Open-AudIT

One of my PCs has Spybot Search & Destroy 1.4 - I'm wondering if this is similar to the single quote escape issue that I listed earlier today.

The RSS page breaks with the following error:

[code]Whitespace is not allowed at this location.
Line: 392 Character: 25

<title>Spybot - Search & Destroy 1.4</title>[/code]

It appears to be because of the ampersand in the title...if I go into the database and update the title text to "Spybot - Search and Destroy 1.4", the RSS page works fine...

_________________
Server Info:
OS : Windows Server 2003
Auditing: ~300 machines
LDAP: Windows Server 2003 Active Directory

Ok, I think I've worked around this issue, but I'm sure the developers can think of a better way.

I've taken the original code:

[code]
if ($myrow = mysql_fetch_array($result)){

do {
echo '<item>'."\n";
echo '<title>'.$myrow["software_name"].'</title>'."\n";
echo '<link>'.$sitebaseurl.'system.php?pc='.$myrow["system_uuid"].'&amp;view=summary</link>'."\n";
echo '<description>Computer: '.$myrow["system_name"]. ' User: '.$myrow["net_user_name"].' IP Address: '.ip_trans($myrow["net_ip_address"]).'</description>'."\n";
echo '</item>'."\n";
} while ($myrow = mysql_fetch_array($result));
}
[/code]


and changed it to this:

[code]
if ($myrow = mysql_fetch_array($result)){

$ConvertedTitle = str_replace("&", "&#38", $myrow["software_name"]);

do {
echo '<item>'."\n";
echo '<title>'.$ConvertedTitle.'</title>'."\n";
echo '<link>'.$sitebaseurl.'system.php?pc='.$myrow["system_uuid"].'&amp;view=summary</link>'."\n";
echo '<description>Computer: '.$myrow["system_name"]. ' User: '.$myrow["net_user_name"].' IP Address: '.ip_trans($myrow["net_ip_address"]).'</description>'."\n";
echo '</item>'."\n";
} while ($myrow = mysql_fetch_array($result));
}[/code]

This seems to do the trick, although I'm not sure why...why doesn't the '&' in the ASCII &#38 still cause an issue?

_________________
Server Info:
OS : Windows Server 2003
Auditing: ~300 machines
LDAP: Windows Server 2003 Active Directory

[quote]Whitespace is not allowed at this location.

[quote="mikeyrb"][quote]Whitespace is not allowed at this location.

_________________
Server Info:
OS : Windows Server 2003
Auditing: ~300 machines
LDAP: Windows Server 2003 Active Directory

I'll have to think about it. We have issues using the xml submit method where we have to convert UTF-8 characters, and I'm not sure if some of those might be stored using & strings. The code as written may screw that up. Hopefully we can find a way to get UTF-8 working. I'm not sure how well Dave has a fix working.