- galaxy-commits - lists.galaxyproject.org

commit/galaxy-central: greg: Add help text to the tool shed repository upload form to advertise John Chilton's recent enhancement allowing for mercurial repository urls staring with hg:// or hgs://.
by Bitbucket 23 Oct '12

23 Oct '12

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/bad5602cdf99/ changeset: bad5602cdf99 user: greg date: 2012-10-23 20:59:31 summary: Add help text to the tool shed repository upload form to advertise John Chilton's recent enhancement allowing for mercurial repository urls staring with hg:// or hgs://. affected #: 2 files diff -r 5ae989999225b9edf884de6dfe23a2e82f9de403 -r bad5602cdf998dff9c2aecf478dc4ed1a797a023 lib/galaxy/webapps/community/controllers/upload.py --- a/lib/galaxy/webapps/community/controllers/upload.py +++ b/lib/galaxy/webapps/community/controllers/upload.py @@ -48,13 +48,12 @@ message = 'No files were entered on the upload form.' status = 'error' uploaded_file = None - elif url and url.startswith("hg"): - # Use mercurial clone to fetch repository, contents will then - # be copied over. + elif url and url.startswith( 'hg' ): + # Use mercurial clone to fetch repository, contents will then be copied over. uploaded_directory = tempfile.mkdtemp() - repo_url = "http%s" % url[len("hg"):] - repo_url = repo_url.encode('ascii', 'replace') - commands.clone(get_configured_ui(), repo_url, uploaded_directory) + repo_url = 'http%s' % url[ len( 'hg' ): ] + repo_url = repo_url.encode( 'ascii', 'replace' ) + commands.clone( get_configured_ui(), repo_url, uploaded_directory ) elif url: valid_url = True try: diff -r 5ae989999225b9edf884de6dfe23a2e82f9de403 -r bad5602cdf998dff9c2aecf478dc4ed1a797a023 templates/webapps/community/repository/upload.mako --- a/templates/webapps/community/repository/upload.mako +++ b/templates/webapps/community/repository/upload.mako @@ -85,7 +85,10 @@ <input name="url" type="textfield" value="${url | h}" size="40"/></div><div class="toolParamHelp" style="clear: both;"> - Enter a URL to upload your files via http. + Enter a URL to upload your files via http. URLs that point to mercurial repositories (URLs that start with hg:// or hgs://) + are allowed. This mechanism results in the tip revision of an external mercurial repository being added to the tool shed + repository as a single new changeset. The revision history of the originating external mercurial repository is not uploaded + to the tool shed repository. </div><div style="clear: both"></div></div> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: greg: Fix for managing tool shed repository reviews.
by Bitbucket 23 Oct '12

23 Oct '12

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/5ae989999225/ changeset: 5ae989999225 user: greg date: 2012-10-23 20:38:38 summary: Fix for managing tool shed repository reviews. affected #: 1 file diff -r 1d8578333bd37d7fd84f276d115f414bbde0b607 -r 5ae989999225b9edf884de6dfe23a2e82f9de403 lib/galaxy/webapps/community/controllers/repository_review.py --- a/lib/galaxy/webapps/community/controllers/repository_review.py +++ b/lib/galaxy/webapps/community/controllers/repository_review.py @@ -654,7 +654,7 @@ repo_dir = repository.repo_path repo = hg.repository( get_configured_ui(), repo_dir ) metadata_revision_hashes = [ metadata_revision.changeset_revision for metadata_revision in repository.metadata_revisions ] - reviewed_revision_hashes = [ reviewed_revisions.changeset_revision for reviewed_revisions in repository.reviewed_revisions ] + reviewed_revision_hashes = [ review.changeset_revision for review in repository.reviews ] reviews_dict = odict() for changeset in get_reversed_changelog_changesets( repo ): ctx = repo.changectx( changeset ) @@ -667,7 +667,10 @@ # Determine if the current user can add a review to this revision. can_add_review = trans.user not in [ repository_review.user for repository_review in repository_reviews ] repository_metadata = get_repository_metadata_by_changeset_revision( trans, repository_id, changeset_revision ) - repository_metadata_reviews = util.listify( repository_metadata.reviews ) + if repository_metadata: + repository_metadata_reviews = util.listify( repository_metadata.reviews ) + else: + repository_metadata_reviews = [] else: repository_reviews = [] repository_metadata_reviews = [] Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: greg: Fix for RepositoriesWithReviewsGrid columns.
by Bitbucket 23 Oct '12

23 Oct '12

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/1d8578333bd3/ changeset: 1d8578333bd3 user: greg date: 2012-10-23 19:43:08 summary: Fix for RepositoriesWithReviewsGrid columns. affected #: 2 files diff -r 7a0c93ca036bcd7a8ed33ed15dec95205974f46e -r 1d8578333bd37d7fd84f276d115f414bbde0b607 lib/galaxy/webapps/community/controllers/repository.py --- a/lib/galaxy/webapps/community/controllers/repository.py +++ b/lib/galaxy/webapps/community/controllers/repository.py @@ -120,20 +120,6 @@ elif len( select_field.options ) == 1: return select_field.options[ 0 ][ 0 ] return '' - class WithoutReviewsRevisionColumn( grids.GridColumn ): - def __init__( self, col_name ): - grids.GridColumn.__init__( self, col_name ) - def get_value( self, trans, grid, repository ): - # Restrict the options to revisions that have not yet been reviewed. - repository_metadata_revisions = get_repository_metadata_revisions_for_review( repository, reviewed=False ) - if repository_metadata_revisions: - rval = '' - for repository_metadata in repository_metadata_revisions: - rev, label, changeset_revision = get_rev_label_changeset_revision_from_repository_metadata( repository_metadata, repository=repository ) - rval += '<a href="manage_repository_reviews_of_revision' - rval += '?id=%s&changeset_revision=%s">%s</a><br/>' % ( trans.security.encode_id( repository.id ), changeset_revision, label ) - return rval - return '' class TipRevisionColumn( grids.GridColumn ): def __init__( self, col_name ): grids.GridColumn.__init__( self, col_name ) diff -r 7a0c93ca036bcd7a8ed33ed15dec95205974f46e -r 1d8578333bd37d7fd84f276d115f414bbde0b607 lib/galaxy/webapps/community/controllers/repository_review.py --- a/lib/galaxy/webapps/community/controllers/repository_review.py +++ b/lib/galaxy/webapps/community/controllers/repository_review.py @@ -51,8 +51,6 @@ class RepositoriesWithReviewsGrid( RepositoryGrid ): # This grid filters out repositories that have been marked as deprecated. class WithReviewsRevisionColumn( grids.GridColumn ): - def __init__( self, col_name ): - grids.GridColumn.__init__( self, col_name ) def get_value( self, trans, grid, repository ): # Restrict to revisions that have been reviewed. if repository.reviews: @@ -65,6 +63,18 @@ rval += '?id=%s&changeset_revision=%s">%s</a><br/>' % ( trans.security.encode_id( repository.id ), changeset_revision, label ) return rval return '' + class WithoutReviewsRevisionColumn( grids.GridColumn ): + def get_value( self, trans, grid, repository ): + # Restrict the options to revisions that have not yet been reviewed. + repository_metadata_revisions = get_repository_metadata_revisions_for_review( repository, reviewed=False ) + if repository_metadata_revisions: + rval = '' + for repository_metadata in repository_metadata_revisions: + rev, label, changeset_revision = get_rev_label_changeset_revision_from_repository_metadata( repository_metadata, repository=repository ) + rval += '<a href="manage_repository_reviews_of_revision' + rval += '?id=%s&changeset_revision=%s">%s</a><br/>' % ( trans.security.encode_id( repository.id ), changeset_revision, label ) + return rval + return '' class ReviewersColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): rval = '' @@ -84,7 +94,7 @@ link=( lambda item: dict( operation="view_or_manage_repository", id=item.id ) ), attach_popup=True ), WithReviewsRevisionColumn( "Reviewed revisions" ), - RepositoryGrid.WithoutReviewsRevisionColumn( "Revisions for review" ), + WithoutReviewsRevisionColumn( "Revisions for review" ), RepositoryGrid.UserColumn( "Owner", attach_popup=False ), ReviewersColumn( "Reviewers", attach_popup=False ) ] Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: greg: Alllow non-admin users to see metadata revisions when viewing a repository changelog in the tool shed.
by Bitbucket 23 Oct '12

23 Oct '12

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/7a0c93ca036b/ changeset: 7a0c93ca036b user: greg date: 2012-10-23 19:38:34 summary: Alllow non-admin users to see metadata revisions when viewing a repository changelog in the tool shed. affected #: 1 file diff -r 26017976e4e9d5de317e0b1ef29423effdbe5e24 -r 7a0c93ca036bcd7a8ed33ed15dec95205974f46e templates/webapps/community/repository/view_changelog.mako --- a/templates/webapps/community/repository/view_changelog.mako +++ b/templates/webapps/community/repository/view_changelog.mako @@ -114,14 +114,14 @@ has_metadata_str = '<table border="0"><tr><td bgcolor="#D8D8D8">Repository metadata is associated with this change set.</td></tr></table>' else: has_metadata_str = '' + display_date = changeset[ 'display_date' ] %> - <% display_date = changeset[ 'display_date' ] %> %if test_date != display_date: <tr colspan="2"><td bgcolor="#D8D8D8">${display_date}</td></tr> %endif <tr><td> - %if is_admin and has_metadata_str: + %if has_metadata_str: <div class="form-row"> ${has_metadata_str} </div> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 2 new changesets
by Bitbucket 23 Oct '12

23 Oct '12

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/283776e0ad29/ changeset: 283776e0ad29 user: jgoecks date: 2012-10-23 19:30:26 summary: Make DiagonalHeatMapTrack compatible with recent refactoring. affected #: 1 file diff -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a -r 283776e0ad29cd9638d5be726fe051d985922c48 static/scripts/viz/trackster/tracks.js --- a/static/scripts/viz/trackster/tracks.js +++ b/static/scripts/viz/trackster/tracks.js @@ -3686,17 +3686,14 @@ /** * Draw LineTrack tile. */ - draw_tile: function(result, ctx, mode, resolution, tile_index, w_scale) { + draw_tile: function(result, ctx, mode, resolution, region, w_scale) { // Paint onto canvas. var canvas = ctx.canvas, - tile_bounds = this._get_tile_bounds(tile_index, resolution), - tile_low = tile_bounds[0], - tile_high = tile_bounds[1], - painter = new painters.DiagonalHeatmapPainter(result.data, tile_low, tile_high, this.prefs, mode); + painter = new painters.DiagonalHeatmapPainter(result.data, region.get('start'), region.get('end'), this.prefs, mode); painter.draw(ctx, canvas.width, canvas.height, w_scale); - return new Tile(this, tile_index, resolution, canvas, result.data); + return new Tile(this, region, resolution, canvas, result.data); } }); https://bitbucket.org/galaxy/galaxy-central/changeset/26017976e4e9/ changeset: 26017976e4e9 user: jgoecks date: 2012-10-23 19:30:56 summary: Automated Merge affected #: 3 files diff -r 283776e0ad29cd9638d5be726fe051d985922c48 -r 26017976e4e9d5de317e0b1ef29423effdbe5e24 lib/galaxy/webapps/community/controllers/repository.py --- a/lib/galaxy/webapps/community/controllers/repository.py +++ b/lib/galaxy/webapps/community/controllers/repository.py @@ -20,6 +20,8 @@ from galaxy import eggs eggs.require('mercurial') from mercurial import hg, ui, patch, commands +eggs.require('markupsafe') +from markupsafe import escape as escape_html log = logging.getLogger( __name__ ) @@ -105,7 +107,7 @@ class RepositoryGrid( grids.Grid ): class NameColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): - return repository.name + return escape_html( repository.name ) class MetadataRevisionColumn( grids.GridColumn ): def __init__( self, col_name ): grids.GridColumn.__init__( self, col_name ) @@ -137,10 +139,10 @@ grids.GridColumn.__init__( self, col_name ) def get_value( self, trans, grid, repository ): """Display the repository tip revision label.""" - return repository.revision + return escape_html( repository.revision ) class DescriptionColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): - return repository.description + return escape_html( repository.description ) class CategoryColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): rval = '<ul>' @@ -161,7 +163,7 @@ class UserColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): if repository.user: - return repository.user.username + return escape_html( repository.user.username ) return 'no user' class EmailColumn( grids.TextColumn ): def filter( self, trans, user, query, column_filter ): diff -r 283776e0ad29cd9638d5be726fe051d985922c48 -r 26017976e4e9d5de317e0b1ef29423effdbe5e24 templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,5 +1,7 @@ <%def name="escape_html_add_breaks( value )"><% + from galaxy import eggs + eggs.require('markupsafe') import markupsafe value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) %> diff -r 283776e0ad29cd9638d5be726fe051d985922c48 -r 26017976e4e9d5de317e0b1ef29423effdbe5e24 test/base/twilltestcase.py --- a/test/base/twilltestcase.py +++ b/test/base/twilltestcase.py @@ -746,9 +746,9 @@ temp_local = tempfile.NamedTemporaryFile( suffix='.sam', prefix='local_bam_converted_to_sam_' ) fd, temp_temp = tempfile.mkstemp( suffix='.sam', prefix='history_bam_converted_to_sam_' ) os.close( fd ) - p = subprocess.Popen( args="samtools view -h %s -o %s" % ( local_name, temp_local.name ), shell=True ) + p = subprocess.Popen( args='samtools view -h -o "%s" "%s"' % ( temp_local.name, local_name ), shell=True ) assert not p.wait(), 'Converting local (test-data) bam to sam failed' - p = subprocess.Popen( args="samtools view -h %s -o %s" % ( temp_name, temp_temp ), shell=True ) + p = subprocess.Popen( args='samtools view -h -o "%s" "%s"' % ( temp_temp, temp_name ), shell=True ) assert not p.wait(), 'Converting history bam to sam failed' os.remove( temp_name ) return temp_local, temp_temp Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: dan: Tweak for functional tests of BAM outputs on Macs.
by Bitbucket 23 Oct '12

