src/hg/lib/trackHub.c cf76110debb8d429c0af05563e11561fe54dbead

cf76110debb8d429c0af05563e11561fe54dbead
galt
  Thu Jun 12 15:48:11 2014 -0700
Partially addresses #11296. Forbid the main known evil setting "idInUrlSql" in hubs.
diff --git src/hg/lib/trackHub.c src/hg/lib/trackHub.c
index 918bf30..9b99cee 100644
--- src/hg/lib/trackHub.c
+++ src/hg/lib/trackHub.c
@@ -628,30 +628,39 @@
 hub->genomeList = NULL;
 }
 
 static char *requiredSetting(struct trackHub *hub, struct trackHubGenome *genome,
 	struct trackDb *tdb, char *setting)
 /* Fetch setting or give an error message, a little more specific than the
  * error message from trackDbRequiredSetting(). */
 {
 char *val = trackDbSetting(tdb, setting);
 if (val == NULL)
     errAbort("Missing required '%s' setting in hub %s genome %s track %s", setting,
     	hub->url, genome->name, tdb->track);
 return val;
 }
 
+static void forbidSetting(struct trackHub *hub, struct trackHubGenome *genome,
+    struct trackDb *tdb, char *setting)
+/* Abort if forbidden setting found. */
+{
+if (trackDbSetting(tdb, setting))
+    errAbort("Forbidden setting '%s' in hub %s genome %s track %s", setting,
+        hub->url, genome->name, tdb->track);
+}
+
 static void expandBigDataUrl(struct trackHub *hub, struct trackHubGenome *genome,
 	struct trackDb *tdb)
 /* Expand bigDataUrls so that no longer relative to genome->trackDbFile */
 {
 struct hashEl *hel = hashLookup(tdb->settingsHash, "bigDataUrl");
 if (hel != NULL)
     {
     char *oldVal = hel->val;
     hel->val = trackHubRelativeUrl(genome->trackDbFile, oldVal);
     freeMem(oldVal);
     }
 
 hel = hashLookup(tdb->settingsHash, "searchTrix");
 if (hel != NULL)
     {
@@ -664,30 +673,33 @@
 struct trackHubGenome *trackHubFindGenome(struct trackHub *hub, char *genomeName)
 /* Return trackHubGenome of given name associated with hub.  Return NULL if no
  * such genome. */
 {
 return hashFindVal(hub->genomeHash, genomeName);
 }
 
 static void validateOneTrack( struct trackHub *hub, 
     struct trackHubGenome *genome, struct trackDb *tdb)
 /* Validate a track's trackDb entry. */
 {
 /* Check for existence of fields required in all tracks */
 requiredSetting(hub, genome, tdb, "shortLabel");
 requiredSetting(hub, genome, tdb, "longLabel");
 
+/* Forbid any dangerous settings that should not be allowed */
+forbidSetting(hub, genome, tdb, "idInUrlSql");
+
 // subtracks is not NULL if a track said we were its parent
 if (tdb->subtracks != NULL)
     {
     boolean isSuper = FALSE;
     char *superTrack = trackDbSetting(tdb, "superTrack");
     if ((superTrack != NULL) && startsWith("on", superTrack))
 	isSuper = TRUE;
 
     if (!(trackDbSetting(tdb, "compositeTrack") ||
           trackDbSetting(tdb, "container") || 
 	  isSuper))
         {
 	errAbort("Parent track %s is not compositeTrack, container, or superTrack in hub %s genome %s", 
 		tdb->track, hub->url, genome->name);
 	}