080a160c7b9595d516c9c70e83689a09b60839d0
galt
Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgGene/pathways.c src/hg/hgGene/pathways.c
index eb6eed0..7f5114b 100644
--- src/hg/hgGene/pathways.c
+++ src/hg/hgGene/pathways.c
@@ -24,121 +24,121 @@
void (*printLinks)(struct pathwayLink *pl,
struct sqlConnection *conn, char *geneId);
/* Print out links. */
};
static void keggLink(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Print out kegg database link. */
{
char query[512], **row;
struct sqlResult *sr;
if (isRgdGene(conn))
{
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select distinct k.locusID, k.mapID, keggMapDesc.description"
" from rgdGene2KeggPathway k, keggMapDesc, rgdGene2 x"
" where k.rgdId=x.name "
" and x.name='%s'"
" and k.mapID = keggMapDesc.mapID"
, geneId);
}
else
{
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select k.locusID, k.mapID, keggMapDesc.description"
" from keggPathway k, keggMapDesc, kgXref x"
" where k.kgID=x.kgId "
" and x.kgID='%s'"
" and k.mapID = keggMapDesc.mapID"
, geneId);
}
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
{
hPrintf("",
row[1], row[0]);
hPrintf("%s - %s
", row[1], row[2]);
}
sqlFreeResult(&sr);
}
static int keggCount(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Count up number of hits. */
{
char query[256];
if (!isRgdGene(conn))
{
- safef(query, sizeof(query),
+ sqlSafef(query, sizeof(query),
"select count(*) from keggPathway k, kgXref x where k.kgID=x.kgId and x.kgId='%s'", geneId);
}
else
{
- safef(query, sizeof(query),
+ sqlSafef(query, sizeof(query),
"select count(*) from rgdGene2KeggPathway k, rgdGene2 x where k.rgdId=x.name and x.name='%s'", geneId);
}
return sqlQuickNum(conn, query);
}
static void bioCycLink(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Print out bioCyc database link. */
{
char query[512], **row;
struct sqlResult *sr;
char *oldMapId = cloneString("");
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select bioCycPathway.mapId,description"
" from bioCycPathway,bioCycMapDesc"
" where bioCycPathway.kgId='%s'"
" and bioCycPathway.mapId = bioCycMapDesc.mapId order by bioCycPathway.mapId"
, geneId);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
{
/* only print new ones */
if (!sameWord(oldMapId, row[0]))
{
hPrintf("",
genome, row[0]);
hPrintf("%s - %s
\n", row[0], row[1]);
}
oldMapId = cloneString(row[0]);
}
sqlFreeResult(&sr);
}
static int bioCycCount(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Count up number of hits. */
{
char query[256];
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select count(*) from bioCycPathway where kgID='%s'", geneId);
return sqlQuickNum(conn, query);
}
static char *getCgapId(struct sqlConnection *conn)
/* Get cgap ID. */
{
char query[256];
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select cgapId from cgapAlias where alias=\"%s\"", curGeneName);
return sqlQuickString(conn, query);
}
static void reactomeLink(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
{
char condStr[255];
char *spID, *chp;
struct sqlConnection *conn2;
char query2[256];
struct sqlResult *sr2;
char **row2;
char *eventDesc;
@@ -163,124 +163,124 @@
safef(condStr, sizeof(condStr), "kgID='%s'", geneId);
spID = sqlGetField(database, "kgXref", "spID", condStr);
}
if (spID != NULL)
{
/* convert splice variant UniProt ID to its main root ID */
chp = strstr(spID, "-");
if (chp != NULL) *chp = '\0';
hPrintf(
"
Protein %s (Reactome details) participates in the following event(s):
"
, spID, spID);
conn2= hAllocConn(database);
- safef(query2,sizeof(query2),
+ sqlSafef(query2,sizeof(query2),
"select eventID, eventDesc from proteome.spReactomeEvent where spID='%s'", spID);
