diff --git a/pandora_console/operation/events/events_rss.php b/pandora_console/operation/events/events_rss.php
index 77116dcc05..9cbca5badd 100644
--- a/pandora_console/operation/events/events_rss.php
+++ b/pandora_console/operation/events/events_rss.php
@@ -68,7 +68,7 @@ function rss_error_handler ($errno, $errstr, $errfile, $errline, $error_human_de
$rss_feed .= "\n";
$rss_feed .= '' . $url . ''; //Link back to the main Pandora page
$rss_feed .= "\n";
- $rss_feed .= ''; //Alternative for Atom feeds. It's the same.
+ $rss_feed .= ''; //Alternative for Atom feeds. It's the same.
$rss_feed .= "\n";
$rss_feed .= '- ';
$rss_feed .= "\n";
@@ -80,7 +80,7 @@ function rss_error_handler ($errno, $errstr, $errfile, $errline, $error_human_de
$rss_feed .= 'There was an error creating the feed: '.$errno.' - '.$errstr.' in '.$errfile.' on line '.$errline.'';
}
else {
- $rss_feed .= '' . io_safe_input($error_human_description) .'';
+ $rss_feed .= '' . xml_entities(io_safe_input($error_human_description)) .'';
}
$rss_feed .= "\n";
$rss_feed .= ''.$url.'/index.php?sec=eventos&sec2=operation/events/events';
@@ -158,13 +158,13 @@ $rss_feed .= 'Pandora RSS Feed'. "\n";
$rss_feed .= 'Latest events on Pandora' . "\n";
$rss_feed .= ''.date (DATE_RFC822, $lastbuild).''. "\n"; //Last build date is the last event - that way readers won't mark it as having new posts
$rss_feed .= ''.$url.''. "\n"; //Link back to the main Pandora page
-$rss_feed .= ''. "\n";; //Alternative for Atom feeds. It's the same.
+$rss_feed .= ''. "\n";; //Alternative for Atom feeds. It's the same.
if (empty ($result)) {
$result = array();
- $rss_feed .= '
- '.io_safe_input ($url.'/index.php?sec=eventos&sec2=operation/events/events').'No results';
+ $rss_feed .= '
- ' . xml_entities(io_safe_input ($url.'/index.php?sec=eventos&sec2=operation/events/events')) . 'No results';
$rss_feed .= 'There are no results. Click on the link to see all Pending events';
- $rss_feed .= ''.io_safe_input ($url.'/index.php?sec=eventos&sec2=operation/events/events').'
'. "\n";
+ $rss_feed .= '' . xml_entities(io_safe_input ($url.'/index.php?sec=eventos&sec2=operation/events/events')) . ' '. "\n";
}
foreach ($result as $row) {
@@ -182,18 +182,18 @@ foreach ($result as $row) {
$agent_name = __('Alert').__('SNMP');
}
-//This is mandatory
+ //This is mandatory
$rss_feed .= '- ';
- $rss_feed .= io_safe_input($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row['id_evento']);
+ $rss_feed .= xml_entities(io_safe_input($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row['id_evento']));
$rss_feed .= '';
- $rss_feed .= $agent_name;
+ $rss_feed .= xml_entities($agent_name);
$rss_feed .= '';
- $rss_feed .= $row['evento'];
- if($row['estado'] == 1) {
- $rss_feed .= io_safe_input('
'.'Validated by ' . $row['id_usuario']);
+ $rss_feed .= xml_entities($row['evento']);
+ if ($row['estado'] == 1) {
+ $rss_feed .= xml_entities(io_safe_input('
'.'Validated by ' . $row['id_usuario']));
}
$rss_feed .= '';
- $rss_feed .= io_safe_input($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row["id_evento"]);
+ $rss_feed .= xml_entities(io_safe_input($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row["id_evento"]));
$rss_feed .= '';
//The rest is optional
@@ -206,4 +206,35 @@ foreach ($result as $row) {
$rss_feed .= "\n\n";
echo $rss_feed;
+
+
+function xml_entities($str) {
+
+ if (!is_string($str)) {
+ return "";
+ }
+
+ if (preg_match_all('/(&[^;]+;)/', $str, $matches) != 0) {
+
+ $matches = $matches[0];
+
+ foreach ($matches as $entity) {
+ $char = html_entity_decode($entity, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+
+ $html_entity_numeric = "&#" . uniord($char) . ";";
+
+ $str = str_replace($entity, $html_entity_numeric, $str);
+ }
+ }
+
+ return $str;
+}
+
+function uniord($u) {
+ $k = mb_convert_encoding($u, 'UCS-2LE', 'UTF-8');
+ $k1 = ord(substr($k, 0, 1));
+ $k2 = ord(substr($k, 1, 1));
+
+ return $k2 * 256 + $k1;
+}
?>