added safe_input to custom_fields - value while storing them in db

Former-commit-id: e06e141883d87a7247a6426a75c03c7df6045e9b
2019-01-15 18:22:55 +01:00 · 2019-01-15 18:22:55 +01:00 · 2e8e911ca7
parent a84db4d88f
commit 2e8e911ca7
1 changed files with 5 additions and 5 deletions
--- a/pandora_server/lib/PandoraFMS/DataServer.pm
+++ b/pandora_server/lib/PandoraFMS/DataServer.pm
@ -396,13 +396,13 @@ sub process_xml_data ($$$$$) {
 					
 					# If it exists add the value to the agent
 					if (defined ($custom_field_info)) {
-						my $cf_value = get_tag_value ($custom_field, 'value', '');
+						my $cf_value = safe_input(get_tag_value ($custom_field, 'value', ''));

 						my $field_agent;
 						
 						$field_agent->{'id_agent'} = $agent_id;
 						$field_agent->{'id_field'} = $custom_field_info->{'id_field'};
-						$field_agent->{'description'} = safe_input($cf_value);
+						$field_agent->{'description'} = $cf_value;
 						
 						db_process_insert($dbh, 'id_field', 'tagent_custom_data', $field_agent);
 					}
@ -482,7 +482,7 @@ sub process_xml_data ($$$$$) {
 						my $custom_field_data = get_db_single_row($dbh, 'SELECT * FROM tagent_custom_data WHERE id_field = ? AND id_agent = ?',
 											$custom_field_info->{"id_field"}, $agent->{"id_agente"});

-                                                my $cf_value = get_tag_value ($custom_field, 'value', '');
+                                                my $cf_value = safe_input(get_tag_value ($custom_field, 'value', ''));

 						#If not defined we must create if defined just updated
 						if(!defined($custom_field_data)) {
@ -491,13 +491,13 @@ sub process_xml_data ($$$$$) {

 	                                                $field_agent->{'id_agent'} = $agent_id;
 	                                                $field_agent->{'id_field'} = $custom_field_info->{'id_field'};
-	                                                $field_agent->{'description'} = safe_input($cf_value);
+	                                                $field_agent->{'description'} = $cf_value;

        	                                        db_process_insert($dbh, 'id_field', 'tagent_custom_data', $field_agent);
 						} else {
 							
 							db_update ($dbh, "UPDATE tagent_custom_data SET description = ? WHERE id_field = ? AND id_agent = ?",
-									safe_input($cf_value), $custom_field_info->{"id_field"}, $agent->{'id_agente'});
+									$cf_value, $custom_field_info->{"id_field"}, $agent->{'id_agente'});
 						}
                                        }
                                        else {