080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgGene/links.c src/hg/hgGene/links.c index 9ad5497..2df2ebf 100644 --- src/hg/hgGene/links.c +++ src/hg/hgGene/links.c @@ -138,31 +138,31 @@ } if (sameString(link->name, "tbSchema")) { char *geneTable = genomeSetting("knownGene"); struct trackDb *tdb = hTrackDbForTrack(sqlGetDatabase(conn), geneTable); struct dyString *dy = NULL; if (tdb == NULL) return NULL; dy = newDyString(256); dyStringPrintf(dy, link->url, tdb->grp, geneTable, geneTable); trackDbFree(&tdb); addLinkExtras(link, dy); return dyStringCannibalize(&dy); } geneId = cloneAndCut(geneId, link->preCutAt); -safef(query, sizeof(query), link->idSql, geneId); +sqlSafef(query, sizeof(query), link->idSql, geneId); sr = sqlGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL && row[0][0] != 0) /* If not null or empty */ { struct dyString *dy = newDyString(0); char *name = cloneAndCut(row[0], link->postCutAt); dyStringPrintf(dy, link->url, name, row[1], row[2], row[3]); addLinkExtras(link, dy); url = dyStringCannibalize(&dy); freez(&name); } sqlFreeResult(&sr); freeMem(geneId); return url; @@ -171,31 +171,31 @@ char *linkGetName(struct link *link, struct sqlConnection *conn, char *geneId) /* Return name string if possible or NULL if not. */ { char *nameSql = link->nameSql; char *format = link->nameFormat; char query[512]; struct sqlResult *sr; char **row; char *name = NULL; if (nameSql == NULL) nameSql = link->idSql; if (format == NULL) format = "%s"; -safef(query, sizeof(query), nameSql, geneId); +sqlSafef(query, sizeof(query), nameSql, geneId); sr = sqlGetResult(conn, query); row = sqlNextRow(sr); if (row != NULL) { char buf[256]; safef(buf, sizeof(buf), format, row[0], row[1], row[2]); name = cloneString(buf); } sqlFreeResult(&sr); return name; } static boolean linksExists(struct section *section, struct sqlConnection *conn, char *geneId) /* Return TRUE if necessary database exists and has something