src/hg/lib/geneSimilarities.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/geneSimilarities.c src/hg/lib/geneSimilarities.c
index a06c660..9dd9f4e 100644
--- src/hg/lib/geneSimilarities.c
+++ src/hg/lib/geneSimilarities.c
@@ -123,31 +123,31 @@
 
 if (ga->sim > gb->sim)
     return -1;
 else if (ga->sim < gb->sim)
     return -1;
 else
     return 0;
 }
 
 static void findSimilarities(struct geneSimilarities *gss,
                              struct sqlConnection *conn,
                              char *targetGeneTbl)
 /* find genes similar to the query in gss and add them. */
 {
 char where[64];
-safef(where, sizeof(where), "strand = \"%s\"", gss->query->strand);
+sqlSafefFrag(where, sizeof(where), "strand = \"%s\"", gss->query->strand);
 int start = gss->cdsSim ? gss->query->cdsStart :gss->query->txStart;
 int end = gss->cdsSim ? gss->query->cdsEnd :gss->query->txEnd;
 
 struct genePred *targetGenes
     = genePredReaderLoadRangeQuery(conn, targetGeneTbl, gss->query->chrom,
                                    start, end, where);
 struct genePred *gp;
 while ((gp = slPopHead(&targetGenes)) != NULL)
     {
     float sim = gss->cdsSim
         ? geneCdsSimilarity(gp, gss->query)
         : geneExonSimilarity(gp, gss->query);
     slSafeAddHead(&gss->genes, geneSimNew(gp, sim));
     }
 }
@@ -165,46 +165,46 @@
 return gss;
 }
 
 struct geneSimilarities *geneSimilaritiesBuildAt(struct sqlConnection *conn,
                                                  boolean cdsSim,
                                                  char *queryName,
                                                  char *queryChrom,
                                                  int queryStart,
                                                  char *queryGeneTbl,
                                                  char *targetGeneTbl)
 /* Construct a geneSimilarities object by finding the genePred named
  * queryName with txStart of queryStart in queryGeneTbl and
  * find similar genes in targetGeneTbl. */
 {
 char where[256];
-safef(where, sizeof(where), "(chrom = \"%s\") and (txStart = %d)", queryChrom, queryStart);
+sqlSafefFrag(where, sizeof(where), "(chrom = \"%s\") and (txStart = %d)", queryChrom, queryStart);
 struct genePred *query = genePredReaderLoadQuery(conn, queryGeneTbl, where);
 if (query == NULL)
     errAbort("gene %s starting at %s:%d not found in %s", queryName,
              queryChrom, queryStart, queryGeneTbl);
 
 // only use the first if by some wierd reason multiple are found
 genePredFreeList(&query->next);
 
 return geneSimilaritiesBuild(conn, cdsSim, query, targetGeneTbl);
 }
 
 struct geneSimilarities *geneSimilaritiesBuildAll(struct sqlConnection *conn,
                                                   boolean cdsSim, 
                                                   char *queryName,
                                                   char *queryGeneTbl,
                                                   char *targetGeneTbl)
 /* Construct a list of geneSimilarities objects by finding all entries
  * of queryName in queryGeneTbl and build a geneSimilarities object for each
  * one from targetGeneTbl. */
 {
 struct geneSimilarities *gssList = NULL;
 char where[64];
-safef(where, sizeof(where), "name = \"%s\"", queryName);
+sqlSafefFrag(where, sizeof(where), "name = \"%s\"", queryName);
 struct genePred *queries = genePredReaderLoadQuery(conn, queryGeneTbl, where);
 struct genePred *query;
 while ((query = slPopHead(&queries)) != NULL)
     slSafeAddHead(&gssList, geneSimilaritiesBuild(conn, cdsSim, query, targetGeneTbl));
 return gssList;
 }