080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/lib/featureBits.c src/hg/lib/featureBits.c index a98e1d0..460c126 100644 --- src/hg/lib/featureBits.c +++ src/hg/lib/featureBits.c @@ -312,42 +312,42 @@ fbOptionsHti(hti); } char *fbOptionsToQualifier() /* Translate CGI variable created by fbOptions() to a featureBits qualifier. */ { char qual[128]; char *fbQual = cgiOptionalString("fbQual"); if (fbQual == NULL) return NULL; if (sameString(fbQual, "whole")) qual[0] = 0; else if (sameString(fbQual, "exon")) - snprintf(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbExonBases")); + safef(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbExonBases")); else if (sameString(fbQual, "intron")) - snprintf(qual, sizeof(qual), "%s:%s", fbQual, + safef(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbIntronBases")); else if (sameString(fbQual, "upstreamAll")) - snprintf(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbUpBases")); + safef(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbUpBases")); else if (sameString(fbQual, "upstream")) - snprintf(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbUpBases")); + safef(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbUpBases")); else if (sameString(fbQual, "endAll")) - snprintf(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbDownBases")); + safef(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbDownBases")); else if (sameString(fbQual, "end")) - snprintf(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbDownBases")); + safef(qual, sizeof(qual), "%s:%s", fbQual, cgiString("fbDownBases")); else strcpy(qual, fbQual); return(cloneString(qual)); } struct featureBits *fbFromBed(char *db, char *trackQualifier, struct hTableInfo *hti, struct bed *bedList, int chromStart, int chromEnd, boolean clipToWindow, boolean filterOutNoUTR) /* Translate a list of bed items into featureBits. */ { struct bed *bed; struct featureBits *fbList = NULL; char nameBuf[512]; char *fName; char *track, *qualifier, *extra;