diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b34c009485a..fc96a5ca211 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,12 +1,12 @@ -/.github/ @centreon/centreon-ci -/.git* @centreon/centreon-ci -/.project @centreon/centreon-ci -/Jenkinsfile @centreon/centreon-ci -/selinux/ @centreon/centreon-ci -/project/ @centreon/centreon-ci -*.sh @centreon/centreon-ci +/.github/ @centreon/centreon-devops +/.git* @centreon/centreon-devops +/.project @centreon/centreon-devops +/Jenkinsfile @centreon/centreon-devops +/selinux/ @centreon/centreon-devops +/project/ @centreon/centreon-devops +*.sh @centreon/centreon-devops -*.po @ghost +*.po @centreon/centreon-documentation /src/ @centreon/centreon-php /config/ @centreon/centreon-php diff --git a/Jenkinsfile b/Jenkinsfile index 372fabbf2f4..b31ade1f472 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -206,6 +206,7 @@ try { sh 'rm -rf output' } } + if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { error("Unit test // packaging stage failure."); } @@ -213,7 +214,7 @@ try { stage("$DELIVERY_STAGE") { node { - checkoutCentreonBuild(buildBranch) + checkoutCentreonBuild(buildBranch) sh 'rm -rf output' unstash 'tar-sources' unstash 'api-doc' @@ -225,7 +226,7 @@ try { error('Delivery stage failure'); } } - + stage("$DOCKER_STAGE") { def parallelSteps = [:] def osBuilds = isStableBuild() ? ['centos7', 'alma8'] : ['centos7'] @@ -238,12 +239,6 @@ try { } } } - //'Docker centos8': { - // node { - // checkoutCentreonBuild(buildBranch) - // sh "./centreon-build/jobs/web/${serie}/mon-web-bundle.sh centos8" - // } - //} parallel parallelSteps if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { error('Bundle stage failure.'); @@ -289,27 +284,6 @@ try { } } } - - // TODO : add canary management in centreon-build - /*if ((env.BUILD == 'CI')) { - stage('Docker packaging with canary rpms') { - def parallelSteps = [:] - def osBuilds = isStableBuild() ? ['centos7', 'centos8'] : ['centos7'] - for (x in osBuilds) { - def osBuild = x - parallelSteps[osBuild] = { - node { - checkoutCentreonBuild() - sh "./centreon-build/jobs/web/${serie}/mon-web-bundle.sh ${osBuild}" - } - } - } - } - parallel parallelSteps - if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') { - error('API integration tests stage failure.'); - } - }*/ stage('Acceptance tests') { def parallelSteps = [:] @@ -342,5 +316,4 @@ try { "*COMMIT*: by ${source.COMMITTER}\n" + "*INFO*: ${e}" } - } diff --git a/SECURITY_ACK.md b/SECURITY_ACK.md index e0ab076587b..ebe04dfb8f7 100644 --- a/SECURITY_ACK.md +++ b/SECURITY_ACK.md @@ -14,6 +14,7 @@ Centreon reserves the right to make final decisions regarding publishing acknowl

2022

+* 2022/05/23 - Lucas Carmo and Daniel França Lima from [Hakaï Security](https://www.hakaioffensivesecurity.com/) * 2022/02/16 - Anonymous working with Trend Micro Zero Day Initiative

2021

diff --git a/composer.json b/composer.json index d179f8df77a..b6dfdb2a12d 100644 --- a/composer.json +++ b/composer.json @@ -7,6 +7,10 @@ "secure-http": false, "platform": { "php": "7.3" + }, + "allow-plugins": { + "pestphp/pest-plugin": true, + "symfony/flex": true } }, "require-dev": { @@ -22,13 +26,12 @@ "centreon/centreon-test-lib": "21.04.x-dev", "sensiolabs/security-checker": "^6.0", "symfony/var-dumper": "4.4.*", - "symfony/profiler-pack": "^1.0", "phpstan/phpstan": "^0.12.59", "webmozart/assert": "^1.8", "symfony/stopwatch": "^4.4", "symfony/twig-bundle": "^4.4", "symfony/web-profiler-bundle": "^4.4", - "twig/twig": "^2.0", + "twig/twig": "2.*", "phpstan/phpstan-beberlei-assert": "^0.12" }, "require": { @@ -39,7 +42,7 @@ "symfony/filesystem": "4.4.*", "symfony/finder": "4.4.*", "openpsa/quickform": "3.3.*", - "smarty/smarty": "~2.6", + "smarty/smarty": "2.*", "curl/curl" : "^1.5", "ext-ctype": "*", "ext-iconv": "*", @@ -53,7 +56,6 @@ "symfony/security-bundle": "4.4.*", "symfony/yaml": "4.4.*", "symfony/options-resolver": "4.4.*", - "symfony/serializer-pack": "^1.0", "symfony/maker-bundle": "^1.11", "nelmio/cors-bundle": "^2.1", "symfony/validator": "4.4.*", @@ -66,7 +68,12 @@ "dragonmantank/cron-expression": "3.0.1", "beberlei/assert": "v3.3.0", "enshrined/svg-sanitize": "^0.14.0", - "symfony/monolog-bundle": "^3.7" + "symfony/monolog-bundle": "^3.7", + "doctrine/annotations": "^1.0", + "phpdocumentor/reflection-docblock": "^5.2", + "symfony/property-access": "4.4.*", + "symfony/property-info": "4.4.*", + "symfony/serializer": "4.4.*" }, "autoload": { "psr-4": { diff --git a/composer.lock b/composer.lock index dd46a42d882..d19dba8f505 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "72b6fac8c64f8287a7b865510471bbcc", + "content-hash": "7041a10019a7659555e5434044dc40d5", "packages": [ { "name": "beberlei/assert", @@ -1872,27 +1872,22 @@ }, { "name": "smarty/smarty", - "version": "v2.6.31", + "version": "v2.6.33", "source": { "type": "git", "url": "https://github.com/smarty-php/smarty.git", - "reference": "4ab9757b492f08a38f68123a6e7c1df7110bbc49" + "reference": "533fa2abe308dcc009c7bdab977d530b32408346" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/smarty-php/smarty/zipball/4ab9757b492f08a38f68123a6e7c1df7110bbc49", - "reference": "4ab9757b492f08a38f68123a6e7c1df7110bbc49", + "url": "https://api.github.com/repos/smarty-php/smarty/zipball/533fa2abe308dcc009c7bdab977d530b32408346", + "reference": "533fa2abe308dcc009c7bdab977d530b32408346", "shasum": "" }, "require": { "php": ">=5.2" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "2.6.x-dev" - } - }, "autoload": { "classmap": [ "libs/Smarty.class.php", @@ -1923,9 +1918,9 @@ "forum": "http://www.smarty.net/forums/", "irc": "irc://irc.freenode.org/smarty", "issues": "http://code.google.com/p/smarty-php/issues/list", - "source": "https://github.com/smarty-php/smarty/tree/Smarty2" + "source": "https://github.com/smarty-php/smarty/tree/v2.6.33" }, - "time": "2017-11-03T06:39:13+00:00" + "time": "2021-10-23T12:46:52+00:00" }, { "name": "symfony/cache", @@ -3038,23 +3033,23 @@ }, { "name": "symfony/framework-bundle", - "version": "v4.4.22", + "version": "v4.4.37", "source": { "type": "git", "url": "https://github.com/symfony/framework-bundle.git", - "reference": "98e855fd35dd2c4614f61d349b1fd7dd3622b9b9" + "reference": "5ae3655a69ac8b6a7bf46ce2b1e04b7be2ec05c7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/framework-bundle/zipball/98e855fd35dd2c4614f61d349b1fd7dd3622b9b9", - "reference": "98e855fd35dd2c4614f61d349b1fd7dd3622b9b9", + "url": "https://api.github.com/repos/symfony/framework-bundle/zipball/5ae3655a69ac8b6a7bf46ce2b1e04b7be2ec05c7", + "reference": "5ae3655a69ac8b6a7bf46ce2b1e04b7be2ec05c7", "shasum": "" }, "require": { "ext-xml": "*", "php": ">=7.1.3", "symfony/cache": "^4.4|^5.0", - "symfony/config": "^4.3.4|^5.0", + "symfony/config": "^4.4.11|~5.0.11|^5.1.3", "symfony/dependency-injection": "^4.4.1|^5.0.1", "symfony/error-handler": "^4.4.1|^5.0.1", "symfony/filesystem": "^3.4|^4.0|^5.0", @@ -3062,6 +3057,7 @@ "symfony/http-foundation": "^4.4|^5.0", "symfony/http-kernel": "^4.4", "symfony/polyfill-mbstring": "~1.0", + "symfony/polyfill-php80": "^1.16", "symfony/routing": "^4.4.12|^5.1.4" }, "conflict": { @@ -3093,7 +3089,7 @@ }, "require-dev": { "doctrine/annotations": "^1.10.4", - "doctrine/cache": "~1.0", + "doctrine/cache": "^1.0|^2.0", "doctrine/persistence": "^1.3|^2.0", "paragonie/sodium_compat": "^1.8", "phpdocumentor/reflection-docblock": "^3.0|^4.0|^5.0", @@ -3101,7 +3097,7 @@ "symfony/browser-kit": "^4.3|^5.0", "symfony/console": "^4.4.21|^5.0", "symfony/css-selector": "^3.4|^4.0|^5.0", - "symfony/dom-crawler": "^4.3|^5.0", + "symfony/dom-crawler": "^4.4.30|^5.3.7", "symfony/dotenv": "^4.3.6|^5.0", "symfony/expression-language": "^3.4|^4.0|^5.0", "symfony/form": "^4.3.5|^5.0", @@ -3163,7 +3159,7 @@ "description": "Provides a tight integration between Symfony components and the Symfony full-stack framework", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/framework-bundle/tree/v4.4.22" + "source": "https://github.com/symfony/framework-bundle/tree/v4.4.37" }, "funding": [ { @@ -3179,7 +3175,7 @@ "type": "tidelift" } ], - "time": "2021-04-14T13:03:08+00:00" + "time": "2022-01-12T11:20:14+00:00" }, { "name": "symfony/http-client", @@ -5205,53 +5201,6 @@ ], "time": "2021-04-13T06:32:41+00:00" }, - { - "name": "symfony/serializer-pack", - "version": "v1.0.4", - "source": { - "type": "git", - "url": "https://github.com/symfony/serializer-pack.git", - "reference": "61173947057d5e1bf1c79e2a6ab6a8430be0602e" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/serializer-pack/zipball/61173947057d5e1bf1c79e2a6ab6a8430be0602e", - "reference": "61173947057d5e1bf1c79e2a6ab6a8430be0602e", - "shasum": "" - }, - "require": { - "doctrine/annotations": "^1.0", - "phpdocumentor/reflection-docblock": "*", - "symfony/property-access": "*", - "symfony/property-info": "*", - "symfony/serializer": "*" - }, - "type": "symfony-pack", - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "A pack for the Symfony serializer", - "support": { - "issues": "https://github.com/symfony/serializer-pack/issues", - "source": "https://github.com/symfony/serializer-pack/tree/v1.0.4" - }, - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], - "time": "2020-10-19T08:52:16+00:00" - }, { "name": "symfony/service-contracts", "version": "v2.4.0", @@ -6517,12 +6466,12 @@ "source": { "type": "git", "url": "https://github.com/centreon/centreon-test-lib.git", - "reference": "6e6d23855e01752485a6f7f00beb8fc19808ba87" + "reference": "541bec5e05d80ec5c28cc8c37a250e58774bd0c5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/centreon/centreon-test-lib/zipball/6e6d23855e01752485a6f7f00beb8fc19808ba87", - "reference": "6e6d23855e01752485a6f7f00beb8fc19808ba87", + "url": "https://api.github.com/repos/centreon/centreon-test-lib/zipball/541bec5e05d80ec5c28cc8c37a250e58774bd0c5", + "reference": "541bec5e05d80ec5c28cc8c37a250e58774bd0c5", "shasum": "" }, "require": { @@ -6544,10 +6493,10 @@ "type": "library", "autoload": { "psr-4": { - "Centreon\\Test\\Behat\\": "src/behat", + "Centreon\\PHPStan\\": "src/PHPStan", "Centreon\\Test\\Mock\\": "src/mock", - "Centreon\\Test\\Traits\\": "src/traits", - "Centreon\\PHPStan\\": "src/PHPStan" + "Centreon\\Test\\Behat\\": "src/behat", + "Centreon\\Test\\Traits\\": "src/traits" } }, "notification-url": "https://packagist.org/downloads/", @@ -6571,7 +6520,7 @@ "issues": "https://github.com/centreon/centreon-test-lib/issues", "source": "https://github.com/centreon/centreon-test-lib/tree/21.04.x" }, - "time": "2021-05-07T14:20:01+00:00" + "time": "2022-08-05T09:53:44+00:00" }, { "name": "guzzlehttp/guzzle", @@ -9417,51 +9366,6 @@ ], "time": "2021-04-09T14:31:01+00:00" }, - { - "name": "symfony/profiler-pack", - "version": "v1.0.5", - "source": { - "type": "git", - "url": "https://github.com/symfony/profiler-pack.git", - "reference": "29ec66471082b4eb068db11eb4f0a48c277653f7" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/symfony/profiler-pack/zipball/29ec66471082b4eb068db11eb4f0a48c277653f7", - "reference": "29ec66471082b4eb068db11eb4f0a48c277653f7", - "shasum": "" - }, - "require": { - "symfony/stopwatch": "*", - "symfony/twig-bundle": "*", - "symfony/web-profiler-bundle": "*" - }, - "type": "symfony-pack", - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "A pack for the Symfony web profiler", - "support": { - "issues": "https://github.com/symfony/profiler-pack/issues", - "source": "https://github.com/symfony/profiler-pack/tree/v1.0.5" - }, - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], - "time": "2020-08-12T06:50:46+00:00" - }, { "name": "symfony/stopwatch", "version": "v4.4.20", @@ -9857,31 +9761,32 @@ }, { "name": "twig/twig", - "version": "v2.14.4", + "version": "v2.15.1", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "0b4ba691fb99ec7952d25deb36c0a83061b93bbf" + "reference": "3b7cedb2f736899a7dbd0ba3d6da335a015f5cc4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/0b4ba691fb99ec7952d25deb36c0a83061b93bbf", - "reference": "0b4ba691fb99ec7952d25deb36c0a83061b93bbf", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/3b7cedb2f736899a7dbd0ba3d6da335a015f5cc4", + "reference": "3b7cedb2f736899a7dbd0ba3d6da335a015f5cc4", "shasum": "" }, "require": { - "php": ">=7.2.5", + "php": ">=7.1.3", "symfony/polyfill-ctype": "^1.8", - "symfony/polyfill-mbstring": "^1.3" + "symfony/polyfill-mbstring": "^1.3", + "symfony/polyfill-php72": "^1.8" }, "require-dev": { "psr/container": "^1.0", - "symfony/phpunit-bridge": "^4.4.9|^5.0.9" + "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "2.14-dev" + "dev-master": "2.15-dev" } }, "autoload": { @@ -9920,7 +9825,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v2.14.4" + "source": "https://github.com/twigphp/Twig/tree/v2.15.1" }, "funding": [ { @@ -9932,7 +9837,7 @@ "type": "tidelift" } ], - "time": "2021-03-10T10:05:55+00:00" + "time": "2022-05-17T05:46:24+00:00" }, { "name": "zircote/swagger-php", @@ -10026,5 +9931,5 @@ "platform-overrides": { "php": "7.3" }, - "plugin-api-version": "2.0.0" + "plugin-api-version": "2.3.0" } diff --git a/features/bootstrap/VirtualMetricHandleContext.php b/features/bootstrap/VirtualMetricHandleContext.php index 47c44733822..16130030d81 100644 --- a/features/bootstrap/VirtualMetricHandleContext.php +++ b/features/bootstrap/VirtualMetricHandleContext.php @@ -24,7 +24,8 @@ public function iAddAVirtualMetric() $this->page = new MetricsConfigurationPage($this); $this->page->setProperties(array( 'name' => $this->vmName, - 'linked-host_services' => $this->host . ' - ' . $this->hostService + 'linked-host_services' => $this->host . ' - ' . $this->hostService, + 'known_metrics' => $this->functionRPN, )); $this->page->setProperties(array('function' => $this->functionRPN)); $this->page->save(); diff --git a/lib/perl/centreon/script.pm b/lib/perl/centreon/script.pm index 13d2926b28d..28c7aa2a810 100644 --- a/lib/perl/centreon/script.pm +++ b/lib/perl/centreon/script.pm @@ -142,8 +142,10 @@ sub parse_options { die "Command line error" if !GetOptions(%{$self->{options}}); pod2usage(-exitval => 1, -input => $FindBin::Bin . "/" . $FindBin::Script) if $self->{help}; if ($self->{noconfig} == 0) { - require $self->{config_file}; - $self->{centreon_config} = $centreon_config; + if (-e "$self->{config_file}") { + require $self->{config_file}; + $self->{centreon_config} = $centreon_config; + } } } diff --git a/package-lock.json b/package-lock.json index 5a9ff648ae6..e4e80866fc3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20538,9 +20538,15 @@ } }, "node_modules/webpack": { +<<<<<<< HEAD "version": "5.69.1", "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.69.1.tgz", "integrity": "sha512-+VyvOSJXZMT2V5vLzOnDuMz5GxEqLk7hKWQ56YxPW/PQRUuKimPqmEIJOx8jHYeyo65pKbapbW464mvsKbaj4A==", +======= + "version": "5.69.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.69.0.tgz", + "integrity": "sha512-E5Fqu89Gu8fR6vejRqu26h8ld/k6/dCVbeGUcuZjc+goQHDfCPU9rER71JmdtBYGmci7Ec2aFEATQ2IVXKy2wg==", +>>>>>>> dev-21.04.x-backup-2022-08-04 "dev": true, "dependencies": { "@types/eslint-scope": "^3.7.3", @@ -20552,7 +20558,11 @@ "acorn-import-assertions": "^1.7.6", "browserslist": "^4.14.5", "chrome-trace-event": "^1.0.2", +<<<<<<< HEAD "enhanced-resolve": "^5.8.3", +======= + "enhanced-resolve": "^5.9.0", +>>>>>>> dev-21.04.x-backup-2022-08-04 "es-module-lexer": "^0.9.0", "eslint-scope": "5.1.1", "events": "^3.2.0", @@ -37548,9 +37558,15 @@ "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==" }, "webpack": { +<<<<<<< HEAD "version": "5.69.1", "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.69.1.tgz", "integrity": "sha512-+VyvOSJXZMT2V5vLzOnDuMz5GxEqLk7hKWQ56YxPW/PQRUuKimPqmEIJOx8jHYeyo65pKbapbW464mvsKbaj4A==", +======= + "version": "5.69.