8bf48e3933789ba104547de42044a949ba7ba796
braney
  Mon Sep 21 16:56:02 2020 -0700
allow HTML in early warn handlers

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 92a0f0b..812a774 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -55,35 +55,49 @@
     }
 }
 
 static struct dyString *hubWarnDy;
 
 void cartHubWarn(char *format, va_list args)
 /* save up hub related warnings to put out later */
 {
 char warning[1024];
 vsnprintf(warning,sizeof(warning),format, args);
 if (hubWarnDy == NULL)
     hubWarnDy = newDyString(100);
 dyStringPrintf(hubWarnDy, "%s\n", warning);
 }
 
+static void sanitizeString(char *str)
+// Remove % so we can disable format-security
+{
+for(; *str; str++)
+    if (*str == '%')
+        *str = ' ';
+}
+
 void cartFlushHubWarnings()
 /* flush the hub warning (if any) */
 {
 if (hubWarnDy)
-    warn("%s",hubWarnDy->string);
+    {
+    sanitizeString(hubWarnDy->string);
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-security"
+    warn(hubWarnDy->string);
+#pragma GCC diagnostic pop
+    }
 }
 
 
 void cartTrace(struct cart *cart, char *when, struct sqlConnection *conn)
 /* Write some properties of the cart to stderr for debugging. */
 {
 if (cfgOption("cart.trace") == NULL)
     return;
 struct cartDb *u = cart->userInfo, *s = cart->sessionInfo;
 char *pix = hashFindVal(cart->hash, "pix");
 char *textSize = hashFindVal(cart->hash, "textSize");
 char *trackControls = hashFindVal(cart->hash, "trackControlsOnMain");
 int uLen, sLen;
 if (conn != NULL)
     {