Skip to main content

Browse the archive

https://github.com/galaxyproject/galaxy
06 April 2024, 09:42:01 UTC
sort by:
Revision Author Date Message Commit Date
cee85ba Nate Coraor 24 February 2016, 16:18:19 UTC Security fixes for tool shed repository browsing 24 February 2016, 16:18:19 UTC
78f441b Nate Coraor 24 February 2016, 16:18:19 UTC Remove sample tracking manual external service transfer due to security concerns 24 February 2016, 16:18:19 UTC
32c910a Nate Coraor 24 February 2016, 16:18:19 UTC Security fixes for object store paths 24 February 2016, 16:18:19 UTC
3b96322 Nate Coraor 24 February 2016, 16:18:18 UTC Security fixes for history imports 24 February 2016, 16:18:18 UTC
ca123a4 Nate Coraor 24 February 2016, 16:18:18 UTC Add a safe_relpath util function for ensuring a path does not reference an absolute or parent directory 24 February 2016, 16:18:18 UTC
360a6ad Björn Grüning 21 August 2015, 18:28:25 UTC Merge pull request #634 from nsoranzo/release_14.10 [14.10] Backport tool lineage fix. 21 August 2015, 18:28:25 UTC
85c9712 Nicola Soranzo 12 August 2015, 17:25:40 UTC Remove existing wrong tool version associations in ToolVersionManager.handle_tool_versions() . Fix #552. To fix a tool with a wrong lineage, click on "Set tool versions" on the "Repository Actions" menu. 21 August 2015, 17:51:24 UTC
cbae8fa Nate Coraor 12 August 2015, 20:43:52 UTC Fix an XSS reflection vulnerability on the workflow import form. 12 August 2015, 20:43:52 UTC
0972c14 Dannon Baker 01 May 2015, 19:26:06 UTC Merge pull request #199 from dannon/release_14.10 [STABLE] Import safe_dumps from galaxy_utils to properly set metadata for interva... 01 May 2015, 19:26:06 UTC
5f2c364 Marius van den Beek 30 April 2015, 17:39:23 UTC Import safe_dumps from galaxy_utils to properly set metadata for interval files. 01 May 2015, 18:59:39 UTC
1029356 Daniel Blankenberg 22 April 2015, 18:40:55 UTC Fix for abitrary code execution in the ToolShed when uploaded tools reference a <code file=...>. Release 14.08..15.01 version 22 April 2015, 18:40:55 UTC
e16e57c John Chilton 30 March 2015, 18:07:14 UTC Merge pull request #54 from martenson/release_14.10-fix-paramget-default [STABLE] [14.10] fix missing defaults for get() 30 March 2015, 18:07:14 UTC
69b68c0 Martin Cech 30 March 2015, 17:08:32 UTC fix missing defaults for get() params class override the method and force default to be included 30 March 2015, 17:08:32 UTC
c17a9e5 Dannon Baker 12 February 2015, 13:28:37 UTC Fix path manipulation during fetch_eggs. This getting an external version of pkg_resources (and not ours in lib/) is what is causing the weird egg fetching errors. Newer versions of pkg_resources create a mangled distribution string for some eggs with nonstandard version identifiers. 05 March 2015, 14:57:01 UTC
48d5823 Dannon Baker 23 February 2015, 16:26:42 UTC Clone .gitignore 23 February 2015, 16:26:42 UTC
ed0e764 John Chilton 15 January 2015, 21:01:35 UTC Bugfix: Skip extra wrapping around template-style macros. 15 January 2015, 21:01:35 UTC
7f62891 Daniel Blankenberg 14 January 2015, 22:07:54 UTC Make DatasetListWrapper and DatasetCollectionWrapper subclasses of ToolParameterValueWrapper. 14 January 2015, 22:07:54 UTC
50d65f4 Daniel Blankenberg 13 January 2015, 15:27:49 UTC Fix a critical security vulnerability where unsanitized user-modifiable values could be included in a command line template. 13 January 2015, 15:27:49 UTC
