[galaxy-commits] commit/galaxy-central: 2 new changesets

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/04b4efed14ba/ changeset: 04b4efed14ba branch: stable user: inithello date: 2013-02-21 17:06:11 summary: Changed to_safe_string to use markupsafe.escape for unsafe characters. affected #: 1 file diff -r 7c3df0bcbc222f478b1e21886fbb384d3dc96f31 -r 04b4efed14bab6a322c3c93d1785cc3cd398e91f lib/galaxy/util/shed_util_common.py --- a/lib/galaxy/util/shed_util_common.py +++ b/lib/galaxy/util/shed_util_common.py @@ -30,17 +30,11 @@ log = logging.getLogger( __name__ ) INITIAL_CHANGELOG_HASH = '000000000000' -# Characters that must be html escaped -MAPPED_CHARS = { '>' :'>', - '<' :'<', - '"' : '"', - '&' : '&', - '\'' : ''' } MAX_CONTENT_SIZE = 32768 NOT_TOOL_CONFIGS = [ 'datatypes_conf.xml', 'repository_dependencies.xml', 'tool_dependencies.xml' ] GALAXY_ADMIN_TOOL_SHED_CONTROLLER = 'GALAXY_ADMIN_TOOL_SHED_CONTROLLER' TOOL_SHED_ADMIN_CONTROLLER = 'TOOL_SHED_ADMIN_CONTROLLER' -VALID_CHARS = set( string.letters + string.digits + "'\"-=_.()/+*^,:?!#[]%\\$@;{}" ) +VALID_CHARS = set( string.letters + string.digits + "'\"-=_.()/+*^,:?!#[]%\\$@;{}&<>" ) new_repo_email_alert_template = """ Repository name: ${repository_name} @@ -3420,12 +3414,14 @@ def to_safe_string( text, to_html=True ): """Translates the characters in text to an html string""" if text: + if to_html: + escaped_text = str( markupsafe.escape( text ) ) + else: + escaped_text = str( text ) translated = [] - for c in text: + for c in escaped_text: if c in VALID_CHARS: translated.append( c ) - elif c in MAPPED_CHARS: - translated.append( MAPPED_CHARS[ c ] ) elif c in [ '\n' ]: if to_html: translated.append( '<br/>' ) @@ -3437,8 +3433,6 @@ translated.append( c ) else: translated.append( '' ) - if to_html: - str( markupsafe.escape( ''.join( translated ) ) ) return ''.join( translated ) return text def tool_shed_from_repository_clone_url( repository_clone_url ): https://bitbucket.org/galaxy/galaxy-central/commits/45f1d93124ad/ changeset: 45f1d93124ad user: inithello date: 2013-02-21 17:06:11 summary: Changed to_safe_string to use markupsafe.escape for unsafe characters. affected #: 1 file diff -r 1adf6fdd9c49bda204e5d90f70f10e7ef4ec06bd -r 45f1d93124ad4cadff01d8ae0fadfb1db5d8fcb2 lib/galaxy/util/shed_util_common.py --- a/lib/galaxy/util/shed_util_common.py +++ b/lib/galaxy/util/shed_util_common.py @@ -32,18 +32,12 @@ INITIAL_CHANGELOG_HASH = '000000000000' REPOSITORY_DATA_MANAGER_CONFIG_FILENAME = "data_manager_conf.xml" -# Characters that must be html escaped -MAPPED_CHARS = { '>' :'>', - '<' :'<', - '"' : '"', - '&' : '&', - '\'' : ''' } MAX_CONTENT_SIZE = 32768 NOT_TOOL_CONFIGS = [ 'datatypes_conf.xml', 'repository_dependencies.xml', 'tool_dependencies.xml', REPOSITORY_DATA_MANAGER_CONFIG_FILENAME ] GALAXY_ADMIN_TOOL_SHED_CONTROLLER = 'GALAXY_ADMIN_TOOL_SHED_CONTROLLER' TOOL_SHED_ADMIN_CONTROLLER = 'TOOL_SHED_ADMIN_CONTROLLER' TOOL_TYPES_NOT_IN_TOOL_PANEL = [ 'manage_data' ] -VALID_CHARS = set( string.letters + string.digits + "'\"-=_.()/+*^,:?!#[]%\\$@;{}" ) +VALID_CHARS = set( string.letters + string.digits + "'\"-=_.()/+*^,:?!#[]%\\$@;{}&<>" ) new_repo_email_alert_template = """ Sharable link: ${sharable_link} @@ -3802,12 +3796,14 @@ def to_safe_string( text, to_html=True ): """Translates the characters in text to an html string""" if text: + if to_html: + escaped_text = str( markupsafe.escape( text ) ) + else: + escaped_text = str( text ) translated = [] - for c in text: + for c in escaped_text: if c in VALID_CHARS: translated.append( c ) - elif c in MAPPED_CHARS: - translated.append( MAPPED_CHARS[ c ] ) elif c in [ '\n' ]: if to_html: translated.append( '<br/>' ) @@ -3825,8 +3821,6 @@ translated.append( c ) else: translated.append( '' ) - if to_html: - str( markupsafe.escape( ''.join( translated ) ) ) return ''.join( translated ) return text def tool_shed_from_repository_clone_url( repository_clone_url ): Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.