From 681650c9002fe92b151687526099885af86a2b53 Mon Sep 17 00:00:00 2001
From: koichirok <koichiro@rworks.jp>
Date: Thu, 8 Dec 2011 02:32:52 +0000
Subject: [PATCH] 2011-12-08  Koichiro Kikuchi <koichiro@rworks.jp>

	* extensions/snmp_explorer.php: Call io_safe_input() for
	 module name and description when creating module.
	* include/functions_io.php: spaces to tabs.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5242 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                    | 6 ++++++
 pandora_console/extensions/snmp_explorer.php | 4 ++--
 pandora_console/include/functions_io.php     | 8 ++++----
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 1f13840e7b..2044ad9382 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,9 @@
+2011-12-08  Koichiro Kikuchi <koichiro@rworks.jp>
+
+	* extensions/snmp_explorer.php: Call io_safe_input() for
+	 module name and description when creating module.
+	* include/functions_io.php: spaces to tabs.
+
 2011-12-07  Sergio Martin <sergio.martin@artica.es>
 
 	* include/functions_groups.php
diff --git a/pandora_console/extensions/snmp_explorer.php b/pandora_console/extensions/snmp_explorer.php
index 7d2d0a48d3..fde30c632e 100755
--- a/pandora_console/extensions/snmp_explorer.php
+++ b/pandora_console/extensions/snmp_explorer.php
@@ -202,12 +202,12 @@ function snmp_explorer() {
                     $module_type = 15;			
 			
 			    $values['id_tipo_modulo'] = $module_type;
-			    $values['descripcion'] = "(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value'];
+			    $values['descripcion'] = io_safe_input("(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value']);
 			
 			    $values['snmp_oid'] = $oid;
 			    $values['id_modulo'] = 2;
 						
-			    $result = modules_create_agent_module ($id_agent, $name, $values);
+			    $result = modules_create_agent_module ($id_agent, io_safe_input($name), $values);
 			    
 			    if(is_error($result)) {
 					if(!isset($errors[$result])) {
diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php
index 2646c26368..ff5fb6c475 100755
--- a/pandora_console/include/functions_io.php
+++ b/pandora_console/include/functions_io.php
@@ -64,10 +64,10 @@ function io_safe_input($value) {
 	//Replace the character '\' for the equivalent html entitie
 	$valueHtmlEncode = str_replace('\\', "&#92;", $valueHtmlEncode);
 
-    // First attempt to avoid SQL Injection based on SQL comments
-    // Specific for MySQL.
-    $valueHtmlEncode = str_replace('/*', "&#47;&#42;", $valueHtmlEncode);
-    $valueHtmlEncode = str_replace('*/', "&#42;&#47;", $valueHtmlEncode);
+	// First attempt to avoid SQL Injection based on SQL comments
+	// Specific for MySQL.
+	$valueHtmlEncode = str_replace('/*', "&#47;&#42;", $valueHtmlEncode);
+	$valueHtmlEncode = str_replace('*/', "&#42;&#47;", $valueHtmlEncode);
 	
 	//Replace ( for the html entitie
 	$valueHtmlEncode = str_replace('(', "&#40;", $valueHtmlEncode);