_address" value="true"> + <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email | h} (sequencing request owner)<input type="hidden" name="email_address" value="true"></div><div class="form-row"><label>Additional email addresses:</label> - <textarea name="additional_email_addresses" rows="3" cols="40">${emails}</textarea> + <textarea name="additional_email_addresses" rows="3" cols="40">${emails | h}</textarea><div class="toolParamHelp" style="clear: both;"> Enter one email address per line </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/find_samples.mako --- a/templates/webapps/galaxy/requests/common/find_samples.mako +++ b/templates/webapps/galaxy/requests/common/find_samples.mako @@ -72,7 +72,7 @@ %if samples: %for sample in samples: <div class="form-row"> - Sample: <b>${sample.name}</b> | Barcode: ${sample.bar_code}<br/> + Sample: <b>${sample.name | h}</b> | Barcode: ${sample.bar_code | h}<br/> %if sample.request.is_new or not sample.state: State: Unsubmitted<br/> %else: @@ -85,10 +85,10 @@ %> Datasets: <a href="${h.url_for( controller='requests_common', action='view_sample_datasets', cntrller=cntrller, external_service_id=trans.security.encode_id( external_service.id ), sample_id=trans.security.encode_id( sample.id ) )}">${len( sample.datasets )}</a><br/> %if is_admin: - <i>User: ${sample.request.user.email}</i> + <i>User: ${sample.request.user.email | h}</i> %endif <div class="toolParamHelp" style="clear: both;"> - <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a> + <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name | h} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a></div></div><br/> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_request.mako --- a/templates/webapps/galaxy/requests/common/view_request.mako +++ b/templates/webapps/galaxy/requests/common/view_request.mako @@ -58,7 +58,7 @@ ${render_samples_messages(request, is_admin, is_submitted, message, status)} <div class="toolForm"> - <div class="toolFormTitle">Sequencing request "${request.name}"</div> + <div class="toolFormTitle">Sequencing request "${request.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Current state:</label> @@ -67,12 +67,12 @@ </div><div class="form-row"><label>Description:</label> - ${request.desc} + ${request.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>User:</label> - ${request.user.email} + ${request.user.email | h} <div style="clear: both"></div></div><div class="form-row"> @@ -94,7 +94,7 @@ %><div class="form-row"><label>${field_label}:</label> - ${field_value} + ${field_value | h} </div><div style="clear: both"></div> %endfor @@ -116,7 +116,7 @@ else: emails = '' %> - ${emails} + ${emails | h} <div style="clear: both"></div></div><div class="form-row"> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_request_history.mako --- a/templates/webapps/galaxy/requests/common/view_request_history.mako +++ b/templates/webapps/galaxy/requests/common/view_request_history.mako @@ -36,7 +36,7 @@ ${render_msg( message, status )} %endif -<h3>History of sequencing request "${request.name}"</h3> +<h3>History of sequencing request "${request.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -52,7 +52,7 @@ <tr><td><b>${event.state}</b></td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_sample.mako --- a/templates/webapps/galaxy/requests/common/view_sample.mako +++ b/templates/webapps/galaxy/requests/common/view_sample.mako @@ -6,7 +6,7 @@ %if external_service: <p><div class="toolForm"> - <div class="toolFormTitle">Available External Service Actions for ${sample.name} at ${external_service.name}</div> + <div class="toolFormTitle">Available External Service Actions for ${sample.name | h} at ${external_service.name | h}</div><div class="toolFormBody"><div class="toolMenu"> %for item in external_service.actions: @@ -25,7 +25,7 @@ <div class="form-row"><div class="toolSectionList"><div class="toolSectionTitle"> - <span>${external_service_group.label}</span> + <span>${external_service_group.label | h}</span></div><div class="toolSectionBody"><div class="toolSectionBg"> @@ -54,7 +54,7 @@ target = 'galaxy_main' %><div class="toolTitle"> - <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label}</a> + <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label | h}</a></div></%def> @@ -75,38 +75,38 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Sample "${sample.name}"</div> + <div class="toolFormTitle">Sample "${sample.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Name:</label> - ${sample.name} + ${sample.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${sample.desc} + ${sample.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Barcode:</label> - ${sample.bar_code} + ${sample.bar_code | h} <div style="clear: both"></div></div> %if sample.library: <div class="form-row"><label>Library:</label> - ${sample.library.name} + ${sample.library.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Folder:</label> - ${sample.folder.name} + ${sample.folder.name | h} <div style="clear: both"></div></div> %endif <div class="form-row"><label>Request:</label> - ${sample.request.name} + ${sample.request.name | h} <div style="clear: both"></div></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_sample_history.mako --- a/templates/webapps/galaxy/requests/common/view_sample_history.mako +++ b/templates/webapps/galaxy/requests/common/view_sample_history.mako @@ -12,7 +12,7 @@ ${render_msg( message, status )} %endif -<h3>History of sample "${sample.name}"</h3> +<h3>History of sample "${sample.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -27,10 +27,10 @@ <tbody> %for event in sample.events: <tr> - <td><b>${event.state.name}</b></td> - <td>${event.state.desc}</td> + <td><b>${event.state.name | h}</b></td> + <td>${event.state.desc | h}</td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 2 new changesets
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/795336f22d8b/ Changeset: 795336f22d8b Branch: mako_escape_requests User: martenson Date: 2014-12-01 22:38:24+00:00 Summary: none of the requests & forms controllers used escaping so I escaped the variables exclusively in the templates Affected #: 18 files diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/forms/create_form.mako --- a/templates/admin/forms/create_form.mako +++ b/templates/admin/forms/create_form.mako @@ -9,7 +9,7 @@ <div class="toolFormTitle">Create a new form definition</div> %for label, input in inputs: <div class="form-row"> - <label>${label}</label> + <label>${label | h}</label> ${input.get_html()} <div style="clear: both"></div></div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/forms/edit_form_definition.mako --- a/templates/admin/forms/edit_form_definition.mako +++ b/templates/admin/forms/edit_form_definition.mako @@ -96,14 +96,14 @@ <form id="edit_form_definition" name="edit_form_definition" action="${h.url_for( controller='forms', action='edit_form_definition', id=trans.security.encode_id( form_definition.current.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">Edit form definition "${form_definition.name}" (${form_definition.type})</div> + <div class="toolFormTitle">Edit form definition "${form_definition.name | h}" (${form_definition.type | h})</div> %if response_redirect: <input type="hidden" name="response_redirect" value="${response_redirect}" size="40" /> %endif %for label, input in form_details: <div class="form-row"> %if label != 'Type': - <label>${label}</label> + <label>${label | h}</label> %endif <div style="float: left; width: 250px; margin-right: 10px;"> ${input.get_html()} diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/common.mako --- a/templates/admin/request_type/common.mako +++ b/templates/admin/request_type/common.mako @@ -2,7 +2,7 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${element_count}" value="${state_name}" size="40"/> + <input type="text" name="state_name_${element_count}" value="${state_name | h}" size="40"/> ## Do not show remove button for the first state %if element_count > 0: <input type="submit" name="remove_state_button" value="Remove state ${1+element_count}"/> @@ -10,7 +10,7 @@ </div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${element_count}" value="${state_desc}" size="40"/> + <input type="text" name="state_desc_${element_count}" value="${state_desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/create_request_type.mako --- a/templates/admin/request_type/create_request_type.mako +++ b/templates/admin/request_type/create_request_type.mako @@ -23,7 +23,7 @@ <div class="toolFormTitle">Create a new request type</div> %for rt_info in rt_info_widgets: <div class="form-row"> - <label>${rt_info['label']}</label> + <label>${rt_info['label'] | h}</label><div style="float: left; width: 250px; margin-right: 10px;"> ${rt_info['widget'].get_html()} </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/edit_request_type.mako --- a/templates/admin/request_type/edit_request_type.mako +++ b/templates/admin/request_type/edit_request_type.mako @@ -32,26 +32,26 @@ <form name="edit_request_type" action="${h.url_for( controller='request_type', action='edit_request_type', id=trans.security.encode_id( request_type.