From e4621a2a759f55659b5c631baec5e5f497e0cff1 Mon Sep 17 00:00:00 2001 From: Artem Tarasov Date: Thu, 18 Jun 2015 19:55:41 +0300 Subject: add missing line to webqtlUtil --- wqflask/utility/webqtlUtil.py | 1 + 1 file changed, 1 insertion(+) (limited to 'wqflask') diff --git a/wqflask/utility/webqtlUtil.py b/wqflask/utility/webqtlUtil.py index 4d7981d9..ab746228 100755 --- a/wqflask/utility/webqtlUtil.py +++ b/wqflask/utility/webqtlUtil.py @@ -43,6 +43,7 @@ ParInfo ={ 'BXH':['BHF1', 'HBF1', 'C57BL/6J', 'C3H/HeJ'], 'AKXD':['AKF1', 'KAF1', 'AKR/J', 'DBA/2J'], 'BXD':['B6D2F1', 'D2B6F1', 'C57BL/6J', 'DBA/2J'], +'C57BL-6JxC57BL-6NJF2':['', '', 'C57BL/6J', 'C57BL/6NJ'], 'BXD300':['B6D2F1', 'D2B6F1', 'C57BL/6J', 'DBA/2J'], 'B6BTBRF2':['B6BTBRF1', 'BTBRB6F1', 'C57BL/6J', 'BTBRT<+>tf/J'], 'BHHBF2':['B6HF2','HB6F2','C57BL/6J','C3H/HeJ'], -- cgit v1.2.3 From 45ebe51fbee7da1617b01cff7b9ab404d6ad1aa7 Mon Sep 17 00:00:00 2001 From: Artem Tarasov Date: Thu, 18 Jun 2015 20:05:49 +0300 Subject: fix all_samples_ordered move duplicated code into a method, handle the case of missing f1/f12 correctly --- wqflask/base/data_set.py | 6 ++++++ wqflask/base/trait.py | 9 +-------- wqflask/wqflask/show_trait/show_trait.py | 9 +-------- 3 files changed, 8 insertions(+), 16 deletions(-) (limited to 'wqflask') diff --git a/wqflask/base/data_set.py b/wqflask/base/data_set.py index acfee3d4..b17396e5 100755 --- a/wqflask/base/data_set.py +++ b/wqflask/base/data_set.py @@ -392,6 +392,12 @@ class DatasetGroup(object): Redis.set(key, json.dumps(self.samplelist)) Redis.expire(key, 60*5) + def all_samples_ordered(self): + result = [] + lists = (self.parlist, self.f1list, self.samplelist) + [result.extend(l) for l in lists if l] + return result + def read_genotype_file(self): '''Read genotype from .geno file instead of database''' #if self.group == 'BXD300': diff --git a/wqflask/base/trait.py b/wqflask/base/trait.py index 7f1170a9..2e0e86fb 100755 --- a/wqflask/base/trait.py +++ b/wqflask/base/trait.py @@ -251,14 +251,7 @@ class GeneralTrait(object): # Todo: is this necessary? If not remove self.data.clear() - if self.dataset.group.parlist: - all_samples_ordered = (self.dataset.group.parlist + - self.dataset.group.f1list + - self.dataset.group.samplelist) - elif self.dataset.group.f1list: - all_samples_ordered = self.dataset.group.f1list + self.dataset.group.samplelist - else: - all_samples_ordered = self.dataset.group.samplelist + all_samples_ordered = self.dataset.group.all_samples_ordered() if results: for item in results: diff --git a/wqflask/wqflask/show_trait/show_trait.py b/wqflask/wqflask/show_trait/show_trait.py index bd827086..61305e9b 100755 --- a/wqflask/wqflask/show_trait/show_trait.py +++ b/wqflask/wqflask/show_trait/show_trait.py @@ -1148,14 +1148,7 @@ class ShowTrait(object): def make_sample_lists(self, this_trait): - if self.dataset.group.parlist: - all_samples_ordered = (self.dataset.group.parlist + - self.dataset.group.f1list + - self.dataset.group.samplelist) - elif self.dataset.group.f1list: - all_samples_ordered = self.dataset.group.f1list + self.dataset.group.samplelist - else: - all_samples_ordered = list(self.dataset.group.samplelist) + all_samples_ordered = self.dataset.group.all_samples_ordered() primary_sample_names = list(all_samples_ordered) -- cgit v1.2.3 From 526fe5381a2d26dd5269553e2fa648e6827030ad Mon Sep 17 00:00:00 2001 From: Artem Tarasov Date: Thu, 18 Jun 2015 21:13:13 +0300 Subject: removed unused function --- wqflask/utility/webqtlUtil.py | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'wqflask') diff --git a/wqflask/utility/webqtlUtil.py b/wqflask/utility/webqtlUtil.py index 4d7981d9..4b3d0112 100755 --- a/wqflask/utility/webqtlUtil.py +++ b/wqflask/utility/webqtlUtil.py @@ -880,22 +880,6 @@ def cmpGenoPos(A,B): except: return 0 -#XZhou: Must use "BINARY" to enable case sensitive comparison. -def authUser(name,password,db, encrypt=None): - try: - if encrypt: - query = 'SELECT privilege, id,name,password, grpName FROM User WHERE name= BINARY \'%s\' and password= BINARY \'%s\'' % (name,password) - else: - query = 'SELECT privilege, id,name,password, grpName FROM User WHERE name= BINARY \'%s\' and password= BINARY SHA(\'%s\')' % (name,password) - db.execute(query) - records = db.fetchone() - if not records: - raise ValueError - return records#(privilege,id,name,password,grpName) - except: - return (None, None, None, None, None) - - def hasAccessToConfidentialPhenotypeTrait(privilege, userName, authorized_users): access_to_confidential_phenotype_trait = 0 if webqtlConfig.USERDICT[privilege] > webqtlConfig.USERDICT['user']: -- cgit v1.2.3 From 719b41035d721cdd5f4e0faced88534af2619980 Mon Sep 17 00:00:00 2001 From: Artem Tarasov Date: Mon, 22 Jun 2015 00:06:52 +0300 Subject: fixed a few potential security issues --- wqflask/base/data_set.py | 16 +++++++++------- wqflask/base/trait.py | 9 +++++---- 2 files changed, 14 insertions(+), 11 deletions(-) (limited to 'wqflask') diff --git a/wqflask/base/data_set.py b/wqflask/base/data_set.py index acfee3d4..14a2a388 100755 --- a/wqflask/base/data_set.py +++ b/wqflask/base/data_set.py @@ -805,11 +805,11 @@ class PhenotypeDataSet(DataSet): WHERE PublishXRef.InbredSetId = PublishFreeze.InbredSetId AND PublishData.Id = PublishXRef.DataId AND PublishXRef.Id = %s AND - PublishFreeze.Id = %d AND PublishData.StrainId = Strain.Id + PublishFreeze.Id = %s AND PublishData.StrainId = Strain.Id Order BY Strain.Name - """ % (trait, self.id) - results = g.db.execute(query).fetchall() + """ + results = g.db.execute(query, (trait, self.id)).fetchall() return results @@ -892,15 +892,17 @@ class GenotypeDataSet(DataSet): left join GenoSE on (GenoSE.DataId = GenoData.Id AND GenoSE.StrainId = GenoData.StrainId) WHERE - Geno.SpeciesId = %s AND Geno.Name = '%s' AND GenoXRef.GenoId = Geno.Id AND + Geno.SpeciesId = %s AND Geno.Name = %s AND GenoXRef.GenoId = Geno.Id AND GenoXRef.GenoFreezeId = GenoFreeze.Id AND - GenoFreeze.Name = '%s' AND + GenoFreeze.Name = %s AND GenoXRef.DataId = GenoData.Id AND GenoData.StrainId = Strain.Id Order BY Strain.Name - """ % (webqtlDatabaseFunction.retrieve_species_id(self.group.name), trait, self.name) - results = g.db.execute(query).fetchall() + """ + results = g.db.execute(query, + (webqtlDatabaseFunction.retrieve_species_id(self.group.name), + trait, self.name)).fetchall() return results diff --git a/wqflask/base/trait.py b/wqflask/base/trait.py index 7f1170a9..7689a469 100755 --- a/wqflask/base/trait.py +++ b/wqflask/base/trait.py @@ -299,6 +299,7 @@ class GeneralTrait(object): """ % (self.name, self.dataset.id) print("query is:", query) + assert self.name.isdigit() trait_info = g.db.execute(query).fetchone() #XZ, 05/08/2009: Xiaodong add this block to use ProbeSet.Id to find the probeset instead of just using ProbeSet.Name @@ -337,10 +338,10 @@ class GeneralTrait(object): trait_info = g.db.execute(query).fetchone() #print("trait_info is: ", pf(trait_info)) else: #Temp type - query = """SELECT %s FROM %s WHERE Name = %s - """ % (string.join(self.dataset.display_fields,','), - self.dataset.type, self.name) - trait_info = g.db.execute(query).fetchone() + query = """SELECT %s FROM %s WHERE Name = %s""" + trait_info = g.db.execute(query, + (string.join(self.dataset.display_fields,','), + self.dataset.type, self.name)).fetchone() if trait_info: self.haveinfo = True -- cgit v1.2.3 From a41f9323ea5b86be6d2139a927586630b222af68 Mon Sep 17 00:00:00 2001 From: Artem Tarasov Date: Mon, 22 Jun 2015 00:30:50 +0300 Subject: escape docs query --- wqflask/wqflask/docs.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'wqflask') diff --git a/wqflask/wqflask/docs.py b/wqflask/wqflask/docs.py index 07b0b81a..a8363a1f 100755 --- a/wqflask/wqflask/docs.py +++ b/wqflask/wqflask/docs.py @@ -8,9 +8,9 @@ class Docs(object): sql = """ SELECT Docs.title, Docs.content FROM Docs - WHERE Docs.entry LIKE '%s' + WHERE Docs.entry LIKE %s """ - result = g.db.execute(sql % (entry)).fetchone() + result = g.db.execute(sql, str(entry)).fetchone() self.entry = entry self.title = result[0] self.content = result[1] -- cgit v1.2.3