diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index a51f9d8b25..31bb40861d 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -249,6 +249,54 @@ function io_safe_output($value, $utf8 = true) return $valueHtmlEncode; } +//---------------------------------------------------------- +// Work arround. +// +// It is the function from 6.0 and it is used in this +// part of code only. +//---------------------------------------------------------- +function patched_io_safe_output($value, $utf8 = true) { + if (is_numeric($value)) + return $value; + + if (is_array($value)) { + array_walk($value, "io_safe_output_array"); + + return $value; + } + + if (! mb_check_encoding ($value, 'UTF-8')) + $value = utf8_encode ($value); + + //Replace the html entitie of ( for the char + $value = str_replace("(", '(', $value); + + //Replace the html entitie of ) for the char + $value = str_replace(")", ')', $value); + + //Replace the html entitie of < for the char + $value = str_replace("<", '<', $value); + + //Replace the html entitie of > for the char + $value = str_replace(">", '>', $value); + + //Revert html entities to chars + for ($i = 0; $i < 33; $i++) { + $value = str_ireplace("&#x" . dechex($i) . ";", + io_html_to_ascii(dechex($i)), $value); + } + + if ($utf8) { + $value = html_entity_decode ($value, ENT_QUOTES, "UTF-8"); + } + else { + $value = html_entity_decode ($value, ENT_QUOTES); + } + + return $value; +} +//---------------------------------------------------------- + /** * Convert the $value encode in html entity to clear char string. This function * should be called always to "clean" HTML encoded data; to render to a text diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php index b664a60340..eed9e742cb 100644 --- a/pandora_console/include/functions_reporting.php +++ b/pandora_console/include/functions_reporting.php @@ -4635,7 +4635,7 @@ function reporting_render_report_html_item ($content, $table, $report, $mini = f } $table->colspan[$next_row][0] = 3; - + $table2->class = 'databox'; $table2->width = '100%'; @@ -4645,21 +4645,23 @@ function reporting_render_report_html_item ($content, $table, $report, $mini = f $table2->head = explode('|', $content['header_definition']); } + + if ($content['treport_custom_sql_id'] != 0) { switch ($config["dbtype"]) { case "mysql": - $sql = io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); + $sql = patched_io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); break; case "postgresql": - $sql = io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); + $sql = patched_io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); break; case "oracle": - $sql = io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); + $sql = patched_io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); break; } } else { - $sql = io_safe_output ($content['external_source']); + $sql = patched_io_safe_output ($content['external_source']); } // Do a security check on SQL coming from the user diff --git a/pandora_console/operation/reporting/reporting_xml.php b/pandora_console/operation/reporting/reporting_xml.php index 72c70f9f94..4454a8bace 100644 --- a/pandora_console/operation/reporting/reporting_xml.php +++ b/pandora_console/operation/reporting/reporting_xml.php @@ -698,7 +698,7 @@ foreach ($contents as $content) { $sql = $content['external_source']; } - $sql = safe_output ($sql); + $sql = patched_io_safe_output($sql); $result = db_get_all_rows_sql($sql); if ($result === false) { $result = array();