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">"Edit ${request_type.name}" request type</div> + <div class="toolFormTitle">"Edit ${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - <input type="text" name="name" value="${request_type.name}" size="40"/> + <input type="text" name="name" value="${request_type.name | }" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - <input type="text" name="desc" value="${request_type.desc}" size="40"/> + <input type="text" name="desc" value="${request_type.desc | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="request_form_id" value="${trans.security.encode_id( request_type.request_form_id )}" size="40"/></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="sample_form_id" value="${trans.security.encode_id( request_type.sample_form_id )}" size="40"/></div> @@ -63,11 +63,11 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name}" size="40"/> + <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name | h}" size="40"/></div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc}" size="40"/> + <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/request_type_permissions.mako --- a/templates/admin/request_type/request_type_permissions.mako +++ b/templates/admin/request_type/request_type_permissions.mako @@ -48,7 +48,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Manage access permissions on request type "${request_type.name}"</div> + <div class="toolFormTitle">Manage access permissions on request type "${request_type.name | h}"</div><div class="toolFormBody"><form name="request_type_permissions" id="request_type_permissions" action="${h.url_for( controller='request_type', action='request_type_permissions', id=trans.security.encode_id( request_type.id ) )}" method="post"><div class="form-row"> @@ -65,13 +65,13 @@ in_roles.add( a.role ) out_roles = filter( lambda x: x not in in_roles, all_roles ) %> - ${action.description}<br/><br/> + ${action.description | h}<br/><br/><div style="width: 100%; white-space: nowrap;"><div style="float: left; width: 50%;"> Roles associated:<br/><select name="${action_key}_in" id="${action_key}_in_select" class="in_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in in_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><div style="width: 98%; text-align: right"><input type="submit" id="${action_key}_remove_button" class="role_remove_button" value=">>"/></div> @@ -80,7 +80,7 @@ Roles not associated:<br/><select name="${action_key}_out" id="${action_key}_out_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in out_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><input type="submit" id="${action_key}_add_button" class="role_add_button" value="<<"/> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/request_type/view_request_type.mako --- a/templates/admin/request_type/view_request_type.mako +++ b/templates/admin/request_type/view_request_type.mako @@ -30,24 +30,24 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">"${request_type.name}" request type</div> + <div class="toolFormTitle">"${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - ${request_type.name} + ${request_type.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${request_type.desc} + ${request_type.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a></div></div><p/> @@ -55,8 +55,8 @@ <div class="toolFormTitle">Sample states defined for this request type</div> %for state in request_type.states: <div class="form-row"> - <label>${state.name}</label> - ${state.desc} + <label>${state.name | h}</label> + ${state.desc | h} </div><div style="clear: both"></div> %endfor @@ -67,8 +67,8 @@ %if request_type.external_services: %for index, external_service in enumerate( request_type.external_services ): <div class="form-row"> - <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name}</a></label> - ${external_service.get_external_service_type( trans ).name} + <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name | h}</a></label> + ${external_service.get_external_service_type( trans ).name | h} </div> %endfor %else: diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/requests/reject.mako --- a/templates/admin/requests/reject.mako +++ b/templates/admin/requests/reject.mako @@ -15,7 +15,7 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">Reject sequencing request "${request.name}"</div> + <div class="toolFormTitle">Reject sequencing request "${request.name | h}"</div><form name="event" action="${h.url_for( controller='requests_admin', action='reject_request', id=trans.security.encode_id( request.id ) )}" method="post" ><div class="form-row"> Rejecting this request will move the request state to <b>Rejected</b>. diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/requests/rename_datasets.mako --- a/templates/admin/requests/rename_datasets.mako +++ b/templates/admin/requests/rename_datasets.mako @@ -3,7 +3,7 @@ <% from galaxy.webapps.galaxy.controllers.requests_admin import build_rename_datasets_for_sample_select_field %> -<h3>Rename datasets for Sample "${sample.name}"</h3> +<h3>Rename datasets for Sample "${sample.name | h}"</h3><ul class="manage-table-actions"><li><a class="action-button" href="${h.url_for( controller='requests_admin', action='manage_datasets', sample_id=trans.security.encode_id( sample.id ) )}">Browse datasets</a></li> @@ -35,7 +35,7 @@ ${rename_datasets_for_sample_select_field.get_html()} </td><td> - <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name}" size="100"/> + <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name | h}" size="100"/></td><td>${sample_dataset.file_path}</td></tr> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/admin/requests/view_sample_dataset.mako --- a/templates/admin/requests/view_sample_dataset.mako +++ b/templates/admin/requests/view_sample_dataset.mako @@ -21,19 +21,19 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">"${sample.name}" Dataset</div> + <div class="toolFormTitle">"${sample.name | h}" Dataset</div><div class="toolFormBody"><div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.name} + ${sample_dataset.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>External service:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.external_service.name} (${sample_dataset.external_service.get_external_service_type( trans ).name}) + ${sample_dataset.external_service.name | h} (${sample_dataset.external_service.get_external_service_type( trans ).name | h}) </div><div style="clear: both"></div></div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/common.mako --- a/templates/webapps/galaxy/requests/common/common.mako +++ b/templates/webapps/galaxy/requests/common/common.mako @@ -257,18 +257,18 @@ <td valign="top"><input type="checkbox" name=select_sample_${sample.id} id="sample_checkbox" value="true" ${checked_str}/><input type="hidden" name=select_sample_${sample.id} id="sample_checkbox" value="true"/></td> %endif <td valign="top"> - <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name'] | h}" size="10"/><div class="toolParamHelp" style="clear: both;"> - <i>${' (required)' }</i> + <i>(required)</i></div></td> %if display_bar_code: <td valign="top"> %if is_admin and is_submitted: - <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}" size="10"/> %else: - ${sample_widget['bar_code']} - <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}"/> + ${sample_widget['bar_code'] | h} + <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}"/> %endif </td> %endif @@ -416,7 +416,7 @@ transferred_dataset_files = [] %><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="sample-${sample.id}-popup"> - <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name}</a> + <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name | h}</a></div><div popupmenu="sample-${sample.id}-popup"> %if can_select_datasets: @@ -439,11 +439,11 @@ %endif </div> %else: - ${sample_widget_name} + ${sample_widget_name | h} %endif </td> %if display_bar_code: - <td>${sample_widget_bar_code}</td> + <td>${sample_widget_bar_code | h}</td> %endif %if is_unsubmitted: <td>Unsubmitted</td> @@ -451,12 +451,12 @@ <td><a id="sampleState-${sample.id}" href="${h.url_for( controller='requests_common', action='view_sample_history', cntrller=cntrller, sample_id=trans.security.encode_id( sample.id ) )}">${render_sample_state( sample )}</a></td> %endif %if sample_widget_library and library_cntrller is not None: - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name}</a></td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name | h}</a></td> %else: <td></td> %endif %if sample_widget_folder: - <td>${sample_widget_folder.name}</td> + <td>${sample_widget_folder.name | h}</td> %else: <td></td> %endif @@ -464,11 +464,11 @@ %if trans.user == sample_widget_history.user: <td><a target='_parent' href="${h.url_for( controller='history', action='list', operation="Switch", id=trans.security.encode_id(sample_widget_history.id), use_panels=False )}"> - ${sample_widget_history.name} + ${sample_widget_history.name | h} </a></td> %else: - <td>${sample_widget_history.name}</td> + <td>${sample_widget_history.name | h}</td> %endif %else: <td></td> @@ -477,11 +477,11 @@ %if trans.user == sample_widget_workflow.stored_workflow.user: <td><a target='_parent' href="${h.url_for( controller='workflow', action='editor', id=trans.security.encode_id(sample_widget_workflow.stored_workflow.id) )}"> - ${sample_widget_workflow.name} + ${sample_widget_workflow.name | h} </a></td> %else: - <td>${sample_widget_workflow.name}</td> + <td>${sample_widget_workflow.name | h}</td> %endif %else: <td></td> @@ -519,7 +519,7 @@ <%def name="render_sample_form( index, sample_name, sample_values, fields_dict, display_only )"><tr> - <td>${sample_name}</td> + <td>${sample_name | h}</td> %for field_index, field in fields_dict.items(): <% field_type = field[ 'type' ] @@ -532,17 +532,17 @@ %if field_type == 'WorkflowField': %if str( field_value ) != 'none': <% workflow = trans.sa_session.query( trans.app.model.StoredWorkflow ).get( int( field_value ) ) %> - <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name}</a> + <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name | h}</a> %endif %else: - ${field_value} + ${field_value | h} %endif %else: <i>None</i> %endif %else: %if field_type == 'TextField': - <input type="text" name="sample_${index}_field_${field_index}" value="${field_value}" size="7"/> + <input type="text" name="sample_${index}_field_${field_index}" value="${field_value | h}" size="7"/> %elif field_type == 'SelectField': <select name="sample_${index}_field_${field_index}" last_selected_value="2"> %for option_index, option in enumerate(field[ 'selectlist' ]): @@ -695,7 +695,7 @@ %if is_admin: <span class="expandLink dataset-${dataset}-click"><span class="rowIcon"></span><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="dataset-${dataset.id}-popup"> - <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name}</a> + <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name | h}</a></div></span><div popupmenu="dataset-${dataset.id}-popup"> @@ -704,12 +704,12 @@ %endif </div> %else: - ${dataset.name} + ${dataset.name | h} %endif </td><td>${dataset.size}</td> - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name}</a></td> - <td>${dataset.sample.folder.name}</td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name | h}</a></td> + <td>${dataset.sample.folder.name | h}</td><td id="datasetTransferStatus-${encoded_id}">${dataset.status}</td></tr> %endfor @@ -723,7 +723,7 @@ <%def name="render_samples_messages( request, is_admin=False, is_submitted=False, message=None, status=None)"> %if request.is_rejected: <div