Merge pull request #3128 from mvdbeek/backport_3122_3124

[16.01] Backport #3122 #3124 - fix unescaped & in integrated_tool_panel.xml

lib/galaxy/tools/toolbox/integrated_panel.py

@@ -3,6 +3,7 @@
 import tempfile
 import time
 import traceback
+from xml.sax.saxutils import escape
 
 from .panel import ToolPanelElements
 from .panel import panel_item_types
@@ -78,7 +79,7 @@ def _write_integrated_tool_panel_config_file( self ):
                     section_id = item.id or ''
                     section_name = item.name or ''
                     section_version = item.version or ''
-                    os.write( fd, '    <section id="%s" name="%s" version="%s">\n' % ( section_id, section_name, section_version ) )
+                    os.write( fd, '    <section id="%s" name="%s" version="%s">\n' % ( escape(section_id), escape(section_name), section_version ) )
                     for section_key, section_item_type, section_item in item.panel_items_iter():
                         if section_item_type == panel_item_types.TOOL:
                             if section_item:

lib/galaxy/util/__init__.py

@@ -45,6 +45,10 @@
     docutils_html4css1 = None
 
 from xml.etree import ElementTree, ElementInclude
+try:
+    from xml.etree.ElementTree import ParseError
+except ImportError:
+    from xml.parsers.expat import ExpatError as ParseError
 
 from .inflection import Inflector, English
 inflector = Inflector(English)
@@ -184,7 +188,11 @@ class DoctypeSafeCallbackTarget( ElementTree.TreeBuilder ):
         def doctype( *args ):
             pass
     tree = ElementTree.ElementTree()
-    root = tree.parse( fname, parser=ElementTree.XMLParser( target=DoctypeSafeCallbackTarget() ) )
+    try:
+        root = tree.parse( fname, parser=ElementTree.XMLParser( target=DoctypeSafeCallbackTarget() ) )
+    except ParseError:
+        log.exception("Error parsing file %s", fname)
+        raise
     ElementInclude.include( root )
     return tree