080a160c7b9595d516c9c70e83689a09b60839d0
galt
Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/hgTracks/hgTracks.c src/hg/hgTracks/hgTracks.c
index 1175c36..35c970d 100644
--- src/hg/hgTracks/hgTracks.c
+++ src/hg/hgTracks/hgTracks.c
@@ -725,31 +725,31 @@
struct psl *pslList = pslLoadAll(pslFileName), *psl;
struct linkedFeatures *itemList = NULL;
if (target != NULL)
{
int rowOffset = hOffsetPastBin(database, chromName, target->pslTable);
struct sqlConnection *conn = hAllocConn(database);
struct sqlResult *sr;
char **row;
char query[2048];
struct psl *tpsl;
for (tpsl = pslList; tpsl != NULL; tpsl = tpsl->next)
{
char *itemAcc = pcrResultItemAccession(tpsl->tName);
char *itemName = pcrResultItemName(tpsl->tName);
/* Query target->pslTable to get target-to-genomic mapping: */
- safef(query, sizeof(query), "select * from %s where qName = '%s'",
+ sqlSafef(query, sizeof(query), "select * from %s where qName = '%s'",
target->pslTable, itemAcc);
sr = sqlGetResult(conn, query);
while ((row = sqlNextRow(sr)) != NULL)
{
struct psl *gpsl = pslLoad(row+rowOffset);
if (sameString(gpsl->tName, chromName) && gpsl->tStart < winEnd && gpsl->tEnd > winStart)
{
struct psl *trimmed = pslTrimToQueryRange(gpsl, tpsl->tStart,
tpsl->tEnd);
struct linkedFeatures *lf;
char *targetStyle = cartUsualString(cart,
PCR_RESULT_TARGET_STYLE, PCR_RESULT_TARGET_STYLE_DEFAULT);
if (sameString(targetStyle, PCR_RESULT_TARGET_STYLE_TALL))
{
lf = lfFromPslx(gpsl, 1, FALSE, FALSE, tg);
@@ -5458,41 +5458,41 @@
if (trackHubDatabase(database))
{
chromInfoRowsNonChromTrackHub(limit);
return;
}
struct sqlConnection *conn = hAllocConn(database);
struct sqlResult *sr = NULL;
char **row = NULL;
long long total = 0;
char query[512];
char msg1[512], msg2[512];
int seqCount = 0;
boolean truncating;
-seqCount = sqlQuickNum(conn, "select count(*) from chromInfo");
+seqCount = sqlQuickNum(conn, "NOSQLINJ select count(*) from chromInfo");
truncating = (limit > 0) && (seqCount > limit);
if (!truncating)
{
- sr = sqlGetResult(conn, "select chrom,size from chromInfo order by size desc");
+ sr = sqlGetResult(conn, "NOSQLINJ select chrom,size from chromInfo order by size desc");
}
else
{
- safef(query, sizeof(query), "select chrom,size from chromInfo order by size desc limit %d", limit);
+ sqlSafef(query, sizeof(query), "select chrom,size from chromInfo order by size desc limit %d", limit);
sr = sqlGetResult(conn, query);
}
while ((row = sqlNextRow(sr)) != NULL)
{
unsigned size = sqlUnsigned(row[1]);
cgiSimpleTableRowStart();
cgiSimpleTableFieldStart();
printf("%s",
hgTracksName(), cartSessionVarName(), cartSessionId(cart),
row[0], row[0]);
cgiTableFieldEnd();
cgiTableFieldStartAlignRight();
printLongWithCommas(stdout, size);
puts(" ");
@@ -5504,31 +5504,31 @@
{
chromInfoTotalRow(seqCount, total);
}
else
{
safef(msg1, sizeof(msg1), "Limit reached");
safef(msg2, sizeof(msg2), "%d rows displayed", limit);
cgiSimpleTableRowStart();
cgiSimpleTableFieldStart();
puts(msg1);
cgiTableFieldEnd();
cgiSimpleTableFieldStart();
puts(msg2);
cgiTableFieldEnd();
sqlFreeResult(&sr);
- safef(query, sizeof(query), "select count(*),sum(size) from chromInfo");
+ sqlSafef(query, sizeof(query), "select count(*),sum(size) from chromInfo");
sr = sqlGetResult(conn, query);
if ((row = sqlNextRow(sr)) != NULL)
{
unsigned scafCount = sqlUnsigned(row[0]);
unsigned totalSize = sqlUnsigned(row[1]);
cgiTableRowEnd();
safef(msg1, sizeof(msg1), "contig/scaffold
count:");
safef(msg2, sizeof(msg2), "total size:");
cgiSimpleTableRowStart();
cgiSimpleTableFieldStart();
puts(msg1);
cgiTableFieldEnd();
cgiSimpleTableFieldStart();
puts(msg2);
cgiTableFieldEnd();