class='errormessage'> - ${request.last_comment} + ${request.last_comment | h} </div><br/> %endif %if is_admin and is_submitted and request.samples_without_library_destinations: diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/create_request.mako --- a/templates/webapps/galaxy/requests/common/create_request.mako +++ b/templates/webapps/galaxy/requests/common/create_request.mako @@ -23,7 +23,7 @@ <div class="toolForm"><div class="toolFormTitle">Create a new sequencing request</div> %if len( request_type_select_field.options ) < 1: - There are no request types available for ${trans.user.email} to create sequencing requests. + There are no request types available for ${trans.user.email | h} to create sequencing requests. %else: <div class="toolFormBody"><form name="create_request" id="create_request" action="${h.url_for( controller='requests_common', action='create_request', cntrller=cntrller )}" method="post" > diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/edit_basic_request_info.mako --- a/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako +++ b/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako @@ -31,7 +31,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Edit sequencing request "${request.name}"</div> + <div class="toolFormTitle">Edit sequencing request "${request.name | h}"</div><div class="toolFormBody"><form name="edit_basic_request_info" id="edit_basic_request_info" action="${h.url_for( controller='requests_common', action='edit_basic_request_info', cntrller=cntrller, id=trans.security.encode_id( request.id ) )}" method="post" > %for i, field in enumerate( widgets ): @@ -70,11 +70,11 @@ %><div class="form-row"><label>Send to:</label> - <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email} (sequencing request owner)<input type="hidden" name="email_address" value="true"> + <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email | h} (sequencing request owner)<input type="hidden" name="email_address" value="true"></div><div class="form-row"><label>Additional email addresses:</label> - <textarea name="additional_email_addresses" rows="3" cols="40">${emails}</textarea> + <textarea name="additional_email_addresses" rows="3" cols="40">${emails | h}</textarea><div class="toolParamHelp" style="clear: both;"> Enter one email address per line </div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/find_samples.mako --- a/templates/webapps/galaxy/requests/common/find_samples.mako +++ b/templates/webapps/galaxy/requests/common/find_samples.mako @@ -72,7 +72,7 @@ %if samples: %for sample in samples: <div class="form-row"> - Sample: <b>${sample.name}</b> | Barcode: ${sample.bar_code}<br/> + Sample: <b>${sample.name | h}</b> | Barcode: ${sample.bar_code | h}<br/> %if sample.request.is_new or not sample.state: State: Unsubmitted<br/> %else: @@ -85,10 +85,10 @@ %> Datasets: <a href="${h.url_for( controller='requests_common', action='view_sample_datasets', cntrller=cntrller, external_service_id=trans.security.encode_id( external_service.id ), sample_id=trans.security.encode_id( sample.id ) )}">${len( sample.datasets )}</a><br/> %if is_admin: - <i>User: ${sample.request.user.email}</i> + <i>User: ${sample.request.user.email | h}</i> %endif <div class="toolParamHelp" style="clear: both;"> - <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a> + <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name | h} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a></div></div><br/> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_request.mako --- a/templates/webapps/galaxy/requests/common/view_request.mako +++ b/templates/webapps/galaxy/requests/common/view_request.mako @@ -58,7 +58,7 @@ ${render_samples_messages(request, is_admin, is_submitted, message, status)} <div class="toolForm"> - <div class="toolFormTitle">Sequencing request "${request.name}"</div> + <div class="toolFormTitle">Sequencing request "${request.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Current state:</label> @@ -67,12 +67,12 @@ </div><div class="form-row"><label>Description:</label> - ${request.desc} + ${request.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>User:</label> - ${request.user.email} + ${request.user.email | h} <div style="clear: both"></div></div><div class="form-row"> @@ -94,7 +94,7 @@ %><div class="form-row"><label>${field_label}:</label> - ${field_value} + ${field_value | h} </div><div style="clear: both"></div> %endfor @@ -116,7 +116,7 @@ else: emails = '' %> - ${emails} + ${emails | h} <div style="clear: both"></div></div><div class="form-row"> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_request_history.mako --- a/templates/webapps/galaxy/requests/common/view_request_history.mako +++ b/templates/webapps/galaxy/requests/common/view_request_history.mako @@ -36,7 +36,7 @@ ${render_msg( message, status )} %endif -<h3>History of sequencing request "${request.name}"</h3> +<h3>History of sequencing request "${request.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -52,7 +52,7 @@ <tr><td><b>${event.state}</b></td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_sample.mako --- a/templates/webapps/galaxy/requests/common/view_sample.mako +++ b/templates/webapps/galaxy/requests/common/view_sample.mako @@ -6,7 +6,7 @@ %if external_service: <p><div class="toolForm"> - <div class="toolFormTitle">Available External Service Actions for ${sample.name} at ${external_service.name}</div> + <div class="toolFormTitle">Available External Service Actions for ${sample.name | h} at ${external_service.name | h}</div><div class="toolFormBody"><div class="toolMenu"> %for item in external_service.actions: @@ -25,7 +25,7 @@ <div class="form-row"><div class="toolSectionList"><div class="toolSectionTitle"> - <span>${external_service_group.label}</span> + <span>${external_service_group.label | h}</span></div><div class="toolSectionBody"><div class="toolSectionBg"> @@ -54,7 +54,7 @@ target = 'galaxy_main' %><div class="toolTitle"> - <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label}</a> + <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label | h}</a></div></%def> @@ -75,38 +75,38 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Sample "${sample.name}"</div> + <div class="toolFormTitle">Sample "${sample.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Name:</label> - ${sample.name} + ${sample.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${sample.desc} + ${sample.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Barcode:</label> - ${sample.bar_code} + ${sample.bar_code | h} <div style="clear: both"></div></div> %if sample.library: <div class="form-row"><label>Library:</label> - ${sample.library.name} + ${sample.library.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Folder:</label> - ${sample.folder.name} + ${sample.folder.name | h} <div style="clear: both"></div></div> %endif <div class="form-row"><label>Request:</label> - ${sample.request.name} + ${sample.request.name | h} <div style="clear: both"></div></div></div> diff -r 1034c973ec1d2ce424f711d750ecc6de582d02aa -r 795336f22d8b94b86256b1d4738ee1bf24e18b57 templates/webapps/galaxy/requests/common/view_sample_history.mako --- a/templates/webapps/galaxy/requests/common/view_sample_history.mako +++ b/templates/webapps/galaxy/requests/common/view_sample_history.mako @@ -12,7 +12,7 @@ ${render_msg( message, status )} %endif -<h3>History of sample "${sample.name}"</h3> +<h3>History of sample "${sample.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -27,10 +27,10 @@ <tbody> %for event in sample.events: <tr> - <td><b>${event.state.name}</b></td> - <td>${event.state.desc}</td> + <td><b>${event.state.name | h}</b></td> + <td>${event.state.desc | h}</td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> https://bitbucket.org/galaxy/galaxy-central/commits/172f91ec31ef/ Changeset: 172f91ec31ef Branch: next-stable User: martenson Date: 2014-12-03 17:01:23+00:00 Summary: Merged in martenson/galaxy-central-marten/mako_escape_requests (pull request #579) [next-stable] escaping of the templates in the 'requests' and 'forms' sections Affected #: 18 files diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/forms/create_form.mako --- a/templates/admin/forms/create_form.mako +++ b/templates/admin/forms/create_form.mako @@ -9,7 +9,7 @@ <div class="toolFormTitle">Create a new form definition</div> %for label, input in inputs: <div class="form-row"> - <label>${label}</label> + <label>${label | h}</label> ${input.get_html()} <div style="clear: both"></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/forms/edit_form_definition.mako --- a/templates/admin/forms/edit_form_definition.mako +++ b/templates/admin/forms/edit_form_definition.mako @@ -96,14 +96,14 @@ <form id="edit_form_definition" name="edit_form_definition" action="${h.url_for( controller='forms', action='edit_form_definition', id=trans.security.encode_id( form_definition.current.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">Edit form definition "${form_definition.name}" (${form_definition.type})</div> + <div class="toolFormTitle">Edit form definition "${form_definition.name | h}" (${form_definition.type | h})</div> %if response_redirect: <input type="hidden" name="response_redirect" value="${response_redirect}" size="40" /> %endif %for label, input in form_details: <div class="form-row"> %if label != 'Type': - <label>${label}</label> + <label>${label | h}</label> %endif <div style="float: left; width: 250px; margin-right: 10px;"> ${input.get_html()} diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/common.mako --- a/templates/admin/request_type/common.mako +++ b/templates/admin/request_type/common.mako @@ -2,7 +2,7 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${element_count}" value="${state_name}" size="40"/> + <input type="text" name="state_name_${element_count}" value="${state_name | h}" size="40"/> ## Do not show remove button for the first state %if element_count > 0: <input type="submit" name="remove_state_button" value="Remove state ${1+element_count}"/> @@ -10,7 +10,7 @@ </div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${element_count}" value="${state_desc}" size="40"/> + <input type="text" name="state_desc_${element_count}" value="${state_desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/create_request_type.mako --- a/templates/admin/request_type/create_request_type.mako +++ b/templates/admin/request_type/create_request_type.mako @@ -23,7 +23,7 @@ <div class="toolFormTitle">Create a new request type</div> %for rt_info in rt_info_widgets: <div class="form-row"> - <label>${rt_info['label']}</label> + <label>${rt_info['label'] | h}</label><div style="float: left; width: 250px; margin-right: 10px;"> ${rt_info['widget'].get_html()} </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/edit_request_type.mako --- a/templates/admin/request_type/edit_request_type.mako +++ b/templates/admin/request_type/edit_request_type.mako @@ -32,26 +32,26 @@ <form name="edit_request_type" action="${h.url_for( controller='request_type', action='edit_request_type', id=trans.security.encode_id( request_type.