2013-10-28 Sergio Martin <sergio.martin@artica.es>

* lib/PandoraFMS/Tools.pm: Added exeptions in safe_input
	and safe_output to avoid differences with the console condification
	with single and double quotes. Incident #309
	Merged from 4.1



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8967 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_server/ChangeLog

@@ -1,3 +1,10 @@
+2013-10-28  Sergio Martin <sergio.martin@artica.es>
+
+	* lib/PandoraFMS/Tools.pm: Added exeptions in safe_input
+	and safe_output to avoid differences with the console condification
+	with single and double quotes. Incident #309
+	Merged from 4.1
+
 2013-10-28 Hirofumi Kosaka <kosaka@rworks.jp>
 
 	* lib/PandoraFMS/Core.pm: Added _timezone_ alert macro.

pandora_server/lib/PandoraFMS/Tools.pm

@@ -97,7 +97,7 @@ sub pandora_trash_ascii {
 sub safe_input($) {
 	my $value = shift;
 	
-	$value = encode_entities ($value, "'<>&");
+	$value = encode_entities ($value, "<>&");
 	
 	#//Replace the character '\' for the equivalent html entitie
 	$value =~ s/\\/&#92;/gi;
@@ -107,6 +107,12 @@ sub safe_input($) {
 	$value =~ s/\/\*/&#47;&#42;/gi;
 	$value =~ s/\*\//&#42;&#47;/gi;
 	
+	#//Replace ' for the html entitie
+	$value =~ s/\"/&quot;/gi;
+	
+	#//Replace ' for the html entitie
+	$value =~ s/\'/&#039;/gi;
+	
 	#//Replace ( for the html entitie
 	$value =~ s/\(/&#40;/gi;
 	
@@ -158,7 +164,13 @@ sub safe_output($) {
 	$value =~ s/&#40;/\(/gi;
 	
 	#//Replace ( for the html entitie
-	$value =~ s/&#41;/\)/gi;
+	$value =~ s/&#41;/\)/gi;	
+	
+	#//Replace ' for the html entitie
+	$value =~ s/&#039;/')/gi;	
+	
+	#//Replace " for the html entitie
+	$value =~ s/&quot;/")/gi;	
 	
 	#//Replace some characteres for html entities
 	for (my $i=0;$i<33;$i++) {