080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTables/wikiTrack.c src/hg/hgTables/wikiTrack.c
index 555991b..cc8fca9 100644
--- src/hg/hgTables/wikiTrack.c
+++ src/hg/hgTables/wikiTrack.c
@@ -69,35 +69,35 @@
 /* Get the wikiTrack items passing filter on a single region. */
 {
 struct bed *bed;
 
 int fieldCount = 6;
 char query[512];
 int rowOffset;
 char **row;
 struct sqlConnection *wikiConn = wikiConnect();
 struct sqlResult *sr = NULL;
 char where[512];
 
 char *filter = filterClause(wikiDbName(), WIKI_TRACK_TABLE, region->chrom, NULL);
 
 if (filter)
-    safef(where, sizeof(where), "db='%s' AND %s", database, filter);
+    sqlSafefFrag(where, sizeof(where), "db='%s' AND %-s", database, filter);
 else
-    safef(where, sizeof(where), "db='%s'", database);
+    sqlSafefFrag(where, sizeof(where), "db='%s'", database);
 
-safef(query, sizeof(query), "select * from %s", WIKI_TRACK_TABLE);
+sqlSafef(query, sizeof(query), "select * from %s", WIKI_TRACK_TABLE);
 sr = hRangeQuery(wikiConn, WIKI_TRACK_TABLE, region->chrom,
     region->start, region->end, where, &rowOffset);
 
 while ((row = sqlNextRow(sr)) != NULL)
     {
     bed = bedLoadN(row+rowOffset, fieldCount);
     if ((idHash == NULL || hashLookup(idHash, bed->name)) &&
 	(bf == NULL || bedFilterOne(bf, bed)))
 	{
 	struct bed *copy = lmCloneBed(bed, lm);
 	slAddHead(pBedList, copy);
 	}
     }
 sqlFreeResult(&sr);
 wikiDisconnect(&wikiConn);