080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/lib/genoLay.c src/hg/lib/genoLay.c index dbeba97..fbdd858 100644 --- src/hg/lib/genoLay.c +++ src/hg/lib/genoLay.c @@ -67,31 +67,31 @@ return -1; } else if (isdigit(bName[0])) return 1; else return strcmp(aName, bName); } struct genoLayChrom *genoLayDbChromsExt(struct sqlConnection *conn, boolean withRandom, boolean abortOnErr) /* Get chrom info list. */ { struct sqlResult *sr; char **row; struct genoLayChrom *chrom, *chromList = NULL; -sr = sqlGetResult(conn, "select chrom,size from chromInfo"); +sr = sqlGetResult(conn, "NOSQLINJ select chrom,size from chromInfo"); while ((row = sqlNextRow(sr)) != NULL) { char *name = row[0]; if (withRandom || ( (startsWith("chr", name)) && (!startsWith("chrUn", name)) && (!sameString("chrM", name)) && (!strchr(name, '_')) // avoiding _random and _hap* ) ) { AllocVar(chrom); chrom->fullName = cloneString(name); chrom->shortName = chrom->fullName+3; @@ -503,31 +503,31 @@ int innerHeight = gl->chromHeight-2; struct genoLayChrom *chrom; boolean isDmel = hCytoBandDbIsDmel(db); boolean bColor = hvGfxFindColorIx(hvg, 200, 150, 150); int fontPixelHeight = mgFontPixelHeight(gl->font); for (chrom = gl->chromList; chrom != NULL; chrom = chrom->next) { boolean gotAny = FALSE; struct sqlResult *sr; char **row; char query[256]; int cenX1=BIGNUM, cenX2=0; int y = chrom->y + yOffset; /* Fetch bands from database and draw them. */ - safef(query, sizeof(query), "select * from %s where chrom='%s'", + sqlSafef(query, sizeof(query), "select * from %s where chrom='%s'", bandTable, chrom->fullName); sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { struct cytoBand band; int x1, x2; cytoBandStaticLoad(row, &band); x1 = pixelsPerBase*band.chromStart; x2 = pixelsPerBase*band.chromEnd; if (sameString(band.gieStain, "acen")) { /* Centromere is represented as two adjacent bands. * We'll just record the extents of it here, and draw it * in one piece later. */ if (x1 < cenX1)