src/hg/hgc/hgc.c 3fbd5278d976e75ab044723b2356bea81ab4aa26

3fbd5278d976e75ab044723b2356bea81ab4aa26
markd
  Thu Sep 15 13:04:15 2016 -0700
Always encode item names when generating URLs in hgcAnchorSomewhere.  This prevents item names with CGI-unsafe characters from being incorrectly encode.  This was happening with PSLs, but could happen in other structures

diff --git src/hg/hgc/hgc.c src/hg/hgc/hgc.c
index 809c9a8..647f4a0 100644
--- src/hg/hgc/hgc.c
+++ src/hg/hgc/hgc.c
@@ -513,33 +513,35 @@
 {
 static struct dyString *dy = NULL;
 if (dy == NULL)
     {
     dy = newDyString(128);
     dyStringPrintf(dy, "%s?%s", hgcName(), cartSidUrlString(cart));
     }
 return dy->string;
 }
 
 void hgcAnchorSomewhere(char *group, char *item, char *other, char *chrom)
 /* Generate an anchor that calls click processing program with item
  * and other parameters. */
 {
 char *tbl = cgiUsualString("table", cgiString("g"));
+char *itemSafe = cgiEncode(item);
 printf("<A HREF=\"%s&g=%s&i=%s&c=%s&l=%d&r=%d&o=%s&table=%s\">",
-       hgcPathAndSettings(), group, item, chrom, winStart, winEnd, other,
+       hgcPathAndSettings(), group, itemSafe, chrom, winStart, winEnd, other,
        tbl);
+freeMem(itemSafe);
 }
 
 void hgcAnchorPosition(char *group, char *item)
 /* Generate an anchor that calls click processing program with item
  * and group parameters. */
 {
 char *tbl = cgiUsualString("table", cgiString("g"));
 printf("<A HREF=\"%s&g=%s&i=%s&table=%s\">",
        hgcPathAndSettings(), group, item, tbl);
 }
 
 void hgcAnchorWindow(char *group, char *item, int thisWinStart,
                      int thisWinEnd, char *other, char *chrom)
 /* Generate an anchor that calls click processing program with item
  * and other parameters, INCLUDING the ability to specify left and
@@ -5880,32 +5882,31 @@
 
 struct psl *psl = pslList;
 for (psl = pslList; psl != NULL; psl = psl->next)
     {
     if ( pslTrimToTargetRange(psl, winStart, winEnd) != NULL
         &&
 	!startsWith("xeno", tableName)
 	&& !(startsWith("user", tableName) && pslIsProtein(psl))
 	&& psl->tStart == startFirst
         && sameString(psl->tName, seqName)
 	)
 	{
         char otherString[512];
 	safef(otherString, sizeof(otherString), "%d&aliTable=%s",
 	      psl->tStart, tableName);
-	hgcAnchorSomewhere(hgcCommandInWindow, cgiEncode(itemIn),
-			   otherString, psl->tName);
+	hgcAnchorSomewhere(hgcCommandInWindow, itemIn, otherString, psl->tName);
 	printf("<BR>View details of parts of alignment within browser window</A>.<BR>\n");
 	}
     }
 }
 
 void printAlignments(struct psl *pslList, int startFirst, char *hgcCommand,
 		     char *tableName, char *itemIn)
 /* Print list of mRNA alignments. */
 {
 printAlignmentsExtra(pslList, startFirst, hgcCommand, "htcCdnaAliInWindow", tableName, itemIn);
 }
 
 struct psl *getAlignments(struct sqlConnection *conn, char *table, char *acc)
 /* get the list of alignments for the specified acc */
 {
@@ -20834,31 +20835,31 @@
 	    , smp->chromStart+smp->samplePosition[smp->sampleCount-1] );
 
     pslSr = sqlGetResult(conn2, query);
     if(!sameString(winOn,"T"))
 	{
 	while(( pslRow = sqlNextRow(pslSr)) != NULL )
 	    {
 	    thisPsl = pslLoad( pslRow+hasBin );
 	    firstAndLastPosition( &thisStart, &thisEnd, thisPsl );
 	    snprintf(thisItem, 256, "%s:%d-%d %s:%d-%d", thisPsl->qName,
 		     thisPsl->qStart, thisPsl->qEnd, thisPsl->tName,
 		     thisPsl->tStart, thisPsl->tEnd );
 	    longXenoPsl1Given(tdb, thisItem, otherOrg, "chromInfo",
 			      otherDb, thisPsl, pslTableName );
 	    safef(otherString, sizeof otherString, "%d&win=T", thisPsl->tStart );
-	    hgcAnchorSomewhere( tdb->track, cgiEncode(item), otherString, thisPsl->tName );
+	    hgcAnchorSomewhere( tdb->track, item, otherString, thisPsl->tName );
 	    printf("View individual alignment windows\n</a>");
 	    printf("<br><br>");
 	    }
 	}
     else
 	{
 	cartSetString( cart, "win", "F" );
 	printf("<h3>Alignments Windows </h3>\n"
 	       "<b>start&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;stop"
 	       "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;L-score</b><br>" );
 	while(( pslRow = sqlNextRow(pslSr)) != NULL )
 	    {
 	    thisPsl = pslLoad( pslRow+hasBin );
 	    firstAndLastPosition( &thisStart, &thisEnd, thisPsl );
 	    for( i=0; i<smp->sampleCount; i++ )
@@ -22993,45 +22994,45 @@
     for(k = 0; k < info->blockCount; k++)
 	{
 	if(info->stops[k] > 0)
 	    {
 	    if(info->strand[0] == '+')
 		printf("%d ",k+1);
 	    else
 		printf("%d ", info->blockCount - k);
 	    }
 	}
     printf("<BR>\n");
     }
 
 
 /* show genome sequence */
-hgcAnchorSomewhere("htcGeneInGenome", cgiEncode(info->name), tdb->track, seqName);
+hgcAnchorSomewhere("htcGeneInGenome", info->name, tdb->track, seqName);
 printf("View DNA for this putative fragment</A><BR>\n");
 
 /* show the detail alignment */
 sqlSafef(query, sizeof query, "SELECT * FROM %s WHERE "
 	"tName = '%s' AND tStart = %d "
 	"AND tEnd = %d AND strand = '%c%c'",
 	pslTable, info->chrom, info->chromStart, info->chromEnd, parts[2][0], info->strand[0]);
 sr = sqlMustGetResult(conn, query);
 row = sqlNextRow(sr);
 if(row != NULL)
     {
     safef(otherString, sizeof otherString, "&db=%s&pslTable=%s&chrom=%s&cStart=%d&cEnd=%d&strand=%s&qStrand=%s",
 	    database, pslTable, info->chrom,info->chromStart, info->chromEnd, info->strand, parts[2]);
-    hgcAnchorSomewhere("potentPsl", cgiEncode(parts[0]), otherString, info->chrom);
+    hgcAnchorSomewhere("potentPsl", parts[0], otherString, info->chrom);
     printf("<BR>View details of parts of alignment </A>.</BR>\n");
     }
 sqlFreeResult(&sr);
 putaInfoFree(&info);
 hFreeConn(&conn);
 }
 
 void doInterPro(struct trackDb *tdb, char *itemName)
 {
 char condStr[255];
 char *desc;
 struct sqlConnection *conn;
 
 genericHeader(tdb, itemName);