65ef16f Martin Cech 05 January 2015, 21:53:57 UTC Merged in jmchilton/galaxy-central-fork-1/stable (pull request #620) [STABLE] Don't choke on tool versions switches with significant parameter changes. 05 January 2015, 21:53:57 UTC
fc04d37 Nate Coraor 05 January 2015, 14:00:18 UTC Update tag latest_2014.10.06 for changeset 793d9cd5f9de 05 January 2015, 14:00:18 UTC
f01ae9f John Chilton 27 December 2014, 22:30:59 UTC Fixes for over escaping in c2bed0a. Fixes dozens of tool functional tests. 27 December 2014, 22:30:59 UTC
269e243 John Chilton 18 December 2014, 14:47:08 UTC Don't choke on tool versions switches with significant parameter changes. Just regenerate the tool state from the supplied parameters instead - seems to still perserve parameters on the tool form that are common between the versions because they are coming in throuh kwd. 18 December 2014, 14:47:08 UTC
c1f421d Nate Coraor 17 December 2014, 14:00:15 UTC Update tag latest_2014.10.06 for changeset 5834b1066462 17 December 2014, 14:00:15 UTC
24012f7 Dave Bouvier 16 December 2014, 20:00:50 UTC Reduce minimum length of repository names from 4 characters to 2. 16 December 2014, 20:00:50 UTC
75da622 Nate Coraor 16 December 2014, 14:00:19 UTC Update tag latest_2014.10.06 for changeset 7086b87d83a9 16 December 2014, 14:00:19 UTC
c7ebf7d Dannon Baker 16 December 2014, 06:31:43 UTC Merged in dan/galaxy-central-prs/stable (pull request #613) [STABLE] Do not |h escape tool dependency error message, as it is escaped and formated by tool_shed.util.basic_util.to_html_string 16 December 2014, 06:31:43 UTC
095e417 Daniel Blankenberg 15 December 2014, 22:01:07 UTC Do not |h escape tool dependency error message, as it is escaped and formated by tool_shed.util.basic_util.to_html_string 15 December 2014, 22:01:07 UTC
8ba4e90 Nate Coraor 12 December 2014, 21:00:13 UTC Update tag latest_2014.10.06 for changeset db9561875903 12 December 2014, 21:00:13 UTC
72f3453 Dave Bouvier 12 December 2014, 16:30:27 UTC Back out 15716:77528372d36c, which breaks library creation success message. 12 December 2014, 16:30:27 UTC
f286d3d Nate Coraor 12 December 2014, 14:00:15 UTC Update tag latest_2014.10.06 for changeset e416697be38e 12 December 2014, 14:00:15 UTC
009628d Martin Cech 11 December 2014, 18:08:35 UTC Merged in davebgx/galaxy-central/stable (pull request #606) [STABLE] Escape instances of message passed in through kwd before pushing them back out to mako. 11 December 2014, 18:08:35 UTC
245418f Martin Cech 11 December 2014, 18:01:22 UTC Merged in martenson/galaxy-central-marten/stable (pull request #599) [STABLE] encode dataset, ldda, folder and library IDs properly in some more places 11 December 2014, 18:01:22 UTC
bf014b2 Dave Bouvier 11 December 2014, 16:39:50 UTC One message was left unescaped. 11 December 2014, 16:39:50 UTC
766e8ff Dave Bouvier 11 December 2014, 16:36:55 UTC Also escape repository names, just in case. 11 December 2014, 16:36:55 UTC
0b29252 Dave Bouvier 11 December 2014, 16:10:30 UTC Escape messages passed in through kwd. 11 December 2014, 16:10:30 UTC
b0827d8 Dannon Baker 11 December 2014, 14:50:35 UTC Merged in davebgx/galaxy-central/stable (pull request #603) [STABLE] Escape anything that could be user input in my assigned mako templates, add markupsafe.escape to username and email in users API controller. 11 December 2014, 14:50:35 UTC
6d171f9 Nate Coraor 11 December 2014, 14:00:20 UTC Update tag latest_2014.10.06 for changeset 212e1d5e9be5 11 December 2014, 14:00:20 UTC
db2e802 Martin Cech 10 December 2014, 23:28:45 UTC Merge 10 December 2014, 23:28:45 UTC
