1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/5ea04ccb61e8/ changeset: 5ea04ccb61e8 user: greg date: 2012-04-02 19:27:31 summary: Make sure repository files displayed during installation are restricted to a max file size and contents are viewable in a browser. affected #: 4 files diff -r 319c7ee6873c53e57aa6b37271cb7c6afb067612 -r 5ea04ccb61e8373369c41370dd3ee216a7dc6d14 lib/galaxy/util/shed_util.py --- a/lib/galaxy/util/shed_util.py +++ b/lib/galaxy/util/shed_util.py @@ -1,4 +1,4 @@ -import os, tempfile, shutil, subprocess, logging +import os, tempfile, shutil, subprocess, logging, string from datetime import date, datetime, timedelta from time import strftime from galaxy import util @@ -13,6 +13,14 @@ log = logging.getLogger( __name__ ) +# Characters that must be html escaped +MAPPED_CHARS = { '>' :'>', + '<' :'<', + '"' : '"', + '&' : '&', + '\'' : ''' } +VALID_CHARS = set( string.letters + string.digits + "'\"-=_.()/+*^,:?!#[]%\\$@;{}" ) + def add_to_shed_tool_config( app, shed_tool_conf_dict, elem_list ): # A tool shed repository is being installed so change the shed_tool_conf file. Parse the config file to generate the entire list # of config_elems instead of using the in-memory list since it will be a subset of the entire list if one or more repositories have @@ -1096,6 +1104,34 @@ if uninstall: # Write the current in-memory version of the integrated_tool_panel.xml file to disk. trans.app.toolbox.write_integrated_tool_panel_config_file() +def to_html_escaped( text ): + """Translates the characters in text to html values""" + translated = [] + for c in text: + if c in [ '\r\n', '\n', ' ', '\t' ] or c in VALID_CHARS: + translated.append( c ) + elif c in MAPPED_CHARS: + translated.append( MAPPED_CHARS[ c ] ) + else: + translated.append( 'X' ) + return ''.join( translated ) +def to_html_str( text ): + """Translates the characters in text to sn html string""" + translated = [] + for c in text: + if c in VALID_CHARS: + translated.append( c ) + elif c in MAPPED_CHARS: + translated.append( MAPPED_CHARS[ c ] ) + elif c == ' ': + translated.append( ' ' ) + elif c == '\t': + translated.append( '    ' ) + elif c == '\n': + translated.append( '<br/>' ) + elif c not in [ '\r' ]: + translated.append( 'X' ) + return ''.join( translated ) def update_repository( current_working_dir, repo_files_dir, changeset_revision ): # Update the cloned repository to changeset_revision. It is imperative that the # installed repository is updated to the desired changeset_revision before metadata diff -r 319c7ee6873c53e57aa6b37271cb7c6afb067612 -r 5ea04ccb61e8373369c41370dd3ee216a7dc6d14 lib/galaxy/web/controllers/admin_toolshed.py --- a/lib/galaxy/web/controllers/admin_toolshed.py +++ b/lib/galaxy/web/controllers/admin_toolshed.py @@ -6,6 +6,8 @@ log = logging.getLogger( __name__ ) +MAX_CONTENT_SIZE = 32768 + class RepositoryListGrid( grids.Grid ): class NameColumn( grids.TextColumn ): def get_value( self, trans, grid, tool_shed_repository ): @@ -377,8 +379,15 @@ owner = get_repository_owner( clean_repository_clone_url( repository_clone_url ) ) url = '%s/repository/get_readme?name=%s&owner=%s&changeset_revision=%s&webapp=galaxy' % ( tool_shed_url, name, owner, changeset_revision ) response = urllib2.urlopen( url ) - readme_text = response.read() + raw_text = response.read() response.close() + readme_text = '' + for i, line in enumerate( raw_text ): + readme_text = '%s%s' % ( readme_text, to_html_str( line ) ) + if len( readme_text ) > MAX_CONTENT_SIZE: + large_str = '\nFile contents truncated because file size is larger than maximum viewing size of %s\n' % util.nice_size( MAX_CONTENT_SIZE ) + readme_text = '%s%s' % ( readme_text, to_html_str( large_str ) ) + break else: readme_text = '' else: diff -r 319c7ee6873c53e57aa6b37271cb7c6afb067612 -r 5ea04ccb61e8373369c41370dd3ee216a7dc6d14 lib/galaxy/webapps/community/controllers/common.py --- a/lib/galaxy/webapps/community/controllers/common.py +++ b/lib/galaxy/webapps/community/controllers/common.py @@ -6,7 +6,7 @@ from galaxy.util.json import from_json_string, to_json_string from galaxy.util.hash_util import * from galaxy.util.shed_util import