src/hg/lib/liftOver.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/liftOver.c src/hg/lib/liftOver.c
index 95e2893..8b51118 100644
--- src/hg/lib/liftOver.c
+++ src/hg/lib/liftOver.c
@@ -1746,31 +1746,31 @@
 while (lineFileRow(lf, row))
     {
     sample = sampleLoad(row);
     remapSample(chainHash, sample, minBlocks, fudgeThick, mapped, unmapped);
     sampleFree(&sample);
     }
 lineFileClose(&lf);
 }
 
 struct liftOverChain *liftOverChainList()
 /* Get list of all liftOver chains in the central database */
 {
 struct sqlConnection *conn = hConnectCentral();
 struct liftOverChain *list = NULL;
 
-list = liftOverChainLoadByQuery(conn, "select * from liftOverChain");
+list = liftOverChainLoadByQuery(conn, "NOSQLINJ select * from liftOverChain");
 hDisconnectCentral(&conn);
 return list;
 }
 
 void filterOutMissingChains(struct liftOverChain **pChainList) 
 /* Filter out chains that don't exist.  Helps partially mirrored sites. */
 {
 while(*pChainList)
     {
     if (fileSize((*pChainList)->path)==-1)
 	{
 	struct liftOverChain *temp = *pChainList;
 	*pChainList = (*pChainList)->next;
 	liftOverChainFree(&temp);
 	}
@@ -1795,50 +1795,50 @@
 /* Get list of all liftOver chains in the central database for fromDb,
  * filtered to include only those chains whose liftover files exist. */
 {
 struct liftOverChain *list = liftOverChainForDb(fromDb);
 filterOutMissingChains(&list); 
 return list;
 }
 
 struct liftOverChain *liftOverChainForDb(char *fromDb)
 /* Return list of liftOverChains for this database. */
 {
 struct sqlConnection *conn = hConnectCentral();
 struct liftOverChain *list = NULL;
 char query[512];
 if (isNotEmpty(fromDb))
-    safef(query, sizeof(query), "select * from liftOverChain where fromDb='%s'",
+    sqlSafef(query, sizeof(query), "select * from liftOverChain where fromDb='%s'",
 	  fromDb);
 else
-    safecpy(query, sizeof(query), "select * from liftOverChain");
+    safecpy(query, sizeof(query), "NOSQLINJ select * from liftOverChain");
 list = liftOverChainLoadByQuery(conn, query);
 hDisconnectCentral(&conn);
 return list;
 }
 
 char *liftOverChainFile(char *fromDb, char *toDb)
 /* Get filename of liftOver chain */
 {
 struct sqlConnection *conn = hConnectCentral();
 struct liftOverChain *chain = NULL;
 char query[1024];
 char *path = NULL;
 
 if (conn)
     {
-    safef(query, sizeof(query), 
+    sqlSafef(query, sizeof(query), 
             "select * from liftOverChain where fromDb='%s' and toDb='%s'",
                         fromDb, toDb);
     chain = liftOverChainLoadByQuery(conn, query);
     if (chain != NULL)
         {
         path = cloneString(chain->path);
         liftOverChainFree(&chain);
         }
     hDisconnectCentral(&conn);
     }
 return path;
 }
 
 char *liftOverErrHelp()
 /* Help message explaining liftOver failures */