3457cea Dave Bouvier 10 December 2014, 17:49:42 UTC Revert html escaping in API controller, per input on pull request. 10 December 2014, 17:49:42 UTC
c8e7f46 John Chilton 10 December 2014, 17:20:55 UTC Merged in dannon/galaxy-central/stable (pull request #602) [STABLE] Force sanitization of form.title and form.name. Header needs more digging; we actually use html content in the field. 10 December 2014, 17:20:55 UTC
69ff467 Dave Bouvier 10 December 2014, 16:31:21 UTC Escape anything that could be user input in mako templates, add markupsafe.escape to username and email in users API controller. 10 December 2014, 16:31:21 UTC
277c47f Dannon Baker 09 December 2014, 20:44:08 UTC Additionally sanitize form input fields (label, name, etc.) 09 December 2014, 20:44:08 UTC
59ef82e Dannon Baker 09 December 2014, 19:46:03 UTC Force sanitization of form.title and form.name. Header needs more digging; we actually use html content in the field. 09 December 2014, 19:46:03 UTC
9dddf84 Nate Coraor 09 December 2014, 19:00:15 UTC Update tag latest_2014.10.06 for changeset 3e7adbbe91a0 09 December 2014, 19:00:15 UTC
89ba08e Martin Cech 09 December 2014, 18:41:41 UTC Merge 09 December 2014, 18:41:41 UTC
b0d0245 John Chilton 09 December 2014, 14:31:53 UTC Merged in dannon/galaxy-central/stable (pull request #596) [STABLE] Grafts of next-stable commits for security release. 09 December 2014, 14:31:53 UTC
1add607 Nate Coraor 09 December 2014, 14:00:15 UTC Update tag latest_2014.10.06 for changeset 782cf1a1f6b5 09 December 2014, 14:00:15 UTC
ebdbda1 Dannon Baker 08 December 2014, 22:16:21 UTC One more place we shouldn't trust user_email. 08 December 2014, 22:16:21 UTC
9085fde Martin Cech 08 December 2014, 22:10:20 UTC Merge 08 December 2014, 22:10:20 UTC
6efd00a Dannon Baker 08 December 2014, 22:06:25 UTC Merged in carlfeberhard/carlfeberhard-galaxy-central-stable/stable (pull request #600) [STABLE] Fix to 04a072e to use the correct mako method in the masthead. 08 December 2014, 22:06:25 UTC
4a7156d Carl Eberhard 08 December 2014, 21:47:33 UTC Fix to 04a072e: use proper mako dict method instead of printing json string 08 December 2014, 21:47:33 UTC
9177dd4 Martin Cech 08 December 2014, 21:27:18 UTC typo in escaping 08 December 2014, 21:27:18 UTC
b2012a8 Martin Cech 08 December 2014, 21:02:12 UTC encode dataset, ldda, folder and library IDs properly in some more places 08 December 2014, 21:02:12 UTC
aa65483 Dannon Baker 08 December 2014, 20:22:53 UTC Merged in dan/galaxy-central-prs/stable (pull request #597) [STABLE] HTML escape user-settable values in Data Libraries. Update tests to reflect that e.g. quotes are now html escaped within pages. Eliminate the unnecessary use of Params() object for these controllers. 08 December 2014, 20:22:53 UTC
3453ac9 Dannon Baker 08 December 2014, 19:11:14 UTC Merged in guerler/guerler-galaxy-central/stable (pull request #598) Security fixes for assigned templates 08 December 2014, 19:11:14 UTC
c9dae2a Aysam Guerler 08 December 2014, 19:00:57 UTC Use h instead of escape for sanitization 08 December 2014, 19:00:57 UTC
b219af0 Daniel Blankenberg 08 December 2014, 17:27:48 UTC HTML escape user-settable values in Data Libraries. Update tests to reflect that e.g. quotes are now html escaped within pages. Eliminate the unnecessary use of Params() object for these controllers. 08 December 2014, 17:27:48 UTC
ff1c26f Dannon Baker 08 December 2014, 16:44:52 UTC Merged in carlfeberhard/carlfeberhard-galaxy-central-stable/stable (pull request #594) [STABLE] Next-stable security fixes to stable. 08 December 2014, 16:44:52 UTC
