diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index d10afeb40b..2b763907a7 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,12 @@ +2011-02-17 Miguel de Dios + + * operation/agentes/estado_agente.php: fixed the re-apply the safe_input in + the search. + + Fixes: #3184647 + + * include/functions_db.php: cleaned source code style. + 2011-02-17 Ramon Novoa * include/functions.php: Hide custom SQL reports from non PM users diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index 8a3c96159d..cc877d67ae 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -605,6 +605,7 @@ function get_group_agents ($id_group = 0, $search = false, $case = "lower", $noA } $sql = sprintf ("SELECT id_agente, nombre FROM tagente %s ORDER BY nombre", $search_sql); + $result = get_db_all_rows_sql ($sql); if ($result === false) @@ -613,14 +614,15 @@ function get_group_agents ($id_group = 0, $search = false, $case = "lower", $noA $agents = array (); foreach ($result as $row) { switch ($case) { - case "lower": - $agents[$row["id_agente"]] = mb_strtolower ($row["nombre"], "UTF-8"); - break; - case "upper": - $agents[$row["id_agente"]] = mb_strtoupper ($row["nombre"], "UTF-8"); - break; - default: - $agents[$row["id_agente"]] = $row["nombre"]; + case "lower": + $agents[$row["id_agente"]] = mb_strtolower ($row["nombre"], "UTF-8"); + break; + case "upper": + $agents[$row["id_agente"]] = mb_strtoupper ($row["nombre"], "UTF-8"); + break; + default: + $agents[$row["id_agente"]] = $row["nombre"]; + break; } } return ($agents); diff --git a/pandora_console/operation/agentes/estado_agente.php b/pandora_console/operation/agentes/estado_agente.php index eab6d2e103..2acbbdf267 100644 --- a/pandora_console/operation/agentes/estado_agente.php +++ b/pandora_console/operation/agentes/estado_agente.php @@ -82,7 +82,7 @@ if (is_ajax ()) { // Take some parameters (GET) $group_id = (int) get_parameter ("group_id", 0); -$search = get_parameter ("search", ""); +$search = safe_output(get_parameter ("search", "")); $offset = get_parameter('offset', 0); $refr = get_parameter('refr', 0); @@ -113,7 +113,7 @@ print_submit_button (__('Search'), "srcbutton", '', array ("class" => "sub searc echo ' '; if ($search != ""){ - $filter = array ("string" => '%'.$search.'%'); + $filter = array ("string" => '%' . $search . '%'); } else { $filter = array (); @@ -215,11 +215,13 @@ switch ($sortField) { if ($group_id > 0) { $groups = $group_id; $agent_names = get_group_agents ($group_id, $filter, "upper"); -// Not selected any specific group -} else { - $user_group = get_user_groups ($config["id_user"], "AR"); - $groups = array_keys ($user_group); - $agent_names = get_group_agents (array_keys ($user_group), $filter, "upper"); +} +else { + // Not selected any specific group + + $user_group = get_user_groups($config["id_user"], "AR"); + $groups = array_keys($user_group); + $agent_names = get_group_agents(array_keys ($user_group), $filter, "upper"); } $total_agents = 0;