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.69.0.tgz", + "integrity": "sha512-E5Fqu89Gu8fR6vejRqu26h8ld/k6/dCVbeGUcuZjc+goQHDfCPU9rER71JmdtBYGmci7Ec2aFEATQ2IVXKy2wg==", +>>>>>>> dev-21.04.x-backup-2022-08-04 "dev": true, "requires": { "@types/eslint-scope": "^3.7.3", @@ -37562,7 +37578,11 @@ "acorn-import-assertions": "^1.7.6", "browserslist": "^4.14.5", "chrome-trace-event": "^1.0.2", +<<<<<<< HEAD "enhanced-resolve": "^5.8.3", +======= + "enhanced-resolve": "^5.9.0", +>>>>>>> dev-21.04.x-backup-2022-08-04 "es-module-lexer": "^0.9.0", "eslint-scope": "5.1.1", "events": "^3.2.0", diff --git a/symfony.lock b/symfony.lock index 5e161483ed2..49bf9a63377 100644 --- a/symfony.lock +++ b/symfony.lock @@ -502,9 +502,6 @@ "symfony/polyfill-php80": { "version": "v1.22.1" }, - "symfony/profiler-pack": { - "version": "v1.0.5" - }, "symfony/property-access": { "version": "v4.4.20" }, @@ -552,9 +549,6 @@ "symfony/serializer": { "version": "v4.4.22" }, - "symfony/serializer-pack": { - "version": "v1.0.4" - }, "symfony/service-contracts": { "version": "v2.4.0" }, diff --git a/tests/rest_api/realtime_rest_api.postman_collection.json b/tests/rest_api/realtime_rest_api.postman_collection.json index 8fba214f8c0..463b33dcf0f 100644 --- a/tests/rest_api/realtime_rest_api.postman_collection.json +++ b/tests/rest_api/realtime_rest_api.postman_collection.json @@ -6730,7 +6730,7 @@ " while(curDate-date < millis);", "}", "", - "wait(5000);" + "wait(8000);" ] } }, diff --git a/www/api/class/centreon_ceip.class.php b/www/api/class/centreon_ceip.class.php index f5f5284c3fd..2fc08f64262 100644 --- a/www/api/class/centreon_ceip.class.php +++ b/www/api/class/centreon_ceip.class.php @@ -120,9 +120,7 @@ private function getServerType(): array */ private function getVisitorInformation(): array { - $locale = $this->user->lang === 'browser' - ? null - : $this->user->lang; + $locale = $this->user->get_lang(); $role = $this->user->admin ? "admin" @@ -228,7 +226,7 @@ private function getLicenseInformation(): array } } } catch (\Exception $exception) { - $this->logger->error($exception->getMessage, ['context' => $exception]); + $this->logger->error($exception->getMessage(), ['context' => $exception]); } return [ diff --git a/www/class/centreon-partition/partEngine.class.php b/www/class/centreon-partition/partEngine.class.php index efd15414b20..1b2c719556e 100644 --- a/www/class/centreon-partition/partEngine.class.php +++ b/www/class/centreon-partition/partEngine.class.php @@ -296,7 +296,7 @@ private function getLastPartRange($table, $db) $lastPart = 0; // dont care of MAXVALUE - if (preg_match_all('/PARTITION `(.*?)` VALUES LESS THAN \(([0-9]+?)\)/', $row['Create Table'], $matches)) { + if (preg_match_all('/PARTITION (.*?) VALUES LESS THAN \(([0-9]+?)\)/', $row['Create Table'], $matches)) { for ($i = 0; isset($matches[2][$i]); $i++) { if ($matches[2][$i] > $lastPart) { $lastPart = $matches[2][$i]; diff --git a/www/class/centreonACL.class.php b/www/class/centreonACL.class.php index 2db2a59be5f..c4d9283eec7 100644 --- a/www/class/centreonACL.class.php +++ b/www/class/centreonACL.class.php @@ -400,15 +400,17 @@ private function setTopology() if ($DBRESULT->rowCount()) { $topology = array(); $tmp_topo_page = array(); - while ($topo_group = $DBRESULT->fetchRow()) { - $query2 = "SELECT topology_topology_id, acl_topology_relations.access_right " + $statement = $centreonDb + ->prepare("SELECT topology_topology_id, acl_topology_relations.access_right " . "FROM acl_topology_relations, acl_topology " . "WHERE acl_topology.acl_topo_activate = '1' " . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " - . "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' " - . "AND acl_topology_relations.access_right != 0"; // do not get "access none" - $DBRESULT2 = $centreonDb->query($query2); - while ($topo_page = $DBRESULT2->fetchRow()) { + . "AND acl_topology_relations.acl_topo_id = :acl_topology_id " + . "AND acl_topology_relations.access_right != 0"); + while ($topo_group = $DBRESULT->fetchRow()) { + $statement->bindValue(':acl_topology_id', (int) $topo_group["acl_topology_id"], \PDO::PARAM_INT); + $statement->execute(); + while ($topo_page = $statement->fetchRow()) { $topology[] = (int) $topo_page["topology_topology_id"]; if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) { $tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"]; @@ -423,7 +425,7 @@ private function setTopology() } } } - $DBRESULT2->closeCursor(); + $statement->closeCursor(); } $DBRESULT->closeCursor(); @@ -1691,22 +1693,28 @@ public function updateACL($data = null) $request = "SELECT group_id FROM centreon_acl " . "WHERE host_id = " . $data['duplicate_host'] . " AND service_id IS NULL"; $DBRESULT = \CentreonDBInstance::getMonInstance()->query($request); + $hostAclStatement = \CentreonDBInstance::getMonInstance() + ->prepare("INSERT INTO centreon_acl (host_id, service_id, group_id) " + . "VALUES (:data_id, NULL, :group_id)"); + $serviceAclStatement = \CentreonDBInstance::getMonInstance() + ->prepare("INSERT INTO centreon_acl (host_id, service_id, group_id) " + . "VALUES (:data_id, :service_id, :group_id) " + . "ON DUPLICATE KEY UPDATE group_id = :group_id"); while ($row = $DBRESULT->fetchRow()) { // Insert New Host - $request1 = "INSERT INTO centreon_acl (host_id, service_id, group_id) " - . "VALUES ('" . $data["id"] . "', NULL, " . $row['group_id'] . ")"; - \CentreonDBInstance::getMonInstance()->query($request1); - + $hostAclStatement->bindValue(':data_id', (int) $data["id"], \PDO::PARAM_INT); + $hostAclStatement->bindValue(':group_id', (int) $row['group_id'], \PDO::PARAM_INT); + $hostAclStatement->execute(); // Insert services $request = "SELECT service_id, group_id FROM centreon_acl " . "WHERE host_id = " . $data['duplicate_host'] . " AND service_id IS NOT NULL"; $DBRESULT2 = \CentreonDBInstance::getMonInstance()->query($request); while ($row2 = $DBRESULT2->fetch()) { - $request2 = "INSERT INTO centreon_acl (host_id, service_id, group_id) " - . "VALUES ('" . $data["id"] . "', " - . "'" . $row2["service_id"] . "', " . $row2['group_id'] . ") " - . "ON DUPLICATE KEY UPDATE group_id = " . $row2['group_id']; - \CentreonDBInstance::getMonInstance()->query($request2); + $serviceAclStatement->bindValue(':data_id', (int) $data["id"], \PDO::PARAM_INT); + $serviceAclStatement + ->bindValue(':service_id', (int) $row2["service_id"], \PDO::PARAM_INT); + $serviceAclStatement->bindValue(':group_id', (int) $row2['group_id'], \PDO::PARAM_INT); + $serviceAclStatement->execute(); } } } @@ -1730,10 +1738,14 @@ public function updateACL($data = null) $request = "SELECT group_id FROM centreon_acl " . "WHERE host_id = $host_id AND service_id = " . $data['duplicate_service']; $DBRESULT = \CentreonDBInstance::getMonInstance()->query($request); + $statement = \CentreonDBInstance::getMonInstance() + ->prepare("INSERT INTO centreon_acl (host_id, service_id, group_id) " + . "VALUES (:host_id, :data_id, :group_id)"); while ($row = $DBRESULT->fetchRow()) { - $request2 = "INSERT INTO centreon_acl (host_id, service_id, group_id) " - . "VALUES ('" . $host_id . "', '" . $data["id"] . "', " . $row['group_id'] . ")"; - \CentreonDBInstance::getMonInstance()->query($request2); + $statement->bindValue(':host_id', (int) $host_id, \PDO::PARAM_INT); + $statement->bindValue(':data_id', (int) $data["id"], \PDO::PARAM_INT); + $statement->bindValue(':group_id', (int) $row['group_id'], \PDO::PARAM_INT); + $statement->execute(); } } } diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 26f90d3430c..2d7e3fbaec5 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -42,6 +42,7 @@ class CentreonAuthSSO extends CentreonAuth protected $ssoOptions = array(); protected $ssoMandatory = 0; + private const START = 0; private const LENGTH = 8; @@ -107,7 +108,7 @@ public function __construct( $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { $redirectNoEncode = '{scheme}://{hostname}:{port}' - . rtim($this->ssoOptions['oreon_web_path'], "/") . "/" . 