1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/e58a87c91bc4/ changeset: e58a87c91bc4 user: dannon date: 2012-03-05 18:00:53 summary: Add config option (sanitize_all_html, still enabled by default) to control strict dataset html output sanitization. affected #: 3 files diff -r 6fe4166160f331e99b9d7e799587e0ed95ac9ed4 -r e58a87c91bc4bb471b9b6477ef638dc41c4aa4b9 lib/galaxy/config.py --- a/lib/galaxy/config.py +++ b/lib/galaxy/config.py @@ -33,7 +33,7 @@ # Database related configuration self.database = resolve_path( kwargs.get( "database_file", "database/universe.sqlite" ), self.root ) self.database_connection = kwargs.get( "database_connection", False ) - self.database_engine_options = get_database_engine_options( kwargs ) + self.database_engine_options = get_database_engine_options( kwargs ) self.database_create_tables = string_as_bool( kwargs.get( "database_create_tables", "True" ) ) self.database_query_profiling_proxy = string_as_bool( kwargs.get( "database_query_profiling_proxy", "False" ) ) # Where dataset files are stored @@ -61,7 +61,7 @@ tcf = kwargs[ 'tool_config_files' ] else: tcf = 'tool_conf.xml' - self.tool_configs = [ resolve_path( p, self.root ) for p in listify( tcf ) ] + self.tool_configs = [ resolve_path( p, self.root ) for p in listify( tcf ) ] self.tool_data_table_config_path = resolve_path( kwargs.get( 'tool_data_table_config_path', 'tool_data_table_conf.xml' ), self.root ) self.enable_tool_shed_check = string_as_bool( kwargs.get( 'enable_tool_shed_check', False ) ) try: @@ -125,6 +125,7 @@ self.use_memdump = string_as_bool( kwargs.get( 'use_memdump', 'False' ) ) self.log_actions = string_as_bool( kwargs.get( 'log_actions', 'False' ) ) self.log_events = string_as_bool( kwargs.get( 'log_events', 'False' ) ) + self.sanitize_all_html = string_as_bool( kwargs.get( 'sanitize_all_html', True ) ) self.ucsc_display_sites = kwargs.get( 'ucsc_display_sites', "main,test,archaea,ucla" ).lower().split(",") self.gbrowse_display_sites = kwargs.get( 'gbrowse_display_sites', "wormbase,tair,modencode_worm,modencode_fly,sgd_yeast" ).lower().split(",") self.genetrack_display_sites = kwargs.get( 'genetrack_display_sites', "main,test" ).lower().split(",") @@ -183,7 +184,7 @@ #Store per-tool runner configs. try: tool_runners_config = global_conf_parser.items("galaxy:tool_runners") - + # Process config to group multiple configs for the same tool. tool_runners = {} for entry in tool_runners_config: @@ -200,17 +201,17 @@ runner_dict[ 'params' ] = param_dict else: tool = tool_config - + # Add runner URL. runner_dict[ 'url' ] = url - + # Create tool entry if necessary. if tool not in tool_runners: tool_runners[ tool ] = [] - + # Add entry to runners. tool_runners[ tool ].append( runner_dict ) - + self.tool_runners = tool_runners except ConfigParser.NoSectionError: self.tool_runners = [] @@ -281,12 +282,12 @@ # Check for deprecated options. for key in self.config_dict.keys(): if key in self.deprecated_options: - log.warning( "Config option '%s' is deprecated and will be removed in a future release. Please consult the latest version of the sample configuration file." % key ) - + log.warning( "Config option '%s' is deprecated and will be removed in a future release. Please consult the latest version of the sample configuration file." % key ) + def is_admin_user( self,user ): """ Determine if the provided user is listed in `admin_users`. - + NOTE: This is temporary, admin users will likely be specified in the database in the future. """ @@ -343,7 +344,7 @@ if level <= logging.DEBUG: logging.getLogger( "paste.httpserver.ThreadPool" ).setLevel( logging.WARN ) # Remove old handlers - for h in root.handlers[:]: + for h in root.handlers[:]: root.removeHandler(h) # Create handler if destination == "stdout": @@ -351,7 +352,7 @@ else: handler = logging.FileHandler( destination ) # Create formatter - formatter = logging.Formatter( format ) + formatter = logging.Formatter( format ) # Hook everything up handler.setFormatter( formatter ) root.addHandler( handler ) diff -r 6fe4166160f331e99b9d7e799587e0ed95ac9ed4 -r e58a87c91bc4bb471b9b6477ef638dc41c4aa4b9 lib/galaxy/web/controllers/dataset.py --- a/lib/galaxy/web/controllers/dataset.py +++ b/lib/galaxy/web/controllers/dataset.py @@ -409,7 +409,7 @@ if isinstance(data.datatype, datatypes.images.Html): max_peek_size = 10000000 # 10 MB for html if not preview or isinstance(data.datatype, datatypes.images.Image) or os.stat( data.file_name ).st_size < max_peek_size: - if trans.response.get_content_type() == "text/html": + if trans.app.config.sanitize_all_html and trans.response.get_content_type() == "text/html": # Sanitize anytime we respond with plain text/html content. return sanitize_html(open( data.file_name ).read()) return open( data.file_name ) diff -r 6fe4166160f331e99b9d7e799587e0ed95ac9ed4 -r e58a87c91bc4bb471b9b6477ef638dc41c4aa4b9 universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample +++ b/universe_wsgi.ini.sample @@ -309,6 +309,12 @@ # log_events and log_actions functionality will eventually be merged. #log_actions = True +# Sanitize All HTML Tool Output +# By default, all tool output served as 'text/html' will be sanitized +# thoroughly. This can be disabled if you have special tools that require +# unaltered output. +#sanitize_all_html = True + # Debug enables access to various config options useful for development and # debugging: use_lint, use_profile, use_printdebug and use_interactive. It # also causes the files used by PBS/SGE (submission script, output, and error) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.