080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/hgTracks/sampleTracks.c src/hg/hgTracks/sampleTracks.c index da696c5..f60734c 100644 --- src/hg/hgTracks/sampleTracks.c +++ src/hg/hgTracks/sampleTracks.c @@ -465,42 +465,42 @@ void loadSampleIntoLinkedFeature(struct track *tg) /* Convert sample info in window to linked feature. */ { int maxWiggleTrackHeight = 2500; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char **row; int rowOffset; struct sample *sample; struct linkedFeatures *lfList = NULL, *lf; char *hasDense = NULL; char *where = NULL; char query[256]; /*see if we have a summary table*/ -safef(query, sizeof(query), +sqlSafef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tg->table, tg->shortLabel); //errAbort( "%s", query ); hasDense = sqlQuickQuery(conn, query, query, sizeof(query)); /* If we're in dense mode and have a summary table load it. */ if(tg->visibility == tvDense) { if(hasDense != NULL) { - safef(query, sizeof(query), " name = '%s' ", tg->shortLabel); + sqlSafefFrag(query, sizeof(query), " name = '%s' ", tg->shortLabel); where = cloneString(query); } } sr = hRangeQuery(conn, tg->table, chromName, winStart, winEnd, where, &rowOffset); while ((row = sqlNextRow(sr)) != NULL) { sample = sampleLoad(row + rowOffset); lf = lfFromSample(sample); slAddHead(&lfList, lf); sampleFree(&sample); } if(where != NULL) freez(&where); sqlFreeResult(&sr); @@ -772,40 +772,40 @@ int maxWiggleTrackHeight = 2500; struct sqlConnection *conn = hAllocConn(database); struct sqlResult *sr; char **row; int rowOffset; struct sample *sample; struct linkedFeatures *lfList = NULL, *lf; char *hasDense = NULL; char *where = NULL; char query[256]; char option[64]; zooSpeciesHashInit(); /*see if we have a summary table*/ -safef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tg->table, tg->shortLabel); +sqlSafef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tg->table, tg->shortLabel); //errAbort( "%s", query ); hasDense = sqlQuickQuery(conn, query, query, sizeof(query)); /* If we're in dense mode and have a summary table load it. */ if(tg->visibility == tvDense) { if(hasDense != NULL) { - safef(query, sizeof(query), " name = '%s' ", tg->shortLabel); + sqlSafefFrag(query, sizeof(query), " name = '%s' ", tg->shortLabel); where = cloneString(query); } } sr = hRangeQuery(conn, tg->table, chromName, winStart, winEnd, where, &rowOffset); while ((row = sqlNextRow(sr)) != NULL) { sample = sampleLoad(row + rowOffset); lf = lfFromSample(sample); safef( option, sizeof(option), "zooSpecies.%s", sample->name ); if( cartUsualBoolean(cart, option, TRUE )) slAddHead(&lfList, lf); sampleFree(&sample); } if(where != NULL) @@ -869,46 +869,46 @@ if(tl.picWidth == 0) errAbort("hgTracks.c::loadAffyTranscriptome() - can't have pixel width of 0"); pixPerBase = (winEnd - winStart)/ tl.picWidth; /* Determine zoom level. */ if(pixPerBase >= zoom1) safef(tableName, sizeof(tableName), "%s_%s", "zoom1", tg->table); else if(pixPerBase >= zoom2) safef(tableName, sizeof(tableName), "%s_%s", "zoom2", tg->table); else safef(tableName, sizeof(tableName), "%s", tg->table); /*see if we have a summary table*/ if(hTableExists(database, tableName)) - safef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tableName, tg->shortLabel); + sqlSafef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tableName, tg->shortLabel); else { warn("<p>Couldn't find table %s<br><br>", tableName); - safef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tg->table, tg->shortLabel); + sqlSafef(query, sizeof(query), "select name from %s where name = '%s' limit 1", tg->table, tg->shortLabel); safef(tableName, sizeof(tableName), "%s", tg->table); } hasDense = sqlQuickQuery(conn, query, query, sizeof(query)); /* If we're in dense mode and have a summary table load it. */ if(tg->visibility == tvDense) { if(hasDense != NULL) { - safef(query, sizeof(query), " name = '%s' ", tg->shortLabel); + sqlSafefFrag(query, sizeof(query), " name = '%s' ", tg->shortLabel); where = cloneString(query); } } sr = hRangeQuery(conn, tableName, chromName, winStart, winEnd, where, &rowOffset); while ((row = sqlNextRow(sr)) != NULL) { sample = sampleLoad(row+rowOffset); lf = lfFromSample(sample); slAddHead(&lfList, lf); sampleFree(&sample); } if(where != NULL) freez(&where); sqlFreeResult(&sr);