23 Oct '12

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/72484a95b873/ changeset: 72484a95b873 user: dan date: 2012-10-23 18:28:22 summary: Tweak for functional tests of BAM outputs on Macs. affected #: 1 file diff -r 8f82e2c36ec3da564aa0cdc507adad19e295b317 -r 72484a95b8732bf391ded562d9c26f4b61f51b43 test/base/twilltestcase.py --- a/test/base/twilltestcase.py +++ b/test/base/twilltestcase.py @@ -746,9 +746,9 @@ temp_local = tempfile.NamedTemporaryFile( suffix='.sam', prefix='local_bam_converted_to_sam_' ) fd, temp_temp = tempfile.mkstemp( suffix='.sam', prefix='history_bam_converted_to_sam_' ) os.close( fd ) - p = subprocess.Popen( args="samtools view -h %s -o %s" % ( local_name, temp_local.name ), shell=True ) + p = subprocess.Popen( args='samtools view -h -o "%s" "%s"' % ( temp_local.name, local_name ), shell=True ) assert not p.wait(), 'Converting local (test-data) bam to sam failed' - p = subprocess.Popen( args="samtools view -h %s -o %s" % ( temp_name, temp_temp ), shell=True ) + p = subprocess.Popen( args='samtools view -h -o "%s" "%s"' % ( temp_temp, temp_name ), shell=True ) assert not p.wait(), 'Converting history bam to sam failed' os.remove( temp_name ) return temp_local, temp_temp Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 2 new changesets
by Bitbucket 23 Oct '12

23 Oct '12

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/847bafa6c4aa/ changeset: 847bafa6c4aa user: dan date: 2012-10-23 17:26:27 summary: HTML escape user defined values in repository grid. affected #: 1 file diff -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a -r 847bafa6c4aa94cb41e87f842081693f7526cf44 lib/galaxy/webapps/community/controllers/repository.py --- a/lib/galaxy/webapps/community/controllers/repository.py +++ b/lib/galaxy/webapps/community/controllers/repository.py @@ -20,6 +20,8 @@ from galaxy import eggs eggs.require('mercurial') from mercurial import hg, ui, patch, commands +eggs.require('markupsafe') +from markupsafe import escape as escape_html log = logging.getLogger( __name__ ) @@ -105,7 +107,7 @@ class RepositoryGrid( grids.Grid ): class NameColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): - return repository.name + return escape_html( repository.name ) class MetadataRevisionColumn( grids.GridColumn ): def __init__( self, col_name ): grids.GridColumn.__init__( self, col_name ) @@ -137,10 +139,10 @@ grids.GridColumn.__init__( self, col_name ) def get_value( self, trans, grid, repository ): """Display the repository tip revision label.""" - return repository.revision + return escape_html( repository.revision ) class DescriptionColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): - return repository.description + return escape_html( repository.description ) class CategoryColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): rval = '<ul>' @@ -161,7 +163,7 @@ class UserColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): if repository.user: - return repository.user.username + return escape_html( repository.user.username ) return 'no user' class EmailColumn( grids.TextColumn ): def filter( self, trans, user, query, column_filter ): https://bitbucket.org/galaxy/galaxy-central/changeset/8f82e2c36ec3/ changeset: 8f82e2c36ec3 user: dan date: 2012-10-23 17:26:27 summary: Tweak for escape_html_add_breaks affected #: 1 file diff -r 847bafa6c4aa94cb41e87f842081693f7526cf44 -r 8f82e2c36ec3da564aa0cdc507adad19e295b317 templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,5 +1,7 @@ <%def name="escape_html_add_breaks( value )"><% + from galaxy import eggs + eggs.require('markupsafe') import markupsafe value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) %> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 3 new changesets
by Bitbucket 23 Oct '12

