From db5211d1180a25599ab4a8f88635dac8c3150fcb Mon Sep 17 00:00:00 2001
From: zarzuelo <zarzuelo@gmail.com>
Date: Mon, 28 Oct 2013 13:10:48 +0000
Subject: [PATCH] 2013-10-28  Sergio Martin <sergio.martin@artica.es>

	* lib/PandoraFMS/Tools.pm: Added exeptions in safe_input
	and safe_output to avoid differences with the console condification
	with single and double quotes. Incident #309
	Merged from 4.1



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8967 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_server/ChangeLog               |  7 +++++++
 pandora_server/lib/PandoraFMS/Tools.pm | 16 ++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog
index 1db2bb0d14..59fdceb4e9 100644
--- a/pandora_server/ChangeLog
+++ b/pandora_server/ChangeLog
@@ -1,3 +1,10 @@
+2013-10-28  Sergio Martin <sergio.martin@artica.es>
+
+	* lib/PandoraFMS/Tools.pm: Added exeptions in safe_input
+	and safe_output to avoid differences with the console condification
+	with single and double quotes. Incident #309
+	Merged from 4.1
+
 2013-10-28 Hirofumi Kosaka <kosaka@rworks.jp>
 
 	* lib/PandoraFMS/Core.pm: Added _timezone_ alert macro.
diff --git a/pandora_server/lib/PandoraFMS/Tools.pm b/pandora_server/lib/PandoraFMS/Tools.pm
index 15ca4e04d1..73d2bbb1a8 100644
--- a/pandora_server/lib/PandoraFMS/Tools.pm
+++ b/pandora_server/lib/PandoraFMS/Tools.pm
@@ -97,7 +97,7 @@ sub pandora_trash_ascii {
 sub safe_input($) {
 	my $value = shift;
 	
-	$value = encode_entities ($value, "'<>&");
+	$value = encode_entities ($value, "<>&");
 	
 	#//Replace the character '\' for the equivalent html entitie
 	$value =~ s/\\/&#92;/gi;
@@ -107,6 +107,12 @@ sub safe_input($) {
 	$value =~ s/\/\*/&#47;&#42;/gi;
 	$value =~ s/\*\//&#42;&#47;/gi;
 	
+	#//Replace ' for the html entitie
+	$value =~ s/\"/&quot;/gi;
+	
+	#//Replace ' for the html entitie
+	$value =~ s/\'/&#039;/gi;
+	
 	#//Replace ( for the html entitie
 	$value =~ s/\(/&#40;/gi;
 	
@@ -158,7 +164,13 @@ sub safe_output($) {
 	$value =~ s/&#40;/\(/gi;
 	
 	#//Replace ( for the html entitie
-	$value =~ s/&#41;/\)/gi;
+	$value =~ s/&#41;/\)/gi;	
+	
+	#//Replace ' for the html entitie
+	$value =~ s/&#039;/')/gi;	
+	
+	#//Replace " for the html entitie
+	$value =~ s/&quot;/")/gi;	
 	
 	#//Replace some characteres for html entities
 	for (my $i=0;$i<33;$i++) {