a9389f2c0af99f64b1f32353499fb48b4aca0872
galt
  Thu Jan 8 13:15:09 2026 -0800
whitelist genark in localUrl paths in isValidBigDataUrl() in customFactory.c

diff --git src/hg/lib/customFactory.c src/hg/lib/customFactory.c
index 0eea77e3d51..4f429ba9e5c 100644
--- src/hg/lib/customFactory.c
+++ src/hg/lib/customFactory.c
@@ -176,30 +176,37 @@
     return TRUE;
 
 // we allow bigDataUrl's to point to trash (or sessionDataDir, if configured)
 char *sessionDataDir = cfgOption("sessionDataDir");
 char *sessionDataDirOld = cfgOption("sessionDataDirOld");
 if (startsWith(trashDir(), url) ||
     (isNotEmpty(sessionDataDir) && startsWith(sessionDataDir, url)) ||
     (isNotEmpty(sessionDataDirOld) && startsWith(sessionDataDirOld, url)))
     return TRUE;
 
 if (udcIsResolvable(url))
     return TRUE;
 
 if (allowLocals)
     {
+    if (startsWith("/gbdb/genark/", url))
+	{
+	char gbdbSection[256];
+	safef(gbdbSection, sizeof gbdbSection, "/%s/", trackHubSkipHubName(db));
+	if (strstr(url, gbdbSection))
+	    return TRUE;
+	}
     char gbdbPrefix[256];
     safef(gbdbPrefix, sizeof gbdbPrefix, "/gbdb/%s/", trackHubSkipHubName(db));
     if (startsWith(gbdbPrefix, url))
 	return TRUE;
     }
 
 char *prefix = cfgOption("udc.localDir");
 if (prefix == NULL)
     {
     if (doAbort)
         errAbort("Only network protocols http, https, or ftp allowed in bigDataUrl: '%s', unless " \
                 "the udc.localDir variable is set to a prefix of the file's path in the " \
                 "cgi-bin/hg.conf of this UCSC Genome Browser", url);
     return FALSE;
     }