080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/pslAnal/pslAnal.c src/hg/pslAnal/pslAnal.c index e9692c9..ace71df 100644 --- src/hg/pslAnal/pslAnal.c +++ src/hg/pslAnal/pslAnal.c @@ -406,31 +406,31 @@ name = cloneString(words[0]); v = cloneString(words[1]); hashAdd(version, name, v); } } char *findVersion(char *name) /* Determine the version for an mrna/est accession */ { struct sqlConnection *conn = hAllocConn(); char *ret = NULL; char query[256]; struct sqlResult *sr; char **row; -safef(query, sizeof(query), "select version from gbCdnaInfo where acc = '%s'", name); +sqlSafef(query, sizeof(query), "select version from gbCdnaInfo where acc = '%s'", name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) ret = cloneString(row[0]); sqlFreeResult(&sr); hFreeConn(&conn); return(ret); } struct acc *createAcc(char *name) { struct acc *ret; char *accs[4]; int wordCount; @@ -580,88 +580,88 @@ } void findOrganism(struct sqlConnection *conn, struct acc *acc) /* Determine organism for each non-human mrna/est in the list */ { char query[256]; struct sqlResult *sr; char **row; int id = -1; /*a = cloneString(acc->name); wordCount = chopByChar(a, '.', accs, ArraySize(accs)); if (wordCount > 2) errAbort("Accession not standard, %s\n", acc->name);*/ -safef(query, sizeof(query), "select organism from gbCdnaInfo where acc = '%s'", acc->name); +sqlSafef(query, sizeof(query), "select organism from gbCdnaInfo where acc = '%s'", acc->name); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) id = sqlUnsigned(row[0]); sqlFreeResult(&sr); if (id != -1) { - safef(query, sizeof(query), "select name from organism where id = %d", id); + sqlSafef(query, sizeof(query), "select name from organism where id = %d", id); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) acc->organism = cloneString(row[0]); else printf("Could not find organism for id %d\n", id); sqlFreeResult(&sr); } else printf("Could not find mrna record for %s\n", acc->name); } struct clone *getMrnaCloneId(struct sqlConnection *conn, char *acc) /* Find the clone id for an mrna accession */ { char query[256]; struct sqlResult *sr; char **row; struct clone *ret = NULL; AllocVar(ret); ret->next = NULL; -safef(query, sizeof(query), "select mrnaClone from gbCdnaInfo where acc = '%s'", acc); +sqlSafef(query, sizeof(query), "select mrnaClone from gbCdnaInfo where acc = '%s'", acc); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { ret->id = sqlUnsigned(row[0]); ret->imageId = 0; } sqlFreeResult(&sr); -safef(query, sizeof(query), "select imageId from imageClone where acc = '%s'", acc); +sqlSafef(query, sizeof(query), "select imageId from imageClone where acc = '%s'", acc); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) ret->imageId = sqlUnsigned(row[0]); sqlFreeResult(&sr); return(ret); } struct clone *getMrnaLibId(struct sqlConnection *conn, char *acc) /* Find the library id for an mrna accession */ { char query[256]; struct sqlResult *sr; char **row; struct clone *ret = NULL; AllocVar(ret); ret->next = NULL; -safef(query, sizeof(query), "select library from gbCdnaInfo where acc = '%s'", acc); +sqlSafef(query, sizeof(query), "select library from gbCdnaInfo where acc = '%s'", acc); sr = sqlGetResult(conn, query); if ((row = sqlNextRow(sr)) != NULL) { ret->id = sqlUnsigned(row[0]); ret->imageId = 0; } sqlFreeResult(&sr); return(ret); } boolean refseqAcc(struct refseq *r, char *name, char* rs) /* Check if accession was used to create refseq sequence */ { /*struct refseq *r;*/ struct acc *a;