b79de32ff03612a0f5666665a45c21557c0bbf90
galt
  Thu May 19 15:04:12 2022 -0700
Fix minor SQLINJECTION v2, param to sqlGetField should be using sqlSafef functions. refs #29274

diff --git src/hg/hgTracks/simpleTracks.c src/hg/hgTracks/simpleTracks.c
index 05aab78..607475f 100644
--- src/hg/hgTracks/simpleTracks.c
+++ src/hg/hgTracks/simpleTracks.c
@@ -5819,44 +5819,44 @@
 
     if (sameString(tg->table, "acembly"))
         {
         return genePredClassFilterAcembly(tg, classTable, lf);
         }
     }
 return TRUE;
 }
 
 boolean knownGencodePseudoFilter(struct track *tg, void *item)
 /* return TRUE is the user wants to see gencode pseudo genes. */
 {
 struct linkedFeatures *lf = item;
 char buffer[1024];
 
-safef(buffer, sizeof buffer, "kgId=\"%s\" and transcriptClass=\"pseudo\"", lf->name);
+sqlSafef(buffer, sizeof buffer, "kgId=\"%s\" and transcriptClass=\"pseudo\"", lf->name);
 char *class = sqlGetField(database, "knownAttrs", "transcriptClass", buffer);
 
 if (class != NULL)
     return TRUE;
 return FALSE;
 }
 
 boolean knownGencodeClassFilter(struct track *tg, void *item)
 {
 struct linkedFeatures *lf = item;
 char buffer[1024];
 
-safef(buffer, sizeof buffer, "name=\"%s\" and value=\"basic\"", lf->name);
+sqlSafef(buffer, sizeof buffer, "name=\"%s\" and value=\"basic\"", lf->name);
 char *class = sqlGetField(database, "knownToTag", "value", buffer);
 
 if (class != NULL)
     return TRUE;
 return FALSE;
 }
 
 static void loadFrames(struct sqlConnection *conn, struct linkedFeatures *lf)
 /* Load the CDS part of a genePredExt for codon display */
 {
 char query[4096];
 
 for(; lf; lf = lf->next)
     {
     struct genePred *gp = lf->original;