4ed1b0b679e701fcb9f55f6b9ce1a57cc36210ae
braney
  Fri May 12 15:00:37 2023 -0700
cgiEncode the hubUrl's in the assumesHub statement

diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index 040e72f..21d5c82 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -770,31 +770,31 @@
 static void outAttachedHubUrls(struct cart *cart, struct dyString *dy)
 /* output the hubUrls for all attached hubs in the cart. */
 {
 struct hubConnectStatus *statusList = hubConnectStatusListFromCart(cart);
 
 if (statusList == NULL)
     return;
 
 if (dy)
     dyStringPrintf(dy,"&assumesHub=");
 else
     printf("assumesHub ");
 for(; statusList; statusList = statusList->next)
     {
     if (dy)
-        dyStringPrintf(dy,"%d=%s ", statusList->id, statusList->hubUrl);
+        dyStringPrintf(dy,"%d=%s ", statusList->id, cgiEncode(statusList->hubUrl));
     else
         printf("%d=%s ", statusList->id, statusList->hubUrl);
     }
 if (dy == NULL)
     printf("\n");
 }
 
 static void outDefaultTracks(struct cart *cart, struct dyString *dy)
 /* Output the default trackDb visibility for all tracks
  * in trackDb if the track is not mentioned in the cart. */
 {
 database = cartString(cart, "db");
 struct trackDb *tdb = NULL;
 // Some old sessions reference databases that are no longer present, and that triggers an errAbort
 // when calling hgTrackDb.  Just move on instead of errAborting.