char *jsStripJavascript(char *str)
/* Strip out anything that looks like javascript in html string.
This function is designed to cleanup user input (e.g. to avoid XSS attacks).
In reality, we cannot remove javascript with 100% accuracy, b/c there are many browser
specific ways of embedding javascript; see http://ha.ckers.org/xss.html for many, many examples.
Returned string should be free'ed after use. */
{
char *regExs[] = {"<script\\s*>[^<]*</script\\s*>",
"<script[^>]*>" // handles case where they have an un-closed script tag with a src attribute
};
int i;
str = cloneString(str);
for(i=0;i<ArraySize(regExs);i++)
{
char *tmp = str;
str = stripRegEx(str, regExs[i], REG_ICASE);
freeMem(tmp);
}
return str;
}
static boolean isDescriptionMatch(struct track *track, char **words, int wordCount)
// We parse str and look for every word at the start of any word in track description (i.e. google style).
{
if(words)
{
// We do NOT lookup up parent hierarchy for html descriptions.
char *html = track->tdb->html;
if(!isEmpty(html))
{
/* This probably could be made more efficient by parsing the html into some kind of b-tree, but I am assuming
that the inner html loop while only happen for 1-2 words for vast majority of the tracks. */
int i, numMatches = 0;
html = stripRegEx(html, "<[^>]*>", REG_ICASE);
for(i = 0; i < wordCount; i++)
{
char *needle = words[i];
char *haystack, *tmp = cloneString(html);
boolean found = FALSE;
while((haystack = nextWord(&tmp)))
{
char *ptr = strstrNoCase(haystack, needle);
if(ptr != NULL && ptr == haystack)
{
found = TRUE;
break;
}
}
if(found)
numMatches++;
else
break;
}
if(numMatches == wordCount)
return TRUE;
}
}
return FALSE;
}
char *menuBar(struct cart *cart)
// Return HTML for the menu bar (read from a configuration file);
// we fixup internal CGI's to add hgsid's and include the appropriate js and css files.
{
char *docRoot = hDocumentRoot();
char *menuStr, buf[4096], uiVars[128];
FILE *fd;
int len, offset, err;
char *navBarFile = "inc/globalNavBar.inc";
struct stat statBuf;
regex_t re;
regmatch_t match[2];
char *scriptName = cgiScriptName();
if (cart)
safef(uiVars, sizeof(uiVars), "%s=%u", cartSessionVarName(), cartSessionId(cart));
else
uiVars[0] = 0;
if(docRoot == NULL)
// tolerate missing docRoot (i.e. don't bother with menu when running from command line)
return NULL;
jsIncludeFile("jquery.js", NULL);
jsIncludeFile("jquery.plugins.js", NULL);
webIncludeResourceFile("nice_menu.css");
// Read in menu bar html
safef(buf, sizeof(buf), "%s/%s", docRoot, navBarFile);
fd = mustOpen(buf, "r");
fstat(fileno(fd), &statBuf);
len = statBuf.st_size;
menuStr = needMem(len + 1);
mustRead(fd, menuStr, statBuf.st_size);
menuStr[len] = 0;
carefulClose(&fd);
if (cart)
{
// fixup internal CGIs to have hgsid
safef(buf, sizeof(buf), "/cgi-bin/hg[A-Za-z]+(%c%c?)", '\\', '?');
err = regcomp(&re, buf, REG_EXTENDED);
if(err)
errAbort("regcomp failed; err: %d", err);
struct dyString *dy = newDyString(0);
for(offset = 0; offset < len && !regexec(&re, menuStr + offset, ArraySize(match), match, 0); offset += match[0].rm_eo)
{
dyStringAppendN(dy, menuStr + offset, match[0].rm_eo);
if(match[1].rm_so == match[1].rm_eo)
dyStringAppend(dy, "?");
dyStringAppend(dy, uiVars);
if(match[1].rm_so != match[1].rm_eo)
dyStringAppend(dy, "&");
}
if(offset < len)
dyStringAppend(dy, menuStr + offset);
freez(&menuStr);
menuStr = dyStringCannibalize(&dy);
}
if(!loginSystemEnabled())
stripRegEx(menuStr, "<\\!-- LOGIN_START -->.*<\\!-- LOGIN_END -->", REG_ICASE);
if(scriptName)
{ // Provide optional official mirror servers menu items
char *geoMenu = geoMirrorMenu();
char *pattern = "<!-- OPTIONAL_MIRROR_MENU -->";
char *newMenuStr = replaceChars(menuStr, pattern, geoMenu);
freez(&menuStr);
menuStr = newMenuStr;
}
if(scriptName)
{
// Provide view menu for some CGIs.
