From e83717071ecd4dc3d27d449d412e35f175222e4d Mon Sep 17 00:00:00 2001
From: ramonn <noreply@pandorafms.org>
Date: Wed, 1 Dec 2010 19:45:16 +0000
Subject: [PATCH] 2010-12-01  Ramon Novoa  <rnovoa@artica.es>

	* util/pandora_recode_db.pl: Redefine safe_input to avoid loading
	  a buggy one from a 3.1 Tools.pm.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3648 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_server/ChangeLog                 |  5 +++
 pandora_server/util/pandora_recode_db.pl | 43 ++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/pandora_server/ChangeLog b/pandora_server/ChangeLog
index f67c7ea182..3665701deb 100644
--- a/pandora_server/ChangeLog
+++ b/pandora_server/ChangeLog
@@ -1,3 +1,8 @@
+2010-12-01  Ramon Novoa  <rnovoa@artica.es>
+
+	* util/pandora_recode_db.pl: Redefine safe_input to avoid loading
+	  a buggy one from a 3.1 Tools.pm.
+
 2010-11-29  Dario Rodriguez  <dario.rodriguez@artica.es>
 
 	* lib/PandoraFMS/ReconServer.pm: Fixed a problem with HTML entities executing 
diff --git a/pandora_server/util/pandora_recode_db.pl b/pandora_server/util/pandora_recode_db.pl
index 73735c9af9..6dfe59673c 100755
--- a/pandora_server/util/pandora_recode_db.pl
+++ b/pandora_server/util/pandora_recode_db.pl
@@ -150,6 +150,49 @@ sub help_screen{
 	exit;
 }
 
+##########################################################################
+## Convert the $value encode in html entity to clear char string.
+##########################################################################
+sub safe_input($) {
+        my $value = shift;
+
+        $value = encode_entities ($value, "'<>&");
+
+        #//Replace the character '\' for the equivalent html entitie
+        $value =~ s/\\/&#92;/gi;
+
+    #// First attempt to avoid SQL Injection based on SQL comments
+    #// Specific for MySQL.
+        $value =~ s/\/\*/&#47;&#42;/gi;
+        $value =~ s/\*\//&#42;&#47;/gi;
+
+        #//Replace ( for the html entitie
+        $value =~ s/\(/&#40;/gi;
+
+        #//Replace ( for the html entitie
+        $value =~ s/\)/&#41;/gi;
+
+        #//Replace some characteres for html entities
+        for (my $i=0;$i<33;$i++) {
+                my $pattern = chr($i);
+                my $hex = ascii_to_html($i);
+                $value =~ s/$pattern/$hex/gi;
+        }
+
+        return $value;
+}
+
+##########################################################################
+# SUB ascii_to_html (string)
+# Convert an ascii string to hexadecimal
+##########################################################################
+
+sub ascii_to_html($) {
+        my $ascii = shift;
+
+        return "&#x".substr(unpack("H*", pack("N", $ascii)),6,3).";";
+}
+
 ###############################################################################
 ###############################################################################
 # MAIN