080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/pslCheck/pslCheck.c src/hg/pslCheck/pslCheck.c index 4907bd8..500b8a8 100644 --- src/hg/pslCheck/pslCheck.c +++ src/hg/pslCheck/pslCheck.c @@ -65,31 +65,31 @@ struct hash *sizes = hashNew(20); struct lineFile *lf = lineFileOpen(sizesFile, TRUE); char *cols[2]; while (lineFileNextRowTab(lf, cols, ArraySize(cols))) hashAddInt(sizes, cols[0], sqlUnsigned(cols[1])); lineFileClose(&lf); return sizes; } static struct hash *loadChromInfoSizes(struct sqlConnection *conn) /* chromInfo sizes */ { struct hash *sizes = hashNew(20); char **row; -struct sqlResult *sr = sqlGetResult(conn, "select * from chromInfo"); +struct sqlResult *sr = sqlGetResult(conn, "NOSQLINJ select * from chromInfo"); while ((row = sqlNextRow(sr)) != NULL) { struct chromInfo *ci = chromInfoLoad(row); hashAddInt(sizes, ci->chrom, ci->size); chromInfoFree(&ci); } sqlFreeResult(&sr); return sizes; } static void prPslDesc(struct psl *psl, char *pslDesc,FILE *errFh) /* print a description of psl before the first error. */ { fprintf(errFh, "Error: invalid PSL: %s:%u-%u %s:%u-%u %s %s\n", psl->qName, psl->qStart, psl->qEnd, @@ -185,31 +185,31 @@ struct psl *psl; while ((psl = pslNext(lf)) != NULL) { checkPsl(lf, NULL, psl, errFh, passFh, failFh); pslFree(&psl); } lineFileClose(&lf); } static void checkPslTbl(struct sqlConnection *conn, char *tbl, FILE *errFh, FILE *passFh, FILE *failFh) /* Check one psl table */ { char query[1024], **row; -safef(query, sizeof(query), "select * from %s", tbl); +sqlSafef(query, sizeof(query), "select * from %s", tbl); struct sqlResult *sr = sqlGetResult(conn, query); int rowOff = (sqlFieldColumn(sr, "bin") >= 0) ? 1 : 0; while ((row = sqlNextRow(sr)) != NULL) { struct psl *psl = pslLoad(row+rowOff); checkPsl(NULL, tbl, psl, errFh, passFh, failFh); pslFree(&psl); } sqlFreeResult(&sr); } void checkFileTbl(struct sqlConnection *conn, char *fileTblName, FILE *errFh, FILE *passFh, FILE *failFh) /* check a PSL file or table. */