[BioRuby-cvs] bioruby/lib/bio/shell/rails/vendor/plugins/generators/bioruby/templates bioruby_controller.rb, 1.3, 1.4 bioruby.css, 1.3, 1.4 index.rhtml, 1.2, 1.3

Katayama Toshiaki k at dev.open-bio.org
Wed Mar 28 09:21:47 UTC 2007 

Update of /home/repository/bioruby/bioruby/lib/bio/shell/rails/vendor/plugins/generators/bioruby/templates
In directory dev.open-bio.org:/tmp/cvs-serv6033

Modified Files:
	bioruby_controller.rb bioruby.css index.rhtml 
Log Message:
* restrict evaluation access only from localhost for security purpose


Index: index.rhtml
===================================================================
RCS file: /home/repository/bioruby/bioruby/lib/bio/shell/rails/vendor/plugins/generators/bioruby/templates/index.rhtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** index.rhtml	16 Jan 2007 05:47:05 -0000	1.2
--- index.rhtml	28 Mar 2007 09:21:45 -0000	1.3
***************
*** 1,3 ****
--- 1,6 ----
  <div id="console">
+ <%- if flash[:notice] -%>
+ <div id="notice"><p><%= flash[:notice] %></p></div><br>
+ <%- end -%>
  <%= form_remote_tag(:url => {:action => "evaluate"}, :position => "top") %>
  <b>BioRuby script</b>

Index: bioruby_controller.rb
===================================================================
RCS file: /home/repository/bioruby/bioruby/lib/bio/shell/rails/vendor/plugins/generators/bioruby/templates/bioruby_controller.rb,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** bioruby_controller.rb	14 Mar 2007 19:50:14 -0000	1.3
--- bioruby_controller.rb	28 Mar 2007 09:21:45 -0000	1.4
***************
*** 20,37 ****
    ]
  
    def evaluate
!     begin
!       @script = params[:script].strip
  
!       # write out to history
!       Bio::Shell.store_history(@script)
  
!       # evaluate ruby script
!       @result = eval(@script, Bio::Shell.cache[:binding])
  
!       # *TODO* need to handle with output of print/puts/p/pp etc. here
!       @output = nil
!     rescue
!       @result = $!
        @output = nil
      end
--- 20,50 ----
    ]
  
+   SECURITY_NOTICE = "For security purposes, this functionality is only available to local requests."
+ 
+   def index
+     unless local_request?
+       flash[:notice] = SECURITY_NOTICE
+     end
+   end
+ 
    def evaluate
!     if local_request?
!       begin
!         @script = params[:script].strip
  
!         # write out to history
!         Bio::Shell.store_history(@script)
  
!         # evaluate ruby script
!         @result = eval(@script, Bio::Shell.cache[:binding])
  
!         # *TODO* need to handle with output of print/puts/p/pp etc. here
!         @output = nil
!       rescue
!         @result = $!
!         @output = nil
!       end
!     else
!       @result = SECURITY_NOTICE
        @output = nil
      end

Index: bioruby.css
===================================================================
RCS file: /home/repository/bioruby/bioruby/lib/bio/shell/rails/vendor/plugins/generators/bioruby/templates/bioruby.css,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** bioruby.css	8 Mar 2007 00:03:58 -0000	1.3
--- bioruby.css	28 Mar 2007 09:21:45 -0000	1.4
***************
*** 16,19 ****
--- 16,28 ----
  }
  
+ div#notice {
+ 	background-color: #fcc;
+ 	border: 1px solid #f00;
+ }
+ div#notice p {
+ 	margin: 0;
+ 	padding: 10px;
+ }
+ 
  pre {
  	color: #6e8377;
***************
*** 194,199 ****
--- 203,214 ----
  /* table */
  
+ table {
+ 	border: 1px solid #cccccc;
+ 	border-collapse: collapse;
+ }
+ 
  table#list_methods {
  	width: 680px;
+ 	border: none;
  }
  
***************
*** 208,211 ****
--- 223,227 ----
  }
  
+ 
  /* textarea */
  
***************
*** 214,219 ****
--- 230,237 ----
  	font-size: 100%;
  	overflow: auto;
+ 	width: 80%;
  }
  
+ 
  /* blockquote */

More information about the bioruby-cvs mailing list