080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGateway/hgGateway.c src/hg/hgGateway/hgGateway.c
index 968b90a..10c8c06 100644
--- src/hg/hgGateway/hgGateway.c
+++ src/hg/hgGateway/hgGateway.c
@@ -294,31 +294,31 @@
     //fprintf(stderr, "GALT redirectCookie=%s redirect=%s\n", 
             //redirectCookie, redirect); fflush(stderr); // DEBUG REMOVE
 
     if (redirect == NULL && redirectCookie == NULL)
         {
         int thisNode = sqlUnsigned(thisNodeStr);
         struct sqlConnection *centralConn = hConnectCentral();
         char *ipStr = cgiRemoteAddr();
         int node = defaultNode(centralConn, ipStr);
 
         // get location of redirect node
         if (thisNode != node)
             {
 	    char *geoSuffix = cfgOptionDefault("browser.geoSuffix","");
             char query[1056];
-            safef(query, sizeof query, "select domain from gbNode%s where node = %d", geoSuffix, node);
+            sqlSafef(query, sizeof query, "select domain from gbNode%s where node = %d", geoSuffix, node);
             char *newDomain = sqlQuickString(centralConn, query);
             //fprintf(stderr, "GALT newDomain=%s\n", newDomain); fflush(stderr); // DEBUG REMOVE
             char *oldDomain = cgiServerName();
             char *port = cgiServerPort();
             char *uri = cgiRequestUri();
             char *sep = strchr(uri, '?') ? "&" : "?";
             int newUriSize = strlen(uri) + 1024;
             char *newUri = needMem(newUriSize);
             // TODO what about https?
             safef(newUri, newUriSize, "http://%s:%s%s%sredirect=auto&source=%s", newDomain, port, uri, sep, oldDomain);
             struct dyString *dy = dyStringNew(256);
             dyStringPrintf(dy,
                            "HTTP/1.1 302 found: \n"
                            "Content-Type: text/html; charset=iso-8859-1\n"
                            "Connection: close\n"