src/hg/lib/hgSeq.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/hgSeq.c src/hg/lib/hgSeq.c
index a90e93e..f2a18e7 100644
--- src/hg/lib/hgSeq.c
+++ src/hg/lib/hgSeq.c
@@ -383,31 +383,31 @@
  * optionally concatenating adjacent exons. */
 {
 if (concatRegions || (rCount == 1))
     {
     hgSeqConcatRegionsDb(db, chrom, chromSize, strand, name,
 			 rCount, rStarts, rSizes, exonFlags, cdsFlags);
     }
 else
     {
     int i, count;
     boolean isRc = (strand == '-');
     char rName[256];
     for (i=0,count=0;  i < rCount;  i++,count++)
 	{
 	int j, jEnd, len, lo, hi;
-	snprintf(rName, sizeof(rName), "%s_%d", name, count);
+	safef(rName, sizeof(rName), "%s_%d", name, count);
 	j = (isRc ? (rCount - i - 1) : i);
 	jEnd = (isRc ? (j - 1) : (j + 1));
 	if (concatAdjacent && exonFlags[j])
 	    {
 	    lo = (isRc ? jEnd       : (jEnd - 1));
 	    hi = (isRc ? (jEnd + 1) : jEnd);
 	    while ((i < rCount) &&
 		   ((rStarts[lo] + rSizes[lo]) == rStarts[hi]) &&
 		   exonFlags[jEnd])
 		{
 		i++;
 		jEnd = (isRc ? (jEnd - 1) : (jEnd + 1));
 		lo = (isRc ? jEnd       : (jEnd - 1));
 		hi = (isRc ? (jEnd + 1) : jEnd);
 		}
@@ -746,31 +746,31 @@
 	addFeature(&count, starts, sizes, exonFlags, cdsFlags,
 		   bedItem->chromStart,
 		   (bedItem->chromEnd - bedItem->chromStart),
 		   TRUE, FALSE, chromSize);
 	}
     if (!isRc && downstream && (downstreamSize > 0))
 	{
 	addFeature(&count, starts, sizes, exonFlags, cdsFlags,
 		   bedItem->chromEnd, downstreamSize, FALSE, FALSE, chromSize);
 	}
     else if (isRc && promoter && (promoterSize > 0))
 	{
 	addFeature(&count, starts, sizes, exonFlags, cdsFlags,
 		   bedItem->chromEnd, promoterSize, FALSE, FALSE, chromSize);
 	}
-    snprintf(itemName, sizeof(itemName), "%s_%s", hti->rootName, bedItem->name);
+    safef(itemName, sizeof(itemName), "%s_%s", hti->rootName, bedItem->name);
     hgSeqRegionsAdjDb(db, bedItem->chrom, chromSize, bedItem->strand[0], itemName,
 		      concatRegions, concatAdjacent,
 		      count, starts, sizes, exonFlags, cdsFlags);
     totalCount += count;
     freeMem(starts);
     freeMem(sizes);
     freeMem(exonFlags);
     freeMem(cdsFlags);
     }
 return totalCount;
 }
 
 
 int hgSeqItemsInRange(char *db, char *table, char *chrom, int chromStart,
                       int chromEnd, char *sqlConstraints)