23 Oct '12

3 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/2c261f6401e9/ changeset: 2c261f6401e9 user: jgoecks date: 2012-10-23 17:01:31 summary: Update ChromosomeInteraction datatype metadata. affected #: 1 file diff -r 06b3b644188a29b78e8400298c67472b5b6bd790 -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e lib/galaxy/datatypes/interval.py --- a/lib/galaxy/datatypes/interval.py +++ b/lib/galaxy/datatypes/interval.py @@ -1313,15 +1313,18 @@ file_ext = "chrint" - column_names = [ 'Chrom', 'Start1', 'End1', 'Start2', 'End2', 'Value' ] + column_names = [ 'Chrom1', 'Start1', 'End1', 'Chrom2', 'Start2', 'End2', 'Value' ] """Add metadata elements""" - MetadataElement( name="chromCol", default=1, desc="Chrom column", param=metadata.ColumnParameter ) + MetadataElement( name="chrom1Col", default=1, desc="Chrom1 column", param=metadata.ColumnParameter ) MetadataElement( name="start1Col", default=2, desc="Start1 column", param=metadata.ColumnParameter ) MetadataElement( name="end1Col", default=3, desc="End1 column", param=metadata.ColumnParameter ) - MetadataElement( name="start2Col", default=2, desc="Start2 column", param=metadata.ColumnParameter ) - MetadataElement( name="end2Col", default=3, desc="End2 column", param=metadata.ColumnParameter ) - MetadataElement( name="columns", default=3, desc="Number of columns", readonly=True, visible=False ) + MetadataElement( name="chrom2Col", default=4, desc="Chrom2 column", param=metadata.ColumnParameter ) + MetadataElement( name="start2Col", default=5, desc="Start2 column", param=metadata.ColumnParameter ) + MetadataElement( name="end2Col", default=6, desc="End2 column", param=metadata.ColumnParameter ) + MetadataElement( name="valueCol", default=7, desc="Value column", param=metadata.ColumnParameter ) + + MetadataElement( name="columns", default=7, desc="Number of columns", readonly=True, visible=False ) def sniff( self, filename ): return False https://bitbucket.org/galaxy/galaxy-central/changeset/d79eb7e1d7cb/ changeset: d79eb7e1d7cb user: jgoecks date: 2012-10-23 17:06:27 summary: Circster: use chords to denote chromosome interactions data. affected #: 7 files diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 lib/galaxy/visualization/data_providers/genome.py --- a/lib/galaxy/visualization/data_providers/genome.py +++ b/lib/galaxy/visualization/data_providers/genome.py @@ -347,11 +347,18 @@ tabix = ctabix.Tabixfile(bgzip_fname, index_filename=self.converted_dataset.file_name) - # If chrom not in data, try alternative. - if chrom not in tabix.contigs: + # Get iterator using either naming scheme. + iterator = iter( [] ) + if chrom in tabix.contigs: + iterator = tabix.fetch(reference=chrom, start=start, end=end) + else: + # Try alternative naming scheme. chrom = _convert_between_ucsc_and_ensemble_naming( chrom ) - - return tabix.fetch(reference=chrom, start=start, end=end) + if chrom in tabix.contigs: + iterator = tabix.fetch(reference=chrom, start=start, end=end) + + return iterator + def write_data_to_file( self, regions, filename ): out = open( filename, "w" ) @@ -1457,11 +1464,11 @@ feature = line.split() length = len( feature ) - s1 = int( feature[1] ), - e1 = int( feature[2] ), - c = feature[3], - s2 = int( feature[4] ), - e2 = int( feature[5] ), + s1 = int( feature[1] ) + e1 = int( feature[2] ) + c = feature[3] + s2 = int( feature[4] ) + e2 = int( feature[5] ) v = float( feature[6] ) # Feature initialization. @@ -1480,7 +1487,7 @@ return 50000; class ChromatinInteractionsTabixDataProvider( TabixDataProvider, ChromatinInteractionsDataProvider ): - def get_iterator( self, chrom, start, end ): + def get_iterator( self, chrom, start=0, end=sys.maxint ): """ """ # Modify start as needed to get earlier interactions with start region. @@ -1493,7 +1500,7 @@ c = feature[3] s2 = int( feature[4] ) e2 = int( feature[5] ) - if ( ( c == chrom ) and ( s1 < end and e1 > start ) and ( s2 < end and e2 > start ) ): + if ( s1 <= end and e1 >= start ) and ( s2 <= end and e2 >= start ): yield line return filter( TabixDataProvider.get_iterator( self, chrom, start, end ) ) diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 lib/galaxy/web/base/controller.py --- a/lib/galaxy/web/base/controller.py +++ b/lib/galaxy/web/base/controller.py @@ -602,7 +602,7 @@ return visualization - def _get_genome_data( self, trans, dataset, dbkey=None ): + def _get_genome_data( self, trans, dataset, dbkey=None, source='index' ): """ Returns genome-wide data for dataset if available; if not, message is returned. """ @@ -615,7 +615,7 @@ query_dbkey = dbkey chroms_info = self.app.genomes.chroms( trans, dbkey=query_dbkey ) - # If there are no messages (messages indicate data is not ready/available), preload data. + # If there are no messages (messages indicate data is not ready/available), get data. messages_list = [ data_source_dict[ 'message' ] for data_source_dict in data_sources.values() ] message = get_highest_priority_msg( messages_list ) if message: @@ -623,7 +623,7 @@ else: data_provider = trans.app.data_provider_registry.get_data_provider( trans, original_dataset=dataset, - source='index' ) + source=source ) # HACK: pass in additional params, which are only used for summary tree data, not BBI data. rval = data_provider.get_genome_data( chroms_info, level=4, detail_cutoff=0, draw_cutoff=0 ) diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 lib/galaxy/webapps/galaxy/controllers/visualization.py --- a/lib/galaxy/webapps/galaxy/controllers/visualization.py +++ b/lib/galaxy/webapps/galaxy/controllers/visualization.py @@ -8,6 +8,7 @@ from galaxy.visualization.genomes import decode_dbkey from galaxy.visualization.genome.visual_analytics import get_dataset_job from galaxy.visualization.data_providers.phyloviz import PhylovizDataProvider +from galaxy.datatypes.interval import ChromatinInteractions from .library import LibraryListGrid @@ -748,11 +749,16 @@ chroms_info = self.app.genomes.chroms( trans, dbkey=dbkey ) genome = { 'dbkey': dbkey, 'chroms_info': chroms_info } - # Add genome-wide summary tree data to each track in viz. + # Add genome-wide data to each track in viz. tracks = viz_config.get( 'tracks', [] ) for track in tracks: dataset = self.get_hda_or_ldda( trans, track[ 'hda_ldda'], track[ 'dataset_id' ] ) - genome_data = self._get_genome_data( trans, dataset, dbkey ) + # HACK: chromatin interactions tracks use data as source. + source = 'index' + if isinstance( dataset.datatype, ChromatinInteractions ): + source = 'data' + + genome_data = self._get_genome_data( trans, dataset, dbkey, source=source ) if not isinstance( genome_data, str ): track[ 'preloaded_data' ] = genome_data diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/circster.js --- a/static/scripts/viz/circster.js +++ b/static/scripts/viz/circster.js @@ -48,23 +48,46 @@ this.track_gap = 5; this.label_arc_height = 20; this.scale = 1; - this.track_views = null; + this.circular_views = null; + this.chords_views = null; // When tracks added to/removed from model, update view. this.model.get('tracks').on('add', this.add_track, this); this.model.get('tracks').on('remove', this.remove_track, this); + this.get_circular_tracks(); + }, + + // HACKs: using track_type for circular/chord distinction in the functions below for now. + + /** + * Returns tracks to be rendered using circular view. + */ + get_circular_tracks: function() { + return this.model.get('tracks').filter(function(track) { + return track.get('track_type') !== 'DiagonalHeatmapTrack'; + }); + }, + + /** + * Returns tracks to be rendered using chords view. + */ + get_chord_tracks: function() { + return this.model.get('tracks').filter(function(track) { + return track.get('track_type') === 'DiagonalHeatmapTrack'; + }); }, /** * Returns a list of tracks' radius bounds. */ get_tracks_bounds: function() { - var dataset_arc_height = this.dataset_arc_height, + var circular_tracks = this.get_circular_tracks(); + dataset_arc_height = this.dataset_arc_height, min_dimension = Math.min(this.$el.width(), this.$el.height()), // Compute radius start based on model, will be centered // and fit entirely inside element by default. radius_start = min_dimension / 2 - - this.model.get('tracks').length * (this.dataset_arc_height + this.track_gap) - + circular_tracks.length * (this.dataset_arc_height + this.track_gap) - (this.label_arc_height + this.track_gap), // Compute range of track starting radii. @@ -77,12 +100,16 @@ }); }, + /** + * Renders circular tracks, chord tracks, and label tracks. + */ render: function() { var self = this, dataset_arc_height = this.dataset_arc_height, width = self.$el.width(), height = self.$el.height(), - tracks = this.model.get('tracks'), + circular_tracks = this.get_circular_tracks(), + chords_tracks = this.get_chord_tracks(), tracks_bounds = this.get_tracks_bounds(), // Set up SVG element. @@ -108,7 +135,7 @@ } self.zoom_drag_timeout = setTimeout(function() { // Render more detail in tracks' visible elements. - _.each(self.track_views, function(view) { + _.each(self.circular_views, function(view) { view.update_scale(scale); }); }, 400); @@ -117,32 +144,46 @@ .attr("transform", "translate(" + width / 2 + "," + height / 2 + ")") .append('svg:g').attr('class', 'tracks'); - - // -- Render each dataset in the visualization. -- + // -- Render circular tracks. -- // Create a view for each track in the visualiation and render. - this.track_views = tracks.map(function(track, index) { - track_view_class = (track.get('track_type') === 'LineTrack' ? + this.circular_views = circular_tracks.map(function(track, index) { + var track_view_class = (track.get('track_type') === 'LineTrack' ? CircsterBigWigTrackView : - CircsterSummaryTreeTrackView ); + CircsterSummaryTreeTrackView ), + view = new track_view_class({ + el: svg.append('g')[0], + track: track, + radius_bounds: tracks_bounds[index], + genome: self.genome, + total_gap: self.total_gap + }); - return new track_view_class({ + view.render(); + + return view; + }); + + // -- Render chords tracks. -- + + this.chords_views = chords_tracks.map(function(track) { + var view = new CircsterChromInteractionsTrackView({ el: svg.append('g')[0], track: track, - radius_bounds: tracks_bounds[index], + radius_bounds: tracks_bounds[0], genome: self.genome, total_gap: self.total_gap }); + + view.render(); + + return view; }); - _.each(this.track_views, function(view) { - view.render(); - }); - - // -- Render chromosome labels. -- + // -- Render label tracks. -- // Set radius start = end for track bounds. - var track_bounds = tracks_bounds[tracks.length]; + var track_bounds = tracks_bounds[circular_tracks.length]; track_bounds[1] = track_bounds[0]; this.label_track_view = new CircsterLabelTrackView({ el: svg.append('g')[0], @@ -161,13 +202,12 @@ add_track: function(new_track) { // Recompute and update track bounds. var new_track_bounds = this.get_tracks_bounds(); - _.each(this.track_views, function(track_view, i) { - //console.log(self.get_tracks_bounds(), i); + _.each(this.circular_views, function(track_view, i) { track_view.update_radius_bounds(new_track_bounds[i]); }); // Render new track. - var track_index = this.track_views.length, + var track_index = this.circular_views.length, track_view_class = (new_track.get('track_type') === 'LineTrack' ? CircsterBigWigTrackView : CircsterSummaryTreeTrackView ), @@ -179,7 +219,7 @@ total_gap: this.total_gap }); track_view.render(); - this.track_views.push(track_view); + this.circular_views.push(track_view); // Update label track. var track_bounds = new_track_bounds[ new_track_bounds.length-1 ]; @@ -192,14 +232,13 @@ */ remove_track: function(track, tracks, options) { // -- Remove track from view. -- - var track_view = this.track_views[options.index]; - this.track_views.splice(options.index, 1); + var track_view = this.circular_views[options.index]; + this.circular_views.splice(options.index, 1); track_view.$el.remove(); // Recompute and update track bounds. var new_track_bounds = this.get_tracks_bounds(); - _.each(this.track_views, function(track_view, i) { - //console.log(self.get_tracks_bounds(), i); + _.each(this.circular_views, function(track_view, i) { track_view.update_radius_bounds(new_track_bounds[i]); }); } @@ -581,7 +620,7 @@ }); /** - * Bigwig track view in Circster + * Bigwig track view in Circster. */ var CircsterBigWigTrackView = CircsterQuantitativeTrackView.extend({ @@ -604,6 +643,74 @@ } }); +/** + * Chromosome interactions track view in Circster. + */ +var CircsterChromInteractionsTrackView = CircsterTrackView.extend({ + + render: function() { + var self = this; + + // When data is ready, render track. + $.when(self.track.get('data_manager').data_is_ready()).then(function() { + // Convert genome-wide data in chord data. + $.when(self.track.get('data_manager').get_genome_wide_data(self.genome)).then(function(genome_wide_data) { + var chord_data = [], + chroms_info = self.genome.get_chroms_info(); + // Convert chromosome data into chord data. + _.each(genome_wide_data, function(chrom_data, index) { + // Map each interaction into chord data. + var cur_chrom = chroms_info[index].chrom; + var chrom_chord_data = _.map(chrom_data.data, function(datum) { + // Each datum is an interaction/chord. + var source_angle = self._get_region_angle(cur_chrom, datum[1]), + target_angle = self._get_region_angle(datum[3], datum[4]); + return { + source: { + startAngle: source_angle, + endAngle: source_angle + 0.01 + }, + target: { + startAngle: target_angle, + endAngle: target_angle + 0.01 + } + }; + }); + + chord_data = chord_data.concat(chrom_chord_data); + }); + + self.parent_elt.append("g") + .attr("class", "chord") + .selectAll("path") + .data(chord_data) + .enter().append("path") + .style("fill", '000') + .attr("d", d3.svg.chord().radius(self.radius_bounds[0])) + .style("opacity", 1); + }); + }); + }, + + /** + * Returns radians for a genomic position. + */ + _get_region_angle: function(chrom, position) { + // Find chrom angle data + var chrom_angle_data = _.find(this.chroms_layout, function(chrom_layout) { + return chrom_layout.data.chrom === chrom; + }); + + // Return angle at position. + return chrom_angle_data.endAngle - + ( + (chrom_angle_data.endAngle - chrom_angle_data.startAngle) * + (chrom_angle_data.data.len - position) / chrom_angle_data.data.len + ); + } + +}); + // Module exports. return { CircsterView: CircsterView diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/trackster/tracks.js --- a/static/scripts/viz/trackster/tracks.js +++ b/static/scripts/viz/trackster/tracks.js @@ -905,7 +905,7 @@ // Introduction div shown when there are no tracks. this.intro_div = $("<div/>").addClass("intro").appendTo(this.viewport_container).hide(); var add_tracks_button = $("<div/>").text("Add Datasets to Visualization").addClass("action-button").appendTo(this.intro_div).click(function () { - visualization.select_datasets(select_datasets_url, add_track_async_url, view.dbkey, function(tracks) { + visualization.select_datasets(select_datasets_url, add_track_async_url, { 'f-dbkey': view.dbkey }, function(tracks) { _.each(tracks, function(track) { view.add_drawable( object_from_template(track, view, view) ); }); diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/trackster_ui.js --- a/static/scripts/viz/trackster_ui.js +++ b/static/scripts/viz/trackster_ui.js @@ -20,7 +20,7 @@ var self = this, menu = create_icon_buttons_menu([ { icon_class: 'plus-button', title: 'Add tracks', on_click: function() { - visualization.select_datasets(select_datasets_url, add_track_async_url, view.dbkey, function(tracks) { + visualization.select_datasets(select_datasets_url, add_track_async_url, { 'f-dbkey': view.dbkey }, function(tracks) { _.each(tracks, function(track) { view.add_drawable( object_from_template(track, view, view) ); }); diff -r 2c261f6401e9693cf7cc5d8749f9b59a9d9cee9e -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 static/scripts/viz/visualization.js --- a/static/scripts/viz/visualization.js +++ b/static/scripts/viz/visualization.js @@ -3,8 +3,6 @@ /** * Model, view, and controller objects for Galaxy visualization framework. - * - * Required libraries: Backbone, jQuery * * Models have no references to views, instead using events to indicate state * changes; this is advantageous because multiple views can use the same object @@ -16,11 +14,10 @@ * track definitions are obtained from the server and the success_fn is called with the list of * definitions for selected datasets. */ -var select_datasets = function(dataset_url, add_track_async_url, dbkey, success_fn) { +var select_datasets = function(dataset_url, add_track_async_url, filters, success_fn) { $.ajax({ url: dataset_url, - // Filter by dbkey if available. - data: ( dbkey ? { 'f-dbkey': dbkey } : {} ), + data: filters, error: function() { alert( "Grid failed" ); }, success: function(table_html) { show_modal( https://bitbucket.org/galaxy/galaxy-central/changeset/6b0cc1c4f105/ changeset: 6b0cc1c4f105 user: jgoecks date: 2012-10-23 17:09:19 summary: Automated merge affected #: 34 files diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/admin/statistics.mako --- a/templates/webapps/community/admin/statistics.mako +++ b/templates/webapps/community/admin/statistics.mako @@ -16,35 +16,35 @@ </tr><tr><td>Total repositories</td> - <td>${trans.app.shed_counter.repositories}</td> + <td>${trans.app.shed_counter.repositories | h}</td></tr><tr><td>Empty repositories</td> - <td>${trans.app.shed_counter.new_repositories}</td> + <td>${trans.app.shed_counter.new_repositories | h}</td></tr><tr><td>Deleted repositories</td> - <td>${trans.app.shed_counter.deleted_repositories}</td> + <td>${trans.app.shed_counter.deleted_repositories | h}</td></tr><tr><td>Valid tools</td> - <td>${trans.app.shed_counter.valid_tools}</td> + <td>${trans.app.shed_counter.valid_tools | h}</td></tr><tr><td>Invalid tools</td> - <td>${trans.app.shed_counter.invalid_tools}</td> + <td>${trans.app.shed_counter.invalid_tools | h}</td></tr><tr><td>Workflows</td> - <td>${trans.app.shed_counter.workflows}</td> + <td>${trans.app.shed_counter.workflows | h}</td></tr><tr><td>Proprietary datatypes</td> - <td>${trans.app.shed_counter.proprietary_datatypes}</td> + <td>${trans.app.shed_counter.proprietary_datatypes | h}</td></tr><tr><td>Total clones</td> - <td>${trans.app.shed_counter.total_clones}</td> + <td>${trans.app.shed_counter.total_clones | h}</td></tr></table></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/base_panels.mako --- a/templates/webapps/community/base_panels.mako +++ b/templates/webapps/community/base_panels.mako @@ -50,10 +50,10 @@ ${menu_item[0]} %elif len ( menu_item ) == 2: <% name, link = menu_item %> - <a href="${link}">${name}</a> + <a href="${link}">${name | h}</a> %else: <% name, link, target = menu_item %> - <a target="${target}" href="${link}">${name}</a> + <a target="${target}" href="${link}">${name | h}</a> %endif </li> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/create_category.mako --- a/templates/webapps/community/category/create_category.mako +++ b/templates/webapps/community/category/create_category.mako @@ -20,11 +20,11 @@ <form name="create_category_form" id="create_category_form" action="${h.url_for( action='create_category' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_category_button" value="Save"/> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/edit_category.mako --- a/templates/webapps/community/category/edit_category.mako +++ b/templates/webapps/community/category/edit_category.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${category.name}" size="40"/> + <input type="text" name="name" value="${category.name | h}" size="40"/></div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${category.description}" size=40"/> + <input name="description" type="textfield" value="${category.description | h}" size=40"/></div><div style="clear: both"></div></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/grid.mako --- a/templates/webapps/community/category/grid.mako +++ b/templates/webapps/community/category/grid.mako @@ -14,13 +14,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/category/valid_grid.mako --- a/templates/webapps/community/category/valid_grid.mako +++ b/templates/webapps/community/category/valid_grid.mako @@ -13,13 +13,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,3 +1,11 @@ +<%def name="escape_html_add_breaks( value )"> + <% + import markupsafe + value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) + %> + ${value} +</%def> + <%def name="render_star_rating( name, rating, disabled=False )"><% if disabled: @@ -15,7 +23,6 @@ </%def><%def name="render_readme( readme_text )"> - <% readme_text = readme_text.replace( '\n', '<br/>' ) %><style type="text/css"> #readme_table{ table-layout:fixed; width:100%; @@ -31,7 +38,7 @@ <div class="toolFormBody"><div class="form-row"><table id="readme_table"> - <tr><td>${readme_text}</td></tr> + <tr><td>${ escape_html_add_breaks( readme_text ) }</td></tr></table></div></div> @@ -39,7 +46,6 @@ </%def><%def name="render_long_description( description_text )"> - <% description_text = description_text.replace( '\n', '<br/>' ) %><style type="text/css"> #description_table{ table-layout:fixed; width:100%; @@ -53,7 +59,7 @@ <div class="form-row"><label>Detailed description:</label><table id="description_table"> - <tr><td>${description_text}</td></tr> + <tr><td>${ escape_html_add_breaks( description_text ) }</td></tr></table><div style="clear: both"></div></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/common/view_readme.mako --- a/templates/webapps/community/common/view_readme.mako +++ b/templates/webapps/community/common/view_readme.mako @@ -40,7 +40,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/index.mako --- a/templates/webapps/community/index.mako +++ b/templates/webapps/community/index.mako @@ -39,7 +39,7 @@ <%def name="left_panel()"><% can_review_repositories = trans.app.security_agent.user_can_review_repositories( trans.user ) %><div class="unified-panel-header" unselectable="on"> - <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools} valid tools on ${trans.app.shed_counter.generation_time}</div> + <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools | h} valid tools on ${trans.app.shed_counter.generation_time | h}</div></div><div class="page-container" style="padding: 10px;"><div class="toolMenu"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/browse_invalid_tools.mako --- a/templates/webapps/community/repository/browse_invalid_tools.mako +++ b/templates/webapps/community/repository/browse_invalid_tools.mako @@ -24,9 +24,9 @@ ${invalid_tool_config} </a></td> - <td>${repository_name}</td> - <td>${repository_owner}</td> - <td>${changeset_revision}</td> + <td>${repository_name | h}</td> + <td>${repository_owner | h}</td> + <td>${changeset_revision | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/browse_repository.mako --- a/templates/webapps/community/repository/browse_repository.mako +++ b/templates/webapps/community/repository/browse_repository.mako @@ -101,7 +101,7 @@ %if can_browse_contents: <div class="toolForm"> - <div class="toolFormTitle">Browse ${repository.name} revision ${repository.tip} (repository tip)</div> + <div class="toolFormTitle">Browse ${repository.name | h} revision ${repository.tip | h} (repository tip)</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -124,7 +124,7 @@ <label>Message:</label><div class="form-row-input"> %if commit_message: - <textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea> + <textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/common.mako --- a/templates/webapps/community/repository/common.mako +++ b/templates/webapps/community/repository/common.mako @@ -126,9 +126,9 @@ type = requirements_dict[ 'type' ] %><tr> - <td>${name}</td> - <td>${version}</td> - <td>${type}</td> + <td>${name | h}</td> + <td>${version | h}</td> + <td>${type | h}</td></tr> %endif %endfor @@ -154,8 +154,8 @@ <% environment_settings = tool_dependencies[ 'set_environment' ] %> %for requirements_dict in environment_settings: <tr> - <td>${requirements_dict[ 'name' ]}</td> - <td>${requirements_dict[ 'type' ]}</td> + <td>${requirements_dict[ 'name' ] | h}</td> + <td>${requirements_dict[ 'type' ] | h}</td></tr> %endfor </table> @@ -190,8 +190,8 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_tool_metadata', repository_id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, tool_id=tool_dict[ 'id' ] )}">View tool metadata</a></div></td> - <td>${tool_dict[ 'description' ]}</td> - <td>${tool_dict[ 'version' ]}</td> + <td>${tool_dict[ 'description' ] | h}</td> + <td>${tool_dict[ 'version' ] | h}</td><td><% if 'requirements' in tool_dict: @@ -206,7 +206,7 @@ requirements_str += '%s (%s), ' % ( requirement_dict[ 'name' ], requirement_dict[ 'type' ] ) requirements_str = requirements_str.rstrip( ', ' ) %> - ${requirements_str} + ${requirements_str | h} %else: none %endif @@ -233,7 +233,7 @@ <tr><td><a class="view-info" href="${h.url_for( controller='repository', action='load_invalid_tool', repository_id=trans.security.encode_id( repository.id ), tool_config=invalid_tool_config, changeset_revision=changeset_revision )}"> - ${invalid_tool_config} + ${invalid_tool_config | h} </a></td></tr> @@ -274,7 +274,7 @@ %><tr><td> - <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name}</a> + <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name | h}</a></td><td> %if steps: @@ -283,8 +283,8 @@ unknown %endif </td> - <td>${format_version}</td> - <td>${annotation}</td> + <td>${format_version | h}</td> + <td>${annotation | h}</td></tr> %endfor </table> @@ -317,10 +317,10 @@ subclass = datatypes_dict.get( 'subclass', ' ' ) %><tr> - <td>${extension}</td> - <td>${dtype}</td> - <td>${mimetype}</td> - <td>${subclass}</td> + <td>${extension | h}</td> + <td>${dtype | h}</td> + <td>${mimetype | h}</td> + <td>${subclass | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/contact_owner.mako --- a/templates/webapps/community/repository/contact_owner.mako +++ b/templates/webapps/community/repository/contact_owner.mako @@ -50,7 +50,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_download: <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), changeset_revision=repository.tip, file_type='gz' )}">Download as a .tar.gz file</a> @@ -66,7 +66,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Contact the owner of the repository named '${repository.name}'</div> + <div class="toolFormTitle">Contact the owner of the repository named '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"> This feature is intended to streamline appropriate communication between diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/create_repository.mako --- a/templates/webapps/community/repository/create_repository.mako +++ b/templates/webapps/community/repository/create_repository.mako @@ -20,18 +20,18 @@ <form name="create_repository_form" id="create_repository_form" action="${h.url_for( controller='repository', action='create_repository' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size="40"/> + <input name="name" type="textfield" value="${name | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -43,9 +43,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/find_tools.mako --- a/templates/webapps/community/repository/find_tools.mako +++ b/templates/webapps/community/repository/find_tools.mako @@ -35,17 +35,17 @@ <form name="find_tools" id="find_tools" action="${h.url_for( controller='repository', action='find_tools' )}" method="post" ><div class="form-row"><label>Tool id:</label> - <input name="tool_id" type="textfield" value="${tool_id}" size="40"/> + <input name="tool_id" type="textfield" value="${tool_id | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool name:</label> - <input name="tool_name" type="textfield" value="${tool_name}" size="40"/> + <input name="tool_name" type="textfield" value="${tool_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool version:</label> - <input name="tool_version" type="textfield" value="${tool_version}" size="40"/> + <input name="tool_version" type="textfield" value="${tool_version | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/find_workflows.mako --- a/templates/webapps/community/repository/find_workflows.mako +++ b/templates/webapps/community/repository/find_workflows.mako @@ -34,7 +34,7 @@ <div style="clear: both"></div><div class="form-row"><label>Workflow name:</label> - <input name="workflow_name" type="textfield" value="${workflow_name}" size="40"/> + <input name="workflow_name" type="textfield" value="${workflow_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/manage_repository.mako --- a/templates/webapps/community/repository/manage_repository.mako +++ b/templates/webapps/community/repository/manage_repository.mako @@ -82,7 +82,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -137,7 +137,7 @@ <p/> %endif <div class="toolForm"> - <div class="toolFormTitle">Repository '${repository.name}'</div> + <div class="toolFormTitle">Repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_repository" id="edit_repository" action="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ) )}" method="post" > %if can_download: @@ -151,7 +151,7 @@ %if repository.times_downloaded > 0: ${repository.name} %else: - <input name="repo_name" type="textfield" value="${repository.name}" size="40"/> + <input name="repo_name" type="textfield" value="${repository.name | h}" size="40"/> %endif <div class="toolParamHelp" style="clear: both;"> Repository names cannot be changed if the repository has been cloned. @@ -160,13 +160,13 @@ </div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -175,27 +175,27 @@ <div class="form-row"><label>Revision:</label> %if can_view_change_log: - <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> + <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label | h}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> - ${repository.times_downloaded} + ${repository.times_downloaded | h} </div> %if is_admin: <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> - ${repository.deleted} + ${repository.deleted | h} </div> %endif <div class="form-row"> @@ -215,9 +215,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> @@ -258,14 +258,14 @@ <div class="toolFormBody"><table class="grid"><tr> - <td>${repository.user.username}</td> + <td>${repository.user.username | h}</td><td>owner</td><td> </td></tr> %for username in current_allow_push_list: %if username != repository.user.username: <tr> - <td>${username}</td> + <td>${username | h}</td><td>write</td><td><a class="action-button" href="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ), user_access_button='Remove', remove_auth=username )}">remove</a></tr> @@ -295,7 +295,7 @@ <div class="toolFormBody"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -329,9 +329,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/preview_tools_in_changeset.mako --- a/templates/webapps/community/repository/preview_tools_in_changeset.mako +++ b/templates/webapps/community/repository/preview_tools_in_changeset.mako @@ -53,7 +53,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Repository ${repository.name}</div> + <div class="toolFormTitle">Repository ${repository.name | h}</div><div class="toolFormBody"> %if len( changeset_revision_select_field.options ) > 1: <form name="change_revision" id="change_revision" action="${h.url_for( controller='repository', action='preview_tools_in_changeset', repository_id=trans.security.encode_id( repository.id ) )}" method="post" > @@ -64,7 +64,7 @@ else: tip_str = '' %> - ${changeset_revision_select_field.get_html()} <i>${tip_str}</i> + ${changeset_revision_select_field.get_html()} <i>${tip_str | h}</i><div class="toolParamHelp" style="clear: both;"> Select a revision to inspect and download versions of tools from this repository. </div> @@ -73,7 +73,7 @@ %else: <div class="form-row"><label>Revision:</label> - ${revision_label} + ${revision_label | h} </div> %endif </div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/rate_repository.mako --- a/templates/webapps/community/repository/rate_repository.mako +++ b/templates/webapps/community/repository/rate_repository.mako @@ -91,7 +91,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -107,7 +107,7 @@ %if repository.user != trans.user: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -117,17 +117,17 @@ <div class="toolFormBody"><div class="form-row"><label>Description:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"><label>Version:</label> - ${repository.revision} + ${repository.revision | h} <div style="clear: both"></div></div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div></div> @@ -139,7 +139,7 @@ <form id="rate_repository" name="rate_repository" action="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}" method="post"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -162,7 +162,7 @@ <label>Review:</label> %if rra and rra.comment: <div class="form-row-input"> - <pre><textarea name="comment" rows="5" cols="80">${rra.comment}</textarea></pre> + <pre><textarea name="comment" rows="5" cols="80">${rra.comment | h}</textarea></pre></div> %else: <div class="form-row-input"> @@ -202,9 +202,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/tool_form.mako --- a/templates/webapps/community/repository/tool_form.mako +++ b/templates/webapps/community/repository/tool_form.mako @@ -177,8 +177,8 @@ %endif %if tool: - <div class="toolForm" id="${tool.id}"> - <div class="toolFormTitle">${tool.name} (version ${tool.version})</div> + <div class="toolForm" id="${tool.id | h}"> + <div class="toolFormTitle">${tool.name | h} (version ${tool.version | h})</div><div class="toolFormBody"><form id="tool_form" name="tool_form" action="" method="get"><input type="hidden" name="tool_state" value="${util.object_to_string( tool_state.encode( tool, app ) )}"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/upload.mako --- a/templates/webapps/community/repository/upload.mako +++ b/templates/webapps/community/repository/upload.mako @@ -82,7 +82,7 @@ <div class="form-row"><label>Url:</label><div class="form-row-input"> - <input name="url" type="textfield" value="${url}" size="40"/> + <input name="url" type="textfield" value="${url | h}" size="40"/></div><div class="toolParamHelp" style="clear: both;"> Enter a URL to upload your files via http. @@ -141,7 +141,7 @@ <label>Change set commit message:</label><div class="form-row-input"> %if commit_message: - <pre><textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea></pre> + <pre><textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea></pre> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_changelog.mako --- a/templates/webapps/community/repository/view_changelog.mako +++ b/templates/webapps/community/repository/view_changelog.mako @@ -78,7 +78,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -95,7 +95,7 @@ else: title_str = '%s changesets' % repository.name %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><% test_date = None %><div class="toolFormBody"><table class="grid"> @@ -128,23 +128,23 @@ %endif <div class="form-row"><label>Description:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ]}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ] | h}</a></div><div class="form-row"><label>Commit:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str | h}</a></div><div class="form-row"><label>Parent:</label> %if ctx_parent_str == 'None': ${ctx_parent_str} %else: - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str | h}</a> %endif </div><div class="form-row"><label>Commited by:</label> - ${changeset[ 'user' ].split()[0]} + ${changeset[ 'user' ].split()[0] | h} </div><div class="form-row"><label>Pushed:</label> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_changeset.mako --- a/templates/webapps/community/repository/view_changeset.mako +++ b/templates/webapps/community/repository/view_changeset.mako @@ -82,7 +82,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -99,7 +99,7 @@ else: title_str = '%s changeset %s' % ( repository.name, ctx ) %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><div class="toolFormBody"><table class="grid"> %if modified: @@ -107,7 +107,7 @@ <td><b>modified:</b> %for item in modified: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -117,7 +117,7 @@ <td><b>added:</b> %for item in added: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -127,7 +127,7 @@ <td><b>removed:</b> %for item in removed: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -137,7 +137,7 @@ <td><b>deleted:</b> %for item in deleted: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -147,7 +147,7 @@ <td><b>unknown:</b> %for item in unknown: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor }</td></tr> @@ -157,7 +157,7 @@ <td><b>ignored:</b> %for item in ignored: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -167,7 +167,7 @@ <td> clean: %for item in clean: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -177,7 +177,6 @@ # Read at most the first 10 lines of diff to determine the anchor ctr = 0 lines = diff.split( '\n' ) - diff = diff.replace( '\n', '<br/>' ) anchor_str = '' for line in lines: if ctr > 9: @@ -189,7 +188,7 @@ ctr += 1 %><tr><td bgcolor="#E0E0E0">${anchor_str}</td></tr> - <tr><td>${diff}</td></tr> + <tr><td>${ escape_html_add_breaks( diff ) }</td></tr> %endfor </table></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_repository.mako --- a/templates/webapps/community/repository/view_repository.mako +++ b/templates/webapps/community/repository/view_repository.mako @@ -143,12 +143,12 @@ %if can_browse_contents: <a href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${repository.name}</a> %else: - ${repository.name} + ${repository.name | h} %endif </div><div class="form-row"><label>Synopsis:</label> - ${repository.description} + ${repository.description | h} </div> %if repository.long_description: ${render_long_description( repository.long_description )} @@ -158,12 +158,12 @@ %if can_view_change_log: <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> @@ -172,7 +172,7 @@ %if trans.user_is_admin(): <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> @@ -189,7 +189,7 @@ <div class="toolFormBody"> %for rca in repository.categories: <div class="form-row"> - ${rca.category.name} + ${rca.category.name | h} </div> %endfor <div style="clear: both"></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_tool_metadata.mako --- a/templates/webapps/community/repository/view_tool_metadata.mako +++ b/templates/webapps/community/repository/view_tool_metadata.mako @@ -140,35 +140,35 @@ %if 'description' in tool_metadata_dict: <div class="form-row"><label>Description:</label> - ${tool_metadata_dict[ 'description' ]} + ${tool_metadata_dict[ 'description' ] | h} <div style="clear: both"></div></div> %endif %if 'id' in tool_metadata_dict: <div class="form-row"><label>Id:</label> - ${tool_metadata_dict[ 'id' ]} + ${tool_metadata_dict[ 'id' ] | h} <div style="clear: both"></div></div> %endif %if 'guid' in tool_metadata_dict: <div class="form-row"><label>Guid:</label> - ${tool_metadata_dict[ 'guid' ]} + ${tool_metadata_dict[ 'guid' ] | h} <div style="clear: both"></div></div> %endif %if 'version' in tool_metadata_dict: <div class="form-row"><label>Version:</label> - ${tool_metadata_dict[ 'version' ]} + ${tool_metadata_dict[ 'version' ] | h} <div style="clear: both"></div></div> %endif %if 'version_string_cmd' in tool_metadata_dict: <div class="form-row"><label>Version command string:</label> - ${tool_metadata_dict[ 'version_string_cmd' ]} + ${tool_metadata_dict[ 'version_string_cmd' ] | h} <div style="clear: both"></div></div> %endif @@ -184,9 +184,9 @@ <tr><td> %if guid == tool_metadata_dict[ 'guid' ]: - ${guid} <b>(this tool)</b> + ${guid | h} <b>(this tool)</b> %else: - ${guid} + ${guid | h} %endif </td></tr> @@ -224,9 +224,9 @@ requirement_type = requirement_dict[ 'type' ] or 'not provided' %><tr> - <td>${requirement_name}</td> - <td>${requirement_version}</td> - <td>${requirement_type}</td> + <td>${requirement_name | h}</td> + <td>${requirement_version | h}</td> + <td>${requirement_type | h}</td></tr> %endfor </table> @@ -245,27 +245,27 @@ </div><div class="form-row"><label>Command:</label> - <pre>${tool.command}</pre> + <pre>${tool.command | h}</pre><div style="clear: both"></div></div><div class="form-row"><label>Interpreter:</label> - ${tool.interpreter} + ${tool.interpreter | h} <div style="clear: both"></div></div><div class="form-row"><label>Is multi-byte:</label> - ${tool.is_multi_byte} + ${tool.is_multi_byte | h} <div style="clear: both"></div></div><div class="form-row"><label>Forces a history refresh:</label> - ${tool.force_history_refresh} + ${tool.force_history_refresh | h} <div style="clear: both"></div></div><div class="form-row"><label>Parallelism:</label> - ${tool.parallelism} + ${tool.parallelism | h} <div style="clear: both"></div></div> %endif @@ -299,17 +299,17 @@ <td>${test_dict[ 'name' ]}</td><td> %for input in inputs: - <b>${input[0]}:</b> ${input[1]}<br/> + <b>${input[0]}:</b> ${input[1] | h}<br/> %endfor </td><td> %for output in outputs: - <b>${output[0]}:</b> ${output[1]}<br/> + <b>${output[0]}:</b> ${output[1] | h}<br/> %endfor </td><td> %for required_file in required_files: - ${required_file}<br/> + ${required_file | h}<br/> %endfor </td></tr> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository/view_workflow.mako --- a/templates/webapps/community/repository/view_workflow.mako +++ b/templates/webapps/community/repository/view_workflow.mako @@ -96,7 +96,7 @@ ${render_msg( message, status )} %endif -<div class="toolFormTitle">${workflow_name}</div> +<div class="toolFormTitle">${workflow_name | h}</div><div class="form-row"><b>Boxes are red when tools are not available in this repository</b><div class="toolParamHelp" style="clear: both;"> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/browse_review.mako --- a/templates/webapps/community/repository_review/browse_review.mako +++ b/templates/webapps/community/repository_review/browse_review.mako @@ -34,7 +34,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Review of repository '${repository.name}'</div> + <div class="toolFormTitle">Review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Reviewer:</label> @@ -43,17 +43,17 @@ </div><div class="form-row"><label>Repository revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -70,11 +70,10 @@ # Initialize star rating. rating_name = '%s%srating' % ( component.name, STRSEP ) - review_comment = component_review.comment.replace( '\n', '<br/>' ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -93,7 +92,7 @@ <tr><td><div overflow-wrap:normal;overflow:hidden;word-break:keep-all;word-wrap:break-word;line-break:strict;> - ${review_comment} + ${ escape_html_add_breaks( component_review.comment ) } </div></td></tr> @@ -101,7 +100,7 @@ <tr><td><label>Approved:</label> - ${component_review.approved} + ${component_review.approved | h} <div style="clear: both"></div></td></tr> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/create_component.mako --- a/templates/webapps/community/repository_review/create_component.mako +++ b/templates/webapps/community/repository_review/create_component.mako @@ -20,11 +20,11 @@ <form name="create_component" id="create_component" action="${h.url_for( controller='repository_review', action='create_component' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_component_button" value="Save"/> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/edit_component.mako --- a/templates/webapps/community/repository_review/edit_component.mako +++ b/templates/webapps/community/repository_review/edit_component.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${component.name} + ${component.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${component.description}" size=40"/> + <input name="description" type="textfield" value="${component.description | h}" size=40"/></div><div style="clear: both"></div></div> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/edit_review.mako --- a/templates/webapps/community/repository_review/edit_review.mako +++ b/templates/webapps/community/repository_review/edit_review.mako @@ -35,7 +35,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">My review of repository '${repository.name}'</div> + <div class="toolFormTitle">My review of repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_review" action="${h.url_for( controller='repository_review', action='edit_review', id=trans.security.encode_id( review.id ) )}" method="post" ><div class="form-row"> @@ -45,12 +45,12 @@ </div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -108,8 +108,8 @@ review_button_name = '%s%sreview_button' % ( component_name, STRSEP ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -128,7 +128,7 @@ <td><label>Comments:</label> %if component_review: - <pre><textarea name="${comment_name}" rows="3" cols="80">${comment}</textarea></pre> + <pre><textarea name="${comment_name}" rows="3" cols="80">${comment | h}</textarea></pre> %else: <textarea name="${comment_name}" rows="3" cols="80"></textarea> %endif diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/reviews_of_changeset_revision.mako --- a/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako +++ b/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako @@ -73,16 +73,16 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Revision reviews of repository '${repository.name}'</div> + <div class="toolFormTitle">Revision reviews of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Revision is installable:</label> - ${installable_str} + ${installable_str | h} <div style="clear: both"></div></div><div class="form-row"> @@ -109,7 +109,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"> %if review.user == trans.user: @@ -126,7 +126,7 @@ <td><input type="submit" name="approve_repository_review_button" value="Save"/></td></form> %else: - <td>${approved_str}</td> + <td>${approved_str | h}</td><td></td> %endif </tr> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/reviews_of_repository.mako --- a/templates/webapps/community/repository_review/reviews_of_repository.mako +++ b/templates/webapps/community/repository_review/reviews_of_repository.mako @@ -55,7 +55,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -68,7 +68,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">${title}</div> + <div class="toolFormTitle">${title | h}</div><div class="toolFormBody"><div class="form-row"><table class="grid"> @@ -102,7 +102,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${changeset_revision}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a></div><div popupmenu="${changeset_revision}-popup"> %if repository_reviews: @@ -113,7 +113,7 @@ </div></td><td>${reviewers_str}</td> - <td>${installable_str}</td> + <td>${installable_str | h}</td></tr> %endfor </table> diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/repository_review/select_previous_review.mako --- a/templates/webapps/community/repository_review/select_previous_review.mako +++ b/templates/webapps/community/repository_review/select_previous_review.mako @@ -67,23 +67,23 @@ %endif <div class="warningmessage"> - You have elected to create a new review for revision <b>${changeset_revision_label}</b>of this repository. Since previous revisions have been reviewed, + You have elected to create a new review for revision <b>${changeset_revision_label | h}</b>of this repository. Since previous revisions have been reviewed, you can select a previous review to copy to your new review, or click the <b>Create a review without copying</b> button. </div><div class="toolForm"> - <div class="toolFormTitle">Select previous revision review of repository '${repository.name}'</div> + <div class="toolFormTitle">Select previous revision review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision for new review:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><table class="grid"><tr></tr> - <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name}' that can be copied to your new review</b></td> + <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name | h}' that can be copied to your new review</b></td><tr><th>Reviewer</th><th>Revision reviewed</th> @@ -107,15 +107,15 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"><a class="action-button" href="${h.url_for( controller='repository_review', action='create_review', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, previous_review_id=encoded_review_id )}">Copy this review</a></div></td> - <td>${previous_changeset_revision_label}</td> + <td>${previous_changeset_revision_label | h}</td><td>${render_star_rating( repository_rating_name, review.rating, disabled=True )}</td> - <td>${approved_str}</td> + <td>${approved_str | h}</td></tr> %endfor %endfor diff -r d79eb7e1d7cbcc1495a2680a19f33692adc7dfe2 -r 6b0cc1c4f105f9562066bcbad46ed00858e9372a templates/webapps/community/user/manage_email_alerts.mako --- a/templates/webapps/community/user/manage_email_alerts.mako +++ b/templates/webapps/community/user/manage_email_alerts.mako @@ -42,8 +42,8 @@ </tr> %for repository in email_alert_repositories: <tr> - <td>${repository.name}</td> - <td>${repository.description}</td> + <td>${repository.name | h}</td> + <td>${repository.description | h}</td></tr> %endfor </table> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: 34 new changesets
by Bitbucket 23 Oct '12

