080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgTracks/cutterTrack.c src/hg/hgTracks/cutterTrack.c index 6b7c046..9b1a559 100644 --- src/hg/hgTracks/cutterTrack.c +++ src/hg/hgTracks/cutterTrack.c @@ -27,31 +27,31 @@ w = 1; y += (heightPer >> 1) - 1; if (color) { struct sqlConnection *conn = hAllocConn("hgFixed"); struct cutter *cut; char query[80]; char strand = bed->strand[0]; char *s = bed->name; int letterWidth, cuts[4]; int tickHeight = (heightPer>>1) - 1, tickWidth = 2; int i, xH; Color baseHighlight = getBlueColor(); baseHighlight = lighterColor(hvg, baseHighlight); - safef(query, sizeof(query), "select * from cutters where name=\'%s\'", s); + sqlSafef(query, sizeof(query), "select * from cutters where name=\'%s\'", s); cut = cutterLoadByQuery(conn, query); letterWidth = round(((double)w)/cut->size); cuts[0] = x1 + cut->cut * letterWidth; cuts[1] = cuts[0] + cut->overhang * letterWidth; cuts[2] = x2 - (cut->cut * letterWidth); cuts[3] = cuts[2] - cut->overhang * letterWidth; for (i = 0; i < 4; i++) { if (cuts[i] < x1) cuts[i] = x1; else if (cuts[i] >= x2) cuts[i] = x2 - tickWidth; } if (strand == '+') { @@ -88,31 +88,31 @@ hFreeConn(&conn); cutterFree(&cut); } } } void cuttersLoad(struct track *tg) { struct sqlConnection *conn; struct cutter *cutters; struct dnaSeq *windowDna = NULL; struct bed *bedList = NULL; int winSize = winEnd - winStart; conn = hAllocConn("hgFixed"); -cutters = cutterLoadByQuery(conn, "select * from cutters"); +cutters = cutterLoadByQuery(conn, "NOSQLINJ select * from cutters"); windowDna = hDnaFromSeq(database, chromName, winStart, winEnd, dnaUpper); /* Do different things based on window size. */ if (winSize < MAX_CUTTER_WINSIZE) { char *enz = cartUsualString(cart, cutterVar, cutterDefault); struct slName *cartCutters = NULL; if (enz && (strlen(enz) > 0)) { eraseWhiteSpace(enz); cartCutters = slNameListFromComma(enz); }