From f8f6016c215b9bee8d45dede127d6ddbca64e5e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Gonz=C3=A1lez?= <jose.gonzalez@pandorafms.com>
Date: Tue, 4 May 2021 19:07:18 +0200
Subject: [PATCH] Solved issues with double quotes and improve the code

---
 .../include/class/ExternalTools.class.php     | 52 ++++++++++++++-----
 1 file changed, 40 insertions(+), 12 deletions(-)

diff --git a/pandora_console/include/class/ExternalTools.class.php b/pandora_console/include/class/ExternalTools.class.php
index 403cd72fa6..5918f05459 100644
--- a/pandora_console/include/class/ExternalTools.class.php
+++ b/pandora_console/include/class/ExternalTools.class.php
@@ -98,8 +98,12 @@ class ExternalTools extends HTML
                     // Define array for host the command/parameters pair data.
                     $this->pathCustomComm[$customValue] = [];
                     // Ensure the information.
-                    $this->pathCustomComm[$customValue]['command_custom'] = (string) get_parameter('command_custom_'.$customCommandId);
-                    $this->pathCustomComm[$customValue]['params_custom'] = (string) get_parameter('params_custom_'.$customCommandId);
+                    $this->pathCustomComm[$customValue]['command_custom'] = (string) get_parameter(
+                        'command_custom_'.$customCommandId
+                    );
+                    $this->pathCustomComm[$customValue]['params_custom'] = (string) get_parameter(
+                        'params_custom_'.$customCommandId
+                    );
                 }
             }
         }
@@ -139,7 +143,7 @@ class ExternalTools extends HTML
         global $config;
 
         $i = 0;
-        $sounds = $this->get_sounds();
+        $sounds = $this->getSounds();
 
         if ($this->updatePaths === true) {
             $external_tools_config = [];
@@ -170,7 +174,9 @@ class ExternalTools extends HTML
             if ($result === true) {
                 $result = config_update_value(
                     'external_tools_config',
-                    json_encode($external_tools_config)
+                    io_safe_input(
+                        json_encode($external_tools_config)
+                    )
                 );
             }
 
@@ -181,8 +187,12 @@ class ExternalTools extends HTML
             );
         } else {
             if (isset($config['external_tools_config']) === true) {
-                $external_tools_config_output = io_safe_output($config['external_tools_config']);
-                $external_tools_config = json_decode($external_tools_config_output, true);
+                $external_tools_config = json_decode(
+                    io_safe_output(
+                        $config['external_tools_config']
+                    ),
+                    true
+                );
                 // Setting paths.
                 $this->pathTraceroute = $external_tools_config['traceroute_path'];
                 $this->pathPing       = $external_tools_config['ping_path'];
@@ -686,16 +696,32 @@ class ExternalTools extends HTML
 
             // Only perform an execution if command is passed. Avoid errors.
             if (empty($command) === false) {
+                $resultCode = 0;
                 ob_start();
-                system($command);
+                system(io_safe_output($command), $resultCode);
                 $output .= ob_get_clean();
             } else {
-                $output .= __('No command for perform');
+                $output .= __('Command not response');
             }
 
             $output .= '</pre>';
+
+            if ($resultCode !== 0) {
+                throw new Exception(
+                    sprintf(
+                        '%s %s',
+                        __('The command failed and obtained the return code:'),
+                        $resultCode
+                    ),
+                    1
+                );
+            }
         } catch (\Throwable $th) {
-            $output = __('Something went wrong while perform the execution. Please check the configuration.');
+            $output = sprintf(
+                '%s %s',
+                $th->getMessage(),
+                __('Something went wrong while perform the execution. Please check the configuration.')
+            );
         }
 
         echo $output;
@@ -888,7 +914,7 @@ class ExternalTools extends HTML
      *
      * @return string Path.
      */
-    private function get_sounds()
+    private function getSounds()
     {
         global $config;
 
@@ -958,11 +984,13 @@ class ExternalTools extends HTML
                             if (parseInt(separatedId[2]) === 0) {
                                 $("#text-command_custom_"+fieldLines, "#"+thisNewId)
                                     .attr("name", "command_custom_"+fieldLinesAdded)
-                                    .attr("id", "text-command_custom_"+fieldLinesAdded);
+                                    .attr("id", "text-command_custom_"+fieldLinesAdded)
+                                    .val('');
                             } else if (parseInt(separatedId[2]) === 1) {
                                 $("#text-params_custom_"+fieldLines, "#"+thisNewId)
                                     .attr("id", "text-params_custom_"+fieldLinesAdded)
-                                    .attr("name", "params_custom_"+fieldLinesAdded);
+                                    .attr("name", "params_custom_"+fieldLinesAdded)
+                                    .val('');
                             } else if (parseInt(separatedId[2]) === 2) {
                                 $("#img_delete_button_custom_"+fieldLines, "#"+thisNewId)
                                     .attr("id", "img_delete_button_custom_"+fieldLinesAdded);