495e22b6189fdf7a84ae089cdb8ac3c4017ad389
jcasper
  Thu Mar 31 14:50:11 2022 -0700
Must make sure we encode descriptions when re-saving a session, refs #29086

diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index c18ecbf..0c81bc1 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -803,31 +803,31 @@
     printf("%s on", CART_HAS_DEFAULT_VISIBILITY);
 }
 
 #define INITIAL_USE_COUNT 0
 static int saveCartAsSession(struct sqlConnection *conn, char *encUserName, char *encSessionName,
                              int sharingLevel)
 /* Save all settings in cart, either adding a new session or overwriting an existing session.
  * Return useCount so that the caller can distinguish between adding and overWriting. */
 {
 struct sqlResult *sr = NULL;
 struct dyString *dy = dyStringNew(16 * 1024);
 char **row;
 char *firstUse = "now()";
 int useCount = INITIAL_USE_COUNT;
 char firstUseBuf[32];
-char *settings = NULL;
+char *settings = "";
 
 boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
 
 /* If this session already existed, preserve its firstUse, useCount,
  * and settings (if available). */
 if (gotSettings)
     sqlDyStringPrintf(dy, "SELECT firstUse, useCount, settings FROM %s "
                   "WHERE userName = '%s' AND sessionName = '%s';",
                   namedSessionTable, encUserName, encSessionName);
 else
     sqlDyStringPrintf(dy, "SELECT firstUse, useCount FROM %s "
                   "WHERE userName = '%s' AND sessionName = '%s';",
                   namedSessionTable, encUserName, encSessionName);
 sr = sqlGetResult(conn, dy->string);
 if ((row = sqlNextRow(sr)) != NULL)
@@ -849,46 +849,46 @@
 
 /* Remove pre-existing session (if any) before updating. */
 dyStringClear(dy);
 sqlDyStringPrintf(dy, "DELETE FROM %s WHERE userName = '%s' AND "
                   "sessionName = '%s';",
                   namedSessionTable, encUserName, encSessionName);
 sqlUpdate(conn, dy->string);
 
 dyStringClear(dy);
 sqlDyStringPrintf(dy, "INSERT INTO %s ", namedSessionTable);
 dyStringAppend(dy, "(userName, sessionName, contents, shared, "
                "firstUse, lastUse, useCount");
 if (gotSettings)
     dyStringAppend(dy, ", settings");
 dyStringAppend(dy, ") VALUES (");
-dyStringPrintf(dy, "'%s', '%s', ", encUserName, encSessionName);
+sqlDyStringPrintfFrag(dy, "'%s', '%s', ", encUserName, encSessionName);
 dyStringAppend(dy, "'");
 cleanHgSessionFromCart(cart);
 struct dyString *encoded = newDyString(4096);
 cartEncodeState(cart, encoded);
 
 // Now add all the default visibilities to output.
 outDefaultTracks(cart, encoded);
 
 sqlDyAppendEscaped(dy, encoded->string);
 dyStringFree(&encoded);
 dyStringAppend(dy, "', ");
 dyStringPrintf(dy, "%d, ", sharingLevel);
 dyStringPrintf(dy, "%s, now(), %d", firstUse, useCount);
 if (gotSettings)
-    dyStringPrintf(dy, ", '%s'", settings);
+    sqlDyStringPrintfFrag(dy, ", '%s'", settings);
 dyStringPrintf(dy, ");");
 sqlUpdate(conn, dy->string);
 dyStringFree(&dy);
 
 /* Prevent modification of custom track collections just saved to namedSessionDb: */
 cartCopyCustomComposites(cart);
 return useCount;
 }
 
 char *doNewSession(char *userName)
 /* Save current settings in a new named session.
  * Return a message confirming what we did. */
 {
 if (userName == NULL)
     return "Unable to save session -- please log in and try again.";