3162938717edf8591e6a9860ba67eb1d5d678024 angie Mon Mar 23 14:30:15 2015 -0700 Warn user if they're about to clobber a session due to MySQL/latin1's case insensitivity. Thanks b0b for finding that! fixes #15051 diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c index 1f329d1..c00a0f5 100644 --- src/hg/hgSession/hgSession.c +++ src/hg/hgSession/hgSession.c @@ -404,41 +404,45 @@ "</TD></TR>\n" "<TR><TD> </TD><TD>name:</TD><TD>\n"); cgiMakeOnKeypressTextVar(hgsNewSessionName, cartUsualString(cart, "db", NULL), 20, jsPressOnEnter(hgsDoNewSession)); printf(" "); cgiMakeCheckBox(hgsNewSessionShare, cartUsualBoolean(cart, hgsNewSessionShare, TRUE)); printf("allow this session to be loaded by others\n"); printf("</TD><TD>"); printf(" "); if (existingSessionNames) { struct dyString *js = dyStringNew(1024); struct slName *sn; - dyStringAppend(js, "var si = document.getElementsByName('" hgsNewSessionName "'); "); - dyStringAppend(js, "if (si[0] && ( "); + // MySQL does case-insensitive comparison because our DEFAULT CHARSET=latin1; + // use case-insensitive comparison here to avoid clobbering (#15051). + dyStringAppend(js, "var su, si = document.getElementsByName('" hgsNewSessionName "'); "); + dyStringAppend(js, "if (si[0]) { su = si[0].value.toUpperCase(); if ( "); for (sn = existingSessionNames; sn != NULL; sn = sn->next) { - dyStringPrintf(js, "si[0].value == "); - dyStringQuoteString(js, '\'', sn->name); - dyStringPrintf(js, "%s", (sn->next ? " || " : " )) { ")); + char nameUpper[PATH_LEN]; + safecpy(nameUpper, sizeof(nameUpper), sn->name); + touppers(nameUpper); + dyStringPrintf(js, "su === "); + dyStringQuoteString(js, '\'', nameUpper); + dyStringPrintf(js, "%s", (sn->next ? " || " : " ) { ")); } dyStringAppend(js, "return confirm('This will overwrite the contents of the existing " - "session ' + si[0].value + '. Proceed?'); "); - dyStringAppend(js, "}"); + "session ' + si[0].value + '. Proceed?'); } }"); cgiMakeOnClickSubmitButton(js->string, hgsDoNewSession, "submit"); dyStringFree(&js); } else cgiMakeButton(hgsDoNewSession, "submit"); printf("</TD></TR>\n"); printf("<TR><TD colspan=4></TD></TR>\n"); } printf("<TR><TD colspan=4>Save current settings to a local file:</TD></TR>\n"); printf("<TR><TD> </TD><TD>file:</TD><TD>\n"); cgiMakeOnKeypressTextVar(hgsSaveLocalFileName, cartUsualString(cart, hgsSaveLocalFileName, ""), 20, jsPressOnEnter(hgsDoSaveLocal)); printf(" ");