From 2c98cf8fe08614295e5bb761eac3f8770d883ef7 Mon Sep 17 00:00:00 2001
From: zarzuelo <zarzuelo@gmail.com>
Date: Wed, 21 Sep 2011 10:18:22 +0000
Subject: [PATCH] 2011-09-21  Sergio Martin <sergio.martin@artica.es>

	* operation/events/events_list.php
	operation/events/events.php: Fixed entities in free search
	filter of the events viewer when click an event name for
	bug 3411533



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4976 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                        |  7 +++++++
 pandora_console/operation/events/events.php      | 11 ++++++-----
 pandora_console/operation/events/events_list.php |  6 +++---
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 8087f2f4ef..0d36ddb0f9 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,10 @@
+2011-09-21  Sergio Martin <sergio.martin@artica.es>
+
+	* operation/events/events_list.php
+	operation/events/events.php: Fixed entities in free search 
+	filter of the events viewer when click an event name for
+	bug 3411533
+
 2011-09-21  Junichi Satoh  <junichi@rworks.jp>
 
 	* include/javascript/jquery.pandora.controls.js: Fixed disabled agents
diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php
index 3a904d00e6..90e6d965a1 100644
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@@ -168,13 +168,14 @@ $validate = (bool) get_parameter ("validate", 0);
 $section = (string) get_parameter ("section", "list");
 $text_agent = (string)get_parameter('text_agent', __("All"));
 
-$search = preg_replace ("/&([A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "%", rawurldecode (get_parameter ("search")));
-$groups = users_get_groups ($config["id_user"], "IR");
+$search = io_safe_output(preg_replace ("/&([A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&", rawurldecode (get_parameter ("search"))));
+
+users_get_groups ($config["id_user"], "IR");
 
 $ids = (array) get_parameter ("eventid", -1);
 
 $url = "index.php?sec=eventos&amp;sec2=operation/events/events&amp;search=" .
-	rawurlencode($search) . "&amp;event_type=" . $event_type .
+	io_safe_input($search) . "&amp;event_type=" . $event_type .
 	"&amp;severity=" . $severity . "&amp;status=" . $status . "&amp;ev_group=" .
 	$ev_group . "&amp;refr=" . $config["refr"] . "&amp;id_agent=" .
 	$id_agent . "&amp;id_event=" . $id_event . "&amp;pagination=" .
@@ -192,14 +193,14 @@ if ($config["pure"] == 0) {
 				html_print_image("images/fullscreen.png", true, array ("title" => __('Full screen'))) .'</a>'),
 		'rss' => array('active' => false,
 			'text' => '<a href="operation/events/events_rss.php?user=' . $config['id_user'] . '&hashup=' . $hashup . 
-				'&text_agent=' . $text_agent . '&ev_group='.$ev_group.'&amp;event_type='.$event_type.'&amp;search='.rawurlencode ($search).'&amp;severity='.$severity.'&amp;status='.$status.'&amp;event_view_hr='.$event_view_hr.'&amp;id_agent='.$id_agent.'">' . 
+				'&text_agent=' . $text_agent . '&ev_group='.$ev_group.'&amp;event_type='.$event_type.'&amp;search='.io_safe_input($search).'&amp;severity='.$severity.'&amp;status='.$status.'&amp;event_view_hr='.$event_view_hr.'&amp;id_agent='.$id_agent.'">' . 
 				html_print_image("images/rss.png", true, array ("title" => __('RSS Events'))) .'</a>'),
 		'marquee' => array('active' => false,
 			'text' => '<a href="operation/events/events_marquee.php">' . 
 				html_print_image("images/heart.png", true, array ("title" => __('Marquee display'))) .'</a>'),
 		'csv' => array('active' => false,
 			'text' => '<a href="operation/events/export_csv.php?ev_group=' . $ev_group . 
-				'&text_agent=' . $text_agent . '&amp;event_type='.$event_type.'&amp;search='.rawurlencode ($search).'&amp;severity='.$severity.'&amp;status='.$status.'&amp;event_view_hr='.$event_view_hr.'&amp;id_agent='.$id_agent.'">' . 
+				'&text_agent=' . $text_agent . '&amp;event_type='.$event_type.'&amp;search='.io_safe_input($search).'&amp;severity='.$severity.'&amp;status='.$status.'&amp;event_view_hr='.$event_view_hr.'&amp;id_agent='.$id_agent.'">' . 
 				html_print_image("images/disk.png", true, array ("title" => __('Export to CSV file'))) .'</a>'),
 		'sound_event' => array('active' => false,
 			'text' => '<a href="javascript: openSoundEventWindow();">' . html_print_image('images/music_note.png', true, array('title' => __('Sound events'))) . '</a>')
diff --git a/pandora_console/operation/events/events_list.php b/pandora_console/operation/events/events_list.php
index bdf731d9d7..ecc00ff1ae 100644
--- a/pandora_console/operation/events/events_list.php
+++ b/pandora_console/operation/events/events_list.php
@@ -140,7 +140,7 @@ if ($tag != "") {
 }
 
 $url = "index.php?sec=eventos&amp;sec2=operation/events/events&amp;search=" .
-	rawurlencode($search) . "&amp;event_type=" . $event_type .
+	rawurlencode(io_safe_input($search)) . "&amp;event_type=" . $event_type .
 	"&amp;severity=" . $severity . "&amp;status=" . $status . "&amp;ev_group=" .
 	$ev_group . "&amp;refr=" . $config["refr"] . "&amp;id_agent=" .
 	$id_agent . "&amp;id_event=" . $id_event . "&amp;pagination=" .
@@ -194,7 +194,7 @@ echo "</td></tr><tr>";
 
 // Free search
 echo "<td>".__('Free search')."</td><td>";
-html_print_input_text ('search', $search, '', 15);
+html_print_input_text ('search', io_safe_output($search), '', 15);
 echo '</td>';
 
 //Agent search
@@ -452,7 +452,7 @@ foreach ($result as $event) {
 	
 	// Event description
 	$data[1] = '<span title="'.$event["evento"].'" class="f9">';
-	$data[1] .= '<a href="'.$url.'&amp;group_rep=0&amp;offset=0&amp;pure='.$config["pure"].'&amp;search='.rawurlencode ($event["evento"]).'">';
+	$data[1] .= '<a href="'.$url.'&amp;group_rep=0&amp;offset=0&amp;pure='.$config["pure"].'&amp;search='.rawurlencode(io_safe_input($event["evento"])).'">';
 	$data[1] .= '<span style="font-size: 7.5pt; color: #000000">' . io_safe_output($event["evento"]) . '</span>';
 	$data[1] .= '</a></span>';