23 Oct '12

34 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/b22b643e77b9/ changeset: b22b643e77b9 user: dan date: 2012-10-23 17:05:59 summary: Add helper method to allow html escaping and replacing newlines with breaks and use it for rendering readme and long description. affected #: 1 file diff -r 06b3b644188a29b78e8400298c67472b5b6bd790 -r b22b643e77b98544ac65becb16626be403578792 templates/webapps/community/common/common.mako --- a/templates/webapps/community/common/common.mako +++ b/templates/webapps/community/common/common.mako @@ -1,3 +1,11 @@ +<%def name="escape_html_add_breaks( value )"> + <% + import markupsafe + value = str( markupsafe.escape( value ) ).replace( '\n', '<br/>' ) + %> + ${value} +</%def> + <%def name="render_star_rating( name, rating, disabled=False )"><% if disabled: @@ -15,7 +23,6 @@ </%def><%def name="render_readme( readme_text )"> - <% readme_text = readme_text.replace( '\n', '<br/>' ) %><style type="text/css"> #readme_table{ table-layout:fixed; width:100%; @@ -31,7 +38,7 @@ <div class="toolFormBody"><div class="form-row"><table id="readme_table"> - <tr><td>${readme_text}</td></tr> + <tr><td>${ escape_html_add_breaks( readme_text ) }</td></tr></table></div></div> @@ -39,7 +46,6 @@ </%def><%def name="render_long_description( description_text )"> - <% description_text = description_text.replace( '\n', '<br/>' ) %><style type="text/css"> #description_table{ table-layout:fixed; width:100%; @@ -53,7 +59,7 @@ <div class="form-row"><label>Detailed description:</label><table id="description_table"> - <tr><td>${description_text}</td></tr> + <tr><td>${ escape_html_add_breaks( description_text ) }</td></tr></table><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/changeset/dc8b436cba17/ changeset: dc8b436cba17 user: dan date: 2012-10-23 17:05:59 summary: HTML escape values that could be set by the user in templates/webapps/community/admin/statistics.mako. affected #: 1 file diff -r b22b643e77b98544ac65becb16626be403578792 -r dc8b436cba17a907d9b5b3b2a79514f52f67256e templates/webapps/community/admin/statistics.mako --- a/templates/webapps/community/admin/statistics.mako +++ b/templates/webapps/community/admin/statistics.mako @@ -16,35 +16,35 @@ </tr><tr><td>Total repositories</td> - <td>${trans.app.shed_counter.repositories}</td> + <td>${trans.app.shed_counter.repositories | h}</td></tr><tr><td>Empty repositories</td> - <td>${trans.app.shed_counter.new_repositories}</td> + <td>${trans.app.shed_counter.new_repositories | h}</td></tr><tr><td>Deleted repositories</td> - <td>${trans.app.shed_counter.deleted_repositories}</td> + <td>${trans.app.shed_counter.deleted_repositories | h}</td></tr><tr><td>Valid tools</td> - <td>${trans.app.shed_counter.valid_tools}</td> + <td>${trans.app.shed_counter.valid_tools | h}</td></tr><tr><td>Invalid tools</td> - <td>${trans.app.shed_counter.invalid_tools}</td> + <td>${trans.app.shed_counter.invalid_tools | h}</td></tr><tr><td>Workflows</td> - <td>${trans.app.shed_counter.workflows}</td> + <td>${trans.app.shed_counter.workflows | h}</td></tr><tr><td>Proprietary datatypes</td> - <td>${trans.app.shed_counter.proprietary_datatypes}</td> + <td>${trans.app.shed_counter.proprietary_datatypes | h}</td></tr><tr><td>Total clones</td> - <td>${trans.app.shed_counter.total_clones}</td> + <td>${trans.app.shed_counter.total_clones | h}</td></tr></table></div> https://bitbucket.org/galaxy/galaxy-central/changeset/5a9c7d2c9914/ changeset: 5a9c7d2c9914 user: dan date: 2012-10-23 17:05:59 summary: HTML escape values that could be set by the user in templates/webapps/community/base_panels.mako. affected #: 1 file diff -r dc8b436cba17a907d9b5b3b2a79514f52f67256e -r 5a9c7d2c9914bb7b4c2b9626b8722138dab1ac10 templates/webapps/community/base_panels.mako --- a/templates/webapps/community/base_panels.mako +++ b/templates/webapps/community/base_panels.mako @@ -50,10 +50,10 @@ ${menu_item[0]} %elif len ( menu_item ) == 2: <% name, link = menu_item %> - <a href="${link}">${name}</a> + <a href="${link}">${name | h}</a> %else: <% name, link, target = menu_item %> - <a target="${target}" href="${link}">${name}</a> + <a target="${target}" href="${link}">${name | h}</a> %endif </li> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/30ba3eb8752d/ changeset: 30ba3eb8752d user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/create_category.mako. affected #: 1 file diff -r 5a9c7d2c9914bb7b4c2b9626b8722138dab1ac10 -r 30ba3eb8752d2d81076bb262dfcdebc0c072cf32 templates/webapps/community/category/create_category.mako --- a/templates/webapps/community/category/create_category.mako +++ b/templates/webapps/community/category/create_category.mako @@ -20,11 +20,11 @@ <form name="create_category_form" id="create_category_form" action="${h.url_for( action='create_category' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_category_button" value="Save"/> https://bitbucket.org/galaxy/galaxy-central/changeset/1763560b7737/ changeset: 1763560b7737 user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/edit_category.mako. affected #: 1 file diff -r 30ba3eb8752d2d81076bb262dfcdebc0c072cf32 -r 1763560b7737d656bdf2aa091b1c3979580c48a3 templates/webapps/community/category/edit_category.mako --- a/templates/webapps/community/category/edit_category.mako +++ b/templates/webapps/community/category/edit_category.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${category.name}" size="40"/> + <input type="text" name="name" value="${category.name | h}" size="40"/></div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${category.description}" size=40"/> + <input name="description" type="textfield" value="${category.description | h}" size=40"/></div><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/changeset/185c6185de86/ changeset: 185c6185de86 user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/grid.mako. affected #: 1 file diff -r 1763560b7737d656bdf2aa091b1c3979580c48a3 -r 185c6185de86b9aa282bdd80ab3f75adca6e4991 templates/webapps/community/category/grid.mako --- a/templates/webapps/community/category/grid.mako +++ b/templates/webapps/community/category/grid.mako @@ -14,13 +14,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/a850f48f7ae6/ changeset: a850f48f7ae6 user: dan date: 2012-10-23 17:06:00 summary: HTML escape values that could be set by the user in templates/webapps/community/category/valid_grid.mako. affected #: 1 file diff -r 185c6185de86b9aa282bdd80ab3f75adca6e4991 -r a850f48f7ae62221a3858f1445e4b1d11206598f templates/webapps/community/category/valid_grid.mako --- a/templates/webapps/community/category/valid_grid.mako +++ b/templates/webapps/community/category/valid_grid.mako @@ -13,13 +13,13 @@ <ul class="manage-table-actions"> %if len( grid.global_actions ) < 4: %for action in grid.global_actions: - <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a></li> + <li><a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a></li> %endfor %else: <li><a class="action-button" id="action-8675309-popup" class="menubutton">Actions</a></li><div popupmenu="action-8675309-popup"> %for action in grid.global_actions: - <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label}</a> + <a class="action-button" href="${h.url_for( **action.url_args )}">${action.label | h}</a> %endfor </div> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/92646b4f0ef6/ changeset: 92646b4f0ef6 user: dan date: 2012-10-23 17:06:00 summary: HTML escape hg ces that could be set by the user in templates/webapps/community/common/view_readme.mako. affected #: 1 file diff -r a850f48f7ae62221a3858f1445e4b1d11206598f -r 92646b4f0ef669cdb74fa131c00084ad55a6ead2 templates/webapps/community/common/view_readme.mako --- a/templates/webapps/community/common/view_readme.mako +++ b/templates/webapps/community/common/view_readme.mako @@ -40,7 +40,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> https://bitbucket.org/galaxy/galaxy-central/changeset/dc24ef2a00fb/ changeset: dc24ef2a00fb user: dan date: 2012-10-23 17:06:01 summary: HTML escape values that could be set by the user in templates/webapps/community/index.mako. affected #: 1 file diff -r 92646b4f0ef669cdb74fa131c00084ad55a6ead2 -r dc24ef2a00fb078959e7fdadc961663bcd280e7f templates/webapps/community/index.mako --- a/templates/webapps/community/index.mako +++ b/templates/webapps/community/index.mako @@ -39,7 +39,7 @@ <%def name="left_panel()"><% can_review_repositories = trans.app.security_agent.user_can_review_repositories( trans.user ) %><div class="unified-panel-header" unselectable="on"> - <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools} valid tools on ${trans.app.shed_counter.generation_time}</div> + <div class='unified-panel-header-inner'>${trans.app.shed_counter.valid_tools | h} valid tools on ${trans.app.shed_counter.generation_time | h}</div></div><div class="page-container" style="padding: 10px;"><div class="toolMenu"> https://bitbucket.org/galaxy/galaxy-central/changeset/47f0fcbe6d64/ changeset: 47f0fcbe6d64 user: dan date: 2012-10-23 17:06:05 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/browse_invalid_tools.mako. affected #: 1 file diff -r dc24ef2a00fb078959e7fdadc961663bcd280e7f -r 47f0fcbe6d6442c19170327c944266093b7445a6 templates/webapps/community/repository/browse_invalid_tools.mako --- a/templates/webapps/community/repository/browse_invalid_tools.mako +++ b/templates/webapps/community/repository/browse_invalid_tools.mako @@ -24,9 +24,9 @@ ${invalid_tool_config} </a></td> - <td>${repository_name}</td> - <td>${repository_owner}</td> - <td>${changeset_revision}</td> + <td>${repository_name | h}</td> + <td>${repository_owner | h}</td> + <td>${changeset_revision | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/4ede4449df8e/ changeset: 4ede4449df8e user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/browse_repository.mako. affected #: 1 file diff -r 47f0fcbe6d6442c19170327c944266093b7445a6 -r 4ede4449df8e43cade2a9a5c395be9eeae586d38 templates/webapps/community/repository/browse_repository.mako --- a/templates/webapps/community/repository/browse_repository.mako +++ b/templates/webapps/community/repository/browse_repository.mako @@ -101,7 +101,7 @@ %if can_browse_contents: <div class="toolForm"> - <div class="toolFormTitle">Browse ${repository.name} revision ${repository.tip} (repository tip)</div> + <div class="toolFormTitle">Browse ${repository.name | h} revision ${repository.tip | h} (repository tip)</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -124,7 +124,7 @@ <label>Message:</label><div class="form-row-input"> %if commit_message: - <textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea> + <textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/d2b0c5110534/ changeset: d2b0c5110534 user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/common.mako. affected #: 1 file diff -r 4ede4449df8e43cade2a9a5c395be9eeae586d38 -r d2b0c51105347748ce6863ab0a217c86daa295c8 templates/webapps/community/repository/common.mako --- a/templates/webapps/community/repository/common.mako +++ b/templates/webapps/community/repository/common.mako @@ -126,9 +126,9 @@ type = requirements_dict[ 'type' ] %><tr> - <td>${name}</td> - <td>${version}</td> - <td>${type}</td> + <td>${name | h}</td> + <td>${version | h}</td> + <td>${type | h}</td></tr> %endif %endfor @@ -154,8 +154,8 @@ <% environment_settings = tool_dependencies[ 'set_environment' ] %> %for requirements_dict in environment_settings: <tr> - <td>${requirements_dict[ 'name' ]}</td> - <td>${requirements_dict[ 'type' ]}</td> + <td>${requirements_dict[ 'name' ] | h}</td> + <td>${requirements_dict[ 'type' ] | h}</td></tr> %endfor </table> @@ -190,8 +190,8 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_tool_metadata', repository_id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, tool_id=tool_dict[ 'id' ] )}">View tool metadata</a></div></td> - <td>${tool_dict[ 'description' ]}</td> - <td>${tool_dict[ 'version' ]}</td> + <td>${tool_dict[ 'description' ] | h}</td> + <td>${tool_dict[ 'version' ] | h}</td><td><% if 'requirements' in tool_dict: @@ -206,7 +206,7 @@ requirements_str += '%s (%s), ' % ( requirement_dict[ 'name' ], requirement_dict[ 'type' ] ) requirements_str = requirements_str.rstrip( ', ' ) %> - ${requirements_str} + ${requirements_str | h} %else: none %endif @@ -233,7 +233,7 @@ <tr><td><a class="view-info" href="${h.url_for( controller='repository', action='load_invalid_tool', repository_id=trans.security.encode_id( repository.id ), tool_config=invalid_tool_config, changeset_revision=changeset_revision )}"> - ${invalid_tool_config} + ${invalid_tool_config | h} </a></td></tr> @@ -274,7 +274,7 @@ %><tr><td> - <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name}</a> + <a href="${h.url_for( controller='workflow', action='view_workflow', repository_metadata_id=repository_metadata_id, workflow_name=tool_shed_encode( workflow_name ) )}">${workflow_name | h}</a></td><td> %if steps: @@ -283,8 +283,8 @@ unknown %endif </td> - <td>${format_version}</td> - <td>${annotation}</td> + <td>${format_version | h}</td> + <td>${annotation | h}</td></tr> %endfor </table> @@ -317,10 +317,10 @@ subclass = datatypes_dict.get( 'subclass', ' ' ) %><tr> - <td>${extension}</td> - <td>${dtype}</td> - <td>${mimetype}</td> - <td>${subclass}</td> + <td>${extension | h}</td> + <td>${dtype | h}</td> + <td>${mimetype | h}</td> + <td>${subclass | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/a8ac1dbc787a/ changeset: a8ac1dbc787a user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/contact_owner.mako. affected #: 1 file diff -r d2b0c51105347748ce6863ab0a217c86daa295c8 -r a8ac1dbc787aed0e81050a0ced93b6d97335f427 templates/webapps/community/repository/contact_owner.mako --- a/templates/webapps/community/repository/contact_owner.mako +++ b/templates/webapps/community/repository/contact_owner.mako @@ -50,7 +50,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_download: <a class="action-button" href="${h.url_for( controller='repository', action='download', repository_id=trans.app.security.encode_id( repository.id ), changeset_revision=repository.tip, file_type='gz' )}">Download as a .tar.gz file</a> @@ -66,7 +66,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Contact the owner of the repository named '${repository.name}'</div> + <div class="toolFormTitle">Contact the owner of the repository named '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"> This feature is intended to streamline appropriate communication between https://bitbucket.org/galaxy/galaxy-central/changeset/80d3c1980287/ changeset: 80d3c1980287 user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/create_repository.mako. affected #: 1 file diff -r a8ac1dbc787aed0e81050a0ced93b6d97335f427 -r 80d3c198028702dbc06e6a3c965d9f98101c8632 templates/webapps/community/repository/create_repository.mako --- a/templates/webapps/community/repository/create_repository.mako +++ b/templates/webapps/community/repository/create_repository.mako @@ -20,18 +20,18 @@ <form name="create_repository_form" id="create_repository_form" action="${h.url_for( controller='repository', action='create_repository' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size="40"/> + <input name="name" type="textfield" value="${name | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -43,9 +43,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> https://bitbucket.org/galaxy/galaxy-central/changeset/4163748b0a93/ changeset: 4163748b0a93 user: dan date: 2012-10-23 17:06:06 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/find_tools.mako. affected #: 1 file diff -r 80d3c198028702dbc06e6a3c965d9f98101c8632 -r 4163748b0a93004b390e1e53952e2ebce30ec750 templates/webapps/community/repository/find_tools.mako --- a/templates/webapps/community/repository/find_tools.mako +++ b/templates/webapps/community/repository/find_tools.mako @@ -35,17 +35,17 @@ <form name="find_tools" id="find_tools" action="${h.url_for( controller='repository', action='find_tools' )}" method="post" ><div class="form-row"><label>Tool id:</label> - <input name="tool_id" type="textfield" value="${tool_id}" size="40"/> + <input name="tool_id" type="textfield" value="${tool_id | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool name:</label> - <input name="tool_name" type="textfield" value="${tool_name}" size="40"/> + <input name="tool_name" type="textfield" value="${tool_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"><label>Tool version:</label> - <input name="tool_version" type="textfield" value="${tool_version}" size="40"/> + <input name="tool_version" type="textfield" value="${tool_version | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> https://bitbucket.org/galaxy/galaxy-central/changeset/119b61fcc0f2/ changeset: 119b61fcc0f2 user: dan date: 2012-10-23 17:06:11 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/find_workflows.mako. affected #: 1 file diff -r 4163748b0a93004b390e1e53952e2ebce30ec750 -r 119b61fcc0f27eda4460a0a4debea1944bac1ba6 templates/webapps/community/repository/find_workflows.mako --- a/templates/webapps/community/repository/find_workflows.mako +++ b/templates/webapps/community/repository/find_workflows.mako @@ -34,7 +34,7 @@ <div style="clear: both"></div><div class="form-row"><label>Workflow name:</label> - <input name="workflow_name" type="textfield" value="${workflow_name}" size="40"/> + <input name="workflow_name" type="textfield" value="${workflow_name | h}" size="40"/></div><div style="clear: both"></div><div class="form-row"> https://bitbucket.org/galaxy/galaxy-central/changeset/c5c5b77e7beb/ changeset: c5c5b77e7beb user: dan date: 2012-10-23 17:06:11 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/manage_repository.mako. affected #: 1 file diff -r 119b61fcc0f27eda4460a0a4debea1944bac1ba6 -r c5c5b77e7bebb2587f1567385d58338fec604513 templates/webapps/community/repository/manage_repository.mako --- a/templates/webapps/community/repository/manage_repository.mako +++ b/templates/webapps/community/repository/manage_repository.mako @@ -82,7 +82,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.app.