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">"Edit ${request_type.name}" request type</div> + <div class="toolFormTitle">"Edit ${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - <input type="text" name="name" value="${request_type.name}" size="40"/> + <input type="text" name="name" value="${request_type.name | }" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - <input type="text" name="desc" value="${request_type.desc}" size="40"/> + <input type="text" name="desc" value="${request_type.desc | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="request_form_id" value="${trans.security.encode_id( request_type.request_form_id )}" size="40"/></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="sample_form_id" value="${trans.security.encode_id( request_type.sample_form_id )}" size="40"/></div> @@ -63,11 +63,11 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name}" size="40"/> + <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name | h}" size="40"/></div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc}" size="40"/> + <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/request_type_permissions.mako --- a/templates/admin/request_type/request_type_permissions.mako +++ b/templates/admin/request_type/request_type_permissions.mako @@ -48,7 +48,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Manage access permissions on request type "${request_type.name}"</div> + <div class="toolFormTitle">Manage access permissions on request type "${request_type.name | h}"</div><div class="toolFormBody"><form name="request_type_permissions" id="request_type_permissions" action="${h.url_for( controller='request_type', action='request_type_permissions', id=trans.security.encode_id( request_type.id ) )}" method="post"><div class="form-row"> @@ -65,13 +65,13 @@ in_roles.add( a.role ) out_roles = filter( lambda x: x not in in_roles, all_roles ) %> - ${action.description}<br/><br/> + ${action.description | h}<br/><br/><div style="width: 100%; white-space: nowrap;"><div style="float: left; width: 50%;"> Roles associated:<br/><select name="${action_key}_in" id="${action_key}_in_select" class="in_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in in_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><div style="width: 98%; text-align: right"><input type="submit" id="${action_key}_remove_button" class="role_remove_button" value=">>"/></div> @@ -80,7 +80,7 @@ Roles not associated:<br/><select name="${action_key}_out" id="${action_key}_out_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in out_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><input type="submit" id="${action_key}_add_button" class="role_add_button" value="<<"/> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/request_type/view_request_type.mako --- a/templates/admin/request_type/view_request_type.mako +++ b/templates/admin/request_type/view_request_type.mako @@ -30,24 +30,24 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">"${request_type.name}" request type</div> + <div class="toolFormTitle">"${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - ${request_type.name} + ${request_type.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${request_type.desc} + ${request_type.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a></div></div><p/> @@ -55,8 +55,8 @@ <div class="toolFormTitle">Sample states defined for this request type</div> %for state in request_type.states: <div class="form-row"> - <label>${state.name}</label> - ${state.desc} + <label>${state.name | h}</label> + ${state.desc | h} </div><div style="clear: both"></div> %endfor @@ -67,8 +67,8 @@ %if request_type.external_services: %for index, external_service in enumerate( request_type.external_services ): <div class="form-row"> - <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name}</a></label> - ${external_service.get_external_service_type( trans ).name} + <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name | h}</a></label> + ${external_service.get_external_service_type( trans ).name | h} </div> %endfor %else: diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/reject.mako --- a/templates/admin/requests/reject.mako +++ b/templates/admin/requests/reject.mako @@ -15,7 +15,7 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">Reject sequencing request "${request.name}"</div> + <div class="toolFormTitle">Reject sequencing request "${request.name | h}"</div><form name="event" action="${h.url_for( controller='requests_admin', action='reject_request', id=trans.security.encode_id( request.id ) )}" method="post" ><div class="form-row"> Rejecting this request will move the request state to <b>Rejected</b>. diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/rename_datasets.mako --- a/templates/admin/requests/rename_datasets.mako +++ b/templates/admin/requests/rename_datasets.mako @@ -3,7 +3,7 @@ <% from galaxy.webapps.galaxy.controllers.requests_admin import build_rename_datasets_for_sample_select_field %> -<h3>Rename datasets for Sample "${sample.name}"</h3> +<h3>Rename datasets for Sample "${sample.name | h}"</h3><ul class="manage-table-actions"><li><a class="action-button" href="${h.url_for( controller='requests_admin', action='manage_datasets', sample_id=trans.security.encode_id( sample.id ) )}">Browse datasets</a></li> @@ -35,7 +35,7 @@ ${rename_datasets_for_sample_select_field.get_html()} </td><td> - <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name}" size="100"/> + <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name | h}" size="100"/></td><td>${sample_dataset.file_path}</td></tr> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/admin/requests/view_sample_dataset.mako --- a/templates/admin/requests/view_sample_dataset.mako +++ b/templates/admin/requests/view_sample_dataset.mako @@ -21,19 +21,19 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">"${sample.name}" Dataset</div> + <div class="toolFormTitle">"${sample.name | h}" Dataset</div><div class="toolFormBody"><div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.name} + ${sample_dataset.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>External service:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.external_service.name} (${sample_dataset.external_service.get_external_service_type( trans ).name}) + ${sample_dataset.external_service.name | h} (${sample_dataset.external_service.get_external_service_type( trans ).name | h}) </div><div style="clear: both"></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/common.mako --- a/templates/webapps/galaxy/requests/common/common.mako +++ b/templates/webapps/galaxy/requests/common/common.mako @@ -257,18 +257,18 @@ <td valign="top"><input type="checkbox" name=select_sample_${sample.id} id="sample_checkbox" value="true" ${checked_str}/><input type="hidden" name=select_sample_${sample.id} id="sample_checkbox" value="true"/></td> %endif <td valign="top"> - <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name'] | h}" size="10"/><div class="toolParamHelp" style="clear: both;"> - <i>${' (required)' }</i> + <i>(required)</i></div></td> %if display_bar_code: <td valign="top"> %if is_admin and is_submitted: - <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}" size="10"/> %else: - ${sample_widget['bar_code']} - <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}"/> + ${sample_widget['bar_code'] | h} + <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}"/> %endif </td> %endif @@ -416,7 +416,7 @@ transferred_dataset_files = [] %><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="sample-${sample.id}-popup"> - <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name}</a> + <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name | h}</a></div><div popupmenu="sample-${sample.id}-popup"> %if can_select_datasets: @@ -439,11 +439,11 @@ %endif </div> %else: - ${sample_widget_name} + ${sample_widget_name | h} %endif </td> %if display_bar_code: - <td>${sample_widget_bar_code}</td> + <td>${sample_widget_bar_code | h}</td> %endif %if is_unsubmitted: <td>Unsubmitted</td> @@ -451,12 +451,12 @@ <td><a id="sampleState-${sample.id}" href="${h.url_for( controller='requests_common', action='view_sample_history', cntrller=cntrller, sample_id=trans.security.encode_id( sample.id ) )}">${render_sample_state( sample )}</a></td> %endif %if sample_widget_library and library_cntrller is not None: - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name}</a></td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name | h}</a></td> %else: <td></td> %endif %if sample_widget_folder: - <td>${sample_widget_folder.name}</td> + <td>${sample_widget_folder.name | h}</td> %else: <td></td> %endif @@ -464,11 +464,11 @@ %if trans.user == sample_widget_history.user: <td><a target='_parent' href="${h.url_for( controller='history', action='list', operation="Switch", id=trans.security.encode_id(sample_widget_history.id), use_panels=False )}"> - ${sample_widget_history.name} + ${sample_widget_history.name | h} </a></td> %else: - <td>${sample_widget_history.name}</td> + <td>${sample_widget_history.name | h}</td> %endif %else: <td></td> @@ -477,11 +477,11 @@ %if trans.user == sample_widget_workflow.stored_workflow.user: <td><a target='_parent' href="${h.url_for( controller='workflow', action='editor', id=trans.security.encode_id(sample_widget_workflow.stored_workflow.id) )}"> - ${sample_widget_workflow.name} + ${sample_widget_workflow.name | h} </a></td> %else: - <td>${sample_widget_workflow.name}</td> + <td>${sample_widget_workflow.name | h}</td> %endif %else: <td></td> @@ -519,7 +519,7 @@ <%def name="render_sample_form( index, sample_name, sample_values, fields_dict, display_only )"><tr> - <td>${sample_name}</td> + <td>${sample_name | h}</td> %for