struct dyString *viewItems = dyStringCreate("");
boolean hasViewMenu = TRUE;
if (endsWith(scriptName, "hgGenome"))
{
safef(buf, sizeof(buf), "../cgi-bin/hgGenome?%s&hgGenome_doPsOutput=1", uiVars);
dyStringPrintf(viewItems, "<li><a href='%s' id='%s'>%s</a></li>\n", buf, "pdfLink", "PDF/PS");
}
else
{
hasViewMenu = FALSE;
}
if (hasViewMenu)
{
struct dyString *viewMenu = dyStringCreate("<li class='menuparent' id='view'><span>View</span>\n<ul style='display: none; visibility: hidden;'>\n");
dyStringAppend(viewMenu, viewItems->string);
dyStringAppend(viewMenu, "</ul>\n</li>\n");
menuStr = replaceChars(menuStr, "<!-- OPTIONAL_VIEW_MENU -->", viewMenu->string);
dyStringFree(&viewMenu);
}
dyStringFree(&viewItems);
}
if(scriptName)
{
// Provide context sensitive help links for some CGIs.
char *link = NULL;
char *label = NULL;
if (endsWith(scriptName, "hgBlat"))
{
link = "../goldenPath/help/hgTracksHelp.html#BLATAlign";
label = "Help on Blat";
}
else if (endsWith(scriptName, "hgHubConnect"))
{
link = "../goldenPath/help/hgTrackHubHelp.html";
label = "Help on Track Hubs";
}
else if (endsWith(scriptName, "hgNear"))
{
link = "../goldenPath/help/hgNearHelp.html";
label = "Help on Gene Sorter";
}
else if (endsWith(scriptName, "hgTables"))
{
link = "../goldenPath/help/hgTablesHelp.html";
label = "Help on Table Browser";
}
else if (endsWith(scriptName, "hgGenome"))
{
link = "../goldenPath/help/hgGenomeHelp.html";
label = "Help on Genome Graphs";
}
else if (endsWith(scriptName, "hgSession"))
{
link = "../goldenPath/help/hgSessionHelp.html";
label = "Help on Sessions";
}
else if (endsWith(scriptName, "hgVisiGene"))
{
link = "../goldenPath/help/hgTracksHelp.html#VisiGeneHelp";
label = "Help on VisiGene";
}
else if (endsWith(scriptName, "hgCustom"))
{
link = "../goldenPath/help/customTrack.html";
label = "Help on Custom Tracks";
}
// Don't overwrite any previously set defaults
if(!contextSpecificHelpLink && link)
contextSpecificHelpLink = link;
if(!contextSpecificHelpLabel && label)
contextSpecificHelpLabel = label;
}
if(contextSpecificHelpLink)
{
char buf[1024];
safef(buf, sizeof(buf), "<li><a href='%s'>%s</a></li>", contextSpecificHelpLink, contextSpecificHelpLabel);
menuStr = replaceChars(menuStr, "<!-- CONTEXT_SPECIFIC_HELP -->", buf);
}
return menuStr;
}
char *menuBar(struct cart *cart, char *db)
// Return HTML for the menu bar (read from a configuration file);
// we fixup internal CGI's to add hgsid's and include the appropriate js and css files.
//
// Note this function is also called by hgTracks which extends the menu bar
// with a View menu defined in hgTracks/menu.c
{
char *docRoot = hDocumentRoot();
char *menuStr, buf[4096], uiVars[128];
FILE *fd;
char *navBarFile = "inc/globalNavBar.inc";
struct stat statBuf;
char *scriptName = cgiScriptName();
if (cart)
safef(uiVars, sizeof(uiVars), "%s=%s", cartSessionVarName(), cartSessionId(cart));
else
uiVars[0] = 0;
if(docRoot == NULL)
// tolerate missing docRoot (i.e. don't bother with menu when running from command line)
return NULL;
jsIncludeFile("jquery.js", NULL);
jsIncludeFile("jquery.plugins.js", NULL);
webIncludeResourceFile("nice_menu.css");
// Read in menu bar html
safef(buf, sizeof(buf), "%s/%s", docRoot, navBarFile);
fd = mustOpen(buf, "r");
fstat(fileno(fd), &statBuf);
int len = statBuf.st_size;
menuStr = needMem(len + 1);
mustRead(fd, menuStr, statBuf.st_size);
menuStr[len] = 0;
carefulClose(&fd);
if (cart)
{
char *newMenuStr = menuBarAddUiVars(menuStr, "/cgi-bin/hg", uiVars);
freez(&menuStr);
menuStr = newMenuStr;
}
if(scriptName)
{
// Provide hgTables options for some CGIs.
