details: http://www.bx.psu.edu/hg/galaxy/rev/e783e000f7c3 changeset: 3399:e783e000f7c3 user: Greg Von Kuster <greg@bx.psu.edu> date: Tue Feb 16 09:44:07 2010 -0500 description: Properly handle double quotes in library item text field contents. diffstat: lib/galaxy/web/controllers/library_common.py | 2 +- templates/library/common/folder_info.mako | 14 +++++++++--- templates/library/common/library_info.mako | 18 ++++++++++------ templates/mobile/manage_library.mako | 30 ++++++++++++++++++++------- test/base/twilltestcase.py | 2 +- 5 files changed, 45 insertions(+), 21 deletions(-) diffs (190 lines): diff -r 952941cf17f3 -r e783e000f7c3 lib/galaxy/web/controllers/library_common.py --- a/lib/galaxy/web/controllers/library_common.py Mon Feb 15 19:12:46 2010 -0500 +++ b/lib/galaxy/web/controllers/library_common.py Tue Feb 16 09:44:07 2010 -0500 @@ -135,7 +135,7 @@ widgets = library.get_template_widgets( trans ) current_user_roles = trans.get_current_user_roles() show_deleted = util.string_as_bool( params.get( 'show_deleted', False ) ) - if params.get( 'rename_library_button', False ): + if params.get( 'library_info_button', False ): old_name = library.name new_name = util.restore_text( params.get( 'name', 'No name' ) ) if not new_name: diff -r 952941cf17f3 -r e783e000f7c3 templates/library/common/folder_info.mako --- a/templates/library/common/folder_info.mako Mon Feb 15 19:12:46 2010 -0500 +++ b/templates/library/common/folder_info.mako Tue Feb 16 09:44:07 2010 -0500 @@ -2,6 +2,12 @@ <%namespace file="/message.mako" import="render_msg" /> <%namespace file="/library/common/common.mako" import="render_template_info" /> +<% + from cgi import escape + folder_name = escape( str( folder.name ), quote=True ) + folder_description = escape( str( folder.description ), quote=True ) +%> + <br/><br/> <ul class="manage-table-actions"> <li> @@ -20,12 +26,12 @@ <form name="folder" action="${h.url_for( controller='library_common', action='folder_info', cntrller=cntrller, id=trans.security.encode_id( folder.id ), library_id=library_id, show_deleted=show_deleted )}" method="post" > <div class="form-row"> <label>Name:</label> - <input type="text" name="name" value="${folder.name}" size="40"/> + <input type="text" name="name" value="${folder_name}" size="40"/> <div style="clear: both"></div> </div> <div class="form-row"> <label>Description:</label> - <input type="text" name="description" value="${folder.description}" size="40"/> + <input type="text" name="description" value="${folder_description}" size="40"/> <div style="clear: both"></div> </div> <div class="form-row"> @@ -35,12 +41,12 @@ %else: <div class="form-row"> <label>Name:</label> - ${folder.name} + ${folder_name} <div style="clear: both"></div> </div> <div class="form-row"> <label>Description:</label> - ${folder.description} + ${folder_description} <div style="clear: both"></div> </div> %endif diff -r 952941cf17f3 -r e783e000f7c3 templates/library/common/library_info.mako --- a/templates/library/common/library_info.mako Mon Feb 15 19:12:46 2010 -0500 +++ b/templates/library/common/library_info.mako Tue Feb 16 09:44:07 2010 -0500 @@ -3,10 +3,14 @@ <%namespace file="/library/common/common.mako" import="render_template_info" /> <% + from cgi import escape if cntrller in [ 'library', 'requests' ]: can_add = trans.app.security_agent.can_add_library_item( current_user_roles, library ) can_modify = trans.app.security_agent.can_modify_library_item( current_user_roles, library ) can_manage = trans.app.security_agent.can_manage_library_item( current_user_roles, library ) + library_name = escape( str( library.name ), quote=True ) + library_description = escape( str( library.description ), quote=True ) + library_synopsis = escape( str( library.synopsis ), quote=True ) %> <br/><br/> @@ -50,14 +54,14 @@ <div