1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/cdd39c933d24/ changeset: cdd39c933d24 user: dannon date: 2012-09-25 16:35:45 summary: HTML-escape registration fields. Remove prefilled password/confirm on create kickback. affected #: 2 files diff -r d6d0c963712a9f85a6a2baede6ec402285088823 -r cdd39c933d24e11b4f99b5d24e5d1b108fea41ea lib/galaxy/web/controllers/user.py --- a/lib/galaxy/web/controllers/user.py +++ b/lib/galaxy/web/controllers/user.py @@ -493,6 +493,7 @@ message += ' <a target="_top" href="%s">Click here</a> to continue to the home page.' % web.url_for( '/static/welcome.html' ) success = True return ( message, status, user, success ) + @web.expose def logout( self, trans, webapp='galaxy', logout_all=False ): if webapp == 'galaxy': @@ -513,6 +514,7 @@ message=message, status='done', active_view="user" ) + @web.expose def create( self, trans, cntrller='user', redirect_url='', refresh_frames=[], **kwd ): params = util.Params( kwd ) @@ -583,8 +585,6 @@ return trans.fill_template( '/user/register.mako', cntrller=cntrller, email=email, - password=password, - confirm=confirm, username=transform_publicname( trans, username ), subscribe_checked=subscribe_checked, user_type_fd_id_select_field=user_type_fd_id_select_field, @@ -597,6 +597,7 @@ refresh_frames=refresh_frames, message=message, status=status ) + def __register( self, trans, cntrller, subscribe_checked, **kwd ): email = util.restore_text( kwd.get( 'email', '' ) ) password = kwd.get( 'password', '' ) diff -r d6d0c963712a9f85a6a2baede6ec402285088823 -r cdd39c933d24e11b4f99b5d24e5d1b108fea41ea templates/user/register.mako --- a/templates/user/register.mako +++ b/templates/user/register.mako @@ -3,7 +3,7 @@ %if redirect_url: <script type="text/javascript"> - top.location.href = '${redirect_url}'; + top.location.href = '${redirect_url | h}'; </script> %endif @@ -42,21 +42,21 @@ <div class="toolFormTitle">Create account</div><div class="form-row"><label>Email address:</label> - <input type="text" name="email" value="${email}" size="40"/> - <input type="hidden" name="webapp" value="${webapp}" size="40"/> - <input type="hidden" name="redirect" value="${redirect}" size="40"/> + <input type="text" name="email" value="${email | h}" size="40"/> + <input type="hidden" name="webapp" value="${webapp | h}" size="40"/> + <input type="hidden" name="redirect" value="${redirect | h}" size="40"/></div><div class="form-row"><label>Password:</label> - <input type="password" name="password" value="${password}" size="40"/> + <input type="password" name="password" value="" size="40"/></div><div class="form-row"><label>Confirm password:</label> - <input type="password" name="confirm" value="${confirm}" size="40"/> + <input type="password" name="confirm" value="" size="40"/></div><div class="form-row"><label>Public name:</label> - <input type="text" name="username" size="40" value="${username}"/> + <input type="text" name="username" size="40" value="${username |h}"/> %if webapp == 'galaxy': <div class="toolParamHelp" style="clear: both;"> Your public name is an identifier that will be used to generate addresses for information Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.