diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index b2f269a62c..a9221004c5 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -128,7 +128,7 @@ if ($get_comments) { ); if ($events !== false) { - $event = $events[0]; + $event = $events; } } diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 78770840f1..6fa2a6533f 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -1262,6 +1262,11 @@ function events_get_all( unset($fields[$idx]); } } + } else { + $idx = array_search('te.user_comment', $fields); + if ($idx !== false) { + $fields[$idx] = 'te.user_comment AS comments'; + } } $sql = sprintf( @@ -4604,12 +4609,12 @@ function events_page_comments($event, $ajax=false) continue; } - $comments_array[] = json_decode(io_safe_output($comm), true); + $comments_array[] = io_safe_output(json_decode($comm, true)); } } else { $comments = str_replace(["\n", ' '], '
', $comments); // If comments are not stored in json, the format is old. - $comments_array[] = json_decode(io_safe_output($comments), true); + $comments_array[] = io_safe_output(json_decode($comments, true)); } foreach ($comments_array as $comm) { diff --git a/pandora_server/util/pandora_manage.pl b/pandora_server/util/pandora_manage.pl index f641c64240..6c5500834d 100755 --- a/pandora_server/util/pandora_manage.pl +++ b/pandora_server/util/pandora_manage.pl @@ -4092,7 +4092,7 @@ sub cli_create_event() { $custom_data = encode_base64 ($custom_data, ''); pandora_event ($conf, $event, $id_group, $id_agent, $severity, - $id_alert_agent_module, $id_agentmodule, $event_type, $event_status, $dbh, $source, $user_name, $comment, $id_extra, $tags, $c_instructions, $w_instructions, $u_instructions, $custom_data); + $id_alert_agent_module, $id_agentmodule, $event_type, $event_status, $dbh, $source, $user_name, safe_input($comment), $id_extra, $tags, $c_instructions, $w_instructions, $u_instructions, $custom_data); } } else { if (! $agent_name) { @@ -4142,7 +4142,7 @@ sub cli_create_event() { $custom_data = encode_base64 ($custom_data, ''); pandora_event ($conf, $event, $id_group, $id_agent, $severity, - $id_alert_agent_module, $id_agentmodule, $event_type, $event_status, $dbh, $source, $user_name, $comment, $id_extra, $tags, $c_instructions, $w_instructions, $u_instructions, $custom_data); + $id_alert_agent_module, $id_agentmodule, $event_type, $event_status, $dbh, $source, $user_name, safe_input($comment), $id_extra, $tags, $c_instructions, $w_instructions, $u_instructions, $custom_data); } } @@ -4329,7 +4329,7 @@ sub cli_add_event_comment() { my $current_comment = encode_utf8(pandora_get_event_comment($dbh, $id_event)); my $utimestamp = time (); - my @additional_comment = ({ comment => $comment, action => "Added comment", id_user => $id_user, utimestamp => $utimestamp}); + my @additional_comment = ({ comment => safe_input($comment), action => "Added comment", id_user => $id_user, utimestamp => $utimestamp}); print_log "[INFO] Adding event comment for event '$id_event'. \n\n";