207a2d7 John Chilton 08 December 2014, 16:11:26 UTC More sanitization related to sharing objects. 08 December 2014, 16:11:26 UTC
bb86c98 John Chilton 08 December 2014, 16:11:26 UTC Sanitize user generated values in tool_executed.mako. 08 December 2014, 16:11:26 UTC
db1e0de John Chilton 08 December 2014, 16:11:26 UTC More sanitization of tool ids during tool related activities. 08 December 2014, 16:11:26 UTC
1c7f48b John Chilton 08 December 2014, 16:11:26 UTC Sanitize error message when unsharing history. 08 December 2014, 16:11:26 UTC
4cd139a John Chilton 08 December 2014, 16:11:26 UTC Some comments to clarify working santization. 08 December 2014, 16:11:26 UTC
84f094d John Chilton 08 December 2014, 16:11:26 UTC One last fix for workflow/list.mako. 08 December 2014, 16:11:26 UTC
3963955 John Chilton 08 December 2014, 16:11:26 UTC Sanitize user e-mail in workflow sharing actions. 08 December 2014, 16:11:26 UTC
1d0a7c1 John Chilton 08 December 2014, 16:11:26 UTC Sanitization for workflows_for_run.mako. 08 December 2014, 16:11:26 UTC
656f058 John Chilton 08 December 2014, 16:11:26 UTC Sanitize values in switching data parameter form. 08 December 2014, 16:11:26 UTC
7391d1b John Chilton 08 December 2014, 16:11:26 UTC Sanitize workflow and dataset names in run_complete.mako. 08 December 2014, 16:11:26 UTC
c66b64e John Chilton 08 December 2014, 16:11:26 UTC Sanitize workflow names in tool menu. 08 December 2014, 16:11:26 UTC
034d890 John Chilton 08 December 2014, 16:11:26 UTC Sanitize all values in configure_menu.mako. 08 December 2014, 16:11:26 UTC
fdc227b John Chilton 08 December 2014, 16:11:25 UTC More workflow template sanitization during rename, copy, delete. 08 December 2014, 16:11:25 UTC
540ca4f John Chilton 08 December 2014, 16:11:25 UTC Sanitize incoming workflow annotations during imports. 08 December 2014, 16:11:25 UTC
8f3d4e1 John Chilton 08 December 2014, 16:11:25 UTC Sanitize workflow name and tool ids when running workflow with missing tools. 08 December 2014, 16:11:25 UTC
688613b John Chilton 08 December 2014, 16:11:25 UTC More sanitizing of workflow name and tool information during import. 08 December 2014, 16:11:25 UTC
1450e07 John Chilton 08 December 2014, 16:11:25 UTC More sanitization while handling fields from an imported workflow. 08 December 2014, 16:11:25 UTC
36a1222 John Chilton 08 December 2014, 16:11:25 UTC Sanitize tool id, name, and version during workflow import. 08 December 2014, 16:11:25 UTC
c794299 John Chilton 08 December 2014, 16:11:25 UTC Sanitize workflow name in myexperiment export. On the off chance that XML file ever gets interpreted as HTML. Shouldn't hurt anything for well behaved workflow names. 08 December 2014, 16:11:25 UTC
373516c John Chilton 08 December 2014, 16:11:25 UTC Sanitize workflow name in message when extracting workflow from history. 08 December 2014, 16:11:25 UTC
fec116c John Chilton 08 December 2014, 16:11:25 UTC More sanitization in workflow display.mako. 08 December 2014, 16:11:25 UTC
683ed19 John Chilton 08 December 2014, 16:11:25 UTC Sanitize workflow run.mako parameters not sanitized by tooling code. 08 December 2014, 16:11:25 UTC
c8a71c7 John Chilton 08 December 2014, 16:11:25 UTC Sanitize display of workflow parameters in workflow run.mako. 08 December 2014, 16:11:25 UTC
f2024d6 John Chilton 08 December 2014, 16:11:25 UTC Sanitize workflow and input dataset names in workflow run.mako. 08 December 2014, 16:11:25 UTC
