5a8586105ed720ed3fb1038c61db8fcfcc7f3ef6 galt Fri Sep 30 21:13:57 2022 -0700 Some final cleanup for sqlSafef V2. fixes cdwMakeFileTags. no redmine. diff --git src/hg/lib/jksql.c src/hg/lib/jksql.c index c83f51d..040b69b 100644 --- src/hg/lib/jksql.c +++ src/hg/lib/jksql.c @@ -3908,31 +3908,31 @@ { sqlCheckError("Invalid Identifiers List [%s] unexpected trailing comma or space character", identifiers); return identifiers; } return identifiers; } void sqlCheckIdentifiersList(char* buffer, int bufSize, char *identifiers) /* Check that only valid identifier characters are used in a comma-separated list * '.' is allowed also since some code uses it in place of an actual field name. * See hgTables/bedList.c::bedSqlFieldsExceptForChrom(). * Save safe output to char array */ { sqlCheckIdentifiersListExt(identifiers); -safef(buffer, bufSize, "NOSQLINJ %s", identifiers); +safef(buffer, bufSize, NOSQLINJ "%s", identifiers); } char *sqlCheckIdentifier(char *identifier) /* Check that only valid identifier characters are used */ { static boolean init = FALSE; static char allowed[256]; if (!init) { sqlCheckDisallowAllChars(allowed); sqlCheckAllowAlphaNumChars(allowed); sqlCheckAllowChar('.', allowed); sqlCheckAllowChar('_', allowed); // NOTE it is important for security that no other characters be allowed here init = TRUE;