From 2c37ef4acbc8a3bf8498aa16a65454d7f76ec95f Mon Sep 17 00:00:00 2001
From: Luis Calvo <luis.calvo@artica.es>
Date: Fri, 20 Dec 2019 14:18:48 +0100
Subject: [PATCH] dbmanager blankspaces transparent to user

---
 pandora_console/extensions/dbmanager.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pandora_console/extensions/dbmanager.php b/pandora_console/extensions/dbmanager.php
index 546ee463fa..6d41459d90 100644
--- a/pandora_console/extensions/dbmanager.php
+++ b/pandora_console/extensions/dbmanager.php
@@ -22,6 +22,17 @@ function dbmanager_query($sql, &$error, $dbconnection)
     }
 
     $sql = html_entity_decode($sql, ENT_QUOTES);
+
+    // Extract the text in quotes to add html entities before query db.
+    $patttern = '/(?:"|\')+([^"\']*)(?:"|\')+/m';
+    $sql = preg_replace_callback(
+        $patttern,
+        function ($matches) {
+            return '"'.io_safe_input($matches[1]).'"';
+        },
+        $sql
+    );
+
     if ($config['mysqli']) {
         $result = mysqli_query($dbconnection, $sql);
         if ($result === false) {