# HG changeset patch -- Bitbucket.org # Project galaxy-dist # URL http://bitbucket.org/galaxy/galaxy-dist/overview # User jeremy goecks <jeremy.goecks@emory.edu> # Date 1275599071 14400 # Node ID d25af565d085e19dccb8f20c857e633397e5da08 # Parent 170e2688d37043c9f1c4349f15d29ce6dd43e88b Bug fix for importing a history archive. --- a/lib/galaxy/web/controllers/history.py +++ b/lib/galaxy/web/controllers/history.py @@ -454,7 +454,7 @@ class HistoryController( BaseController, # Security check: make sure that members are relative, not absolute. for tarinfo in history_archive_file.getmembers(): - if tarinfo.name.startswith("/") or tarinfo.name.startswith(".."): + if tarinfo.name.startswith("/") or tarinfo.name.find("..") != -1: return trans.show_error_message( 'Error importing history archive: archive file is invalid.' ) # Unpack archive in temporary directory.