080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgSpeciesRna/hgSpeciesRna.c src/hg/hgSpeciesRna/hgSpeciesRna.c index 0d95b3a..fad6e1f 100644 --- src/hg/hgSpeciesRna/hgSpeciesRna.c +++ src/hg/hgSpeciesRna/hgSpeciesRna.c @@ -45,36 +45,36 @@ if (filter != NULL) { lf = lineFileOpen(filter, TRUE); while (lineFileNext(lf, &line, NULL)) { char *name = nextWord(&line); if (name == NULL) errAbort("bad line %d of %s", lf->lineIx, lf->fileName); hashStoreName(filterHash, name); } lineFileClose(&lf); } if (optionExists("est")) type = "EST"; conn = hAllocConn(database); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select id from organism where name = '%s %s'", genus, species); taxon = sqlQuickNum(conn, query); if (taxon <= 0) errAbort("Can't find taxon for %s %s", genus, species); -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select acc from gbCdnaInfo where organism=%d and type='%s'", taxon, type); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { struct dnaSeq *seq = NULL; if ( filter == NULL || hashLookup(filterHash, row[0]) != NULL) { seq = hGenBankGetMrna(database, row[0], NULL); faWriteNext(f, seq->name, seq->dna, seq->size); dnaSeqFree(&seq); } } carefulClose(&f); }