field_index, field in fields_dict.items(): <% field_type = field[ 'type' ] @@ -532,17 +532,17 @@ %if field_type == 'WorkflowField': %if str( field_value ) != 'none': <% workflow = trans.sa_session.query( trans.app.model.StoredWorkflow ).get( int( field_value ) ) %> - <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name}</a> + <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name | h}</a> %endif %else: - ${field_value} + ${field_value | h} %endif %else: <i>None</i> %endif %else: %if field_type == 'TextField': - <input type="text" name="sample_${index}_field_${field_index}" value="${field_value}" size="7"/> + <input type="text" name="sample_${index}_field_${field_index}" value="${field_value | h}" size="7"/> %elif field_type == 'SelectField': <select name="sample_${index}_field_${field_index}" last_selected_value="2"> %for option_index, option in enumerate(field[ 'selectlist' ]): @@ -695,7 +695,7 @@ %if is_admin: <span class="expandLink dataset-${dataset}-click"><span class="rowIcon"></span><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="dataset-${dataset.id}-popup"> - <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name}</a> + <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name | h}</a></div></span><div popupmenu="dataset-${dataset.id}-popup"> @@ -704,12 +704,12 @@ %endif </div> %else: - ${dataset.name} + ${dataset.name | h} %endif </td><td>${dataset.size}</td> - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name}</a></td> - <td>${dataset.sample.folder.name}</td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name | h}</a></td> + <td>${dataset.sample.folder.name | h}</td><td id="datasetTransferStatus-${encoded_id}">${dataset.status}</td></tr> %endfor @@ -723,7 +723,7 @@ <%def name="render_samples_messages( request, is_admin=False, is_submitted=False, message=None, status=None)"> %if request.is_rejected: <div class='errormessage'> - ${request.last_comment} + ${request.last_comment | h} </div><br/> %endif %if is_admin and is_submitted and request.samples_without_library_destinations: diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/create_request.mako --- a/templates/webapps/galaxy/requests/common/create_request.mako +++ b/templates/webapps/galaxy/requests/common/create_request.mako @@ -23,7 +23,7 @@ <div class="toolForm"><div class="toolFormTitle">Create a new sequencing request</div> %if len( request_type_select_field.options ) < 1: - There are no request types available for ${trans.user.email} to create sequencing requests. + There are no request types available for ${trans.user.email | h} to create sequencing requests. %else: <div class="toolFormBody"><form name="create_request" id="create_request" action="${h.url_for( controller='requests_common', action='create_request', cntrller=cntrller )}" method="post" > diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/edit_basic_request_info.mako --- a/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako +++ b/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako @@ -31,7 +31,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Edit sequencing request "${request.name}"</div> + <div class="toolFormTitle">Edit sequencing request "${request.name | h}"</div><div class="toolFormBody"><form name="edit_basic_request_info" id="edit_basic_request_info" action="${h.url_for( controller='requests_common', action='edit_basic_request_info', cntrller=cntrller, id=trans.security.encode_id( request.id ) )}" method="post" > %for i, field in enumerate( widgets ): @@ -70,11 +70,11 @@ %><div class="form-row"><label>Send to:</label> - <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email} (sequencing request owner)<input type="hidden" name="email_address" value="true"> + <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email | h} (sequencing request owner)<input type="hidden" name="email_address" value="true"></div><div class="form-row"><label>Additional email addresses:</label> - <textarea name="additional_email_addresses" rows="3" cols="40">${emails}</textarea> + <textarea name="additional_email_addresses" rows="3" cols="40">${emails | h}</textarea><div class="toolParamHelp" style="clear: both;"> Enter one email address per line </div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/find_samples.mako --- a/templates/webapps/galaxy/requests/common/find_samples.mako +++ b/templates/webapps/galaxy/requests/common/find_samples.mako @@ -72,7 +72,7 @@ %if samples: %for sample in samples: <div class="form-row"> - Sample: <b>${sample.name}</b> | Barcode: ${sample.bar_code}<br/> + Sample: <b>${sample.name | h}</b> | Barcode: ${sample.bar_code | h}<br/> %if sample.request.is_new or not sample.state: State: Unsubmitted<br/> %else: @@ -85,10 +85,10 @@ %> Datasets: <a href="${h.url_for( controller='requests_common', action='view_sample_datasets', cntrller=cntrller, external_service_id=trans.security.encode_id( external_service.id ), sample_id=trans.security.encode_id( sample.id ) )}">${len( sample.datasets )}</a><br/> %if is_admin: - <i>User: ${sample.request.user.email}</i> + <i>User: ${sample.request.user.email | h}</i> %endif <div class="toolParamHelp" style="clear: both;"> - <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a> + <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name | h} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a></div></div><br/> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_request.mako --- a/templates/webapps/galaxy/requests/common/view_request.mako +++ b/templates/webapps/galaxy/requests/common/view_request.mako @@ -58,7 +58,7 @@ ${render_samples_messages(request, is_admin, is_submitted, message, status)} <div class="toolForm"> - <div class="toolFormTitle">Sequencing request "${request.name}"</div> + <div class="toolFormTitle">Sequencing request "${request.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Current state:</label> @@ -67,12 +67,12 @@ </div><div class="form-row"><label>Description:</label> - ${request.desc} + ${request.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>User:</label> - ${request.user.email} + ${request.user.email | h} <div style="clear: both"></div></div><div class="form-row"> @@ -94,7 +94,7 @@ %><div class="form-row"><label>${field_label}:</label> - ${field_value} + ${field_value | h} </div><div style="clear: both"></div> %endfor @@ -116,7 +116,7 @@ else: emails = '' %> - ${emails} + ${emails | h} <div style="clear: both"></div></div><div class="form-row"> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_request_history.mako --- a/templates/webapps/galaxy/requests/common/view_request_history.mako +++ b/templates/webapps/galaxy/requests/common/view_request_history.mako @@ -36,7 +36,7 @@ ${render_msg( message, status )} %endif -<h3>History of sequencing request "${request.name}"</h3> +<h3>History of sequencing request "${request.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -52,7 +52,7 @@ <tr><td><b>${event.state}</b></td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_sample.mako --- a/templates/webapps/galaxy/requests/common/view_sample.mako +++ b/templates/webapps/galaxy/requests/common/view_sample.mako @@ -6,7 +6,7 @@ %if external_service: <p><div class="toolForm"> - <div class="toolFormTitle">Available External Service Actions for ${sample.name} at ${external_service.name}</div> + <div class="toolFormTitle">Available External Service Actions for ${sample.name | h} at ${external_service.name | h}</div><div class="toolFormBody"><div class="toolMenu"> %for item in external_service.actions: @@ -25,7 +25,7 @@ <div class="form-row"><div class="toolSectionList"><div class="toolSectionTitle"> - <span>${external_service_group.label}</span> + <span>${external_service_group.label | h}</span></div><div class="toolSectionBody"><div class="toolSectionBg"> @@ -54,7 +54,7 @@ target = 'galaxy_main' %><div class="toolTitle"> - <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label}</a> + <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label | h}</a></div></%def> @@ -75,38 +75,38 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Sample "${sample.name}"</div> + <div class="toolFormTitle">Sample "${sample.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Name:</label> - ${sample.name} + ${sample.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${sample.desc} + ${sample.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Barcode:</label> - ${sample.bar_code} + ${sample.bar_code | h} <div style="clear: both"></div></div> %if sample.library: <div class="form-row"><label>Library:</label> - ${sample.library.name} + ${sample.library.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Folder:</label> - ${sample.folder.name} + ${sample.folder.name | h} <div style="clear: both"></div></div> %endif <div class="form-row"><label>Request:</label> - ${sample.request.name} + ${sample.request.name | h} <div style="clear: both"></div></div></div> diff -r 13d43b327511d46e836398fa09330722acccd419 -r 172f91ec31ef89d0f0eaa162bab5cfdf90866c22 templates/webapps/galaxy/requests/common/view_sample_history.mako --- a/templates/webapps/galaxy/requests/common/view_sample_history.mako +++ b/templates/webapps/galaxy/requests/common/view_sample_history.mako @@ -12,7 +12,7 @@ ${render_msg( message, status )} %endif -<h3>History of sample "${sample.name}"</h3> +<h3>History of sample "${sample.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -27,10 +27,10 @@ <tbody> %for event in sample.events: <tr> - <td><b>${event.state.name}</b></td> - <td>${event.state.desc}</td> + <td><b>${event.state.name | h}</b></td> + <td>${event.state.desc | h}</td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 2 new changesets
