080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/geneGraph.c src/hg/lib/geneGraph.c
index c4d5d80..58bd12c 100644
--- src/hg/lib/geneGraph.c
+++ src/hg/lib/geneGraph.c
@@ -218,31 +218,31 @@
 struct ggVertex *vertices = gg->vertices;
 int i,j;
 UBYTE *vTypes;
 int *vPositions, *edgeStarts, *edgeEnds;
 
 AllocArray(translator, totalVertexCount);
 usedVertexCount = countUsed(gg, totalVertexCount, translator);
 for (i=0; i<totalVertexCount; ++i)
     {
     bool *waysOut = em[i];
     for (j=0; j<totalVertexCount; ++j)
 	if (waysOut[j])
 	    ++edgeCount;
     }
 AllocVar(ag);
-snprintf(ag->strand, sizeof(ag->strand), "%s", gg->strand);
+safef(ag->strand, sizeof(ag->strand), "%s", gg->strand);
 ag->tName = cloneString(gg->tName);
 ag->tStart = gg->tStart;
 ag->tEnd = gg->tEnd;
 ag->vertexCount = usedVertexCount;
 ag->vTypes = AllocArray(vTypes, usedVertexCount);
 ag->vPositions = AllocArray(vPositions, usedVertexCount);
 ag->mrnaRefCount = gg->mrnaRefCount;
 AllocArray(ag->mrnaRefs, gg->mrnaRefCount);
 for(i=0; i < gg->mrnaRefCount; i++)
     {
     ag->mrnaRefs[i] = cloneString(gg->mrnaRefs[i]);
     }
 
 for (i=0,j=0; i<totalVertexCount; ++i)
     {
@@ -412,31 +412,31 @@
 	{
 	struct slInt *library = NULL, *tissue=NULL;
 	library = hashMustFindVal(tissLibHash, gg->mrnaRefs[i]);
 	gg->mrnaLibs[i] = library->val;
 	tissue = library->next;
 	assert(tissue);
 	gg->mrnaTissues[i] = tissue->val;
 	}
     else
 	{
 	
 	struct sqlResult *sr = NULL;
 	char **row = NULL;
 	char query[256];
 	assert(gg->mrnaRefs[i]);
-	snprintf(query, sizeof(query), "select library, tissue from gbCdnaInfo where acc='%s'", gg->mrnaRefs[i]);
+	sqlSafef(query, sizeof(query), "select library, tissue from gbCdnaInfo where acc='%s'", gg->mrnaRefs[i]);
 	sr = sqlGetResult(conn, query);
 	row = sqlNextRow(sr);
 	if(row == NULL)
 	    errAbort("geneGraph.c::ggFillInTissuesAndLibraries() - Couldn't load library and tissue info for est: %s using query:\n%s", gg->mrnaRefs[i], query);
 	gg->mrnaLibs[i] = sqlSigned(row[0]);
 	gg->mrnaTissues[i] = sqlSigned(row[1]);
 	sqlFreeResult(&sr);
 	}
     }
 }
 
 boolean isSameGeneGraph(struct geneGraph *gg1, struct geneGraph *gg2)
 /* Returns true if the gene graphs are the same, otherwise returns false. */
 {
 boolean allOk = TRUE;
@@ -533,31 +533,31 @@
 struct ggEvidence *ev = NULL;
 int i,j;
 UBYTE *vTypes;
 int *vPositions;
 
 AllocArray(translator, totalVertexCount);
 usedVertexCount = countUsed(gg, totalVertexCount, translator);
 for (i=0; i<totalVertexCount; ++i)
     {
     bool *waysOut = em[i];
     for (j=0; j<totalVertexCount; ++j)
 	if (waysOut[j] && gg->vertices[j].type != ggUnused)
 	    ++edgeCount;
     }
 AllocVar(ag);
-snprintf(ag->strand, sizeof(ag->strand), "%s", gg->strand);
+safef(ag->strand, sizeof(ag->strand), "%s", gg->strand);
 ag->tName = cloneString(gg->tName);
 ag->tStart = gg->tStart;
 ag->tEnd = gg->tEnd;
 ag->name = cloneString("NA");
 ag->vertexCount = usedVertexCount;
 ag->vTypes = AllocArray(vTypes, usedVertexCount);
 ag->vPositions = AllocArray(vPositions, usedVertexCount);
 ag->mrnaRefCount = gg->mrnaRefCount;
 accessionList = newDyString(10*gg->mrnaRefCount);
 /* Have to print the accessions all out in the same string to conform
    to how the memory is handled later. */
 for(i=0; i<gg->mrnaRefCount; i++)
     dyStringPrintf(accessionList, "%s,", gg->mrnaRefs[i]);
 sqlStringDynamicArray(accessionList->string, &ag->mrnaRefs, &ag->mrnaRefCount);
 dyStringFree(&accessionList);
@@ -624,31 +624,31 @@
 slReverse(&ag->evidence);
 freeMem(translator);
 return ag;
 }
 
 struct geneGraph *altGraphXToGG(struct altGraphX *ag)
 /* Convert an altGraphX to a geneGraph. Free with freeGeneGraph */
 {
 struct geneGraph *gg = NULL;
 int i,j;
 AllocVar(gg);
 gg->tName = cloneString(ag->tName);
 gg->tStart = ag->tStart;
 gg->tEnd = ag->tEnd;
 gg->vertexCount = ag->vertexCount;
-snprintf(gg->strand, sizeof(gg->strand), "%s", ag->strand);
+safef(gg->strand, sizeof(gg->strand), "%s", ag->strand);
     gg->mrnaRefCount = ag->mrnaRefCount;
 gg->mrnaTissues = CloneArray(ag->mrnaTissues, ag->mrnaRefCount);
 gg->mrnaLibs = CloneArray(ag->mrnaLibs, ag->mrnaRefCount);
 AllocArray(gg->mrnaRefs, gg->mrnaRefCount);
 for(i=0; i<gg->mrnaRefCount; i++)
     gg->mrnaRefs[i] = cloneString(ag->mrnaRefs[i]);
 gg->edgeMatrix = altGraphXCreateEdgeMatrix(ag);  /* will be free'd when geneGraph free'd */
 
 AllocArray(gg->vertices, gg->vertexCount);
 for(i=0; i<gg->vertexCount; i++)
     {
     gg->vertices[i].position = ag->vPositions[i];
     gg->vertices[i].type = ag->vTypes[i];
     }
 AllocArray(gg->evidence, gg->vertexCount);