2eca7c39811bd3a160a17f1d11b7250f872d5287
chmalee
  Wed Mar 24 09:25:41 2021 -0700
change hgHubConnect to use the pipeline library to run hubCheck instead of popen() as popen is unsafe, refs #27274

diff --git src/hg/hgHubConnect/hgHubConnect.c src/hg/hgHubConnect/hgHubConnect.c
index f5c252f..86cbfe7 100644
--- src/hg/hgHubConnect/hgHubConnect.c
+++ src/hg/hgHubConnect/hgHubConnect.c
@@ -16,30 +16,31 @@
 #include "hdb.h"
 #include "hui.h"
 #include "cart.h"
 #include "dbDb.h"
 #include "web.h"
 #include "trackHub.h"
 #include "hubConnect.h"
 #include "dystring.h"
 #include "hPrint.h"
 #include "jsHelper.h"
 #include "obscure.h"
 #include "hgConfig.h"
 #include "trix.h"
 #include "net.h"
 #include "hubSearchText.h"
+#include "pipeline.h"
 
 struct cart *cart;	/* The user's ui state. */
 struct hash *oldVars = NULL;
 
 static char *pageTitle = "Track Data Hubs";
 char *database = NULL;
 char *organism = NULL;
 
 struct hubOutputStructure
     {
     struct hubOutputStructure *next;
     struct dyString *metaTags;
     struct dyString *descriptionMatch;
     struct genomeOutputStructure *genomes;
     int genomeCount;
@@ -372,47 +373,41 @@
     if (hub->trackHub != NULL)
 	printGenomes(hub->trackHub, count, !hubHasError);
     else
 	ourPrintCell("");
 
     puts("</tr>");
     }
 
 printf("</tbody></TABLE>\n");
 printf("</div>");
 }
 
 void doValidateNewHub(char *hubUrl)
 /* Run hubCheck on a hub. */
 {
-struct dyString *cmd = dyStringNew(0);
 udcSetCacheTimeout(1);
-dyStringPrintf(cmd, "loader/hubCheck -htmlOut -noTracks %s", hubUrl);
 printf("<div id=\"validateHubResult\" class=\"hubTdbTree\" style=\"overflow: auto\"></div>");
-FILE *f = popen(cmd->string, "r");
-if (f == NULL)
-    errAbort("popen: error running command: \"%s\"", cmd->string);
-char buf[1024];
-while (fgets(buf, sizeof(buf), f))
-    {
-    jsInlineF("%s", buf);
-    }
-if (pclose(f) == -1)
-    errAbort("pclose: error for command \"%s\"", cmd->string);
+char *cmd[] = {"loader/hubCheck", "-htmlOut", "-noTracks", hubUrl, NULL};
+struct pipeline *pl = pipelineOpen1(cmd, pipelineRead | pipelineNoAbort, NULL, NULL);
+struct lineFile *lf = pipelineLineFile(pl);
+char *line;
+while (lineFileNext(lf, &line, NULL))
+    jsInlineF("%s", line);
+pipelineClose(&pl);
 // the 'false' below prevents a few hub-search specific jstree configuration options
 jsInline("hubSearchTree.init(false);");
-dyStringFree(&cmd);
 }
 
 void hgHubConnectDeveloperMode()
 /* Put up the controls for the "Hub Development" Tab, which includes a button to run the
  * hubCheck utility on a hub and load a hub with the udcTimeout and measureTiming
  * variables turned on */
 {
 // put out the top of our page
 char *hubUrl = cartOptionalString(cart, "validateHubUrl");
 boolean doHubValidate = cartVarExists(cart, hgHubDoHubCheck);
 
 // the outer div for all the elements in the tab
 printf("\n<div id=\"hubDeveloper\" class=\"hubList\">\n");
 
 // the row to enter in the url and the button and settings to validate/load