src/hg/hgTracks/cgapSageTrack.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/cgapSageTrack.c src/hg/hgTracks/cgapSageTrack.c
index 78ec46a..20d3506 100644
--- src/hg/hgTracks/cgapSageTrack.c
+++ src/hg/hgTracks/cgapSageTrack.c
@@ -10,31 +10,31 @@
 #include "cgapSage/cgapSage.h"
 #include "cgapSage/cgapSageLib.h"
 
 static int grayIxForCgap(double tpm)
 /* Return a grayIx based on the score. */
 {
 int val = (int)ceil(tpm);
 return grayInRange(val, 0, 150);
 }
 
 static struct hash *libTissueHash(struct sqlConnection *conn)
 /* Read two columns of a table and hash em up. */
 {
 struct hash *ret = newHash(9);
 struct sqlResult *sr = NULL;
-char query[40] = "select libId,tissue from cgapSageLib";
+char query[49] = "NOSQLINJ select libId,tissue from cgapSageLib";
 char **row;
 sr = sqlGetResult(conn, query);
 while ((row = sqlNextRow(sr)) != NULL)
     hashAdd(ret, row[0], cloneString(row[1]));
 sqlFreeResult(&sr);
 return ret;
 }
 
 struct cgapSageTpmHashEl 
 /* A convenience struct for computing means. */
     {
     double total;
     long freqTotal;
     long libTotals;
     int count;
@@ -227,31 +227,31 @@
 	    lf->grayIx = grayIxForCgap(tag->tagTpms[i]);
 	    lf->extra = cloneString(link);
 	    addSimpleFeature(lf);	
 	    slAddHead(&libList, lf);
 	    }
 	}
     }
 slSort(&libList, cgapLinkedFeaturesCmp);
 slReverse(&libList);
 return libList;
 }
 
 struct hash *getTotTagsHashFromTable(struct sqlConnection *conn)
 /* Load the cgapSageLib table for the db then call getTotTagsHash. */
 {
-struct cgapSageLib *libs = cgapSageLibLoadByQuery(conn, "select * from cgapSageLib");
+struct cgapSageLib *libs = cgapSageLibLoadByQuery(conn, "NOSQLINJ select * from cgapSageLib");
 struct hash *libTotHash = getTotTagsHash(libs);
 cgapSageLibFreeList(&libs);
 return libTotHash;
 }
 
 void cgapSageLoadItems(struct track *tg)
 /* This function loads the beds in the current window into a linkedFeatures list. */
 /* Each bed entry may turn into multiple linkedFeatures because one is made for */
 /* each library at a given tag (bed). */
 {
 struct linkedFeatures *itemList = NULL;
 struct sqlConnection *conn = hAllocConn(database);
 struct hash *libHash = libTissueHash(conn);
 struct hash *libTotHash = getTotTagsHashFromTable(conn);
 struct sqlResult *sr = NULL;