tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

added safe_input to custom_fields - value while storing them in db

Browse Source 
Former-commit-id: e06e141883d87a7247a6426a75c03c7df6045e9b
This commit is contained in:
fbsanchez 2019-01-15 18:22:55 +01:00
parent a84db4d88f
commit 2e8e911ca7
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_server/lib/PandoraFMS/DataServer.pm
View File

@ -396,13 +396,13 @@ sub process_xml_data ($$$$$) {
# If it exists add the value to the agent # If it exists add the value to the agent
if (defined ($custom_field_info)) { if (defined ($custom_field_info)) {
my $cf_value = get_tag_value ($custom_field, 'value', ''); my $cf_value = safe_input(get_tag_value ($custom_field, 'value', ''));
my $field_agent; my $field_agent;
$field_agent->{'id_agent'} = $agent_id; $field_agent->{'id_agent'} = $agent_id;
$field_agent->{'id_field'} = $custom_field_info->{'id_field'}; $field_agent->{'id_field'} = $custom_field_info->{'id_field'};
$field_agent->{'description'} = safe_input($cf_value); $field_agent->{'description'} = $cf_value;
db_process_insert($dbh, 'id_field', 'tagent_custom_data', $field_agent); db_process_insert($dbh, 'id_field', 'tagent_custom_data', $field_agent);
} }
@ -482,7 +482,7 @@ sub process_xml_data ($$$$$) {
my $custom_field_data = get_db_single_row($dbh, 'SELECT * FROM tagent_custom_data WHERE id_field = ? AND id_agent = ?', my $custom_field_data = get_db_single_row($dbh, 'SELECT * FROM tagent_custom_data WHERE id_field = ? AND id_agent = ?',
$custom_field_info->{"id_field"}, $agent->{"id_agente"}); $custom_field_info->{"id_field"}, $agent->{"id_agente"});
my $cf_value = get_tag_value ($custom_field, 'value', ''); my $cf_value = safe_input(get_tag_value ($custom_field, 'value', ''));
#If not defined we must create if defined just updated #If not defined we must create if defined just updated
if(!defined($custom_field_data)) { if(!defined($custom_field_data)) {
@ -491,13 +491,13 @@ sub process_xml_data ($$$$$) {
$field_agent->{'id_agent'} = $agent_id; $field_agent->{'id_agent'} = $agent_id;
$field_agent->{'id_field'} = $custom_field_info->{'id_field'}; $field_agent->{'id_field'} = $custom_field_info->{'id_field'};
$field_agent->{'description'} = safe_input($cf_value); $field_agent->{'description'} = $cf_value;
db_process_insert($dbh, 'id_field', 'tagent_custom_data', $field_agent); db_process_insert($dbh, 'id_field', 'tagent_custom_data', $field_agent);
} else { } else {
db_update ($dbh, "UPDATE tagent_custom_data SET description = ? WHERE id_field = ? AND id_agent = ?", db_update ($dbh, "UPDATE tagent_custom_data SET description = ? WHERE id_field = ? AND id_agent = ?",
safe_input($cf_value), $custom_field_info->{"id_field"}, $agent->{'id_agente'}); $cf_value, $custom_field_info->{"id_field"}, $agent->{'id_agente'});
} }
} }
else { else {