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -137,7 +137,7 @@ <p/> %endif <div class="toolForm"> - <div class="toolFormTitle">Repository '${repository.name}'</div> + <div class="toolFormTitle">Repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_repository" id="edit_repository" action="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ) )}" method="post" > %if can_download: @@ -151,7 +151,7 @@ %if repository.times_downloaded > 0: ${repository.name} %else: - <input name="repo_name" type="textfield" value="${repository.name}" size="40"/> + <input name="repo_name" type="textfield" value="${repository.name | h}" size="40"/> %endif <div class="toolParamHelp" style="clear: both;"> Repository names cannot be changed if the repository has been cloned. @@ -160,13 +160,13 @@ </div><div class="form-row"><label>Synopsis:</label> - <input name="description" type="textfield" value="${description}" size="80"/> + <input name="description" type="textfield" value="${description | h}" size="80"/><div style="clear: both"></div></div><div class="form-row"><label>Detailed description:</label> %if long_description: - <pre><textarea name="long_description" rows="3" cols="80">${long_description}</textarea></pre> + <pre><textarea name="long_description" rows="3" cols="80">${long_description | h}</textarea></pre> %else: <textarea name="long_description" rows="3" cols="80"></textarea> %endif @@ -175,27 +175,27 @@ <div class="form-row"><label>Revision:</label> %if can_view_change_log: - <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> + <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label | h}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> - ${repository.times_downloaded} + ${repository.times_downloaded | h} </div> %if is_admin: <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> - ${repository.deleted} + ${repository.deleted | h} </div> %endif <div class="form-row"> @@ -215,9 +215,9 @@ <select name="category_id" multiple> %for category in categories: %if category.id in selected_categories: - <option value="${trans.security.encode_id( category.id )}" selected>${category.name}</option> + <option value="${trans.security.encode_id( category.id )}" selected>${category.name | h}</option> %else: - <option value="${trans.security.encode_id( category.id )}">${category.name}</option> + <option value="${trans.security.encode_id( category.id )}">${category.name | h}</option> %endif %endfor </select> @@ -258,14 +258,14 @@ <div class="toolFormBody"><table class="grid"><tr> - <td>${repository.user.username}</td> + <td>${repository.user.username | h}</td><td>owner</td><td> </td></tr> %for username in current_allow_push_list: %if username != repository.user.username: <tr> - <td>${username}</td> + <td>${username | h}</td><td>write</td><td><a class="action-button" href="${h.url_for( controller='repository', action='manage_repository', id=trans.security.encode_id( repository.id ), user_access_button='Remove', remove_auth=username )}">remove</a></tr> @@ -295,7 +295,7 @@ <div class="toolFormBody"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -329,9 +329,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/645953b633e2/ changeset: 645953b633e2 user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/preview_tools_in_changeset.mako. affected #: 1 file diff -r c5c5b77e7bebb2587f1567385d58338fec604513 -r 645953b633e220d76128b4c68172549cd07d6dc8 templates/webapps/community/repository/preview_tools_in_changeset.mako --- a/templates/webapps/community/repository/preview_tools_in_changeset.mako +++ b/templates/webapps/community/repository/preview_tools_in_changeset.mako @@ -53,7 +53,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Repository ${repository.name}</div> + <div class="toolFormTitle">Repository ${repository.name | h}</div><div class="toolFormBody"> %if len( changeset_revision_select_field.options ) > 1: <form name="change_revision" id="change_revision" action="${h.url_for( controller='repository', action='preview_tools_in_changeset', repository_id=trans.security.encode_id( repository.id ) )}" method="post" > @@ -64,7 +64,7 @@ else: tip_str = '' %> - ${changeset_revision_select_field.get_html()} <i>${tip_str}</i> + ${changeset_revision_select_field.get_html()} <i>${tip_str | h}</i><div class="toolParamHelp" style="clear: both;"> Select a revision to inspect and download versions of tools from this repository. </div> @@ -73,7 +73,7 @@ %else: <div class="form-row"><label>Revision:</label> - ${revision_label} + ${revision_label | h} </div> %endif </div> https://bitbucket.org/galaxy/galaxy-central/changeset/967d90f0fd7f/ changeset: 967d90f0fd7f user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/rate_repository.mako. affected #: 1 file diff -r 645953b633e220d76128b4c68172549cd07d6dc8 -r 967d90f0fd7fe97acd0e636f1df99a0851e29527 templates/webapps/community/repository/rate_repository.mako --- a/templates/webapps/community/repository/rate_repository.mako +++ b/templates/webapps/community/repository/rate_repository.mako @@ -91,7 +91,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">View change log</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -107,7 +107,7 @@ %if repository.user != trans.user: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div> %if can_download: <div class="form-row"><label>Clone this repository:</label> @@ -117,17 +117,17 @@ <div class="toolFormBody"><div class="form-row"><label>Description:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"><label>Version:</label> - ${repository.revision} + ${repository.revision | h} <div style="clear: both"></div></div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div></div> @@ -139,7 +139,7 @@ <form id="rate_repository" name="rate_repository" action="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}" method="post"><div class="form-row"><label>Times Rated:</label> - ${num_ratings} + ${num_ratings | h} <div style="clear: both"></div></div><div class="form-row"> @@ -162,7 +162,7 @@ <label>Review:</label> %if rra and rra.comment: <div class="form-row-input"> - <pre><textarea name="comment" rows="5" cols="80">${rra.comment}</textarea></pre> + <pre><textarea name="comment" rows="5" cols="80">${rra.comment | h}</textarea></pre></div> %else: <div class="form-row-input"> @@ -202,9 +202,9 @@ %><tr><td>${render_star_rating( name, review.rating, disabled=True )}</td> - <td><pre>${review.comment}</pre></td> + <td><pre>${review.comment | h}</pre></td><td>${time_ago( review.update_time )}</td> - <td>${review.user.username}</td> + <td>${review.user.username | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/fdab5aaf2c7b/ changeset: fdab5aaf2c7b user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/tool_form.mako. affected #: 1 file diff -r 967d90f0fd7fe97acd0e636f1df99a0851e29527 -r fdab5aaf2c7be522c8dbabcea2d9d8e89710c925 templates/webapps/community/repository/tool_form.mako --- a/templates/webapps/community/repository/tool_form.mako +++ b/templates/webapps/community/repository/tool_form.mako @@ -177,8 +177,8 @@ %endif %if tool: - <div class="toolForm" id="${tool.id}"> - <div class="toolFormTitle">${tool.name} (version ${tool.version})</div> + <div class="toolForm" id="${tool.id | h}"> + <div class="toolFormTitle">${tool.name | h} (version ${tool.version | h})</div><div class="toolFormBody"><form id="tool_form" name="tool_form" action="" method="get"><input type="hidden" name="tool_state" value="${util.object_to_string( tool_state.encode( tool, app ) )}"> https://bitbucket.org/galaxy/galaxy-central/changeset/364d8ba060c0/ changeset: 364d8ba060c0 user: dan date: 2012-10-23 17:06:12 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/upload.mako. affected #: 1 file diff -r fdab5aaf2c7be522c8dbabcea2d9d8e89710c925 -r 364d8ba060c0cd039071842b7b4a1a78db6389ff templates/webapps/community/repository/upload.mako --- a/templates/webapps/community/repository/upload.mako +++ b/templates/webapps/community/repository/upload.mako @@ -82,7 +82,7 @@ <div class="form-row"><label>Url:</label><div class="form-row-input"> - <input name="url" type="textfield" value="${url}" size="40"/> + <input name="url" type="textfield" value="${url | h}" size="40"/></div><div class="toolParamHelp" style="clear: both;"> Enter a URL to upload your files via http. @@ -141,7 +141,7 @@ <label>Change set commit message:</label><div class="form-row-input"> %if commit_message: - <pre><textarea name="commit_message" rows="3" cols="35">${commit_message}</textarea></pre> + <pre><textarea name="commit_message" rows="3" cols="35">${commit_message | h}</textarea></pre> %else: <textarea name="commit_message" rows="3" cols="35"></textarea> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/7a9b86fd9eaf/ changeset: 7a9b86fd9eaf user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_changelog.mako. affected #: 1 file diff -r 364d8ba060c0cd039071842b7b4a1a78db6389ff -r 7a9b86fd9eaf16ed57b75d771f86bc26e775945e templates/webapps/community/repository/view_changelog.mako --- a/templates/webapps/community/repository/view_changelog.mako +++ b/templates/webapps/community/repository/view_changelog.mako @@ -78,7 +78,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -95,7 +95,7 @@ else: title_str = '%s changesets' % repository.name %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><% test_date = None %><div class="toolFormBody"><table class="grid"> @@ -128,23 +128,23 @@ %endif <div class="form-row"><label>Description:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ]}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset[ 'description' ] | h}</a></div><div class="form-row"><label>Commit:</label> - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_str )}">${changeset_str | h}</a></div><div class="form-row"><label>Parent:</label> %if ctx_parent_str == 'None': ${ctx_parent_str} %else: - <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str}</a> + <a href="${h.url_for( controller='repository', action='view_changeset', id=trans.security.encode_id( repository.id ), ctx_str=ctx_parent )}">${ctx_parent_str | h}</a> %endif </div><div class="form-row"><label>Commited by:</label> - ${changeset[ 'user' ].split()[0]} + ${changeset[ 'user' ].split()[0] | h} </div><div class="form-row"><label>Pushed:</label> https://bitbucket.org/galaxy/galaxy-central/changeset/3740010dbe9e/ changeset: 3740010dbe9e user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_changeset.mako. affected #: 1 file diff -r 7a9b86fd9eaf16ed57b75d771f86bc26e775945e -r 3740010dbe9eb5ae14cbee1ea0458b35e887eef2 templates/webapps/community/repository/view_changeset.mako --- a/templates/webapps/community/repository/view_changeset.mako +++ b/templates/webapps/community/repository/view_changeset.mako @@ -82,7 +82,7 @@ %if can_download: <div class="toolForm"> - <div class="toolFormTitle">${repository.name}</div> + <div class="toolFormTitle">${repository.name | h}</div><div class="toolFormBody"><div class="form-row"><label>Clone this repository:</label> @@ -99,7 +99,7 @@ else: title_str = '%s changeset %s' % ( repository.name, ctx ) %> - <div class="toolFormTitle">${title_str}</div> + <div class="toolFormTitle">${title_str | h}</div><div class="toolFormBody"><table class="grid"> %if modified: @@ -107,7 +107,7 @@ <td><b>modified:</b> %for item in modified: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -117,7 +117,7 @@ <td><b>added:</b> %for item in added: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -127,7 +127,7 @@ <td><b>removed:</b> %for item in removed: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -137,7 +137,7 @@ <td><b>deleted:</b> %for item in deleted: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -147,7 +147,7 @@ <td><b>unknown:</b> %for item in unknown: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor }</td></tr> @@ -157,7 +157,7 @@ <td><b>ignored:</b> %for item in ignored: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -167,7 +167,7 @@ <td> clean: %for item in clean: - <br/><a href="#${item}">${item}</a> + <br/><a href="#${item}">${item | h}</a> %endfor </td></tr> @@ -177,7 +177,6 @@ # Read at most the first 10 lines of diff to determine the anchor ctr = 0 lines = diff.split( '\n' ) - diff = diff.replace( '\n', '<br/>' ) anchor_str = '' for line in lines: if ctr > 9: @@ -189,7 +188,7 @@ ctr += 1 %><tr><td bgcolor="#E0E0E0">${anchor_str}</td></tr> - <tr><td>${diff}</td></tr> + <tr><td>${ escape_html_add_breaks( diff ) }</td></tr> %endfor </table></div> https://bitbucket.org/galaxy/galaxy-central/changeset/2acad55c0d8b/ changeset: 2acad55c0d8b user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_repository.mako. affected #: 1 file diff -r 3740010dbe9eb5ae14cbee1ea0458b35e887eef2 -r 2acad55c0d8bb6d7c682298b591266be1cee27d0 templates/webapps/community/repository/view_repository.mako --- a/templates/webapps/community/repository/view_repository.mako +++ b/templates/webapps/community/repository/view_repository.mako @@ -143,12 +143,12 @@ %if can_browse_contents: <a href="${h.url_for( controller='repository', action='browse_repository', id=trans.app.security.encode_id( repository.id ) )}">${repository.name}</a> %else: - ${repository.name} + ${repository.name | h} %endif </div><div class="form-row"><label>Synopsis:</label> - ${repository.description} + ${repository.description | h} </div> %if repository.long_description: ${render_long_description( repository.long_description )} @@ -158,12 +158,12 @@ %if can_view_change_log: <a href="${h.url_for( controller='repository', action='view_changelog', id=trans.app.security.encode_id( repository.id ) )}">${revision_label}</a> %else: - ${revision_label} + ${revision_label | h} %endif </div><div class="form-row"><label>Owner:</label> - ${repository.user.username} + ${repository.user.username | h} </div><div class="form-row"><label>Times downloaded:</label> @@ -172,7 +172,7 @@ %if trans.user_is_admin(): <div class="form-row"><label>Location:</label> - ${repository.repo_path} + ${repository.repo_path | h} </div><div class="form-row"><label>Deleted:</label> @@ -189,7 +189,7 @@ <div class="toolFormBody"> %for rca in repository.categories: <div class="form-row"> - ${rca.category.name} + ${rca.category.name | h} </div> %endfor <div style="clear: both"></div> https://bitbucket.org/galaxy/galaxy-central/changeset/97ab217e3aac/ changeset: 97ab217e3aac user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_tool_metadata.mako. affected #: 1 file diff -r 2acad55c0d8bb6d7c682298b591266be1cee27d0 -r 97ab217e3aace89120d9f34d171790c371b73f1b