From beb6e11fb1792ae6bd764a95c915cf7e0af58855 Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Mon, 11 Jul 2011 15:32:43 +0000 Subject: [PATCH] 2011-07-11 Ramon Novoa * include/functions_reporting.php, operation/reporting/reporting_xml.php: Merged from 3.2 branch. Fixed custom SQL reports. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4544 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 6 ++++++ pandora_console/include/functions_reporting.php | 8 ++++---- pandora_console/operation/reporting/reporting_xml.php | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 0eea901ff4..bb3a6f7591 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,9 @@ +2011-07-11 Ramon Novoa + + * include/functions_reporting.php, + operation/reporting/reporting_xml.php: Merged from 3.2 branch. Fixed + custom SQL reports. + 2011-07-11 Juan Manuel Ramon * general/error_authconfig.php diff --git a/pandora_console/include/functions_reporting.php b/pandora_console/include/functions_reporting.php index 69f8003ebe..90439a9550 100644 --- a/pandora_console/include/functions_reporting.php +++ b/pandora_console/include/functions_reporting.php @@ -2517,18 +2517,18 @@ function reporting_render_report_html_item ($content, $table, $report, $mini = f if ($content['treport_custom_sql_id'] != 0) { switch ($config["dbtype"]) { case "mysql": - $sql = io_safe_output_html (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); + $sql = io_safe_output (db_get_value_filter('`sql`', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); break; case "postgresql": - $sql = io_safe_output_html (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); + $sql = io_safe_output (db_get_value_filter('"sql"', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); break; case "oracle": - $sql = io_safe_output_html (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); + $sql = io_safe_output (db_get_value_filter('sql', 'treport_custom_sql', array('id' => $content['treport_custom_sql_id']))); break; } } else { - $sql = io_safe_output_html ($content['external_source']); + $sql = io_safe_output ($content['external_source']); } // Do a security check on SQL coming from the user diff --git a/pandora_console/operation/reporting/reporting_xml.php b/pandora_console/operation/reporting/reporting_xml.php index 80abf7bb0c..aaedd574b8 100644 --- a/pandora_console/operation/reporting/reporting_xml.php +++ b/pandora_console/operation/reporting/reporting_xml.php @@ -391,6 +391,7 @@ foreach ($contents as $content) { $sql = $content['external_source']; } + $sql = safe_output ($sql); $result = db_get_all_rows_sql($sql); if ($result === false) { $result = array();