3 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/c0a665a31e91/ Changeset: c0a665a31e91 Branch: stable User: dan Date: 2013-03-22 16:43:42 Summary: Allow old-style display applications to be disabled. Affected #: 3 files diff -r 779b54139013946613772d02a3fbb61e067f3267 -r c0a665a31e9160fa344255d6f3fe22a0ab2b6a6f lib/galaxy/config.py --- a/lib/galaxy/config.py +++ b/lib/galaxy/config.py @@ -141,6 +141,7 @@ self.log_actions = string_as_bool( kwargs.get( 'log_actions', 'False' ) ) self.log_events = string_as_bool( kwargs.get( 'log_events', 'False' ) ) self.sanitize_all_html = string_as_bool( kwargs.get( 'sanitize_all_html', True ) ) + self.enable_old_display_applications = string_as_bool( kwargs.get( "enable_old_display_applications", "True" ) ) self.ucsc_display_sites = kwargs.get( 'ucsc_display_sites', "main,test,archaea,ucla" ).lower().split(",") self.gbrowse_display_sites = kwargs.get( 'gbrowse_display_sites', "modencode,sgd_yeast,tair,wormbase,wormbase_ws120,wormbase_ws140,wormbase_ws170,wormbase_ws180,wormbase_ws190,wormbase_ws200,wormbase_ws204,wormbase_ws210,wormbase_ws220,wormbase_ws225" ).lower().split(",") self.genetrack_display_sites = kwargs.get( 'genetrack_display_sites', "main,test" ).lower().split(",") diff -r 779b54139013946613772d02a3fbb61e067f3267 -r c0a665a31e9160fa344255d6f3fe22a0ab2b6a6f lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -700,6 +700,8 @@ @web.expose def display_at( self, trans, dataset_id, filename=None, **kwd ): """Sets up a dataset permissions so it is viewable at an external site""" + if not trans.app.config.enable_old_display_applications: + return trans.show_error_message( "This method of accessing external display applications has been disabled by a Galaxy administrator." ) site = filename data = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( dataset_id ) if not data: diff -r 779b54139013946613772d02a3fbb61e067f3267 -r c0a665a31e9160fa344255d6f3fe22a0ab2b6a6f universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample +++ b/universe_wsgi.ini.sample @@ -247,6 +247,16 @@ # them). #display_servers = hgw1.cse.ucsc.edu,hgw2.cse.ucsc.edu,hgw3.cse.ucsc.edu,hgw4.cse.ucsc.edu,hgw5.cse.ucsc.edu,hgw6.cse.ucsc.edu,hgw7.cse.ucsc.edu,hgw8.cse.ucsc.edu,lowepub.cse.ucsc.edu +# To disable the old-style display applications that are hardcoded into datatype classes, +# set enable_old_display_applications = False. +# This may be desirable due to using the new-style, XML-defined, display applications that +# have been defined for many of the datatypes that have the old-style. +# There is also a potential security concern with the old-style applications, +# where a malicious party could provide a link that appears to reference the Galaxy server, +# but contains a redirect to a third-party server, tricking a Galaxy user to access said +# site. +#enable_old_display_applications = True + # -- Next gen LIMS interface on top of existing Galaxy Sample/Request management code. use_nglims = False https://bitbucket.org/galaxy/galaxy-central/commits/66c67f015f9e/ Changeset: 66c67f015f9e Branch: next-stable User: dan Date: 2013-03-22 16:43:42 Summary: Allow old-style display applications to be disabled. Affected #: 3 files diff -r 3bbbcdb044afdbd380d6cd4c0f721ab7262c5555 -r 66c67f015f9e8beb1bfaf4365bdaeb41d9090fe2 lib/galaxy/config.py --- a/lib/galaxy/config.py +++ b/lib/galaxy/config.py @@ -151,6 +151,7 @@ self.log_actions = string_as_bool( kwargs.get( 'log_actions', 'False' ) ) self.log_events = string_as_bool( kwargs.get( 'log_events', 'False' ) ) self.sanitize_all_html = string_as_bool( kwargs.get( 'sanitize_all_html', True ) ) + self.enable_old_display_applications = string_as_bool( kwargs.get( "enable_old_display_applications", "True" ) ) self.ucsc_display_sites = kwargs.get( 'ucsc_display_sites', "main,test,archaea,ucla" ).lower().split(",") self.gbrowse_display_sites = kwargs.get( 'gbrowse_display_sites', "modencode,sgd_yeast,tair,wormbase,wormbase_ws120,wormbase_ws140,wormbase_ws170,wormbase_ws180,wormbase_ws190,wormbase_ws200,wormbase_ws204,wormbase_ws210,wormbase_ws220,wormbase_ws225" ).lower().split(",") self.brand = kwargs.get( 'brand', None ) diff -r 3bbbcdb044afdbd380d6cd4c0f721ab7262c5555 -r 66c67f015f9e8beb1bfaf4365bdaeb41d9090fe2 lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -697,6 +697,8 @@ @web.expose def display_at( self, trans, dataset_id, filename=None, **kwd ): """Sets up a dataset permissions so