06605872392e3b2265dd48b380179cb57e38640c
chmalee
  Tue Jun 20 17:29:47 2023 -0700
Add another missing call to htmlEncode, this time during the saving of session names, refs #31338

diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index 21d5c82..370c9b7 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -349,31 +349,31 @@
     char *sessionName = cgiDecodeClone(encSessionName);
     char *link = NULL;
     int shared = atoi(row[1]);
     char *firstUse = row[2];
     char buf[512];
     boolean inGallery = FALSE;
     boolean hasDescription = FALSE;
 
     if (shared >=2)
         inGallery = TRUE;
 
     printf("<TR><TD>&nbsp;&nbsp;</TD><TD>");
 
     struct dyString *dy = dyStringNew(1024);
     addSessionLink(dy, encUserName, encSessionName, FALSE, TRUE);
-    printf("<a href=\"%s\">%s</a>", dyStringContents(dy), sessionName);
+    printf("<a href=\"%s\">%s</a>", dyStringContents(dy), htmlEncode(sessionName));
     dyStringFree(&dy);
 
     struct tm firstUseTm;
     ZeroVar(&firstUseTm);
     strptime(firstUse, "%Y-%m-%d %T", &firstUseTm);
     char *spacePt = strchr(firstUse, ' ');
     if (spacePt != NULL) *spacePt = '\0';
     printf("&nbsp;&nbsp;</TD>"
             "<TD data-order=\"%ld\"><nobr>%s</nobr>&nbsp;&nbsp;</TD><TD align=center>", mktime(&firstUseTm), firstUse);
 
     char *dbIdx = NULL;
     if (startsWith("db=", row[3]))
         dbIdx = row[3]+3;
     else
         dbIdx = strstr(row[3], "&db=") + 4;