'index.php'; + . "/" . trim($this->ssoOptions['oreon_web_path'], "/") . "/" . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; } diff --git a/www/class/centreonAuth.class.php b/www/class/centreonAuth.class.php index 246e1946007..db9d0cca170 100644 --- a/www/class/centreonAuth.class.php +++ b/www/class/centreonAuth.class.php @@ -302,12 +302,13 @@ protected function checkUser($username, $password, $token) if ($dbResult->rowCount()) { $this->userInfos = $dbResult->fetch(); if ($this->userInfos["default_page"]) { - $dbResult2 = $this->pearDB->query( - "SELECT topology_url_opt FROM topology WHERE topology_page = " - . $this->userInfos["default_page"] + $statement = $this->pearDB->prepare( + "SELECT topology_url_opt FROM topology WHERE topology_page = :topology_page" ); - if ($dbResult2->numRows()) { - $data = $dbResult2->fetch(); + $statement->bindValue(':topology_page', (int) $this->userInfos["default_page"], \PDO::PARAM_INT); + $statement->execute(); + if ($statement->rowCount()) { + $data = $statement->fetch(\PDO::FETCH_ASSOC); $this->userInfos["default_page"] .= $data["topology_url_opt"]; } } @@ -354,20 +355,23 @@ protected function checkUser($username, $password, $token) /* * Reset userInfos with imported information */ - $dbResult = $this->pearDB->query( + $statement = $this->pearDB->prepare( "SELECT * FROM `contact` " . - "WHERE `contact_alias` = '" . $this->pearDB->escape($username, true) . "'" . + "WHERE `contact_alias` = :contact_alias " . "AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1" ); - if ($dbResult->rowCount()) { - $this->userInfos = $dbResult->fetch(); + $statement->bindValue(':contact_alias', $this->pearDB->escape($username, true), \PDO::PARAM_STR); + $statement->execute(); + if ($statement->rowCount()) { + $this->userInfos = $statement->fetch(\PDO::FETCH_ASSOC); if ($this->userInfos["default_page"]) { - $dbResult2 = $this->pearDB->query( - "SELECT topology_url_opt FROM topology WHERE topology_page = " - . $this->userInfos["default_page"] + $statement = $this->pearDB->prepare( + "SELECT topology_url_opt FROM topology WHERE topology_page = :topology_page" ); - if ($dbResult2->numRows()) { - $data = $dbResult2->fetch(); + $statement->bindValue(':topology_page', (int) $this->userInfos["default_page"], \PDO::PARAM_INT); + $statement->execute(); + if ($statement->rowCount()) { + $data = $statement->fetch(\PDO::FETCH_ASSOC); $this->userInfos["default_page"] .= $data["topology_url_opt"]; } } diff --git a/www/class/centreonGraph.class.php b/www/class/centreonGraph.class.php index de97a8bfce8..1137a9fd465 100644 --- a/www/class/centreonGraph.class.php +++ b/www/class/centreonGraph.class.php @@ -1063,16 +1063,18 @@ private function getDefaultGraphTemplate() return; } else { $command_id = getMyServiceField($this->indexData["service_id"], "command_command_id"); - $DBRESULT = $this->DB->query("SELECT graph_id FROM command WHERE `command_id` = '" . $command_id . "'"); - if ($DBRESULT->rowCount()) { - $data = $DBRESULT->fetch(); + $statement = $this->DB->prepare("SELECT graph_id FROM command WHERE `command_id` = :command_id"); + $statement->bindValue(':command_id', (int) $command_id, \PDO::PARAM_INT); + $statement->execute(); + if ($statement->rowCount()) { + $data = $statement->fetch(); if ($data["graph_id"] != 0) { $this->templateId = $data["graph_id"]; unset($data); return; } } - $DBRESULT->closeCursor(); + $statement->closeCursor(); unset($command_id); } $DBRESULT = $this->DB->query("SELECT graph_id FROM giv_graphs_template WHERE default_tpl1 = '1' LIMIT 1"); @@ -1106,12 +1108,12 @@ public function setTemplate($template_id = null) /* * Graph is based on a module check point */ - $DBRESULT_meta = $this->DB->query( - "SELECT graph_id + $statement = $this->DB->prepare("SELECT graph_id FROM meta_service - WHERE `meta_name` = '" . $this->indexData["service_description"] . "'" - ); - $meta = $DBRESULT_meta->fetch(); + WHERE `meta_name` = :service_desc"); + $statement->bindValue(':service_desc', $this->indexData["service_description"], PDO::PARAM_STR); + $statement->execute(); + $meta = $statement->fetch(); $this->templateId = $meta["graph_id"]; unset($meta); } @@ -1136,14 +1138,14 @@ private function getServiceGraphID() $service_id = $this->indexData["service_id"]; $tab = array(); - while (1) { - $DBRESULT = $this->DB->query( - "SELECT esi.graph_id, service_template_model_stm_id + $statement = $this->DB->prepare("SELECT esi.graph_id, service_template_model_stm_id FROM service LEFT JOIN extended_service_information esi ON esi.service_service_id = service_id - WHERE service_id = '" . $service_id . "' LIMIT 1" - ); - $row = $DBRESULT->fetch(); + WHERE service_id = :service_id LIMIT 1"); + while (1) { + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); + $row = $statement->fetch(); if ($row["graph_id"]) { $this->graphID = $row["graph_id"]; return $this->graphID; diff --git a/www/class/centreonUser.class.php b/www/class/centreonUser.class.php index 83f65c82c26..de56ee48941 100644 --- a/www/class/centreonUser.class.php +++ b/www/class/centreonUser.class.php @@ -57,7 +57,6 @@ class CentreonUser public $groupListStr; public $access; public $log; - public $userCrypted; protected $token; public $default_page; private $showDeprecatedPages; @@ -109,7 +108,6 @@ public function __construct($user = array()) * Initiate Log Class */ $this->log = new CentreonUserLog($this->user_id, $pearDB); - $this->userCrypted = md5($this->alias); /** * Init rest api auth diff --git a/www/class/centreonXMLBGRequest.class.php b/www/class/centreonXMLBGRequest.class.php index d47d22a08ad..49e25bbf15a 100644 --- a/www/class/centreonXMLBGRequest.class.php +++ b/www/class/centreonXMLBGRequest.class.php @@ -221,12 +221,13 @@ public function __construct( private function isUserAdmin() { - $query = "SELECT contact_admin, contact_id FROM contact " . - "WHERE contact.contact_id = '" . CentreonDB::escape($this->user_id) . "' LIMIT 1"; - $dbResult = $this->DB->query($query); - $admin = $dbResult->fetchRow(); - $dbResult->closeCursor(); - if ($admin["contact_admin"]) { + $statement = $this->DB->prepare("SELECT contact_admin, contact_id FROM contact " . + "WHERE contact.contact_id = :userId LIMIT 1"); + $statement->bindValue(":userId", (int) $this->user_id, \PDO::PARAM_INT); + $statement->execute(); + $admin = $statement->fetchRow(); + $statement->closeCursor(); + if ($admin !