diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 0eea901ff4..bb3a6f7591 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,9 @@
+2011-07-11  Ramon Novoa  <rnovoa@artica.es>
+
+	* include/functions_reporting.php,
+	  operation/reporting/reporting_xml.php: Merged from 3.2 branch. Fixed
+	  custom SQL reports.
+
 2011-07-11 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
 
 	* general/error_authconfig.php
diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php
index 69f8003ebe..90439a9550 100644
--- a/pandora_console/include/functions_reporting.php
+++ b/pandora_console/include/functions_reporting.php
@@ -2517,18 +2517,18 @@ function reporting_render_report_html_item ($content, $table, $report, $mini = f
 			if ($content['treport_custom_sql_id'] != 0) {
 				switch ($config["dbtype"]) {
 					case "mysql":
-						$sql = io_safe_output_html (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
+						$sql = io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
 						break;
 					case "postgresql":
-						$sql = io_safe_output_html (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
+						$sql = io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
 						break;
 					case "oracle":
-						$sql = io_safe_output_html (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
+						$sql = io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id'])));
 						break;
 				}
 			}
 			else {
-				$sql = io_safe_output_html ($content['external_source']);
+				$sql = io_safe_output ($content['external_source']);
 			}
 
 			// Do a security check on SQL coming from the user
diff --git a/pandora_console/operation/reporting/reporting_xml.php b/pandora_console/operation/reporting/reporting_xml.php
index 80abf7bb0c..aaedd574b8 100644
--- a/pandora_console/operation/reporting/reporting_xml.php
+++ b/pandora_console/operation/reporting/reporting_xml.php
@@ -391,6 +391,7 @@ foreach ($contents as $content) {
 				$sql = $content['external_source'];
 			}
 			
+			$sql = safe_output ($sql);
 			$result = db_get_all_rows_sql($sql);
 			if ($result === false) {
 				$result = array();