2011-02-08 Sergio Martin <sergio.martin@artica.es>

* lib/PandoraFMS/Tools.pm
	util/pandora_recode_db.pl: Added characters to translate
	to html entities into safe_input and safe_output. Clean
	repeated code into recode script.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3812 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_server/ChangeLog

@@ -1,3 +1,10 @@
+2011-02-08  Sergio Martin <sergio.martin@artica.es>
+
+	* lib/PandoraFMS/Tools.pm
+	util/pandora_recode_db.pl: Added characters to translate
+	to html entities into safe_input and safe_output. Clean
+	repeated code into recode script.
+
 2011-02-08  Junichi Satoh <junichi@rworks.jp>
 
 	* util/pandora_manage.pl: Fixed invalid module id with creation of

pandora_server/lib/PandoraFMS/Tools.pm

@@ -107,6 +107,15 @@ sub safe_input($) {
 		my $hex = ascii_to_html($i);
 		$value =~ s/$pattern/$hex/gi;		
 	}
+
+	#//Replace characteres for tildes and others
+	my $trans = get_html_entities();
+	
+	foreach(keys(%$trans))
+	{
+		my $pattern = chr($_);
+		$value =~ s/$pattern/$trans->{$_}/gi;
+	}
 	
 	return $value;
 }
@@ -139,10 +148,54 @@ sub safe_output($) {
 		my $hex = ascii_to_html($i);
 		$value =~ s/$hex/$pattern/gi;		
 	}
+		
+	#//Replace characteres for tildes and others
+	my $trans = get_html_entities();
+	
+	foreach(keys(%$trans))
+	{
+		my $pattern = chr($_);
+		$value =~ s/$trans->{$_}/$pattern/gi;
+	}
 	
 	return $value;
 }
 
+##########################################################################
+# SUB get_html_entities
+# Returns a hash table with the acute and special html entities
+# Usefull for future chars addition:
+# http://cpansearch.perl.org/src/GAAS/HTML-Parser-3.68/lib/HTML/Entities.pm
+##########################################################################
+
+sub get_html_entities {
+	my %trans = (
+		225 => 'á',
+		233 => 'é', 
+		237 => 'í',
+		243 => 'ó',
+		250 => 'ú',
+		193 => 'Á',
+		201 => 'É', 
+		205 => 'Í',
+		211 => 'Ó',
+		218 => 'Ú',
+		228 => 'ä',
+		235 => 'ë',
+		239 => 'ï',
+		246 => 'ö',
+		252 => 'ü',
+		196 => 'Ä',
+		203 => 'Ë',
+		207 => 'Ï',
+		214 => 'Ö',
+		220 => 'Ü',
+		241 => 'ñ',
+		209 => 'Ñ'
+	);
+	
+	return \%trans;
+}
 ##########################################################################
 # SUB ascii_to_html (string)
 # Convert an ascii string to hexadecimal

pandora_server/util/pandora_recode_db.pl

@@ -150,37 +150,6 @@ sub help_screen{
 	exit;
 }
 
-##########################################################################
-## Convert the $value encode in html entity to clear char string.
-##########################################################################
-sub safe_input($) {
-        my $value = shift;
-
-        $value = encode_entities ($value, "'<>&");
-
-        #//Replace the character '\' for the equivalent html entitie
-        $value =~ s/\\/&#92;/gi;
-
-    #// First attempt to avoid SQL Injection based on SQL comments
-    #// Specific for MySQL.
-        $value =~ s/\/\*/&#47;&#42;/gi;
-        $value =~ s/\*\//&#42;&#47;/gi;
-
-        #//Replace ( for the html entitie
-        $value =~ s/\(/&#40;/gi;
-
-        #//Replace ( for the html entitie
-        $value =~ s/\)/&#41;/gi;
-
-        #//Replace some characteres for html entities
-        for (my $i=0;$i<33;$i++) {
-                my $pattern = chr($i);
-                my $hex = ascii_to_html($i);
-                $value =~ s/$pattern/$hex/gi;
-        }
-
-        return $value;
-}
 
 ##########################################################################
 # SUB ascii_to_html (string)