== false && $admin["contact_admin"]) { $this->is_admin = 1; } else { $this->is_admin = 0; @@ -330,7 +331,7 @@ public function setHostGroupsHistory($hg) public function setServiceGroupsHistory($sg) { - $_SESSION['monitoring_default_servicegroups'] = sg; + $_SESSION['monitoring_default_servicegroups'] = $sg; } public function setCriticality($criticality) diff --git a/www/include/Administration/myAccount/formMyAccount.php b/www/include/Administration/myAccount/formMyAccount.php index 6c8a6d96173..61017a423ec 100644 --- a/www/include/Administration/myAccount/formMyAccount.php +++ b/www/include/Administration/myAccount/formMyAccount.php @@ -384,9 +384,6 @@ function myReplace() if ($form->validate()) { updateContactInDB($centreon->user->get_id()); - if ($form->getSubmitValue("contact_passwd")) { - $centreon->user->passwd = md5($form->getSubmitValue("contact_passwd")); - } $o = null; $features = $form->getSubmitValue('features'); diff --git a/www/include/configuration/configCentreonBroker/listCentreonBroker.php b/www/include/configuration/configCentreonBroker/listCentreonBroker.php index 234b3b8a98c..ddfc19d8fa5 100644 --- a/www/include/configuration/configCentreonBroker/listCentreonBroker.php +++ b/www/include/configuration/configCentreonBroker/listCentreonBroker.php @@ -125,6 +125,12 @@ $elemArr = array(); $centreonToken = createCSRFToken(); +$statementBrokerInfo = $pearDB->prepare( + "SELECT COUNT(DISTINCT(config_group_id)) as num " . + "FROM cfg_centreonbroker_info " . + "WHERE config_group = :config_group " . + "AND config_id = :config_id" +); for ($i = 0; $config = $dbResult->fetch(); $i++) { $moptions = ""; @@ -148,23 +154,16 @@ . "style=\"margin-bottom:0px;\" name='dupNbr[" . $config['config_id'] . "]'>"; // Number of output - $res = $pearDB->query( - "SELECT COUNT(DISTINCT(config_group_id)) as num " . - "FROM cfg_centreonbroker_info " . - "WHERE config_group = 'output' " . - "AND config_id = " . $config['config_id'] - ); - $row = $res->fetch(); + $statementBrokerInfo->bindValue(':config_id', (int) $config['config_id'], \PDO::PARAM_INT); + $statementBrokerInfo->bindValue(':config_group', 'output', \PDO::PARAM_STR); + $statementBrokerInfo->execute(); + $row = $statementBrokerInfo->fetch(\PDO::FETCH_ASSOC); $outputNumber = $row["num"]; // Number of input - $res = $pearDB->query( - "SELECT COUNT(DISTINCT(config_group_id)) as num " . - "FROM cfg_centreonbroker_info " . - "WHERE config_group = 'input' " . - "AND config_id = " . $config['config_id'] - ); - $row = $res->fetch(); + $statementBrokerInfo->bindValue(':config_group', 'input', \PDO::PARAM_STR); + $statementBrokerInfo->execute(); + $row = $statementBrokerInfo->fetch(\PDO::FETCH_ASSOC); $inputNumber = $row["num"]; // Number of logger @@ -180,7 +179,7 @@ $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), - "RowMenu_name" => CentreonUtils::escapeSecure($config["config_name"]), + "RowMenu_name" => htmlentities($config["config_name"], ENT_QUOTES, 'UTF-8'), "RowMenu_link" => "main.php?p=" . $p . "&o=c&id=" . $config['config_id'], "RowMenu_desc" => CentreonUtils::escapeSecure( substr( diff --git a/www/include/configuration/configObject/contact/formContact.php b/www/include/configuration/configObject/contact/formContact.php index 4ed7380c9df..64eeca5b54f 100644 --- a/www/include/configuration/configObject/contact/formContact.php +++ b/www/include/configuration/configObject/contact/formContact.php @@ -1,4 +1,5 @@ closeCursor(); $cct = array(); -if (($o == "c" || $o == "w") && $contactId) { +if (($o == MODIFY_CONTACT || $o == WATCH_CONTACT) && $contactId) { /** * Init Tables informations */ @@ -146,7 +147,7 @@ */ $langs = array(); $langs = getLangs(); -if ($o == "mc") { +if ($o == MASSIVE_CHANGE) { array_unshift($langs, null); } @@ -236,7 +237,7 @@ * @var $moduleFormManager \Centreon\Domain\Service\ModuleFormManager */ -if ($o == "a") { +if ($o == ADD_CONTACT) { $form->addElement('header', 'title', _("Add a User")); $eventDispatcher->notify( @@ -248,7 +249,7 @@ 'contact_id' => $contactId ] ); -} elseif ($o == "c") { +} elseif ($o == MODIFY_CONTACT) { $form->addElement('header', 'title', _("Modify a User")); $eventDispatcher->notify( @@ -260,7 +261,7 @@ 'contact_id' => $contactId ] ); -} elseif ($o == "w") { +} elseif ($o == WATCH_CONTACT) { $form->addElement('header', 'title', _("View a User")); $eventDispatcher->notify( @@ -272,7 +273,7 @@ 'contact_id' => $contactId ] ); -} elseif ($o == "mc") { +} elseif ($o == MASSIVE_CHANGE) { $form->addElement('header', 'title', _("Massive Change")); $eventDispatcher->notify( @@ -301,7 +302,7 @@ * Don't change contact name and alias in massif change * Don't change contact name, alias or autologin key in massive change */ -if ($o != "mc") { +if ($o != MASSIVE_CHANGE) { $form->addElement('text', 'contact_name', _("Full Name"), $attrsTextDescr); $form->addElement('text', 'contact_alias', _("Alias / Login"), $attrsText); $form->addElement('text', 'contact_autologin_key', _("Autologin Key"), array("size" => "90", "id" => "aKey")); @@ -328,7 +329,7 @@ * Contact Groups Field */ $form->addElement('header', 'groupLinks', _("Group Relations")); -if ($o == "mc") { +if ($o == MASSIVE_CHANGE) { $mc_mod_cg = array(); $mc_mod_cg[] = $form->createElement('radio', 'mc_mod_cg', null, _("Incremental"), '0'); $mc_mod_cg[] = $form->createElement('radio', 'mc_mod_cg', null, _("Replacement"), '1'); @@ -396,7 +397,7 @@ /** * ACL configurations */ -if ($o == "mc") { +if ($o == MASSIVE_CHANGE) { $mc_mod_cg = array(); $mc_mod_cg[] = $form->createElement('radio', 'mc_mod_acl', null, _("Incremental"), '0'); $mc_mod_cg[] = $form->createElement('radio', 'mc_mod_acl', null, _("Replacement"), '1'); @@ -432,7 +433,7 @@ ); $form->addElement('select2', 'contact_location', _("Timezone / Location"), array(), $attrTimezones); -if ($o != "mc") { +if ($o != MASSIVE_CHANGE) { $auth_type = array(); } else { $auth_type = array(null => null); @@ -446,7 +447,7 @@ $dnElement->freeze(); } } -if ($o != "mc") { +if ($o != MASSIVE_CHANGE) { $form->setDefaults(array( 'contact_oreon' => '1', 'contact_admin' => '0', @@ -466,7 +467,7 @@ $tab[] = $form->createElement('radio', 'contact_enable_notifications', null, _("No"), '0'); $tab[] = $form->createElement('radio', 'contact_enable_notifications', null, _("Default"), '2'); $form->addGroup($tab, 'contact_enable_notifications', _("Enable Notifications"), ' '); -if ($o != "mc") { +if ($o != MASSIVE_CHANGE) { $form->setDefaults(array('contact_enable_notifications' => '2')); } @@ -529,7 +530,7 @@ unset($hostNotifOpt); -if ($o == "mc") { +if ($o == MASSIVE_CHANGE) { $mc_mod_hcmds = array(); $mc_mod_hcmds[] = $form->createElement('radio', 'mc_mod_hcmds', null, _("Incremental"), '0'); $mc_mod_hcmds[] = $form->createElement('radio', 'mc_mod_hcmds', null, _("Replacement"), '1'); @@ -615,7 +616,7 @@ ); $form->addElement('select2', 'timeperiod_tp_id2', _("Service Notification Period"), array(), $attrTimeperiod2); -if ($o == "mc") { +if ($o == MASSIVE_CHANGE) { $mc_mod_svcmds = array(); $mc_mod_svcmds[] = $form->createElement('radio', 'mc_mod_svcmds', null, _("Incremental"), '0'); $mc_mod_svcmds[] = $form->createElement('radio', 'mc_mod_svcmds', null, _("Replacement"), '1'); @@ -645,7 +646,7 @@ $cctActivation[] = $form->createElement('radio', 'contact_activate', null, _("Disabled"), '0'); $form->addGroup($cctActivation, 'contact_activate', _("Status"), ' '); $form->setDefaults(array('contact_activate' => '1')); -if ($o == "c" && $centreon->user->get_id() == $cct["contact_id"]) { +if ($o == MODIFY_CONTACT && $centreon->user->get_id() == $cct["contact_id"]) { $form->freeze('contact_activate'); } @@ -683,7 +684,7 @@ function myReplace() $form->applyFilter('__ALL__', 'myTrim'); $form->applyFilter('contact_name', 'myReplace'); $from_list_menu = false; -if ($o != "mc") { +if ($o != MASSIVE_CHANGE) { $ret = $form->getSubmitValues(); $form->addRule('contact_name', _("Compulsory Name"), 'required'); $form->addRule('contact_alias', _("Compulsory Alias"), 'required'); @@ -730,7 +731,7 @@ function myReplace() _("You have to keep at least one contact to access to Centreon"), 'keepOneContactAtLeast' ); -} elseif ($o == "mc") { +} elseif ($o == MASSIVE_CHANGE) { if ($form->getSubmitValue("submitMC")) { $from_list_menu = false; } else { @@ -753,7 +754,7 @@ function myReplace() $helptext .