class="form-row"> <label>Name:</label> <div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${library.name}" size="40"/> + <input type="text" name="name" value="${library_name}" size="40"/> </div> <div style="clear: both"></div> </div> <div class="form-row"> <label>Description:</label> <div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="description" value="${library.description}" size="40"/> + <input type="text" name="description" value="${library_description}" size="40"/> </div> <div class="toolParamHelp" style="clear: both;"> Displayed when browsing all libraries @@ -67,7 +71,7 @@ <div class="form-row"> <label>Synopsis:</label> <div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="synopsis" value="${library.synopsis}" size="40"/> + <input type="text" name="synopsis" value="${library_synopsis}" size="40"/> </div> <div class="toolParamHelp" style="clear: both;"> Displayed when browsing this library @@ -75,23 +79,23 @@ <div style="clear: both"></div> </div> <div class="form-row"> - <input type="submit" name="rename_library_button" value="Save"/> + <input type="submit" name="library_info_button" value="Save"/> </div> </form> %else: <div class="form-row"> <label>Name:</label> - ${library.name} + ${library_name} </div> <div style="clear: both"></div> <div class="form-row"> <label>Description:</label> - ${library.description} + ${library_description} </div> <div style="clear: both"></div> <div class="form-row"> <label>Synopsis:</label> - ${library.synopsis} + ${library_synopsis} </div> <div style="clear: both"></div> %endif diff -r 952941cf17f3 -r e783e000f7c3 templates/mobile/manage_library.mako --- a/templates/mobile/manage_library.mako Mon Feb 15 19:12:46 2010 -0500 +++ b/templates/mobile/manage_library.mako Tue Feb 16 09:44:07 2010 -0500 @@ -28,7 +28,14 @@ </div> <div style="clear: both"></div> </div> - <input type="submit" name="rename_library_button" value="Save"/> + <div class="form-row"> + <label>Synopsis:</label> + <div style="float: left; width: 250px; margin-right: 10px;"> + <input type="text" name="synopsis" value="${library.synopsis}" size="40"/> + </div> + <div style="clear: both"></div> + </div> + <input type="submit" name="library_info_button" value="Save"/> </form> </div> </div> @@ -36,14 +43,21 @@ %else: <div class="toolForm"> <div class="toolFormTitle">View information about ${library.name}</div> - <div class="toolFormBody"> - <div class="form-row"> - <b>Name:</b> ${library.name} - <div style="clear: both"></div> - <b>Info:</b> ${library.description} - <div style="clear: both"></div> - </div> + <div class="form-row"> + <label>Name:</label> + ${library.name} </div> + <div style="clear: both"></div> + <div class="form-row"> + <label>Description:</label> + ${library.description} + </div> + <div style="clear: both"></div> + <div class="form-row"> + <label>Synopsis:</label> + ${library.synopsis} + </div> + <div style="clear: both"></div> <div class="toolForm"> ${render_template_info( 'mobile', library, library.id, 'library' )} </div> diff -r 952941cf17f3 -r e783e000f7c3 test/base/twilltestcase.py --- a/test/base/twilltestcase.py Mon Feb 15 19:12:46 2010 -0500 +++ b/test/base/twilltestcase.py Tue Feb 16 09:44:07 2010 -0500 @@ -1390,7 +1390,7 @@ self.visit_url( "%s/library_common/library_info?id=%s&cntrller=%s" % ( self.url, library_id, controller ) ) self.check_page_for_string( old_name ) # Since twill barfs on the form submisson, we ar forced to simulate it - url = "%s/library_common/library_info?id=%s&cntrller=%s&rename_library_button=Save&description=%s&name=%s&synopsis=%s" % \ + url = "%s/library_common/library_info?id=%s&cntrller=%s&library_info_button=Save&description=%s&name=%s&synopsis=%s" % \ ( self.url, library_id, controller, description.replace( ' ', '+' ), name.replace( ' ', '+' ), synopsis.replace( ' ', '+' ) ) self.home() self.visit_url( url )