tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2011-12-08 Koichiro Kikuchi <koichiro@rworks.jp> 

* extensions/snmp_explorer.php: Call io_safe_input() for
	 module name and description when creating module.
	* include/functions_io.php: spaces to tabs.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5242 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
koichirok 2011-12-08 02:32:52 +00:00
parent 7cd7aeae60
commit ea5f78023b
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/ChangeLog
View File

@ -1,3 +1,9 @@
2011-12-08 Koichiro Kikuchi <koichiro@rworks.jp>
* extensions/snmp_explorer.php: Call io_safe_input() for
module name and description when creating module.
* include/functions_io.php: spaces to tabs.
2011-12-07 Sergio Martin <sergio.martin@artica.es>
* include/functions_groups.php

4
pandora_console/extensions/snmp_explorer.php
View File

@ -202,12 +202,12 @@ function snmp_explorer() {
$module_type = 15;
$values['id_tipo_modulo'] = $module_type;
$values['descripcion'] = "(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value'];
$values['descripcion'] = io_safe_input("(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value']);
$values['snmp_oid'] = $oid;
$values['id_modulo'] = 2;
$result = modules_create_agent_module ($id_agent, $name, $values);
$result = modules_create_agent_module ($id_agent, io_safe_input($name), $values);
if(is_error($result)) {
if(!isset($errors[$result])) {

8
pandora_console/include/functions_io.php
View File

@ -64,10 +64,10 @@ function io_safe_input($value) {
//Replace the character '\' for the equivalent html entitie
$valueHtmlEncode = str_replace('\\', "&#92;", $valueHtmlEncode);
// First attempt to avoid SQL Injection based on SQL comments
// Specific for MySQL.
$valueHtmlEncode = str_replace('/*', "&#47;&#42;", $valueHtmlEncode);
$valueHtmlEncode = str_replace('*/', "&#42;&#47;", $valueHtmlEncode);
// First attempt to avoid SQL Injection based on SQL comments
// Specific for MySQL.
$valueHtmlEncode = str_replace('/*', "&#47;&#42;", $valueHtmlEncode);
$valueHtmlEncode = str_replace('*/', "&#42;&#47;", $valueHtmlEncode);
//Replace ( for the html entitie
$valueHtmlEncode = str_replace('(', "&#40;", $valueHtmlEncode);