char hgTablesOptions[1024] = "";
char *track = (cart == NULL ? NULL :
(endsWith(scriptName, "hgGene") ?
cartOptionalString(cart, "hgg_type") :
cartOptionalString(cart, "g")));
if (track && cart && db &&
(endsWith(scriptName, "hgc") || endsWith(scriptName, "hgTrackUi") ||
endsWith(scriptName, "hgGene")))
{
struct trackDb *tdb = hTrackDbForTrack(db, track);
if (tdb)
{
struct trackDb *topLevel = trackDbTopLevelSelfOrParent(tdb);
safef(hgTablesOptions, sizeof hgTablesOptions,
"../cgi-bin/hgTables?hgta_doMainPage=1&hgta_group=%s&hgta_track=%s&hgta_table=%s&",
topLevel->grp, topLevel->track, tdb->table);
menuStr = replaceChars(menuStr, "../cgi-bin/hgTables?", hgTablesOptions);
trackDbFree(&tdb);
}
}
}
if(!loginSystemEnabled())
stripRegEx(menuStr, "<\\!-- LOGIN_START -->.*<\\!-- LOGIN_END -->", REG_ICASE);
if(scriptName)
{ // Provide optional official mirror servers menu items
char *geoMenu = geoMirrorMenu();
char *pattern = "<!-- OPTIONAL_MIRROR_MENU -->";
char *newMenuStr = replaceChars(menuStr, pattern, geoMenu);
freez(&menuStr);
menuStr = newMenuStr;
}
if(scriptName)
{
// Provide view menu for some CGIs.
struct dyString *viewItems = dyStringCreate("");
boolean hasViewMenu = TRUE;
if (endsWith(scriptName, "hgGenome"))
{
safef(buf, sizeof(buf), "../cgi-bin/hgGenome?%s&hgGenome_doPsOutput=1", uiVars);
dyStringPrintf(viewItems, "<li><a href='%s' id='%s'>%s</a></li>\n", buf, "pdfLink", "PDF/PS");
}
else
{
hasViewMenu = FALSE;
}
if (hasViewMenu)
{
struct dyString *viewMenu = dyStringCreate("<li class='menuparent' id='view'><span>View</span>\n<ul style='display: none; visibility: hidden;'>\n");
dyStringAppend(viewMenu, viewItems->string);
dyStringAppend(viewMenu, "</ul>\n</li>\n");
menuStr = replaceChars(menuStr, "<!-- OPTIONAL_VIEW_MENU -->", viewMenu->string);
dyStringFree(&viewMenu);
}
else if (!endsWith(scriptName, "hgTracks"))
{
replaceChars(menuStr, "<!-- OPTIONAL_VIEW_MENU -->", "");
}
dyStringFree(&viewItems);
}
if(scriptName)
{
// Provide context sensitive help links for some CGIs.
char *link = NULL;
char *label = NULL;
if (endsWith(scriptName, "hgBlat"))
{
link = "../goldenPath/help/hgTracksHelp.html#BLATAlign";
label = "Help on Blat";
}
else if (endsWith(scriptName, "hgHubConnect"))
{
link = "../goldenPath/help/hgTrackHubHelp.html";
label = "Help on Track Hubs";
}
else if (endsWith(scriptName, "hgNear"))
{
link = "../goldenPath/help/hgNearHelp.html";
label = "Help on Gene Sorter";
}
else if (endsWith(scriptName, "hgTables"))
{
link = "../goldenPath/help/hgTablesHelp.html";
label = "Help on Table Browser";
}
else if (endsWith(scriptName, "hgGenome"))
{
link = "../goldenPath/help/hgGenomeHelp.html";
label = "Help on Genome Graphs";
}
else if (endsWith(scriptName, "hgSession"))
{
link = "../goldenPath/help/hgSessionHelp.html";
label = "Help on Sessions";
}
else if (endsWith(scriptName, "hgVisiGene"))
{
link = "../goldenPath/help/hgTracksHelp.html#VisiGeneHelp";
label = "Help on VisiGene";
}
else if (endsWith(scriptName, "hgCustom"))
{
link = "../goldenPath/help/customTrack.html";
label = "Help on Custom Tracks";
}
// Don't overwrite any previously set defaults
if(!contextSpecificHelpLink && link)
contextSpecificHelpLink = link;
if(!contextSpecificHelpLabel && label)
contextSpecificHelpLabel = label;
}
if(contextSpecificHelpLink)
{
char buf[1024];
safef(buf, sizeof(buf), "<li><a href='%s'>%s</a></li>", contextSpecificHelpLink, contextSpecificHelpLabel);
menuStr = replaceChars(menuStr, "<!-- CONTEXT_SPECIFIC_HELP -->", buf);
}
return menuStr;
}
