From b9e3c70374af00eced0bf9dff342c124e801a02b Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Tue, 18 Feb 2020 11:25:45 +0100
Subject: [PATCH 1/3] fix bug when saving netflow filters

---
 pandora_console/include/functions_netflow.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php
index 9aa8a25d49..95e74fcfde 100644
--- a/pandora_console/include/functions_netflow.php
+++ b/pandora_console/include/functions_netflow.php
@@ -1015,7 +1015,7 @@ function netflow_get_filter_arguments($filter)
     }
 
     if ($filter_args != '') {
-        $filter_args = escapeshellarg($filter_args);
+        $filter_args = io_safe_input(escapeshellarg($filter_args));
     }
 
     return $filter_args;

From e0a159736c9e0c8366c547f631eb9803cc5cf1fc Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Fri, 21 Feb 2020 10:50:56 +0100
Subject: [PATCH 2/3] safe output to string with entities

---
 pandora_console/include/functions_netflow.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php
index 95e74fcfde..ada2e98398 100644
--- a/pandora_console/include/functions_netflow.php
+++ b/pandora_console/include/functions_netflow.php
@@ -1673,7 +1673,7 @@ function netflow_get_top_data(
     // Get the command to call nfdump.
     $agg_command = sprintf(
         '%s -q -o csv -n %s -s %s/bytes -t %s-%s',
-        netflow_get_command($filter),
+        io_safe_output(netflow_get_command($filter)),
         $max,
         $aggregate,
         date($nfdump_date_format, $start_date),

From 0a1dd6fe24ee8da1a9692225be27e2014a05bf7a Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Fri, 21 Feb 2020 13:01:47 +0100
Subject: [PATCH 3/3] fix save of filters

---
 pandora_console/include/functions_netflow.php      | 4 ++--
 pandora_console/operation/netflow/nf_live_view.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php
index ada2e98398..3d44f1ef7f 100644
--- a/pandora_console/include/functions_netflow.php
+++ b/pandora_console/include/functions_netflow.php
@@ -903,7 +903,7 @@ function netflow_get_command($filter)
  *
  * @return string Command line argument string.
  */
-function netflow_get_filter_arguments($filter)
+function netflow_get_filter_arguments($filter, $safe_input=false)
 {
     // Advanced filter.
     $filter_args = '';
@@ -1015,7 +1015,7 @@ function netflow_get_filter_arguments($filter)
     }
 
     if ($filter_args != '') {
-        $filter_args = io_safe_input(escapeshellarg($filter_args));
+        $filter_args = ($safe_input === true) ? io_safe_input(escapeshellarg($filter_args)) : escapeshellarg($filter_args);
     }
 
     return $filter_args;
diff --git a/pandora_console/operation/netflow/nf_live_view.php b/pandora_console/operation/netflow/nf_live_view.php
index ff942ddc3c..39cb2e3fcf 100644
--- a/pandora_console/operation/netflow/nf_live_view.php
+++ b/pandora_console/operation/netflow/nf_live_view.php
@@ -154,7 +154,7 @@ if (!is_metaconsole()) {
 // Save user defined filter.
 if ($save != '' && check_acl($config['id_user'], 0, 'AW')) {
     // Save filter args.
-    $filter['filter_args'] = netflow_get_filter_arguments($filter);
+    $filter['filter_args'] = netflow_get_filter_arguments($filter, true);
 
     $filter_id = db_process_sql_insert('tnetflow_filter', $filter);
     if ($filter_id === false) {
@@ -171,7 +171,7 @@ if ($save != '' && check_acl($config['id_user'], 0, 'AW')) {
     unset($filter_copy['id_group']);
 
     // Save filter args.
-    $filter_copy['filter_args'] = netflow_get_filter_arguments($filter_copy);
+    $filter_copy['filter_args'] = netflow_get_filter_arguments($filter_copy, true);
 
     $result = db_process_sql_update(
         'tnetflow_filter',