templates/webapps/community/repository/view_tool_metadata.mako --- a/templates/webapps/community/repository/view_tool_metadata.mako +++ b/templates/webapps/community/repository/view_tool_metadata.mako @@ -140,35 +140,35 @@ %if 'description' in tool_metadata_dict: <div class="form-row"><label>Description:</label> - ${tool_metadata_dict[ 'description' ]} + ${tool_metadata_dict[ 'description' ] | h} <div style="clear: both"></div></div> %endif %if 'id' in tool_metadata_dict: <div class="form-row"><label>Id:</label> - ${tool_metadata_dict[ 'id' ]} + ${tool_metadata_dict[ 'id' ] | h} <div style="clear: both"></div></div> %endif %if 'guid' in tool_metadata_dict: <div class="form-row"><label>Guid:</label> - ${tool_metadata_dict[ 'guid' ]} + ${tool_metadata_dict[ 'guid' ] | h} <div style="clear: both"></div></div> %endif %if 'version' in tool_metadata_dict: <div class="form-row"><label>Version:</label> - ${tool_metadata_dict[ 'version' ]} + ${tool_metadata_dict[ 'version' ] | h} <div style="clear: both"></div></div> %endif %if 'version_string_cmd' in tool_metadata_dict: <div class="form-row"><label>Version command string:</label> - ${tool_metadata_dict[ 'version_string_cmd' ]} + ${tool_metadata_dict[ 'version_string_cmd' ] | h} <div style="clear: both"></div></div> %endif @@ -184,9 +184,9 @@ <tr><td> %if guid == tool_metadata_dict[ 'guid' ]: - ${guid} <b>(this tool)</b> + ${guid | h} <b>(this tool)</b> %else: - ${guid} + ${guid | h} %endif </td></tr> @@ -224,9 +224,9 @@ requirement_type = requirement_dict[ 'type' ] or 'not provided' %><tr> - <td>${requirement_name}</td> - <td>${requirement_version}</td> - <td>${requirement_type}</td> + <td>${requirement_name | h}</td> + <td>${requirement_version | h}</td> + <td>${requirement_type | h}</td></tr> %endfor </table> @@ -245,27 +245,27 @@ </div><div class="form-row"><label>Command:</label> - <pre>${tool.command}</pre> + <pre>${tool.command | h}</pre><div style="clear: both"></div></div><div class="form-row"><label>Interpreter:</label> - ${tool.interpreter} + ${tool.interpreter | h} <div style="clear: both"></div></div><div class="form-row"><label>Is multi-byte:</label> - ${tool.is_multi_byte} + ${tool.is_multi_byte | h} <div style="clear: both"></div></div><div class="form-row"><label>Forces a history refresh:</label> - ${tool.force_history_refresh} + ${tool.force_history_refresh | h} <div style="clear: both"></div></div><div class="form-row"><label>Parallelism:</label> - ${tool.parallelism} + ${tool.parallelism | h} <div style="clear: both"></div></div> %endif @@ -299,17 +299,17 @@ <td>${test_dict[ 'name' ]}</td><td> %for input in inputs: - <b>${input[0]}:</b> ${input[1]}<br/> + <b>${input[0]}:</b> ${input[1] | h}<br/> %endfor </td><td> %for output in outputs: - <b>${output[0]}:</b> ${output[1]}<br/> + <b>${output[0]}:</b> ${output[1] | h}<br/> %endfor </td><td> %for required_file in required_files: - ${required_file}<br/> + ${required_file | h}<br/> %endfor </td></tr> https://bitbucket.org/galaxy/galaxy-central/changeset/44ccf4eb910c/ changeset: 44ccf4eb910c user: dan date: 2012-10-23 17:06:17 summary: HTML escape values that could be set by the user in templates/webapps/community/repository/view_workflow.mako. affected #: 1 file diff -r 97ab217e3aace89120d9f34d171790c371b73f1b -r 44ccf4eb910ce9e9ac8638675f403a80930a38fc templates/webapps/community/repository/view_workflow.mako --- a/templates/webapps/community/repository/view_workflow.mako +++ b/templates/webapps/community/repository/view_workflow.mako @@ -96,7 +96,7 @@ ${render_msg( message, status )} %endif -<div class="toolFormTitle">${workflow_name}</div> +<div class="toolFormTitle">${workflow_name | h}</div><div class="form-row"><b>Boxes are red when tools are not available in this repository</b><div class="toolParamHelp" style="clear: both;"> https://bitbucket.org/galaxy/galaxy-central/changeset/3d7e5bbeaf8d/ changeset: 3d7e5bbeaf8d user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/browse_review.mako. affected #: 1 file diff -r 44ccf4eb910ce9e9ac8638675f403a80930a38fc -r 3d7e5bbeaf8d3e76a7857ce67e5540109fcf29ce templates/webapps/community/repository_review/browse_review.mako --- a/templates/webapps/community/repository_review/browse_review.mako +++ b/templates/webapps/community/repository_review/browse_review.mako @@ -34,7 +34,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Review of repository '${repository.name}'</div> + <div class="toolFormTitle">Review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Reviewer:</label> @@ -43,17 +43,17 @@ </div><div class="form-row"><label>Repository revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=review.changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -70,11 +70,10 @@ # Initialize star rating. rating_name = '%s%srating' % ( component.name, STRSEP ) - review_comment = component_review.comment.replace( '\n', '<br/>' ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -93,7 +92,7 @@ <tr><td><div overflow-wrap:normal;overflow:hidden;word-break:keep-all;word-wrap:break-word;line-break:strict;> - ${review_comment} + ${ escape_html_add_breaks( component_review.comment ) } </div></td></tr> @@ -101,7 +100,7 @@ <tr><td><label>Approved:</label> - ${component_review.approved} + ${component_review.approved | h} <div style="clear: both"></div></td></tr> https://bitbucket.org/galaxy/galaxy-central/changeset/2d86b224395e/ changeset: 2d86b224395e user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/create_component.mako. affected #: 1 file diff -r 3d7e5bbeaf8d3e76a7857ce67e5540109fcf29ce -r 2d86b224395ea5a3efb847bb67b4bb8a893c70cb templates/webapps/community/repository_review/create_component.mako --- a/templates/webapps/community/repository_review/create_component.mako +++ b/templates/webapps/community/repository_review/create_component.mako @@ -20,11 +20,11 @@ <form name="create_component" id="create_component" action="${h.url_for( controller='repository_review', action='create_component' )}" method="post" ><div class="form-row"><label>Name:</label> - <input name="name" type="textfield" value="${name}" size=40"/> + <input name="name" type="textfield" value="${name | h}" size=40"/></div><div class="form-row"><label>Description:</label> - <input name="description" type="textfield" value="${description}" size=40"/> + <input name="description" type="textfield" value="${description | h}" size=40"/></div><div class="form-row"><input type="submit" name="create_component_button" value="Save"/> https://bitbucket.org/galaxy/galaxy-central/changeset/afea7bdcd557/ changeset: afea7bdcd557 user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/edit_component.mako. affected #: 1 file diff -r 2d86b224395ea5a3efb847bb67b4bb8a893c70cb -r afea7bdcd55755c780f9226e4b12a55dbbbd8591 templates/webapps/community/repository_review/edit_component.mako --- a/templates/webapps/community/repository_review/edit_component.mako +++ b/templates/webapps/community/repository_review/edit_component.mako @@ -12,14 +12,14 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${component.name} + ${component.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input name="description" type="textfield" value="${component.description}" size=40"/> + <input name="description" type="textfield" value="${component.description | h}" size=40"/></div><div style="clear: both"></div></div> https://bitbucket.org/galaxy/galaxy-central/changeset/87ce7c44d11c/ changeset: 87ce7c44d11c user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/edit_review.mako. affected #: 1 file diff -r afea7bdcd55755c780f9226e4b12a55dbbbd8591 -r 87ce7c44d11c1d1c874c4564f0acfd32304dd3a4 templates/webapps/community/repository_review/edit_review.mako --- a/templates/webapps/community/repository_review/edit_review.mako +++ b/templates/webapps/community/repository_review/edit_review.mako @@ -35,7 +35,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">My review of repository '${repository.name}'</div> + <div class="toolFormTitle">My review of repository '${repository.name | h}'</div><div class="toolFormBody"><form name="edit_review" action="${h.url_for( controller='repository_review', action='edit_review', id=trans.security.encode_id( review.id ) )}" method="post" ><div class="form-row"> @@ -45,12 +45,12 @@ </div><div class="form-row"><label>Repository owner:</label> - ${repository.user.username} + ${repository.user.username | h} <div style="clear: both"></div></div><div class="form-row"><label>Repository synopsis:</label> - ${repository.description} + ${repository.description | h} <div style="clear: both"></div></div><div class="form-row"> @@ -108,8 +108,8 @@ review_button_name = '%s%sreview_button' % ( component_name, STRSEP ) %><tr> - <td bgcolor="#D8D8D8"><b>${component.name}</b></td> - <td bgcolor="#D8D8D8">${component.description}</td> + <td bgcolor="#D8D8D8"><b>${component.name | h}</b></td> + <td bgcolor="#D8D8D8">${component.description | h}</td></tr><tr><td colspan="2"> @@ -128,7 +128,7 @@ <td><label>Comments:</label> %if component_review: - <pre><textarea name="${comment_name}" rows="3" cols="80">${comment}</textarea></pre> + <pre><textarea name="${comment_name}" rows="3" cols="80">${comment | h}</textarea></pre> %else: <textarea name="${comment_name}" rows="3" cols="80"></textarea> %endif https://bitbucket.org/galaxy/galaxy-central/changeset/a3b6a7ad9687/ changeset: a3b6a7ad9687 user: dan date: 2012-10-23 17:06:23 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/reviews_of_changeset_revision.mako. affected #: 1 file diff -r 87ce7c44d11c1d1c874c4564f0acfd32304dd3a4 -r a3b6a7ad9687d84f950078ebd9a4e797aa5f337e templates/webapps/community/repository_review/reviews_of_changeset_revision.mako --- a/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako +++ b/templates/webapps/community/repository_review/reviews_of_changeset_revision.mako @@ -73,16 +73,16 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Revision reviews of repository '${repository.name}'</div> + <div class="toolFormTitle">Revision reviews of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><label>Revision is installable:</label> - ${installable_str} + ${installable_str | h} <div style="clear: both"></div></div><div class="form-row"> @@ -109,7 +109,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='repository_reviews_by_user', id=trans.security.encode_id( review.user.id ) )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"> %if review.user == trans.user: @@ -126,7 +126,7 @@ <td><input type="submit" name="approve_repository_review_button" value="Save"/></td></form> %else: - <td>${approved_str}</td> + <td>${approved_str | h}</td><td></td> %endif </tr> https://bitbucket.org/galaxy/galaxy-central/changeset/887af9525287/ changeset: 887af9525287 user: dan date: 2012-10-23 17:06:27 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/reviews_of_repository.mako. affected #: 1 file diff -r a3b6a7ad9687d84f950078ebd9a4e797aa5f337e -r 887af9525287ea51e2286c9b00ce694cb68dd817 templates/webapps/community/repository_review/reviews_of_repository.mako --- a/templates/webapps/community/repository_review/reviews_of_repository.mako +++ b/templates/webapps/community/repository_review/reviews_of_repository.mako @@ -55,7 +55,7 @@ <a class="action-button" href="${h.url_for( controller='repository', action='rate_repository', id=trans.security.encode_id( repository.id ) )}">Rate repository</a> %endif %if can_browse_contents: - <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label}</a> + <a class="action-button" href="${h.url_for( controller='repository', action='browse_repository', id=trans.security.encode_id( repository.id ) )}">${browse_label | h}</a> %endif %if can_contact_owner: <a class="action-button" href="${h.url_for( controller='repository', action='contact_owner', id=trans.security.encode_id( repository.id ) )}">Contact repository owner</a> @@ -68,7 +68,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">${title}</div> + <div class="toolFormTitle">${title | h}</div><div class="toolFormBody"><div class="form-row"><table class="grid"> @@ -102,7 +102,7 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${changeset_revision}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a></div><div popupmenu="${changeset_revision}-popup"> %if repository_reviews: @@ -113,7 +113,7 @@ </div></td><td>${reviewers_str}</td> - <td>${installable_str}</td> + <td>${installable_str | h}</td></tr> %endfor </table> https://bitbucket.org/galaxy/galaxy-central/changeset/92237db0cd58/ changeset: 92237db0cd58 user: dan date: 2012-10-23 17:06:27 summary: HTML escape values that could be set by the user in templates/webapps/community/repository_review/select_previous_review.mako. affected #: 1 file diff -r 887af9525287ea51e2286c9b00ce694cb68dd817 -r 92237db0cd58f97a24787d451ab5a4d9738452bd templates/webapps/community/repository_review/select_previous_review.mako --- a/templates/webapps/community/repository_review/select_previous_review.mako +++ b/templates/webapps/community/repository_review/select_previous_review.mako @@ -67,23 +67,23 @@ %endif <div class="warningmessage"> - You have elected to create a new review for revision <b>${changeset_revision_label}</b>of this repository. Since previous revisions have been reviewed, + You have elected to create a new review for revision <b>${changeset_revision_label | h}</b>of this repository. Since previous revisions have been reviewed, you can select a previous review to copy to your new review, or click the <b>Create a review without copying</b> button. </div><div class="toolForm"> - <div class="toolFormTitle">Select previous revision review of repository '${repository.name}'</div> + <div class="toolFormTitle">Select previous revision review of repository '${repository.name | h}'</div><div class="toolFormBody"><div class="form-row"><label>Revision for new review:</label> - <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label}</a> + <a class="action-button" href="${h.url_for( controller='repository_review', action='view_or_manage_repository', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision )}">${changeset_revision_label | h}</a><div style="clear: both"></div></div><div class="form-row"><table class="grid"><tr></tr> - <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name}' that can be copied to your new review</b></td> + <td bgcolor="#D8D8D8" colspan="4"><b>Previous revision reviews of repository '${repository.name | h}' that can be copied to your new review</b></td><tr><th>Reviewer</th><th>Revision reviewed</th> @@ -107,15 +107,15 @@ <tr><td><div style="float:left;" class="menubutton split popup" id="${encoded_review_id}-popup"> - <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username}</a> + <a class="view-info" href="${h.url_for( controller='repository_review', action='browse_review', id=encoded_review_id )}">${review.user.username | h}</a></div><div popupmenu="${encoded_review_id}-popup"><a class="action-button" href="${h.url_for( controller='repository_review', action='create_review', id=trans.security.encode_id( repository.id ), changeset_revision=changeset_revision, previous_review_id=encoded_review_id )}">Copy this review</a></div></td> - <td>${previous_changeset_revision_label}</td> + <td>${previous_changeset_revision_label | h}</td><td>${render_star_rating( repository_rating_name, review.rating, disabled=True )}</td> - <td>${approved_str}</td> + <td>${approved_str | h}</td></tr> %endfor %endfor https://bitbucket.org/galaxy/galaxy-central/changeset/fba4cbb570ae/ changeset: fba4cbb570ae user: dan date: 2012-10-23 17:06:28 summary: HTML escape values that could be set by the user in templates/webapps/community/user/manage_email_alerts.mako. affected #: 1 file diff -r 92237db0cd58f97a24787d451ab5a4d9738452bd -r fba4cbb570ae95874383509edeaa6b5e955f8782 templates/webapps/community/user/manage_email_alerts.mako --- a/templates/webapps/community/user/manage_email_alerts.mako +++ b/templates/webapps/community/user/manage_email_alerts.mako @@ -42,8 +42,8 @@ </tr> %for repository in email_alert_repositories: <tr> - <td>${repository.name}</td> - <td>${repository.description}</td> + <td>${repository.name | h}</td> + <td>${repository.description | h}</td></tr> %endfor </table> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0

