From 681650c9002fe92b151687526099885af86a2b53 Mon Sep 17 00:00:00 2001
From: koichirok <koichiro@rworks.jp>
Date: Thu, 8 Dec 2011 02:32:52 +0000
Subject: [PATCH] 2011-12-08 Koichiro Kikuchi <koichiro@rworks.jp>
* extensions/snmp_explorer.php: Call io_safe_input() for
module name and description when creating module.
* include/functions_io.php: spaces to tabs.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5242 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
pandora_console/ChangeLog | 6 ++++++
pandora_console/extensions/snmp_explorer.php | 4 ++--
pandora_console/include/functions_io.php | 8 ++++----
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 1f13840e7b..2044ad9382 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,9 @@
+2011-12-08 Koichiro Kikuchi <koichiro@rworks.jp>
+
+ * extensions/snmp_explorer.php: Call io_safe_input() for
+ module name and description when creating module.
+ * include/functions_io.php: spaces to tabs.
+
2011-12-07 Sergio Martin <sergio.martin@artica.es>
* include/functions_groups.php
diff --git a/pandora_console/extensions/snmp_explorer.php b/pandora_console/extensions/snmp_explorer.php
index 7d2d0a48d3..fde30c632e 100755
--- a/pandora_console/extensions/snmp_explorer.php
+++ b/pandora_console/extensions/snmp_explorer.php
@@ -202,12 +202,12 @@ function snmp_explorer() {
$module_type = 15;
$values['id_tipo_modulo'] = $module_type;
- $values['descripcion'] = "(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value'];
+ $values['descripcion'] = io_safe_input("(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value']);
$values['snmp_oid'] = $oid;
$values['id_modulo'] = 2;
- $result = modules_create_agent_module ($id_agent, $name, $values);
+ $result = modules_create_agent_module ($id_agent, io_safe_input($name), $values);
if(is_error($result)) {
if(!isset($errors[$result])) {
diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php
index 2646c26368..ff5fb6c475 100755
--- a/pandora_console/include/functions_io.php
+++ b/pandora_console/include/functions_io.php
@@ -64,10 +64,10 @@ function io_safe_input($value) {
//Replace the character '\' for the equivalent html entitie
$valueHtmlEncode = str_replace('\\', "\", $valueHtmlEncode);
- // First attempt to avoid SQL Injection based on SQL comments
- // Specific for MySQL.
- $valueHtmlEncode = str_replace('/*', "/*", $valueHtmlEncode);
- $valueHtmlEncode = str_replace('*/', "*/", $valueHtmlEncode);
+ // First attempt to avoid SQL Injection based on SQL comments
+ // Specific for MySQL.
+ $valueHtmlEncode = str_replace('/*', "/*", $valueHtmlEncode);
+ $valueHtmlEncode = str_replace('*/', "*/", $valueHtmlEncode);
//Replace ( for the html entitie
$valueHtmlEncode = str_replace('(', "(", $valueHtmlEncode);