= '' . "\n"; } $tpl->assign("helptext", $helptext); -if ($o == "w") { +if ($o == WATCH_CONTACT) { # Just watch a contact information if ($centreon->user->access->page($p) != 2) { $form->addElement( @@ -765,16 +766,16 @@ function myReplace() } $form->setDefaults($cct); $form->freeze(); -} elseif ($o == "c") { +} elseif ($o == MODIFY_CONTACT) { # Modify a contact information $subC = $form->addElement('submit', 'submitC', _("Save"), array("class" => "btc bt_success")); $res = $form->addElement('reset', 'reset', _("Reset"), array("class" => "btc bt_default")); $form->setDefaults($cct); -} elseif ($o == "a") { +} elseif ($o == ADD_CONTACT) { # Add a contact information $subA = $form->addElement('submit', 'submitA', _("Save"), array("class" => "btc bt_success")); $res = $form->addElement('reset', 'reset', _("Reset"), array("class" => "btc bt_default")); -} elseif ($o == "mc") { +} elseif ($o == MASSIVE_CHANGE) { # Massive Change $subMC = $form->addElement('submit', 'submitMC', _("Save"), array("class" => "btc bt_success")); $res = $form->addElement('reset', 'reset', _("Reset"), array("class" => "btc bt_default")); @@ -816,16 +817,16 @@ function myReplace() ); } elseif ($form->getSubmitValue("submitMC")) { $select = explode(",", $select); - foreach ($select as $key => $contactId) { - if ($contactId) { - updateContactInDB($contactId, true); + foreach ($select as $key => $selectedContactId) { + if ($selectedContactId) { + updateContactInDB($selectedContactId, true); $eventDispatcher->notify( 'contact.form', EventDispatcher::EVENT_UPDATE, [ 'form' => $form, - 'contact_id' => $contactId + 'contact_id' => $selectedContactId ] ); } diff --git a/www/include/configuration/configObject/host/DB-Func.php b/www/include/configuration/configObject/host/DB-Func.php index c64dafe8e6e..b8ee981cb54 100644 --- a/www/include/configuration/configObject/host/DB-Func.php +++ b/www/include/configuration/configObject/host/DB-Func.php @@ -482,7 +482,7 @@ function multipleHostInDB($hosts = array(), $nbrDup = array()) \PDO::PARAM_INT ); $countStatement->execute(); - $mulHostSv = $countStatement->fetchrow(\PDO::FETCH_ASSOC); + $mulHostSv = $countStatement->fetch(\PDO::FETCH_ASSOC); if ($mulHostSv["COUNT(*)"] > 1) { $insertStatement->bindValue(':host_id', (int) $maxId["MAX(host_id)"], \PDO::PARAM_INT); $insertStatement->bindValue( @@ -2697,7 +2697,7 @@ function sanitizeFormHostParameters(array $ret): array break; case 'mc_contact_additive_inheritance': case 'mc_cg_additive_inheritance': - $bindParams[':' . ltrim($inputName, 'mc_')] = [ + $bindParams[':' . str_replace('mc_', '', $inputName)] = [ \PDO::PARAM_INT => (isset($ret[$inputName]) ? 1 : 0) ]; break; diff --git a/www/include/configuration/configObject/host_dependency/DB-Func.php b/www/include/configuration/configObject/host_dependency/DB-Func.php index ed2f2da78fc..1a7733003ef 100644 --- a/www/include/configuration/configObject/host_dependency/DB-Func.php +++ b/www/include/configuration/configObject/host_dependency/DB-Func.php @@ -123,11 +123,14 @@ function multipleHostDependencyInDB($dependencies = array(), $nbrDup = array()) "WHERE dependency_dep_id = " . $key; $dbResult = $pearDB->query($query); $fields["dep_serviceChilds"] = ""; + $statement = $pearDB->prepare("INSERT INTO dependency_serviceChild_relation " . + " VALUES (:max_dep_id, :service_id, :host_host_id)"); while ($service = $dbResult->fetch()) { - $query = "INSERT INTO dependency_serviceChild_relation VALUES ('" . - $maxId["MAX(dep_id)"] . "', '" . $service["service_service_id"] . "', '" . - $service["host_host_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':max_dep_id', (int)$maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int)$service["service_service_id"], \PDO::PARAM_INT); + $statement->bindValue(':host_host_id', (int)$service["host_host_id"], \PDO::PARAM_INT); + $statement->execute(); + $fields["dep_serviceChilds"] .= $service["host_host_id"] . '-' . $service["service_service_id"] . ","; } @@ -136,10 +139,12 @@ function multipleHostDependencyInDB($dependencies = array(), $nbrDup = array()) "WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hostParents"] = ""; + $statement = $pearDB->prepare("INSERT INTO dependency_hostParent_relation " . + "VALUES (:max_dep_id, :host_host_id)"); while ($host = $dbResult->fetch()) { - $query = "INSERT INTO dependency_hostParent_relation " . - "VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $host["host_host_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':max_dep_id', (int)$maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':host_host_id', (int)$host["host_host_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hostParents"] .= $host["host_host_id"] . ","; } $fields["dep_hostParents"] = trim($fields["dep_hostParents"], ","); @@ -148,10 +153,12 @@ function multipleHostDependencyInDB($dependencies = array(), $nbrDup = array()) "WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hostChilds"] = ""; + $statement = $pearDB->prepare("INSERT INTO dependency_hostChild_relation " . + "VALUES (:max_dep_id, :host_host_id)"); while ($host = $dbResult->fetch()) { - $query = "INSERT INTO dependency_hostChild_relation " . - "VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $host["host_host_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':max_dep_id', (int)$maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':host_host_id', (int)$host["host_host_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hostChilds"] .= $host["host_host_id"] . ","; } $fields["dep_hostChilds"] = trim($fields["dep_hostChilds"], ","); diff --git a/www/include/configuration/configObject/hostgroup_dependency/DB-Func.php b/www/include/configuration/configObject/hostgroup_dependency/DB-Func.php index e52f0efe8f6..a05ccb6a0bf 100644 --- a/www/include/configuration/configObject/hostgroup_dependency/DB-Func.php +++ b/www/include/configuration/configObject/hostgroup_dependency/DB-Func.php @@ -124,10 +124,12 @@ function multipleHostGroupDependencyInDB($dependencies = array(), $nbrDup = arra "WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hgParents"] = ""; + $query = "INSERT INTO dependency_hostgroupParent_relation VALUES (:max_id, :hg_id)"; + $statement = $pearDB->prepare($query); while ($hg = $dbResult->fetch()) { - $query = "INSERT INTO dependency_hostgroupParent_relation VALUES ('" . - $maxId["MAX(dep_id)"] . "', '" . $hg["hostgroup_hg_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':max_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':hg_id', (int) $hg["hostgroup_hg_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hgParents"] .= $hg["hostgroup_hg_id"] . ","; } $fields["dep_hgParents"] = trim($fields["dep_hgParents"], ","); @@ -136,10 +138,12 @@ function multipleHostGroupDependencyInDB($dependencies = array(), $nbrDup = arra "WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hgChilds"] = ""; + $query = "INSERT INTO dependency_hostgroupChild_relation VALUES (:max_id, :hg_id)"; + $statement = $pearDB->prepare($query); while ($hg = $dbResult->fetch()) { - $query = "INSERT INTO dependency_hostgroupChild_relation VALUES ('" . - $maxId["MAX(dep_id)"] . "', '" . $hg["hostgroup_hg_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':max_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':hg_id', (int) $hg["hostgroup_hg_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hgChilds"] .