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/0273de7467e0/ Changeset: 0273de7467e0 User: dan Date: 2014-12-03 16:35:35+00:00 Summary: DatasetMatcher should check to see if hda is of the correct format before attempting to filter on e.g. metadata attributes (that may not exist for a non-expected format). Affected #: 1 file diff -r 87ef26ad1876d0d6162eb4b6e7c93c8d69fbc4d6 -r 0273de7467e0f42a56ffa018c5fb9a53a6396e76 lib/galaxy/tools/parameters/dataset_matcher.py --- a/lib/galaxy/tools/parameters/dataset_matcher.py +++ b/lib/galaxy/tools/parameters/dataset_matcher.py @@ -39,27 +39,30 @@ return state_valid and ( not check_security or self.__can_access_dataset( dataset ) ) def valid_hda_match( self, hda, check_implicit_conversions=True, check_security=False ): - """ Return False of this parameter can not be matched to a the supplied + """ Return False of this parameter can not be matched to the supplied HDA, otherwise return a description of the match (either a HdaDirectMatch describing a direct match or a HdaImplicitMatch describing an implicit conversion.) """ + rval = False + formats = self.param.formats + if hda.datatype.matches_any( formats ): + rval = HdaDirectMatch( hda ) + else: + if not check_implicit_conversions: + return False + target_ext, converted_dataset = hda.find_conversion_destination( formats ) + if target_ext: + if converted_dataset: + hda = converted_dataset + if check_security and not self.__can_access_dataset( hda.dataset ): + return False + rval = HdaImplicitMatch( hda, target_ext ) + else: + return False if self.filter( hda ): return False - formats = self.param.formats - if hda.datatype.matches_any( formats ): - return HdaDirectMatch( hda ) - if not check_implicit_conversions: - return False - target_ext, converted_dataset = hda.find_conversion_destination( formats ) - if target_ext: - original_hda = hda - if converted_dataset: - hda = converted_dataset - if check_security and not self.__can_access_dataset( hda.dataset ): - return False - return HdaImplicitMatch( hda, target_ext, original_hda ) - return False + return rval def hda_match( self, hda, check_implicit_conversions=True, ensure_visible=True ): """ If HDA is accessible, return information about whether it could https://bitbucket.org/galaxy/galaxy-central/commits/13d43b327511/ Changeset: 13d43b327511 Branch: next-stable User: dan Date: 2014-12-03 16:35:35+00:00 Summary: DatasetMatcher should check to see if hda is of the correct format before attempting to filter on e.g. metadata attributes (that may not exist for a non-expected format). Affected #: 1 file diff -r f05ed31c16741b5c1a4a43c73697f7ca9a6919d8 -r 13d43b327511d46e836398fa09330722acccd419 lib/galaxy/tools/parameters/dataset_matcher.py --- a/lib/galaxy/tools/parameters/dataset_matcher.py +++ b/lib/galaxy/tools/parameters/dataset_matcher.py @@ -39,27 +39,30 @@ return state_valid and ( not check_security or self.__can_access_dataset( dataset ) ) def valid_hda_match( self, hda, check_implicit_conversions=True, check_security=False ): - """ Return False of this parameter can not be matched to a the supplied + """ Return False of this parameter can not be matched to the supplied HDA, otherwise return a description of the match (either a HdaDirectMatch describing a direct match or a HdaImplicitMatch describing an implicit conversion.) """ + rval = False + formats = self.param.formats + if hda.datatype.matches_any( formats ): + rval = HdaDirectMatch( hda ) + else: + if not check_implicit_conversions: + return False + target_ext, converted_dataset = hda.find_conversion_destination( formats ) + if target_ext: + if converted_dataset: + hda = converted_dataset + if check_security and not self.__can_access_dataset( hda.dataset ): + return False + rval = HdaImplicitMatch( hda, target_ext ) + else: + return False if self.filter( hda ): return False - formats = self.param.formats - if hda.datatype.matches_any( formats ): - return HdaDirectMatch( hda ) - if not check_implicit_conversions: - return False - target_ext, converted_dataset = hda.find_conversion_destination( formats ) - if target_ext: - original_hda = hda - if converted_dataset: - hda = converted_dataset - if check_security and not self.__can_access_dataset( hda.dataset ): - return False - return HdaImplicitMatch( hda, target_ext, original_hda ) - return False + return rval def hda_match( self, hda, check_implicit_conversions=True, ensure_visible=True ): """ If HDA is accessible, return information about whether it could Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 3 new changesets
by commits-noreply＠bitbucket.org 03 Dec '14

03 Dec '14

3 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/b2df443a12d6/ Changeset: b2df443a12d6 Branch: next-stable User: dannon Date: 2014-12-03 14:21:54+00:00 Summary: Bump NO_OUTPUT_TIMEOUT to 60m; Bjoern said it's causing issues w/ some tools for being too short. Affected #: 1 file diff -r eb9d9ab34d23456d58f291b782b42724a83f711e -r b2df443a12d6a721da2a58b56491fbed08ebc4d9 lib/tool_shed/util/basic_util.py --- a/lib/tool_shed/util/basic_util.py +++ b/lib/tool_shed/util/basic_util.py @@ -16,7 +16,7 @@ CHUNK_SIZE = 2**20 # 1Mb INSTALLATION_LOG = 'INSTALLATION.log' # Set no activity timeout to 20 minutes. -NO_OUTPUT_TIMEOUT = 1200.0 +NO_OUTPUT_TIMEOUT = 3600.0 MAXDIFFSIZE = 8000 MAX_DISPLAY_SIZE = 32768 https://bitbucket.org/galaxy/galaxy-central/commits/81d5a494d274/ Changeset: 81d5a494d274 Branch: next-stable User: dannon Date: 2014-12-03 14:23:14+00:00 Summary: Pep8 tool_shed/util/basic_util Affected #: 1 file diff -r b2df443a12d6a721da2a58b56491fbed08ebc4d9 -r 81d5a494d274918192fe92bd3ac9217bcb22ef2c lib/tool_shed/util/basic_util.py --- a/lib/tool_shed/util/basic_util.py +++ b/lib/tool_shed/util/basic_util.py @@ -13,7 +13,7 @@ log = logging.getLogger( __name__ ) -CHUNK_SIZE = 2**20 # 1Mb +CHUNK_SIZE = 2**20 # 1Mb INSTALLATION_LOG = 'INSTALLATION.log' # Set no activity timeout to 20 minutes. NO_OUTPUT_TIMEOUT = 3600.0 @@ -47,6 +47,7 @@ RUN service postgresql start && service apache2 start && ./run.sh --daemon && sleep 120 && python ./scripts/api/install_tool_shed_repositories.py --api admin -l http://localhost:8080 --url ${tool_shed_url} -o ${repository_owner} --name ${repository_name} --tool-deps --repository-deps --panel-section-name 'Docker' ''' + def evaluate_template( text, install_environment ): """ Substitute variables defined in XML blocks from dependencies file. The value of the received @@ -56,6 +57,7 @@ """ return Template( text ).safe_substitute( get_env_var_values( install_environment ) ) + def get_env_var_values( install_environment ): """ Return a dictionary of values, some of which enable substitution of reserved words for the values. @@ -72,6 +74,7 @@ env_var_dict[ '__is64bit__' ] = sys.maxsize > 2**32 return env_var_dict + def get_file_type_str( changeset_revision, file_type ): if file_type == 'zip': file_type_str = '%s.zip' % changeset_revision @@ -83,6 +86,7 @@ file_type_str = '' return file_type_str + def move_file( current_dir, source, destination, rename_to=None ): source_path = os.path.abspath( os.path.join( current_dir, source ) ) source_file = os.path.basename( source_path ) @@ -97,6 +101,7 @@ os.makedirs( destination_directory ) shutil.move( source_path, destination_path ) + def remove_dir( dir ): """Attempt to remove a directory from disk.""" if dir: @@ -106,6 +111,7 @@ except: pass + def size_string( raw_text, size=MAX_DISPLAY_SIZE ): """Return a subset of a string (up to MAX_DISPLAY_SIZE) translated to a safe string for display in a browser.""" if raw_text and len( raw_text ) >= size: @@ -113,11 +119,13 @@ raw_text = '%s%s' % ( raw_text[ 0:size ], large_str ) return raw_text or '' + def stringify( list ): if list: return ','.join( list ) return '' + def strip_path( fpath ): """Attempt to strip the path from a file name.""" if not fpath: @@ -128,6 +136,7 @@ file_name = fpath return file_name + def to_html_string( text ): """Translates the characters in text to an html string""" if text: https://bitbucket.org/galaxy/galaxy-central/commits/f05ed31c1674/ Changeset: f05ed31c1674 Branch: next-stable User: dannon Date: 2014-12-03 14:24:44+00:00 Summary: Fix size_string; this would have thrown an exception on being called due to an unimported 'util'. Affected #: 1 file diff -r 81d5a494d274918192fe92bd3ac9217bcb22ef2c -r f05ed31c16741b5c1a4a43c73697f7ca9a6919d8 lib/tool_shed/util/basic_util.py --- a/lib/tool_shed/util/basic_util.py +++ b/lib/tool_shed/util/basic_util.py @@ -4,7 +4,7 @@ import sys from string import Template -from galaxy.util import unicodify +from galaxy.util import unicodify, nice_size from galaxy import eggs @@ -115,7 +115,7 @@ def size_string( raw_text, size=MAX_DISPLAY_SIZE ): """Return a subset of a string (up to MAX_DISPLAY_SIZE) translated to a safe string for display in a browser.""" if raw_text and len( raw_text ) >= size: - large_str = '\nFile contents truncated because file size is larger than maximum viewing size of %s\n' % util.nice_size( size ) + large_str = '\nFile contents truncated because file size is larger than maximum viewing size of %s\n' % nice_size( size ) raw_text = '%s%s' % ( raw_text[ 0:size ], large_str ) return raw_text or '' Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: jmchilton: Improvements to test/api/test_workflow_extraction.py.
by commits-noreply＠bitbucket.org 02 Dec '14

02 Dec '14

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/87ef26ad1876/ Changeset: 87ef26ad1876 User: jmchilton Date: 2014-12-03 03:17:25+00:00 Summary: Improvements to test/api/test_workflow_extraction.py. Fill out the dataset collection parameter test and add a new test for a workflow that includes subcollection mapping. Move toward orchestrating jobs in this file via a high-level YAML description of steps and test data as well as some higher-level methods for testing various stuff about extracted workflows (step counts, input types, tools used, connected-ness, etc...). Allow ordering jobs index API by create_time instead of update_time. Affected #: 4 files diff -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 -r 87ef26ad1876d0d6162eb4b6e7c93c8d69fbc4d6 lib/galaxy/webapps/galaxy/api/jobs.py --- a/lib/galaxy/webapps/galaxy/api/jobs.py +++ b/lib/galaxy/webapps/galaxy/api/jobs.py @@ -73,9 +73,11 @@ raise exceptions.ObjectAttributeInvalidException() out = [] - for job in query.order_by( - trans.app.model.Job.update_time.desc() - ).all(): + if kwd.get( 'order_by' ) == 'create_time': + order_by = trans.app.model.Job.create_time.desc() + else: + order_by = trans.app.model.Job.update_time.desc() + for job in query.order_by( order_by ).all(): out.append( self.encode_all_ids( trans, job.to_dict( 'collection' ), True ) ) return out diff -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 -r 87ef26ad1876d0d6162eb4b6e7c93c8d69fbc4d6 test/api/helpers.py --- a/test/api/helpers.py +++ b/test/api/helpers.py @@ -76,7 +76,10 @@ return run_response.json()["outputs"][0] def wait_for_history( self, history_id, assert_ok=False, timeout=DEFAULT_HISTORY_TIMEOUT ): - wait_on_state( lambda: self.galaxy_interactor.get( "histories/%s" % history_id ), assert_ok=assert_ok, timeout=timeout ) + return wait_on_state( lambda: self.galaxy_interactor.get( "histories/%s" % history_id ), assert_ok=assert_ok, timeout=timeout ) + + def wait_for_job( self, job_id, assert_ok=False, timeout=DEFAULT_HISTORY_TIMEOUT ): + return wait_on_state( lambda: self.galaxy_interactor.get( "jobs/%s" % job_id ), assert_ok=assert_ok, timeout=timeout ) def new_history( self, **kwds ): name = kwds.get( "name", "API Test History" ) @@ -296,6 +299,12 @@ ) return self.