From 71bfc77059ad206d329e5a2db946bf558e198ef7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Su=C3=A1rez?= <felix.suarez@pandorafms.com>
Date: Thu, 25 Apr 2024 10:54:18 -0600
Subject: [PATCH] Safe Input on OS Name

---
 pandora_console/extras/mr/69.sql      | 2 ++
 pandora_console/pandoradb_data.sql    | 2 +-
 pandora_server/util/pandora_manage.pl | 4 ++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/pandora_console/extras/mr/69.sql b/pandora_console/extras/mr/69.sql
index eb381781ca..6a57426d77 100644
--- a/pandora_console/extras/mr/69.sql
+++ b/pandora_console/extras/mr/69.sql
@@ -7769,4 +7769,6 @@ UPDATE `tdiscovery_apps` SET `version` = '1.5' WHERE `short_name` = 'pandorafms.
 -- Delete Create incident from event, from tevent_response
 DELETE FROM tevent_response	WHERE name = 'Create&#x20;incident&#x20;from&#x20;event';
 
+UPDATE tconfig_os SET `name` = 'Web&#x20;Server' WHERE `id_os` = 12;
+
 COMMIT;
\ No newline at end of file
diff --git a/pandora_console/pandoradb_data.sql b/pandora_console/pandoradb_data.sql
index d76f65b3f8..8a1135b4b2 100644
--- a/pandora_console/pandoradb_data.sql
+++ b/pandora_console/pandoradb_data.sql
@@ -176,7 +176,7 @@ INSERT INTO `tconfig_os` (`id_os`, `name`, `description`, `icon_name`, `previous
 (9,'Windows','Microsoft Windows OS','windows@os.svg', ''),
 (10,'Other','Other SO','other-OS@os.svg', ''),
 (11,'Network','Network Agent','network-server@os.svg', ''),
-(12,'Web Server','Web Server/Application','network-server@os.svg', ''),
+(12,'Web&#x20;Server','Web Server/Application','network-server@os.svg', ''),
 (13,'Sensor','Hardware Agent (Sensor)','network-server@os.svg', ''),
 (14,'Embedded','Embedded device running an agent','embedded@os.svg', ''),
 (15,'Android','Android agent','android@os.svg', ''),
diff --git a/pandora_server/util/pandora_manage.pl b/pandora_server/util/pandora_manage.pl
index 5bcdac301e..a2dce9da65 100755
--- a/pandora_server/util/pandora_manage.pl
+++ b/pandora_server/util/pandora_manage.pl
@@ -5772,8 +5772,8 @@ sub cli_get_agents() {
 	}
 	
 	if($os_name ne '') {
-		$id_os = get_os_id($dbh, $os_name);
-		exist_check($id_os,'operative system',$os_name);
+		$id_os = get_os_id($dbh, safe_input($os_name));
+		exist_check($id_os,'operative system', $os_name);
 		
 		$condition .= " AND id_os = $id_os ";
 	}