copy_sample_loc_file, generate_datatypes_metadata, generate_tool_metadata, generate_workflow_metadata -from galaxy.util.shed_util import handle_sample_tool_data_table_conf_file +from galaxy.util.shed_util import handle_sample_tool_data_table_conf_file, to_html_escaped, to_html_str from galaxy.web.base.controller import * from galaxy.webapps.community import model from galaxy.model.orm import * diff -r 319c7ee6873c53e57aa6b37271cb7c6afb067612 -r 5ea04ccb61e8373369c41370dd3ee216a7dc6d14 lib/galaxy/webapps/community/controllers/repository.py --- a/lib/galaxy/webapps/community/controllers/repository.py +++ b/lib/galaxy/webapps/community/controllers/repository.py @@ -15,14 +15,7 @@ log = logging.getLogger( __name__ ) -# Characters that must be html escaped -MAPPED_CHARS = { '>' :'>', - '<' :'<', - '"' : '"', - '&' : '&', - '\'' : ''' } MAX_CONTENT_SIZE = 32768 -VALID_CHARS = set( string.letters + string.digits + "'\"-=_.()/+*^,:?!#[]%\\$@;{}" ) VALID_REPOSITORYNAME_RE = re.compile( "^[a-z0-9\_]+$" ) class CategoryListGrid( grids.Grid ): @@ -785,7 +778,7 @@ repo = hg.repository( get_configured_ui(), repo_dir ) for root, dirs, files in os.walk( repo_dir ): for name in files: - if name.lower() in [ 'readme', 'read_me' ]: + if name.lower() in [ 'readme', 'readme.txt', 'read_me', 'read_me.txt' ]: f = open( os.path.join( root, name ), 'r' ) text = f.read() f.close() @@ -1600,7 +1593,7 @@ anchors = modified + added + removed + deleted + unknown + ignored + clean diffs = [] for diff in patch.diff( repo, node1=ctx_parent.node(), node2=ctx.node() ): - diffs.append( self.to_html_escaped( diff ) ) + diffs.append( to_html_escaped( diff ) ) is_malicious = change_set_is_malicious( trans, id, repository.tip ) return trans.fill_template( '/webapps/community/repository/view_changeset.mako', repository=repository, @@ -1938,20 +1931,20 @@ trans.response.headers['Pragma'] = 'no-cache' trans.response.headers['Expires'] = '0' if is_gzip( file_path ): - to_html = self.to_html_str( '\ngzip compressed file\n' ) + to_html = to_html_str( '\ngzip compressed file\n' ) elif is_bz2( file_path ): - to_html = self.to_html_str( '\nbz2 compressed file\n' ) + to_html = to_html_str( '\nbz2 compressed file\n' ) elif check_zip( file_path ): - to_html = self.to_html_str( '\nzip compressed file\n' ) + to_html = to_html_str( '\nzip compressed file\n' ) elif check_binary( file_path ): - to_html = self.to_html_str( '\nBinary file\n' ) + to_html = to_html_str( '\nBinary file\n' ) else: to_html = '' for i, line in enumerate( open( file_path ) ): - to_html = '%s%s' % ( to_html, self.to_html_str( line ) ) + to_html = '%s%s' % ( to_html, to_html_str( line ) ) if len( to_html ) > MAX_CONTENT_SIZE: large_str = '\nFile contents truncated because file size is larger than maximum viewing size of %s\n' % util.nice_size( MAX_CONTENT_SIZE ) - to_html = '%s%s' % ( to_html, self.to_html_str( large_str ) ) + to_html = '%s%s' % ( to_html, to_html_str( large_str ) ) break return to_html @web.expose @@ -1960,34 +1953,6 @@ message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) return trans.fill_template( '/webapps/community/repository/help.mako', message=message, status=status, **kwd ) - def to_html_escaped( self, text ): - """Translates the characters in text to html values""" - translated = [] - for c in text: - if c in [ '\r\n', '\n', ' ', '\t' ] or c in VALID_CHARS: - translated.append( c ) - elif c in MAPPED_CHARS: - translated.append( MAPPED_CHARS[ c ] ) - else: - translated.append( 'X' ) - return ''.join( translated ) - def to_html_str( self, text ): - """Translates the characters in text to sn html string""" - translated = [] - for c in text: - if c in VALID_CHARS: - translated.append( c ) - elif c in MAPPED_CHARS: - translated.append( MAPPED_CHARS[ c ] ) - elif c == ' ': - translated.append( ' ' ) - elif c == '\t': - translated.append( '    ' ) - elif c == '\n': - translated.append( '<br/>' ) - elif c not in [ '\r' ]: - translated.append( 'X' ) - return ''.join( translated ) def __build_allow_push_select_field( self, trans, current_push_list, selected_value='none' ): options = [] for user in trans.sa_session.query( trans.model.User ): Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.