__create( payload ) + def create_list_of_pairs_in_history( self, history_id, **kwds ): + pair1 = self.create_pair_in_history( history_id, **kwds ).json()["id"] + #pair2 = self.create_pair_in_history( history_id, **kwds ).json()["id"] + #pair3 = self.create_pair_in_history( history_id, **kwds ).json()["id"] + return self.create_list_from_pairs( history_id, [ pair1 ] ) + def create_pair_in_history( self, history_id, **kwds ): payload = self.create_pair_payload( history_id, @@ -375,13 +384,13 @@ response = state_func() assert response.status_code == 200, "Failed to fetch state update while waiting." state = response.json()[ "state" ] - if state not in [ "running", "queued", "new" ]: + if state not in [ "running", "queued", "new", "ready" ]: if assert_ok: assert state == "ok", "Final state - %s - not okay." % state return state else: return None - wait_on( get_state, desc="state", timeout=timeout) + return wait_on( get_state, desc="state", timeout=timeout) def wait_on( function, desc, timeout=5 ): diff -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 -r 87ef26ad1876d0d6162eb4b6e7c93c8d69fbc4d6 test/api/test_workflow_extraction.py --- a/test/api/test_workflow_extraction.py +++ b/test/api/test_workflow_extraction.py @@ -1,8 +1,12 @@ +from collections import namedtuple +import functools from json import dumps, loads import operator from .helpers import skip_without_tool +from .helpers import wait_on_state from .test_workflows import BaseWorkflowsApiTestCase +import yaml class WorkflowExtractionApiTestCase( BaseWorkflowsApiTestCase ): @@ -110,27 +114,147 @@ @skip_without_tool( "collection_paired_test" ) def test_extract_workflows_with_dataset_collections( self ): - hdca = self.dataset_collection_populator.create_pair_in_history( self.history_id ).json() - hdca_id = hdca[ "id" ] - inputs = { - "f1": dict( src="hdca", id=hdca_id ) - } - run_output = self.dataset_populator.run_tool( - tool_id="collection_paired_test", - inputs=inputs, - history_id=self.history_id, - ) - job_id = run_output[ "jobs" ][ 0 ][ "id" ] - self.dataset_populator.wait_for_history( self.history_id, assert_ok=True ) + jobs_summary = self._run_jobs(""" +steps: + - label: text_input1 + type: input_collection + - tool_id: collection_paired_test + state: + f1: + $link: text_input1 +test_data: + text_input1: + type: paired +""") + job_id = self._job_id_for_tool( jobs_summary.jobs, "collection_paired_test" ) downloaded_workflow = self._extract_and_download_workflow( - dataset_collection_ids=[ hdca[ "hid" ] ], + dataset_collection_ids=[ jobs_summary.inputs["text_input1"]["hid"] ], job_ids=[ job_id ], ) - collection_steps = self._get_steps_of_type( downloaded_workflow, "data_collection_input", expected_len=1 ) - collection_step = collection_steps[ 0 ] + self.__check_workflow( + downloaded_workflow, + step_count=2, + verify_connected=True, + data_input_count=0, + data_collection_input_count=1, + tool_ids=["collection_paired_test"] + ) + + collection_step = self._get_steps_of_type( downloaded_workflow, "data_collection_input", expected_len=1 )[ 0 ] collection_step_state = loads( collection_step[ "tool_state" ] ) self.assertEquals( collection_step_state[ "collection_type" ], u"paired" ) + def test_subcollection_mapping( self ): + jobs_summary = self._run_jobs(""" +steps: + - label: text_input1 + type: input_collection + - label: noop + tool_id: cat1 + state: + input1: + $link: text_input1 + - tool_id: cat_collection + state: + input1: + $link: noop#out_file1 +test_data: + text_input1: + type: "list:paired" + """) + job1_id = self._job_id_for_tool( jobs_summary.jobs, "cat1" ) + job2_id = self._job_id_for_tool( jobs_summary.jobs, "cat_collection" ) + downloaded_workflow = self._extract_and_download_workflow( + dataset_collection_ids=[ jobs_summary.inputs["text_input1"]["hid"] ], + job_ids=[ job1_id, job2_id ], + ) + print jobs_summary.inputs["text_input1"] + self.__check_workflow( + downloaded_workflow, + step_count=3, + verify_connected=True, + data_input_count=0, + data_collection_input_count=1, + tool_ids=["cat_collection", "cat1"], + ) + + collection_step = self._get_steps_of_type( downloaded_workflow, "data_collection_input", expected_len=1 )[ 0 ] + collection_step_state = loads( collection_step[ "tool_state" ] ) + self.assertEquals( collection_step_state[ "collection_type" ], u"list:paired" ) + + def _run_jobs( self, jobs_yaml ): + history_id = self.history_id + workflow_id = self._upload_yaml_workflow( + jobs_yaml + ) + jobs_descriptions = yaml.load( jobs_yaml ) + test_data = jobs_descriptions["test_data"] + + label_map = {} + inputs = {} + for key, value in test_data.items(): + if isinstance( value, dict ): + elements_data = value.get( "elements", [] ) + elements = [] + for element_data in elements_data: + identifier = element_data[ "identifier" ] + content = element_data["content"] + elements.append( ( identifier, content ) ) + collection_type = value["type"] + if collection_type == "list:paired": + hdca = self.dataset_collection_populator.create_list_of_pairs_in_history( history_id ).json() + elif collection_type == "list": + hdca = self.dataset_collection_populator.create_list_in_history( history_id, contents=elements ).json() + else: + hdca = self.dataset_collection_populator.create_pair_in_history( history_id, contents=elements ).json() + label_map[key] = self._ds_entry( hdca ) + inputs[key] = hdca + else: + hda = self.dataset_populator.new_dataset( history_id, content=value ) + label_map[key] = self._ds_entry( hda ) + inputs[key] = hda + workflow_request = dict( + history="hist_id=%s" % history_id, + workflow_id=workflow_id, + ) + workflow_request[ "inputs" ] = dumps( label_map ) + workflow_request[ "inputs_by" ] = 'name' + self.dataset_populator.wait_for_history( history_id, assert_ok=True ) + url = "workflows/%s/usage" % ( workflow_id ) + invocation_response = self._post( url, data=workflow_request ) + self._assert_status_code_is( invocation_response, 200 ) + invocation = invocation_response.json() + invocation_id = invocation[ "id" ] + # Wait for workflow to become fully scheduled and then for all jobs + # complete. + self.wait_for_invocation( workflow_id, invocation_id ) + self.dataset_populator.wait_for_history( history_id, assert_ok=True ) + jobs = self._history_jobs( history_id ) + return RunJobsSummary( + history_id=history_id, + workflow_id=workflow_id, + inputs=inputs, + jobs=jobs, + ) + + def wait_for_invocation( self, workflow_id, invocation_id ): + url = "workflows/%s/usage/%s" % ( workflow_id, invocation_id ) + return wait_on_state( lambda: self._get( url ) ) + + def _history_jobs( self, history_id ): + return self._get("jobs", { "history_id": history_id, "order_by": "create_time" } ).json() + + def _job_id_for_tool( self, jobs, tool_id ): + return self._job_for_tool( jobs, tool_id )[ "id" ] + + def _job_for_tool( self, jobs, tool_id ): + tool_jobs = filter( lambda j: j["tool_id"] == tool_id, jobs ) + if not tool_jobs: + assert False, "Failed to find job for tool %s" % tool_id + # if len( tool_jobs ) > 1: + # assert False, "Found multiple jobs for tool %s" % tool_id + return tool_jobs[ -1 ] + def __run_random_lines_mapped_over_pair( self, history_id ): hdca = self.dataset_collection_populator.create_pair_in_history( history_id, contents=["1 2 3\n4 5 6", "7 8 9\n10 11 10"] ).json() hdca_id = hdca[ "id" ] @@ -266,3 +390,45 @@ job_id = run_output1[ "jobs" ][ 0 ][ "id" ] self.dataset_populator.wait_for_history( history_id, assert_ok=True, timeout=20 ) return implicit_hdca, job_id + + def __check_workflow( + self, + workflow, + step_count=None, + verify_connected=False, + data_input_count=None, + data_collection_input_count=None, + tool_ids=None, + ): + steps = workflow[ 'steps' ] + + if step_count is not None: + assert len( steps ) == step_count + if verify_connected: + self.__assert_connected( workflow, steps ) + if tool_ids is not None: + tool_steps = self._get_steps_of_type( workflow, "tool" ) + found_steps = set(map(operator.itemgetter("tool_id"), tool_steps)) + expected_steps = set(tool_ids) + assert found_steps == expected_steps + if data_input_count is not None: + self._get_steps_of_type( workflow, "data_input", expected_len=data_input_count ) + if data_collection_input_count is not None: + self._get_steps_of_type( workflow, "data_collection_input", expected_len=data_collection_input_count ) + + def __assert_connected( self, workflow, steps ): + disconnected_inputs = [] + + for key, value in steps.items(): + if value[ 'type' ] == "tool": + input_connections = value[ "input_connections" ] + if not input_connections: + disconnected_inputs.append( value ) + + if disconnected_inputs: + template = "%d step(s_ disconnected in extracted workflow - disconnectect steps are %s - workflow is %s" + message = template % ( len( disconnected_inputs ), disconnected_inputs, workflow ) + raise AssertionError( message ) + + +RunJobsSummary = namedtuple('RunJobsSummary', ['history_id', 'workflow_id', 'inputs', 'jobs']) diff -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 -r 87ef26ad1876d0d6162eb4b6e7c93c8d69fbc4d6 test/api/test_workflows.py --- a/test/api/test_workflows.py +++ b/test/api/test_workflows.py @@ -95,6 +95,12 @@ workflow_inputs = workflow_show_resposne.json()[ "inputs" ] return workflow_inputs + def _invocation_details( self, workflow_id, invocation_id ): + invocation_details_response = self._get( "workflows/%s/usage/%s" % ( workflow_id, invocation_id ) ) + self._assert_status_code_is( invocation_details_response, 200 ) + invocation_details = invocation_details_response.json() + return invocation_details + # Workflow API TODO: # - Allow history_id as param to workflow run action. (hist_id) @@ -530,12 +536,6 @@ self._assert_status_code_is( step_response, 200 ) self._assert_has_keys( step_response.json(), "id", "order_index" ) - def _invocation_details( self, workflow_id, invocation_id ): - invocation_details_response = self._get( "workflows/%s/usage/%s" % ( workflow_id, invocation_id ) ) - self._assert_status_code_is( invocation_details_response, 200 ) - invocation_details = invocation_details_response.json() - return invocation_details - def _invocation_step_details( self, workflow_id, invocation_id, step_id ): invocation_step_response = self._get( "workflows/%s/usage/%s/steps/%s" % ( workflow_id, invocation_id, step_id ) ) self._assert_status_code_is( invocation_step_response, 200 ) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: jgoecks: Merge next-stable to default
