tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2013-10-28 Sergio Martin <sergio.martin@artica.es> 

* lib/PandoraFMS/Tools.pm: Added exeptions in safe_input
	and safe_output to avoid differences with the console condification
	with single and double quotes. Incident #309
	Merged from 4.1



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8967 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
zarzuelo 2013-10-28 13:10:48 +00:00
parent e96bb53f06
commit db5211d118
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_server/ChangeLog
View File

@ -1,3 +1,10 @@
2013-10-28 Sergio Martin <sergio.martin@artica.es>
* lib/PandoraFMS/Tools.pm: Added exeptions in safe_input
and safe_output to avoid differences with the console condification
with single and double quotes. Incident #309
Merged from 4.1
2013-10-28 Hirofumi Kosaka <kosaka@rworks.jp> 2013-10-28 Hirofumi Kosaka <kosaka@rworks.jp>
* lib/PandoraFMS/Core.pm: Added _timezone_ alert macro. * lib/PandoraFMS/Core.pm: Added _timezone_ alert macro.

14
pandora_server/lib/PandoraFMS/Tools.pm
View File

@ -97,7 +97,7 @@ sub pandora_trash_ascii {
sub safe_input($) { sub safe_input($) {
my $value = shift; my $value = shift;
$value = encode_entities ($value, "'<>&"); $value = encode_entities ($value, "<>&");
#//Replace the character '\' for the equivalent html entitie #//Replace the character '\' for the equivalent html entitie
$value =~ s/\\/&#92;/gi; $value =~ s/\\/&#92;/gi;
@ -107,6 +107,12 @@ sub safe_input($) {
$value =~ s/\/\*/&#47;&#42;/gi; $value =~ s/\/\*/&#47;&#42;/gi;
$value =~ s/\*\//&#42;&#47;/gi; $value =~ s/\*\//&#42;&#47;/gi;
#//Replace ' for the html entitie
$value =~ s/\"/&quot;/gi;
#//Replace ' for the html entitie
$value =~ s/\'/&#039;/gi;
#//Replace ( for the html entitie #//Replace ( for the html entitie
$value =~ s/\(/&#40;/gi; $value =~ s/\(/&#40;/gi;
@ -160,6 +166,12 @@ sub safe_output($) {
#//Replace ( for the html entitie #//Replace ( for the html entitie
$value =~ s/&#41;/\)/gi; $value =~ s/&#41;/\)/gi;
#//Replace ' for the html entitie
$value =~ s/&#039;/')/gi;
#//Replace " for the html entitie
$value =~ s/&quot;/")/gi;
#//Replace some characteres for html entities #//Replace some characteres for html entities
for (my $i=0;$i<33;$i++) { for (my $i=0;$i<33;$i++) {
my $pattern = chr($i); my $pattern = chr($i);