commit/galaxy-central: greg: Fix for RepositoriesWithReviewsGrid, specifically the WithReviewsRevisionColumn.
by Bitbucket 23 Oct '12

23 Oct '12

1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/06b3b644188a/ changeset: 06b3b644188a user: greg date: 2012-10-23 16:43:57 summary: Fix for RepositoriesWithReviewsGrid, specifically the WithReviewsRevisionColumn. affected #: 4 files diff -r f64b134738a929a05481d30c3135b7663f7f806d -r 06b3b644188a29b78e8400298c67472b5b6bd790 lib/galaxy/webapps/community/controllers/repository.py --- a/lib/galaxy/webapps/community/controllers/repository.py +++ b/lib/galaxy/webapps/community/controllers/repository.py @@ -118,20 +118,6 @@ elif len( select_field.options ) == 1: return select_field.options[ 0 ][ 0 ] return '' - class WithReviewsRevisionColumn( grids.GridColumn ): - def __init__( self, col_name ): - grids.GridColumn.__init__( self, col_name ) - def get_value( self, trans, grid, repository ): - # Restrict to revisions that have been reviewed. - repository_metadata_revisions = get_repository_metadata_revisions_for_review( repository, reviewed=True ) - if repository_metadata_revisions: - rval = '' - for repository_metadata in repository_metadata_revisions: - rev, label, changeset_revision = get_rev_label_changeset_revision_from_repository_metadata( repository_metadata, repository=repository ) - rval += '<a href="manage_repository_reviews_of_revision' - rval += '?id=%s&changeset_revision=%s">%s</a><br/>' % ( trans.security.encode_id( repository.id ), changeset_revision, label ) - return rval - return '' class WithoutReviewsRevisionColumn( grids.GridColumn ): def __init__( self, col_name ): grids.GridColumn.__init__( self, col_name ) diff -r f64b134738a929a05481d30c3135b7663f7f806d -r 06b3b644188a29b78e8400298c67472b5b6bd790 lib/galaxy/webapps/community/controllers/repository_review.py --- a/lib/galaxy/webapps/community/controllers/repository_review.py +++ b/lib/galaxy/webapps/community/controllers/repository_review.py @@ -50,6 +50,21 @@ class RepositoriesWithReviewsGrid( RepositoryGrid ): # This grid filters out repositories that have been marked as deprecated. + class WithReviewsRevisionColumn( grids.GridColumn ): + def __init__( self, col_name ): + grids.GridColumn.__init__( self, col_name ) + def get_value( self, trans, grid, repository ): + # Restrict to revisions that have been reviewed. + if repository.reviews: + rval = '' + repo = hg.repository( get_configured_ui(), repository.repo_path ) + for review in repository.reviews: + changeset_revision = review.changeset_revision + rev, label = get_rev_label_from_changeset_revision( repo, changeset_revision ) + rval += '<a href="manage_repository_reviews_of_revision' + rval += '?id=%s&changeset_revision=%s">%s</a><br/>' % ( trans.security.encode_id( repository.id ), changeset_revision, label ) + return rval + return '' class ReviewersColumn( grids.TextColumn ): def get_value( self, trans, grid, repository ): rval = '' @@ -68,7 +83,7 @@ key="name", link=( lambda item: dict( operation="view_or_manage_repository", id=item.id ) ), attach_popup=True ), - RepositoryGrid.WithReviewsRevisionColumn( "Reviewed revisions" ), + WithReviewsRevisionColumn( "Reviewed revisions" ), RepositoryGrid.WithoutReviewsRevisionColumn( "Revisions for review" ), RepositoryGrid.UserColumn( "Owner", attach_popup=False ), ReviewersColumn( "Reviewers", attach_popup=False ) @@ -718,6 +733,10 @@ # The value of the received id is the encoded repository id. if 'operation' in kwd: operation = kwd['operation'].lower() + if operation == "inspect repository revisions": + return trans.response.send_redirect( web.url_for( controller='repository_review', + action='manage_repository_reviews', + **kwd ) ) if operation == "view_or_manage_repository": return trans.response.send_redirect( web.url_for( controller='repository_review', action='view_or_manage_repository', diff -r f64b134738a929a05481d30c3135b7663f7f806d -r 06b3b644188a29b78e8400298c67472b5b6bd790 templates/webapps/community/repository_review/browse_review.mako --- a/templates/webapps/community/repository_review/browse_review.mako +++ b/templates/webapps/community/repository_review/browse_review.mako @@ -84,7 +84,7 @@ <label>Private:</label> ${private_check_box.get_html( disabled=True )} <div class="toolParamHelp" style="clear: both;"> - A private review can be accessed only by the owner of the repository and the IUC. + A private review can be accessed only by the owner of the repository and authorized repository reviewers. </div><div style="clear: both"></div></td> diff -r f64b134738a929a05481d30c3135b7663f7f806d -r 06b3b644188a29b78e8400298c67472b5b6bd790 templates/webapps/community/repository_review/edit_review.mako --- a/templates/webapps/community/repository_review/edit_review.mako +++ b/templates/webapps/community/repository_review/edit_review.mako @@ -119,7 +119,7 @@ <label>Mark private:</label> ${private_check_box.get_html()} <div class="toolParamHelp" style="clear: both;"> - A private review can be accessed only by the owner of the repository and the IUC. + A private review can be accessed only by the owner of the repository and authorized repository reviewers. </div><div style="clear: both"></div></td> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.

1 0