by commits-noreply＠bitbucket.org 02 Dec '14

02 Dec '14

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/a734cbf4bd36/ Changeset: a734cbf4bd36 User: jgoecks Date: 2014-12-02 18:31:09+00:00 Summary: Merge next-stable to default Affected #: 3 files diff -r 447e69511115f2e2d5a13d8bbe2282cf0c94c5db -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 client/galaxy/scripts/viz/trackster/slotting.js --- a/client/galaxy/scripts/viz/trackster/slotting.js +++ b/client/galaxy/scripts/viz/trackster/slotting.js @@ -138,7 +138,6 @@ // Feature is slotted; if feature now has larger start/end coordinates, // update drawing coordinates. if (feature[1] < slotted_info.feature[1] || slotted_info.feature[2] < feature[2]) { - console.log(feature[3], slotted_info.slot, this._find_slot(this._get_draw_coords(feature))); // Feature has changed (e.g. a single read now has its pair), so recalculate its // drawing coordinates. var old_draw_coords = this._get_draw_coords(slotted_info.feature), diff -r 447e69511115f2e2d5a13d8bbe2282cf0c94c5db -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 static/scripts/packed/viz/trackster/slotting.js --- a/static/scripts/packed/viz/trackster/slotting.js +++ b/static/scripts/packed/viz/trackster/slotting.js @@ -1,1 +1,1 @@ -define(["libs/underscore"],function(c){var f=c.extend;var d=2,b=5;var a=function(h,g){this.slot=h;this.feature=g};var e=function(j,i,g,h){this.slots={};this.start_end_dct={};this.w_scale=j;this.mode=i;this.include_label=(i==="Pack");this.max_rows=g;this.measureText=h};f(e.prototype,{_get_draw_coords:function(j){var h=Math.floor(j[1]*this.w_scale),i=Math.ceil(j[2]*this.w_scale),g=j[3],k;if(g!==undefined&&this.include_label){var l=this.measureText(g).width+(d+b);if(h-l>=0){h-=l;k="left"}else{i+=l;k="right"}}return[h,i]},_find_slot:function(j){var o=j[0],n=j[1];for(var l=0;l<=this.max_rows;l++){var p=false,m=this.start_end_dct[l];if(m!==undefined){for(var g=0,h=m.length;g<h;g++){var i=m[g];if(n>i[0]&&o<i[1]){p=true;break}}}if(!p){return l}}return -1},slot_features:function(h){var q=this.start_end_dct,v=[],m=0,x,l;for(var o=0,t=h.length;o<t;o++){x=h[o];l=x[0];var g=this.slots[l];if(g){if(x[1]<g.feature[1]||g.feature[2]<x[2]){console.log(x[3],g.slot,this._find_slot(this._get_draw_coords(x)));var s=this._get_draw_coords(g.feature),p=this._get_draw_coords(x),j=this.start_end_dct[g.slot];for(var n=0;n<j.length;n++){var w=j[n];if(w[0]===s[0]&&w[1]===s[1]){j[n]=p}}}m=Math.max(m,this.slots[l].slot)}else{v.push(o)}}for(var o=0,t=v.length;o<t;o++){x=h[v[o]];l=x[0];var r=this._get_draw_coords(x);var u=this._find_slot(r);if(u>=0){if(q[u]===undefined){q[u]=[]}q[u].push(r);this.slots[l]=new a(u,x);m=Math.max(m,u)}}return m+1}});return{FeatureSlotter:e}}); \ No newline at end of file +define(["libs/underscore"],function(c){var f=c.extend;var d=2,b=5;var a=function(h,g){this.slot=h;this.feature=g};var e=function(j,i,g,h){this.slots={};this.start_end_dct={};this.w_scale=j;this.mode=i;this.include_label=(i==="Pack");this.max_rows=g;this.measureText=h};f(e.prototype,{_get_draw_coords:function(j){var h=Math.floor(j[1]*this.w_scale),i=Math.ceil(j[2]*this.w_scale),g=j[3],k;if(g!==undefined&&this.include_label){var l=this.measureText(g).width+(d+b);if(h-l>=0){h-=l;k="left"}else{i+=l;k="right"}}return[h,i]},_find_slot:function(j){var o=j[0],n=j[1];for(var l=0;l<=this.max_rows;l++){var p=false,m=this.start_end_dct[l];if(m!==undefined){for(var g=0,h=m.length;g<h;g++){var i=m[g];if(n>i[0]&&o<i[1]){p=true;break}}}if(!p){return l}}return -1},slot_features:function(h){var q=this.start_end_dct,v=[],m=0,x,l;for(var o=0,t=h.length;o<t;o++){x=h[o];l=x[0];var g=this.slots[l];if(g){if(x[1]<g.feature[1]||g.feature[2]<x[2]){var s=this._get_draw_coords(g.feature),p=this._get_draw_coords(x),j=this.start_end_dct[g.slot];for(var n=0;n<j.length;n++){var w=j[n];if(w[0]===s[0]&&w[1]===s[1]){j[n]=p}}}m=Math.max(m,this.slots[l].slot)}else{v.push(o)}}for(var o=0,t=v.length;o<t;o++){x=h[v[o]];l=x[0];var r=this._get_draw_coords(x);var u=this._find_slot(r);if(u>=0){if(q[u]===undefined){q[u]=[]}q[u].push(r);this.slots[l]=new a(u,x);m=Math.max(m,u)}}return m+1}});return{FeatureSlotter:e}}); \ No newline at end of file diff -r 447e69511115f2e2d5a13d8bbe2282cf0c94c5db -r a734cbf4bd368198e2c813b5ea61e807f9a1af33 static/scripts/viz/trackster/slotting.js --- a/static/scripts/viz/trackster/slotting.js +++ b/static/scripts/viz/trackster/slotting.js @@ -138,7 +138,6 @@ // Feature is slotted; if feature now has larger start/end coordinates, // update drawing coordinates. if (feature[1] < slotted_info.feature[1] || slotted_info.feature[2] < feature[2]) { - console.log(feature[3], slotted_info.slot, this._find_slot(this._get_draw_coords(feature))); // Feature has changed (e.g. a single read now has its pair), so recalculate its // drawing coordinates. var old_draw_coords = this._get_draw_coords(slotted_info.feature), Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: jgoecks: Remove debugging statement.
by commits-noreply＠bitbucket.org 02 Dec '14

02 Dec '14

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/eb9d9ab34d23/ Changeset: eb9d9ab34d23 Branch: next-stable User: jgoecks Date: 2014-12-02 18:30:19+00:00 Summary: Remove debugging statement. Affected #: 3 files diff -r 1a2ef4a380ff35ca7f97ca2c50bab474400c6275 -r eb9d9ab34d23456d58f291b782b42724a83f711e client/galaxy/scripts/viz/trackster/slotting.js --- a/client/galaxy/scripts/viz/trackster/slotting.js +++ b/client/galaxy/scripts/viz/trackster/slotting.js @@ -138,7 +138,6 @@ // Feature is slotted; if feature now has larger start/end coordinates, // update drawing coordinates. if (feature[1] < slotted_info.feature[1] || slotted_info.feature[2] < feature[2]) { - console.log(feature[3], slotted_info.slot, this._find_slot(this._get_draw_coords(feature))); // Feature has changed (e.g. a single read now has its pair), so recalculate its // drawing coordinates. var old_draw_coords = this._get_draw_coords(slotted_info.feature), diff -r 1a2ef4a380ff35ca7f97ca2c50bab474400c6275 -r eb9d9ab34d23456d58f291b782b42724a83f711e static/scripts/packed/viz/trackster/slotting.js --- a/static/scripts/packed/viz/trackster/slotting.js +++ b/static/scripts/packed/viz/trackster/slotting.js @@ -1,1 +1,1 @@ -define(["libs/underscore"],function(c){var f=c.extend;var d=2,b=5;var a=function(h,g){this.slot=h;this.feature=g};var e=function(j,i,g,h){this.slots={};this.start_end_dct={};this.w_scale=j;this.mode=i;this.include_label=(i==="Pack");this.max_rows=g;this.measureText=h};f(e.prototype,{_get_draw_coords:function(j){var h=Math.floor(j[1]*this.w_scale),i=Math.ceil(j[2]*this.w_scale),g=j[3],k;if(g!==undefined&&this.include_label){var l=this.measureText(g).width+(d+b);if(h-l>=0){h-=l;k="left"}else{i+=l;k="right"}}return[h,i]},_find_slot:function(j){var o=j[0],n=j[1];for(var l=0;l<=this.max_rows;l++){var p=false,m=this.start_end_dct[l];if(m!==undefined){for(var g=0,h=m.length;g<h;g++){var i=m[g];if(n>i[0]&&o<i[1]){p=true;break}}}if(!p){return l}}return -1},slot_features:function(h){var q=this.start_end_dct,v=[],m=0,x,l;for(var o=0,t=h.length;o<t;o++){x=h[o];l=x[0];var g=this.slots[l];if(g){if(x[1]<g.feature[1]||g.feature[2]<x[2]){console.log(x[3],g.slot,this._find_slot(this._get_draw_coords(x)));var s=this._get_draw_coords(g.feature),p=this._get_draw_coords(x),j=this.start_end_dct[g.slot];for(var n=0;n<j.length;n++){var w=j[n];if(w[0]===s[0]&&w[1]===s[1]){j[n]=p}}}m=Math.max(m,this.slots[l].slot)}else{v.push(o)}}for(var o=0,t=v.length;o<t;o++){x=h[v[o]];l=x[0];var r=this._get_draw_coords(x);var u=this._find_slot(r);if(u>=0){if(q[u]===undefined){q[u]=[]}q[u].push(r);this.slots[l]=new a(u,x);m=Math.max(m,u)}}return m+1}});return{FeatureSlotter:e}}); \ No newline at end of file +define(["libs/underscore"],function(c){var f=c.extend;var d=2,b=5;var a=function(h,g){this.slot=h;this.feature=g};var e=function(j,i,g,h){this.slots={};this.start_end_dct={};this.w_scale=j;this.mode=i;this.include_label=(i==="Pack");this.max_rows=g;this.measureText=h};f(e.prototype,{_get_draw_coords:function(j){var h=Math.floor(j[1]*this.w_scale),i=Math.ceil(j[2]*this.w_scale),g=j[3],k;if(g!==undefined&&this.include_label){var l=this.measureText(g).width+(d+b);if(h-l>=0){h-=l;k="left"}else{i+=l;k="right"}}return[h,i]},_find_slot:function(j){var o=j[0],n=j[1];for(var l=0;l<=this.max_rows;l++){var p=false,m=this.start_end_dct[l];if(m!==undefined){for(var g=0,h=m.length;g<h;g++){var i=m[g];if(n>i[0]&&o<i[1]){p=true;break}}}if(!p){return l}}return -1},slot_features:function(h){var q=this.start_end_dct,v=[],m=0,x,l;for(var o=0,t=h.length;o<t;o++){x=h[o];l=x[0];var g=this.slots[l];if(g){if(x[1]<g.feature[1]||g.feature[2]<x[2]){var s=this._get_draw_coords(g.feature),p=this._get_draw_coords(x),j=this.start_end_dct[g.slot];for(var n=0;n<j.length;n++){var w=j[n];if(w[0]===s[0]&&w[1]===s[1]){j[n]=p}}}m=Math.max(m,this.slots[l].slot)}else{v.push(o)}}for(var o=0,t=v.length;o<t;o++){x=h[v[o]];l=x[0];var r=this._get_draw_coords(x);var u=this._find_slot(r);if(u>=0){if(q[u]===undefined){q[u]=[]}q[u].push(r);this.slots[l]=new a(u,x);m=Math.max(m,u)}}return m+1}});return{FeatureSlotter:e}}); \ No newline at end of file diff -r 1a2ef4a380ff35ca7f97ca2c50bab474400c6275 -r eb9d9ab34d23456d58f291b782b42724a83f711e static/scripts/viz/trackster/slotting.js --- a/static/scripts/viz/trackster/slotting.js +++ b/static/scripts/viz/trackster/slotting.js @@ -138,7 +138,6 @@ // Feature is slotted; if feature now has larger start/end coordinates, // update drawing coordinates. if (feature[1] < slotted_info.feature[1] || slotted_info.feature[2] < feature[2]) { - console.log(feature[3], slotted_info.slot, this._find_slot(this._get_draw_coords(feature))); // Feature has changed (e.g. a single read now has its pair), so recalculate its // drawing coordinates. var old_draw_coords = this._get_draw_coords(slotted_info.feature), Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0