41bb12bfa58ed7dc77044ad4141f7f8c0e7e9c19
chinhli
  Wed Jun 12 16:16:31 2013 -0700
feedback 11003: run user email address thru safecpy before send it to mailViaPipe().
diff --git src/hg/hgUserSuggestion/hgUserSuggestion.c src/hg/hgUserSuggestion/hgUserSuggestion.c
index 2530f54..bacdcec 100644
--- src/hg/hgUserSuggestion/hgUserSuggestion.c
+++ src/hg/hgUserSuggestion/hgUserSuggestion.c
@@ -297,40 +297,41 @@
 
 safef(subject, sizeof(subject),"%s %s", filter, suggestID);   
 int result;
 result = mailViaPipe(mailTo, subject, msg, mailFrom);
 }
 
 void sendConfirmMail(char *emailAddr, char *suggestID, char *summary, char *details)
 /* send user suggestion confirm mail */
 {
 char subject[256];
 char msg[4096];
 char *remoteAddr=getenv("REMOTE_ADDR");
 char brwName[256];
 char returnAddr[256];
 char signature[256];
+char userEmailAddr[256];
 safecpy(brwName,sizeof(brwName), browserName());
 safecpy(returnAddr,sizeof(returnAddr), mailReturnAddr());
 safecpy(signature,sizeof(signature), mailSignature());
-
+safecpy(userEmailAddr, sizeof(userEmailAddr),emailAddr);
 safef(subject, sizeof(subject),"Thank you for your suggestion to the %s", brwName);
 safef(msg, sizeof(msg),
     "  Someone (probably you, from IP address %s) submitted a suggestion to the %s regarding %s.\n\n  The suggestion has been assigned a reference number of \"%s\". If you wish to follow up on the progress of this suggestion with browser staff, you may contact us at %s. Please include the reference number of your suggestion in the email.\n\nThank you for your input,\n%s\n\nYour suggestion summary:\n%s\n\nYour suggestion details:\n%s",
 remoteAddr, brwName, summary, suggestID, returnAddr, signature, summary, details);
 int result;
-result = mailViaPipe(emailAddr, subject, msg, returnAddr);
+result = mailViaPipe(userEmailAddr, subject, msg, returnAddr);
 }
 
 void askForSuggest(char *organism, char *db)
 /* Put up the suggestion form. */
 {
 printMainForm();
 printValidateScript();
 printCheckCaptchaScript();
 printSubmitFormScript();
 //cartSaveSession(cart);
 }
 
 void  submitSuggestion()
 /* send the suggestion to ,.. */
 {