tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2011-07-11 Ramon Novoa <rnovoa@artica.es> 

* include/functions_reporting.php,
	  operation/reporting/reporting_xml.php: Merged from 3.2 branch. Fixed
	  custom SQL reports.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4544 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2011-07-11 15:32:43 +00:00
parent 5ac0a20cab
commit 8bff091cfa
3 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/ChangeLog
View File

@ -1,3 +1,9 @@
2011-07-11 Ramon Novoa <rnovoa@artica.es>
* include/functions_reporting.php,
operation/reporting/reporting_xml.php: Merged from 3.2 branch. Fixed
custom SQL reports.
2011-07-11 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
* general/error_authconfig.php

8
pandora_console/include/functions_reporting.php
View File

@ -2517,18 +2517,18 @@ function reporting_render_report_html_item ($content, $table, $report, $mini = f
if ($content['treport_custom_sql_id'] != 0) {
switch ($config["dbtype"]) {
case "mysql":
$sql = io_safe_output_html (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
$sql = io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
break;
case "postgresql":
$sql = io_safe_output_html (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
$sql = io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
break;
case "oracle":
$sql = io_safe_output_html (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
$sql = io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
break;
}
}
else {
$sql = io_safe_output_html ($content['external_source']);
$sql = io_safe_output ($content['external_source']);
}
// Do a security check on SQL coming from the user

1
pandora_console/operation/reporting/reporting_xml.php
View File

@ -391,6 +391,7 @@ foreach ($contents as $content) {
$sql = $content['external_source'];
}
$sql = safe_output ($sql);
$result = db_get_all_rows_sql($sql);
if ($result === false) {
$result = array();