Fix(Report): fix injection from GLPI Stat (#349)

* Fix(Report): fix injection from GLPI Stat

* adapt CHANGELOG.md

Author: stonebuzz

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [UNRELEASED]
+
+### Fixed
+
+- Fix GLIP Stat injection
+
 ## [1.9.3] - 2026-01-08
 
 ### Fixed

inc/common.class.php

@@ -223,7 +223,7 @@ public function getAllReports($with_url = true, $params = [])
 
                         if ($with_url) {
                             $reports[$classname]['functions'][$i]['url_graph']     = $url_graph;
-                            $reports[$classname]['functions'][$i]['min_url_graph'] = $min_url_graph;
+                            $reports[$classname]['functions'][$i]['min_url_graph'] = html_entity_decode($min_url_graph, ENT_QUOTES | ENT_HTML5, 'UTF-8');
                         }
 
                         $i++;

setup.php

@@ -127,7 +127,7 @@ function plugin_init_mreporting()
             }
 
             /* Show Reports in standart stats page */
-            if (preg_match('#front/stat.*\.php#', $_SERVER['SCRIPT_NAME'])) {
+            if (preg_match('#front/stat.*\.php#', $_SERVER['REQUEST_URI'])) {
                 $mreporting_common = new PluginMreportingCommon();
                 $reports           = $mreporting_common->getAllReports();
                 if ($reports !== false) {