sr2 = sqlMustGetResult(conn2, query2);
row2 = sqlNextRow(sr2);
while (row2 != NULL)
{
eventID = row2[0];
eventDesc = row2[1];
hPrintf(
"%s %s
\n",
eventID, eventID, eventDesc);
row2 = sqlNextRow(sr2);
}
sqlFreeResult(&sr2);
hFreeConn(&conn2);
}
}
static void rgdPathwayLink(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Print out bioCarta database link. */
{
char query[512], **row;
struct sqlResult *sr;
char *rgdId = geneId;
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select x.pathwayId, description from rgdPathway p, rgdGenePathway x "
" where p.pathwayId = x.pathwayId "
" and x.geneId = '%s'"
, rgdId);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
{
hPrintf("", row[0]);
hPrintf("%s - %s
\n", row[0], row[1]);
}
sqlFreeResult(&sr);
}
static void bioCartaLink(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Print out bioCarta database link. */
{
char *cgapId = getCgapId(conn);
if (cgapId != NULL)
{
struct hash *uniqHash = newHash(8);
char query[512], **row;
struct sqlResult *sr;
- safef(query, sizeof(query),
+ sqlSafef(query, sizeof(query),
"select cgapBiocDesc.mapID,cgapBiocDesc.description "
" from cgapBiocPathway,cgapBiocDesc"
" where cgapBiocPathway.cgapID='%s'"
" and cgapBiocPathway.mapID = cgapBiocDesc.mapID"
, cgapId);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
{
char *name = row[0];
if (!hashLookup(uniqHash, name))
{
hashAdd(uniqHash, name, NULL);
hPrintf("", row[0]);
hPrintf("%s - %s
\n", row[0], row[1]);
}
}
freez(&cgapId);
hashFree(&uniqHash);
}
}
static int bioCartaCount(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Count up number of hits. */
{
int ret = 0;
char *cgapId = getCgapId(conn);
if (cgapId != NULL)
{
char query[256];
- safef(query, sizeof(query),
+ sqlSafef(query, sizeof(query),
"select count(*) from cgapBiocPathway where cgapID='%s'", cgapId);
ret = sqlQuickNum(conn, query);
freez(&cgapId);
}
return ret;
}
static int rgdPathwayCount(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Count up number of hits. */
{
char query[256];
-safef(query, sizeof(query),
+sqlSafef(query, sizeof(query),
"select count(*) from rgdGenePathway where geneId ='%s'", geneId);
return sqlQuickNum(conn, query);
}
static int reactomeCount(struct pathwayLink *pl, struct sqlConnection *conn,
char *geneId)
/* Count up number of hits. */
{
int ret = 0;
char query[256];
char *spID, *chp;
char condStr[256];
char *origSpID;
/* check the existence of kgXref table first */
if (!isRgdGene(conn))
@@ -300,37 +300,37 @@
else
{
safef(condStr, sizeof(condStr), "kgID='%s'", geneId);
spID = sqlGetField(database, "kgXref", "spID", condStr);
}
if (spID != NULL)
{
origSpID = cloneString(spID);
/* convert splice variant UniProt ID to its main root ID */
chp = strstr(spID, "-");
if (chp != NULL) *chp = '\0';
if (!isRgdGene(conn))
{
- safef(query, sizeof(query),
+ sqlSafef(query, sizeof(query),
"select count(*) from %s.spReactomeEvent, %s.spVariant, %s.kgXref where kgID='%s' and kgXref.spID=variant and variant = '%s' and spReactomeEvent.spID=parent",
PROTEOME_DB_NAME, PROTEOME_DB_NAME, database, geneId, origSpID);
}
else
{
- safef(query, sizeof(query),
+ sqlSafef(query, sizeof(query),
"select count(*) from %s.spReactomeEvent, %s.spVariant, %s.rgdGene2ToUniProt where name='%s' and value=variant and variant = '%s' and spReactomeEvent.spID=parent",
PROTEOME_DB_NAME, PROTEOME_DB_NAME, database, geneId, origSpID);
}
ret = sqlQuickNum(conn, query);
}
return ret;
}
struct pathwayLink pathwayLinks[] =
{
{ "kegg", "KEGG", "KEGG - Kyoto Encyclopedia of Genes and Genomes",
"keggPathway keggMapDesc",
keggCount, keggLink},
{ "bioCyc", "BioCyc", "BioCyc Knowledge Library",