From 7160564d65256c21e9b47a9ce2de2c5db91024b6 Mon Sep 17 00:00:00 2001
From: zarzuelo <zarzuelo@gmail.com>
Date: Tue, 8 Feb 2011 16:38:38 +0000
Subject: [PATCH] 2011-02-08 Sergio Martin <sergio.martin@artica.es>
* lib/PandoraFMS/Tools.pm
util/pandora_recode_db.pl: Added characters to translate
to html entities into safe_input and safe_output. Clean
repeated code into recode script.
git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3812 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
pandora_server/ChangeLog | 7 ++++
pandora_server/lib/PandoraFMS/Tools.pm | 53 ++++++++++++++++++++++++
pandora_server/util/pandora_recode_db.pl | 31 --------------
3 files changed, 60 insertions(+), 31 deletions(-)
diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog
index 6db9fb90d2..2935ded782 100644
--- a/pandora_server/ChangeLog
+++ b/pandora_server/ChangeLog
@@ -1,3 +1,10 @@
+2011-02-08 Sergio Martin <sergio.martin@artica.es>
+
+ * lib/PandoraFMS/Tools.pm
+ util/pandora_recode_db.pl: Added characters to translate
+ to html entities into safe_input and safe_output. Clean
+ repeated code into recode script.
+
2011-02-08 Junichi Satoh <junichi@rworks.jp>
* util/pandora_manage.pl: Fixed invalid module id with creation of
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index 5c3f64673b..2748dcc14b 100644
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -107,6 +107,15 @@ sub safe_input($) {
my $hex = ascii_to_html($i);
$value =~ s/$pattern/$hex/gi;
}
+
+ #//Replace characteres for tildes and others
+ my $trans = get_html_entities();
+
+ foreach(keys(%$trans))
+ {
+ my $pattern = chr($_);
+ $value =~ s/$pattern/$trans->{$_}/gi;
+ }
return $value;
}
@@ -139,10 +148,54 @@ sub safe_output($) {
my $hex = ascii_to_html($i);
$value =~ s/$hex/$pattern/gi;
}
+
+ #//Replace characteres for tildes and others
+ my $trans = get_html_entities();
+
+ foreach(keys(%$trans))
+ {
+ my $pattern = chr($_);
+ $value =~ s/$trans->{$_}/$pattern/gi;
+ }
return $value;
}
+##########################################################################
+# SUB get_html_entities
+# Returns a hash table with the acute and special html entities
+# Usefull for future chars addition:
+# http://cpansearch.perl.org/src/GAAS/HTML-Parser-3.68/lib/HTML/Entities.pm
+##########################################################################
+
+sub get_html_entities {
+ my %trans = (
+ 225 => 'á',
+ 233 => 'é',
+ 237 => 'í',
+ 243 => 'ó',
+ 250 => 'ú',
+ 193 => 'Á',
+ 201 => 'É',
+ 205 => 'Í',
+ 211 => 'Ó',
+ 218 => 'Ú',
+ 228 => 'ä',
+ 235 => 'ë',
+ 239 => 'ï',
+ 246 => 'ö',
+ 252 => 'ü',
+ 196 => 'Ä',
+ 203 => 'Ë',
+ 207 => 'Ï',
+ 214 => 'Ö',
+ 220 => 'Ü',
+ 241 => 'ñ',
+ 209 => 'Ñ'
+ );
+
+ return \%trans;
+}
##########################################################################
# SUB ascii_to_html (string)
# Convert an ascii string to hexadecimal
diff --git a/pandora_server/util/pandora_recode_db.pl b/pandora_server/util/pandora_recode_db.pl
index ab7d6b20cd..9be77270ae 100755
--- a/pandora_server/util/pandora_recode_db.pl
+++ b/pandora_server/util/pandora_recode_db.pl
@@ -150,37 +150,6 @@ sub help_screen{
exit;
}
-##########################################################################
-## Convert the $value encode in html entity to clear char string.
-##########################################################################
-sub safe_input($) {
- my $value = shift;
-
- $value = encode_entities ($value, "'<>&");
-
- #//Replace the character '\' for the equivalent html entitie
- $value =~ s/\\/\/gi;
-
- #// First attempt to avoid SQL Injection based on SQL comments
- #// Specific for MySQL.
- $value =~ s/\/\*//*/gi;
- $value =~ s/\*\//*//gi;
-
- #//Replace ( for the html entitie
- $value =~ s/\(/(/gi;
-
- #//Replace ( for the html entitie
- $value =~ s/\)/)/gi;
-
- #//Replace some characteres for html entities
- for (my $i=0;$i<33;$i++) {
- my $pattern = chr($i);
- my $hex = ascii_to_html($i);
- $value =~ s/$pattern/$hex/gi;
- }
-
- return $value;
-}
##########################################################################
# SUB ascii_to_html (string)