ea49e2f Nate Coraor 05 December 2014, 21:00:16 UTC Update tag latest_2014.10.06 for changeset 8e45b1cefba1 05 December 2014, 21:00:16 UTC
ed8fcdb John Chilton 05 December 2014, 16:57:27 UTC Merged in martenson/galaxy-central-marten/stable (pull request #592) [STABLE] disable mobile version of the website 05 December 2014, 16:57:27 UTC
fc6e7b0 Martin Cech 05 December 2014, 16:54:22 UTC Merged in natefoo/galaxy-central/stable (pull request #588) [STABLE] XSS fixes for remaining user templates and a few other security fixes 05 December 2014, 16:54:22 UTC
d642727 Martin Cech 05 December 2014, 16:49:14 UTC Merged in dan/galaxy-central-prs/stable (pull request #593) [STABLE] Some web sanitization for Data Managers and Biostar redirect. 05 December 2014, 16:49:14 UTC
902d961 Daniel Blankenberg 04 December 2014, 21:14:28 UTC Some web sanitization for Data Managers and Biostar redirect. 04 December 2014, 21:14:28 UTC
77cf30a Dannon Baker 04 December 2014, 20:27:19 UTC Disable search interface for right now -- I made it not broken in the previous commit, but nobody should be using this yet. 04 December 2014, 20:27:19 UTC
dcee482 Dannon Baker 04 December 2014, 20:23:35 UTC Fix search to work for at least datasets, hdas, etc. 04 December 2014, 20:23:35 UTC
daf3cc7 Dannon Baker 04 December 2014, 18:10:37 UTC Catch ValueError and actually log it instead of blowing up w/ invalid dataset_id. Raise httpexception. 04 December 2014, 18:10:37 UTC
4c5f4e6 Dannon Baker 04 December 2014, 17:05:07 UTC Don't trust user email rendered into page unescaped for Raven. 04 December 2014, 17:05:07 UTC
b99e462 Martin Cech 04 December 2014, 17:00:38 UTC Mobile version of galaxy at /mobile can't be navigated (many dead links etc.), the templates/controllers are completely unescaped so I am disabling it completely for now, until we fix or remove it. Redirect to index from every used URL. 04 December 2014, 17:00:38 UTC
5c367df Dannon Baker 04 December 2014, 16:51:46 UTC Remove unused cloud/run.mako; all functionality is rolled into cloud/index. 04 December 2014, 16:51:46 UTC
e763ca5 Nate Coraor 04 December 2014, 16:00:22 UTC Update tag latest_2014.10.06 for changeset 9c482e1d9b3c 04 December 2014, 16:00:22 UTC
ef9d1fe Daniel Blankenberg 03 December 2014, 21:52:56 UTC Fix for DynamicOptions AdditionalValueFilter when columns have not been assigned and to give value preference over name. 03 December 2014, 21:52:56 UTC
6c38d0f Nate Coraor 04 December 2014, 14:20:19 UTC Merged in dan/galaxy-central-prs/stable (pull request #584) [STABLE] DatasetMatcher should check to see if hda is of the correct format before attempting to filter on e.g. metadata attributes (that may not exist for a non-expected format). 04 December 2014, 14:20:19 UTC
119ff96 Nate Coraor 04 December 2014, 14:00:18 UTC Update tag latest_2014.10.06 for changeset 0e663285c743 04 December 2014, 14:00:18 UTC
8715900 Nate Coraor 03 December 2014, 20:57:58 UTC Remaining user function template XSS cleanup. Also fix login redirection security in the OpenID methods. 03 December 2014, 20:57:58 UTC
497c7fc Dannon Baker 03 December 2014, 19:15:51 UTC Merged in martenson/galaxy-central-marten/stable (pull request #585) [STABLE] propagate the commit of 795336f22d8b94b86256b1d4738ee1bf24e18b57 that is already in next-stable to the stable 03 December 2014, 19:15:51 UTC
d269f54 Nate Coraor 03 December 2014, 19:00:28 UTC Update tag latest_2014.10.06 for changeset 546ff6ef27b4 03 December 2014, 19:00:28 UTC
back to top