080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgGene/rnaStructure.c src/hg/hgGene/rnaStructure.c index 54db3a6..cf0a295 100644 --- src/hg/hgGene/rnaStructure.c +++ src/hg/hgGene/rnaStructure.c @@ -46,31 +46,31 @@ rnaTrashDirsInit(tables, ArraySize(tables)); firstTime = FALSE; } webPrintLinkTableStart(); webPrintLabelCell("Region"); webPrintLabelCell("Fold Energy"); webPrintLabelCell("Bases"); webPrintLabelCell("Energy/Base"); webPrintWideCenteredLabelCell("Display As", 3); for (side = 0; side < ArraySize(names); ++side) { char *table = tables[side]; struct sqlResult *sr; char query[256], **row; - safef(query, sizeof(query), "select * from %s where name = '%s'", + sqlSafef(query, sizeof(query), "select * from %s where name = '%s'", table, geneId); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { struct rnaFold fold; int bases; char psName[128]; /* Load fold and save it as postScript. */ rnaFoldStaticLoad(row, &fold); safef(psName, sizeof(psName), "../trash/%s/%s_%s.ps", table, table, geneId); if (!fileExists(psName)) { FILE *f; f = popen("../cgi-bin/RNAplot", "w"); @@ -144,31 +144,31 @@ if (section != NULL) { section->exists = rnaStructureExists; section->print = rnaStructurePrint; } return section; } struct rnaFold *loadFold(struct sqlConnection *conn, char *table, char *name) /* Load named fold from table. */ { struct rnaFold *fold = NULL; struct sqlResult *sr; char query[256], **row; -safef(query, sizeof(query), "select * from %s where name = '%s'", +sqlSafef(query, sizeof(query), "select * from %s where name = '%s'", table, name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) fold = rnaFoldLoad(row); sqlFreeResult(&sr); return fold; } void doRnaFoldDisplay(struct sqlConnection *conn, char *geneId, char *geneName) /* Show RNA folding somehow. */ { char *table = cartString(cart, hggMrnaFoldRegion); char *how = cartString(cart, hggDoRnaFoldDisplay); struct rnaFold *fold = loadFold(conn, table, geneId);