Fixed with a 'work around' in io_safe_output for the SQL items in the reports.

pandora_console/include/functions_io.php

@@ -249,6 +249,54 @@ function io_safe_output($value, $utf8 = true)
 	return $valueHtmlEncode;
 }
 
+//----------------------------------------------------------
+// Work arround.
+// 
+// It is the function from 6.0 and it is used in this
+// part of code only.
+//----------------------------------------------------------
+function patched_io_safe_output($value, $utf8 = true) {
+	if (is_numeric($value))
+		return $value;
+	
+	if (is_array($value)) {
+		array_walk($value, "io_safe_output_array");
+		
+		return $value;
+	}
+	
+	if (! mb_check_encoding ($value, 'UTF-8'))
+		$value = utf8_encode ($value);
+	
+	//Replace the html entitie of ( for the char
+	$value = str_replace("(", '(', $value);
+	
+	//Replace the html entitie of ) for the char
+	$value = str_replace(")", ')', $value);
+	
+	//Replace the html entitie of < for the char
+	$value = str_replace("&lt;", '<', $value);
+	
+	//Replace the html entitie of > for the char
+	$value = str_replace("&gt;", '>', $value);
+	
+	//Revert html entities to chars
+	for ($i = 0; $i < 33; $i++) {
+		$value = str_ireplace("&#x" . dechex($i) . ";",
+			io_html_to_ascii(dechex($i)), $value);
+	}
+	
+	if ($utf8) {
+		$value =  html_entity_decode ($value, ENT_QUOTES, "UTF-8");
+	}
+	else {
+		$value =  html_entity_decode ($value, ENT_QUOTES);
+	}
+	
+	return $value;
+}
+//----------------------------------------------------------
+
 /**
  * Convert the $value encode in html entity to clear char string. This function 
  * should be called always to "clean" HTML encoded data; to render to a text

pandora_console/include/functions_reporting.php

@@ -4645,21 +4645,23 @@ function reporting_render_report_html_item ($content, $table, $report, $mini = f
 				$table2->head = explode('|', $content['header_definition']);
 			}
 			
+			
+			
 			if ($content['treport_custom_sql_id'] != 0) {
 				switch ($config["dbtype"]) {
 					case "mysql":
-						$sql = io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
+						$sql = patched_io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
 						break;
 					case "postgresql":
-						$sql = io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
+						$sql = patched_io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
 						break;
 					case "oracle":
-						$sql = io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
+						$sql = patched_io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
 						break;
 				}
 			}
 			else {
-				$sql = io_safe_output ($content['external_source']);
+				$sql = patched_io_safe_output ($content['external_source']);
 			}
 			
 			// Do a security check on SQL coming from the user

pandora_console/operation/reporting/reporting_xml.php

@@ -698,7 +698,7 @@ foreach ($contents as $content) {
 				$sql = $content['external_source'];
 			}
 			
-			$sql = safe_output ($sql);
+			$sql = patched_io_safe_output($sql);
 			$result = db_get_all_rows_sql($sql);
 			if ($result === false) {
 				$result = array();