1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/96c96957d0c6/ Changeset: 96c96957d0c6 User: dan Date: 2014-09-17 15:14:50+00:00 Summary: Turn off sanitation of __ARCHIVE_SOURCE__ and __DEST_DIR__ in History Import Tool. Secure command-line using base64 encoding. Fixes issue where you couldn't import from a URL that has common characters such as e.g. '~' in it. Affected #: 2 files diff -r 3203caa787c1af0ec130995cebca7b7a86a06839 -r 96c96957d0c6d301371ce1cf7dc40521138df51a lib/galaxy/tools/imp_exp/imp_history_from_archive.xml --- a/lib/galaxy/tools/imp_exp/imp_history_from_archive.xml +++ b/lib/galaxy/tools/imp_exp/imp_history_from_archive.xml @@ -1,10 +1,14 @@ <tool id="__IMPORT_HISTORY__" name="Import History" version="0.1" tool_type="import_history"><type class="ImportHistoryTool" module="galaxy.tools"/><action module="galaxy.tools.actions.history_imp_exp" class="ImportHistoryToolAction"/> - <command interpreter="python">unpack_tar_gz_archive.py $__ARCHIVE_SOURCE__ $__DEST_DIR__ --$__ARCHIVE_TYPE__</command> + <command interpreter="python">unpack_tar_gz_archive.py "${ str( $__ARCHIVE_SOURCE__ ).encode( 'base64' ) }" "${ str( $__DEST_DIR__ ).encode( 'base64' ) }" --$__ARCHIVE_TYPE__ --encoded</command><inputs> - <param name="__ARCHIVE_SOURCE__" type="text"/> + <param name="__ARCHIVE_SOURCE__" type="text"> + <sanitizer sanitize="False"/> + </param><param name="__ARCHIVE_TYPE__" type="text"/> - <param name="__DEST_DIR__" type="text"/> + <param name="__DEST_DIR__" type="text"> + <sanitizer sanitize="False"/> + </param></inputs></tool> \ No newline at end of file diff -r 3203caa787c1af0ec130995cebca7b7a86a06839 -r 96c96957d0c6d301371ce1cf7dc40521138df51a lib/galaxy/tools/imp_exp/unpack_tar_gz_archive.py --- a/lib/galaxy/tools/imp_exp/unpack_tar_gz_archive.py +++ b/lib/galaxy/tools/imp_exp/unpack_tar_gz_archive.py @@ -12,6 +12,7 @@ import tempfile import urllib2 import math +from base64 import b64decode # Set max size of archive/file that will be handled to be 100 GB. This is # arbitrary and should be adjusted as needed. @@ -55,11 +56,16 @@ parser = optparse.OptionParser() parser.add_option( '-U', '--url', dest='is_url', action="store_true", help='Source is a URL.' ) parser.add_option( '-F', '--file', dest='is_file', action="store_true", help='Source is a URL.' ) + parser.add_option( '-e', '--encoded', dest='is_b64encoded', action="store_true", default=False, help='Source and destination dir values are base64 encoded.' ) (options, args) = parser.parse_args() is_url = bool( options.is_url ) is_file = bool( options.is_file ) archive_source, dest_dir = args + if options.is_b64encoded: + archive_source = b64decode( archive_source ) + dest_dir = b64decode( dest_dir ) + try: # Get archive from URL. if is_url: Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.