it is viewable at an external site""" + if not trans.app.config.enable_old_display_applications: + return trans.show_error_message( "This method of accessing external display applications has been disabled by a Galaxy administrator." ) site = filename data = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( dataset_id ) if not data: diff -r 3bbbcdb044afdbd380d6cd4c0f721ab7262c5555 -r 66c67f015f9e8beb1bfaf4365bdaeb41d9090fe2 universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample +++ b/universe_wsgi.ini.sample @@ -247,6 +247,16 @@ # them). #display_servers = hgw1.cse.ucsc.edu,hgw2.cse.ucsc.edu,hgw3.cse.ucsc.edu,hgw4.cse.ucsc.edu,hgw5.cse.ucsc.edu,hgw6.cse.ucsc.edu,hgw7.cse.ucsc.edu,hgw8.cse.ucsc.edu,lowepub.cse.ucsc.edu +# To disable the old-style display applications that are hardcoded into datatype classes, +# set enable_old_display_applications = False. +# This may be desirable due to using the new-style, XML-defined, display applications that +# have been defined for many of the datatypes that have the old-style. +# There is also a potential security concern with the old-style applications, +# where a malicious party could provide a link that appears to reference the Galaxy server, +# but contains a redirect to a third-party server, tricking a Galaxy user to access said +# site. +#enable_old_display_applications = True + # -- Next gen LIMS interface on top of existing Galaxy Sample/Request management code. use_nglims = False https://bitbucket.org/galaxy/galaxy-central/commits/56799709a0f3/ Changeset: 56799709a0f3 User: dan Date: 2013-03-22 16:43:42 Summary: Allow old-style display applications to be disabled. Affected #: 3 files diff -r d629a346b859c91ba0da27f865952580d1054d80 -r 56799709a0f35d1f5cde0aa8f38939eafea98294 lib/galaxy/config.py --- a/lib/galaxy/config.py +++ b/lib/galaxy/config.py @@ -151,6 +151,7 @@ self.log_actions = string_as_bool( kwargs.get( 'log_actions', 'False' ) ) self.log_events = string_as_bool( kwargs.get( 'log_events', 'False' ) ) self.sanitize_all_html = string_as_bool( kwargs.get( 'sanitize_all_html', True ) ) + self.enable_old_display_applications = string_as_bool( kwargs.get( "enable_old_display_applications", "True" ) ) self.ucsc_display_sites = kwargs.get( 'ucsc_display_sites', "main,test,archaea,ucla" ).lower().split(",") self.gbrowse_display_sites = kwargs.get( 'gbrowse_display_sites', "modencode,sgd_yeast,tair,wormbase,wormbase_ws120,wormbase_ws140,wormbase_ws170,wormbase_ws180,wormbase_ws190,wormbase_ws200,wormbase_ws204,wormbase_ws210,wormbase_ws220,wormbase_ws225" ).lower().split(",") self.brand = kwargs.get( 'brand', None ) diff -r d629a346b859c91ba0da27f865952580d1054d80 -r 56799709a0f35d1f5cde0aa8f38939eafea98294 lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -697,6 +697,8 @@ @web.expose def display_at( self, trans, dataset_id, filename=None, **kwd ): """Sets up a dataset permissions so it is viewable at an external site""" + if not trans.app.config.enable_old_display_applications: + return trans.show_error_message( "This method of accessing external display applications has been disabled by a Galaxy administrator." ) site = filename data = trans.sa_session.query( trans.app.model.HistoryDatasetAssociation ).get( dataset_id ) if not data: diff -r d629a346b859c91ba0da27f865952580d1054d80 -r 56799709a0f35d1f5cde0aa8f38939eafea98294 universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample +++ b/universe_wsgi.ini.sample @@ -247,6 +247,16 @@ # them). #display_servers = hgw1.cse.ucsc.edu,hgw2.cse.ucsc.edu,hgw3.cse.ucsc.edu,hgw4.cse.ucsc.edu,hgw5.cse.ucsc.edu,hgw6.cse.ucsc.edu,hgw7.cse.ucsc.edu,hgw8.cse.ucsc.edu,lowepub.cse.ucsc.edu +# To disable the old-style display applications that are hardcoded into datatype classes, +# set enable_old_display_applications = False. +# This may be desirable due to using the new-style, XML-defined, display applications that +# have been defined for many of the datatypes that have the old-style. +# There is also a potential security concern with the old-style applications, +# where a malicious party could provide a link that appears to reference the Galaxy server, +# but contains a redirect to a third-party server, tricking a Galaxy user to access said +# site. +#enable_old_display_applications = True + # -- Next gen LIMS interface on top of existing Galaxy Sample/Request management code. use_nglims = False Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.