diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 1f13840e7b..2044ad9382 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,9 @@ +2011-12-08 Koichiro Kikuchi + + * extensions/snmp_explorer.php: Call io_safe_input() for + module name and description when creating module. + * include/functions_io.php: spaces to tabs. + 2011-12-07 Sergio Martin * include/functions_groups.php diff --git a/pandora_console/extensions/snmp_explorer.php b/pandora_console/extensions/snmp_explorer.php index 7d2d0a48d3..fde30c632e 100755 --- a/pandora_console/extensions/snmp_explorer.php +++ b/pandora_console/extensions/snmp_explorer.php @@ -202,12 +202,12 @@ function snmp_explorer() { $module_type = 15; $values['id_tipo_modulo'] = $module_type; - $values['descripcion'] = "(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value']; + $values['descripcion'] = io_safe_input("(" . $ip_target." - ".$name . ") " . $interfaces[$id]['ifDescr']['value']); $values['snmp_oid'] = $oid; $values['id_modulo'] = 2; - $result = modules_create_agent_module ($id_agent, $name, $values); + $result = modules_create_agent_module ($id_agent, io_safe_input($name), $values); if(is_error($result)) { if(!isset($errors[$result])) { diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 2646c26368..ff5fb6c475 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -64,10 +64,10 @@ function io_safe_input($value) { //Replace the character '\' for the equivalent html entitie $valueHtmlEncode = str_replace('\\', "\", $valueHtmlEncode); - // First attempt to avoid SQL Injection based on SQL comments - // Specific for MySQL. - $valueHtmlEncode = str_replace('/*', "/*", $valueHtmlEncode); - $valueHtmlEncode = str_replace('*/', "*/", $valueHtmlEncode); + // First attempt to avoid SQL Injection based on SQL comments + // Specific for MySQL. + $valueHtmlEncode = str_replace('/*', "/*", $valueHtmlEncode); + $valueHtmlEncode = str_replace('*/', "*/", $valueHtmlEncode); //Replace ( for the html entitie $valueHtmlEncode = str_replace('(', "(", $valueHtmlEncode);