= $hg["hostgroup_hg_id"] . ","; } $fields["dep_hgChilds"] = trim($fields["dep_hgChilds"], ","); diff --git a/www/include/configuration/configObject/metaservice_dependency/DB-Func.php b/www/include/configuration/configObject/metaservice_dependency/DB-Func.php index 94fc2cde99b..65c42c120cc 100644 --- a/www/include/configuration/configObject/metaservice_dependency/DB-Func.php +++ b/www/include/configuration/configObject/metaservice_dependency/DB-Func.php @@ -114,19 +114,23 @@ function multipleMetaServiceDependencyInDB($dependencies = array(), $nbrDup = ar $query = "SELECT DISTINCT meta_service_meta_id FROM dependency_metaserviceParent_relation " . "WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); + $statement = $pearDB->prepare("INSERT INTO dependency_metaserviceParent_relation " . + "VALUES (:maxId, :metaId)"); while ($ms = $dbResult->fetch()) { - $query = "INSERT INTO dependency_metaserviceParent_relation " . - "VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $ms["meta_service_meta_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':maxId', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':metaId', (int) $ms["meta_service_meta_id"], \PDO::PARAM_INT); + $statement->execute(); } $dbResult->closeCursor(); $query = "SELECT DISTINCT meta_service_meta_id FROM dependency_metaserviceChild_relation " . "WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); + $childStatement = $pearDB->prepare("INSERT INTO dependency_metaserviceChild_relation " . + "VALUES (:maxId, :metaId)"); while ($ms = $dbResult->fetch()) { - $query = "INSERT INTO dependency_metaserviceChild_relation VALUES ('" . - $maxId["MAX(dep_id)"] . "', '" . $ms["meta_service_meta_id"] . "')"; - $pearDB->query($query); + $childStatement->bindValue(':maxId', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $childStatement->bindValue(':metaId', (int) $ms["meta_service_meta_id"], \PDO::PARAM_INT); + $childStatement->execute(); } $dbResult->closeCursor(); } diff --git a/www/include/configuration/configObject/service/DB-Func.php b/www/include/configuration/configObject/service/DB-Func.php index 58489ba0e62..9d0037c1a3c 100644 --- a/www/include/configuration/configObject/service/DB-Func.php +++ b/www/include/configuration/configObject/service/DB-Func.php @@ -60,9 +60,10 @@ function setHostChangeFlag($db, $hostId = null, $hostgroupId = null) } $query = "UPDATE acl_resources SET changed = 1 " . "WHERE acl_res_id IN (" . - "SELECT acl_res_id FROM $table WHERE $field = " . $db->escape($val) . - ")"; - $db->query($query); + "SELECT acl_res_id FROM $table WHERE $field = :fieldValue)"; + $statement = $db->prepare($query); + $statement->bindValue(':fieldValue', (int) $val, \PDO::PARAM_INT); + $statement->execute(); return null; } @@ -285,17 +286,19 @@ function testServiceExistence($name = null, $hPars = array(), $hgPars = array(), } $dbResult->closeCursor(); } + $query = "SELECT service_id FROM service, host_service_relation hsr " . + "WHERE hsr.hostgroup_hg_id = :hostgroup_hg_id AND hsr.service_service_id = service_id " . + "AND service.service_description = :service_description"; + $statement = $pearDB->prepare($query); foreach ($hgPars as $hostgroup) { - $query = "SELECT service_id FROM service, host_service_relation hsr " . - "WHERE hsr.hostgroup_hg_id = '" . $hostgroup . "' AND hsr.service_service_id = service_id " . - "AND service.service_description = '" . $escapeName . "'"; - $dbResult = $pearDB->query($query); - $service = $dbResult->fetch(); + $statement->bindValue(':hostgroup_hg_id', (int) $hostgroup, \PDO::PARAM_INT); + $statement->bindValue(':service_description', $centreon->checkIllegalChar($name), \PDO::PARAM_STR); + $service = $statement->fetch(\PDO::FETCH_ASSOC); #Duplicate entry - if ($dbResult->rowCount() >= 1 && $service["service_id"] != $id) { + if ($statement->rowCount() >= 1 && $service["service_id"] != $id) { return (false == $returnId) ? false : $service['service_id']; } - $dbResult->closeCursor(); + $statement->closeCursor(); } return (false == $returnId) ? true : 0; } @@ -376,14 +379,15 @@ function deleteServiceInDB($services = array()) { global $pearDB, $centreon; + $query = 'UPDATE service SET service_template_model_stm_id = NULL WHERE service_id = :service_id'; + $statement = $pearDB->prepare($query); foreach ($services as $key => $value) { removeRelationLastServiceDependency((int)$key); $query = "SELECT service_id FROM service WHERE service_template_model_stm_id = '" . $key . "'"; $dbResult = $pearDB->query($query); while ($row = $dbResult->fetch()) { - $query = "UPDATE service SET service_template_model_stm_id = NULL WHERE service_id = '" . - $row["service_id"] . "'"; - $pearDB->query($query); + $statement->bindValue(':service_id', (int) $row["service_id"], \PDO::PARAM_INT); + $statement->execute(); } $query = "SELECT service_description FROM `service` WHERE `service_id` = '" . $key . "' LIMIT 1"; $dbResult3 = $pearDB->query($query); @@ -447,8 +451,12 @@ function divideHostGroupsToHostGroup($service_id) $query = "SELECT hostgroup_hg_id FROM host_service_relation " . "WHERE service_service_id = '" . $service_id . "' AND hostgroup_hg_id IS NOT NULL"; - $dbResult3 = $pearDB->query(); - while ($data = $dbResult3->fetch($query)) { + $dbResult3 = $pearDB->query($query); + $query = "UPDATE index_data + SET service_id = :sv_id + WHERE host_id = :host_id AND service_id = :service_id"; + $statement = $pearDBO->prepare($query); + while ($data = $dbResult3->fetch()) { $sv_id = multipleServiceInDB( array($service_id => "1"), array($service_id => "1"), @@ -460,9 +468,10 @@ function divideHostGroupsToHostGroup($service_id) ); $hosts = getMyHostGroupHosts($data["hostgroup_hg_id"]); foreach ($hosts as $host_id) { - $query = "UPDATE index_data SET service_id = '" . $sv_id . "' WHERE host_id = '" . $host_id . - "' AND service_id = '" . $service_id . "'"; - $pearDBO->query($query); + $statement->bindValue(':sv_id', (int) $sv_id, \PDO::PARAM_INT); + $statement->bindValue(':host_id', (int) $host_id, \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); setHostChangeFlag($pearDB, $host_id, null); } } @@ -474,6 +483,10 @@ function divideHostGroupsToHost($service_id) global $pearDB, $pearDBO; $dbResult = $pearDB->query("SELECT * FROM host_service_relation WHERE service_service_id = '" . $service_id . "'"); + $query = "UPDATE index_data + SET service_id = :sv_id + WHERE host_id = :host_id AND service_id = :service_id"; + $statement = $pearDBO->prepare($query); while ($relation = $dbResult->fetch()) { $hosts = getMyHostGroupHosts($relation["hostgroup_hg_id"]); @@ -487,9 +500,10 @@ function divideHostGroupsToHost($service_id) array(), array($relation["hostgroup_hg_id"] => null) ); - $query = "UPDATE index_data SET service_id = '" . $sv_id . "' WHERE host_id = '" . $host_id . - "' AND service_id = '" . $service_id . "'"; - $pearDBO->query($query); + $statement->bindValue(':sv_id', (int) $sv_id, \PDO::PARAM_INT); + $statement->bindValue(':host_id', (int) $host_id, \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); setHostChangeFlag($pearDB, $host_id, null); } } @@ -501,6 +515,8 @@ function divideHostsToHost($service_id) global $pearDB, $pearDBO; $dbResult = $pearDB->query("SELECT * FROM host_service_relation WHERE service_service_id = '" . $service_id . "'"); + $query = "UPDATE index_data SET service_id = :sv_id WHERE host_id = :host_id AND service_id = :service_id"; + $statement = $pearDBO->prepare($query); while ($relation = $dbResult->fetch()) { $sv_id = multipleServiceInDB( array($service_id => "1"), @@ -511,10 +527,10 @@ function divideHostsToHost($service_id) array(), array($relation["hostgroup_hg_id"] => null) ); - - $query = "UPDATE index_data SET service_id = '" . $sv_id . "' WHERE host_id = '" . - $relation["host_host_id"] . "' AND service_id = '" . $service_id . "'"; - $pearDBO->query($query); + $statement->bindValue(':sv_id', (int) $sv_id, \PDO::PARAM_INT); + $statement->bindValue(':host_id', (int) $relation["host_host_id"], \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); setHostChangeFlag($pearDB, $relation["host_host_id"], null); } } @@ -587,14 +603,21 @@ function multipleServiceInDB( if (isset($maxId["MAX(service_id)"])) { // Host duplication case -> Duplicate the Service for the Host we create if ($host) { - $query = "INSERT INTO host_service_relation VALUES (NULL, NULL, '" . $host . "', NULL, '" . - $maxId["MAX(service_id)"] . "')"; - $pearDB->query($query); + $query = "INSERT INTO host_service_relation + VALUES (NULL, NULL, :host_id, NULL, :service_id)"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':host_id', (int) $host, \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->execute(); setHostChangeFlag($pearDB, $host, null); } elseif ($hostgroup) { - $query = "INSERT INTO host_service_relation VALUES (NULL, '" . $hostgroup . - "', NULL, NULL, '" . $maxId["MAX(service_id)"] . "')"; - $pearDB->query($query); + $query = "INSERT INTO host_service_relation + VALUES (NULL, :hostgroup_id, NULL, + NULL, :service_id)"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':hostgroup_id', (int) $hostgroup, \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->execute(); setHostChangeFlag($pearDB, null, $hostgroup); } else { // Service duplication case -> Duplicate the Service for each relation the base Service have @@ -603,18 +626,47 @@ function multipleServiceInDB( $dbResult = $pearDB->query($query); $fields["service_hPars"] = ""; $fields["service_hgPars"] = ""; + $query = "INSERT INTO host_service_relation + VALUES (NULL, :hostgroup_hg_id, :host_host_id, + NULL, :service_id)"; + $statement = $pearDB->prepare($query); while ($service = $dbResult->fetch()) { if ($service["host_host_id"]) { - $query = "INSERT INTO host_service_relation VALUES (NULL, NULL, '" . - $service["host_host_id"] . "', NULL, '" . $maxId["MAX(service_id)"] . "')"; - $pearDB->query($query); + $statement->bindValue( + ':hostgroup_hg_id', + null, + \PDO::PARAM_NULL + ); + $statement->bindValue( + ':host_host_id', + (int) $service["host_host_id"], + \PDO::PARAM_INT + ); + $statement->bindValue( + ':service_id', + (int) $maxId["MAX(service_id)"], + \PDO::PARAM_INT + ); + $statement->execute(); setHostChangeFlag($pearDB, $service['host_host_id'], null); $fields["service_hPars"] .= $service["host_host_id"] . ","; } elseif ($service["hostgroup_hg_id"]) { - $query = "INSERT INTO host_service_relation VALUES (NULL, '" . - $service["hostgroup_hg_id"] . "', NULL, NULL, '" . - $maxId["MAX(service_id)"] . "')"; - $pearDB->query($query); + $statement->bindValue( + ':hostgroup_hg_id', + (int) $service["hostgroup_hg_id"], + \PDO::PARAM_INT + ); + $statement->bindValue( + ':host_host_id', + null, + \PDO::PARAM_NULL + ); + $statement->bindValue( + ':service_id', + (int) $maxId["MAX(service_id)"], + \PDO::PARAM_INT + ); + $statement->execute(); setHostChangeFlag($pearDB, null, $service["hostgroup_hg_id"]); $fields["service_hgPars"] .= $service["hostgroup_hg_id"] . ","; } @@ -630,10 +682,12 @@ function multipleServiceInDB( "WHERE service_service_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["service_cs"] = ""; + $query = "INSERT INTO contact_service_relation VALUES (:service_id,:contact_id )"; + $statement = $pearDB->prepare($query); while ($C = $dbResult->fetch()) { - $query = "INSERT INTO contact_service_relation VALUES ('" . - $maxId["MAX(service_id)"] . "', '" . $C["contact_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':service_id', (int) $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->bindValue(':contact_id', (int) $C["contact_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["service_cs"] .= $C["contact_id"] . ","; } $fields["service_cs"] = trim($fields["service_cs"], ","); @@ -645,10 +699,17 @@ function multipleServiceInDB( "WHERE service_service_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["service_cgs"] = ""; + $query = "INSERT INTO contactgroup_service_relation + VALUES (:contactgroup_cg_id,:service_id)"; + $statement = $pearDB->prepare($query); while ($Cg = $dbResult->fetch()) { - $query = "INSERT INTO contactgroup_service_relation VALUES ('" . - $Cg["contactgroup_cg_id"] . "', '" . $maxId["MAX(service_id)"] . "')"; - $pearDB->query($query); + $statement->bindValue( + ':contactgroup_cg_id', + (int) $Cg["contactgroup_cg_id"], + \PDO::PARAM_INT + ); + $statement->bindValue(':service_id', (int) $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->execute(); $fields["service_cgs"] .= $Cg["contactgroup_cg_id"] . ","; } $fields["service_cgs"] = trim($fields["service_cgs"], ","); @@ -660,21 +721,42 @@ function multipleServiceInDB( "servicegroup_relation WHERE service_service_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["service_sgs"] = ""; + $query = "INSERT INTO servicegroup_relation (host_host_id, hostgroup_hg_id, " . + "service_service_id, servicegroup_sg_id) + VALUES (:host_host_id,:hostgroup_hg_id,:service_service_id,:servicegroup_sg_id)"; + $statement = $pearDB->prepare($query); while ($Sg = $dbResult->fetch()) { if (isset($host) && $host) { $host_id = $host; } else { - $Sg["host_host_id"] ? $host_id = "'" . $Sg["host_host_id"] . "'" : $host_id = "NULL"; + $host_id = $Sg["host_host_id"] ?? null; } if (isset($hostgroup) && $hostgroup) { $hg_id = $hostgroup; } else { - $Sg["hostgroup_hg_id"] ? $hg_id = "'" . $Sg["hostgroup_hg_id"] . "'" : $hg_id = "NULL"; + $hg_id = $Sg["hostgroup_hg_id"] ?? null; } - $query = "INSERT INTO servicegroup_relation (host_host_id, hostgroup_hg_id, " . - "service_service_id, servicegroup_sg_id) VALUES (" . $host_id . ", " . $hg_id . ", '" . - $maxId["MAX(service_id)"] . "', '" . $Sg["servicegroup_sg_id"] . "')"; - $pearDB->query($query); + $statement->bindValue( + ':host_host_id', + $host_id, + \PDO::PARAM_INT + ); + $statement->bindValue( + ':hostgroup_hg_id', + $hg_id, + \PDO::PARAM_INT + ); + $statement->bindValue( + ':service_service_id', + (int) $maxId["MAX(service_id)"], + \PDO::PARAM_INT + ); + $statement->bindValue( + ':servicegroup_sg_id', + $Sg["servicegroup_sg_id"], + \PDO::PARAM_INT + ); + $statement->execute(); if ($Sg["host_host_id"]) { $fields["service_sgs"] .= $Sg["host_host_id"] . ","; } @@ -688,11 +770,14 @@ function multipleServiceInDB( $query = "SELECT DISTINCT traps_id FROM traps_service_relation " . "WHERE service_id = '" . $key . "'"; $dbResult = $pearDB->query($query); + $fields["service_traps"] = ""; + $query = "INSERT INTO traps_service_relation VALUES (:traps_id, :service_id)"; + $statement = $pearDB->prepare($query); while ($traps = $dbResult->fetch()) { - $query = "INSERT INTO traps_service_relation VALUES ('" . - $traps["traps_id"] . "', '" . $maxId["MAX(service_id)"] . "')"; - $pearDB->query($query); + $statement->bindValue(':traps_id', (int) $traps["traps_id"], \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->execute(); $fields["service_traps"] .= $traps["traps_id"] . ","; } $fields["service_traps"] = trim($fields["service_traps"], ","); @@ -732,10 +817,14 @@ function multipleServiceInDB( $sv["is_password"] = '0'; } $mTpRq2 = "INSERT INTO `on_demand_macro_service` (`svc_svc_id`, `svc_macro_name`, " . - "`svc_macro_value`, `is_password`) VALUES ('" . $maxId["MAX(service_id)"] . - "', '\$" . $pearDB->escape($macName) . "\$', '" . $pearDB->escape($macVal) . "', '" . - $pearDB->escape($sv["is_password"]) . "')"; - $dbResult4 = $pearDB->query($mTpRq2); + "`svc_macro_value`, `is_password`) + VALUES (:svc_svc_id, :svc_macro_name, :svc_macro_value , :is_password)"; + $statement = $pearDB->prepare($mTpRq2); + $statement->bindValue(':svc_svc_id', $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->bindValue(':svc_macro_name', '$' . $macName . '$'); + $statement->bindValue(':svc_macro_value', $macVal); + $statement->bindValue(':is_password', $sv["is_password"]); + $statement->execute(); $fields["_" . strtoupper($macName) . "_"] = $sv['svc_macro_value']; } @@ -745,20 +834,29 @@ function multipleServiceInDB( $mTpRq1 = "SELECT * FROM `service_categories_relation` " . "WHERE `service_service_id` = '" . $key . "'"; $dbResult3 = $pearDB->query($mTpRq1); + $mTpRq2 = "INSERT INTO `service_categories_relation` (`service_service_id`, `sc_id`) " . + "VALUES (:service_service_id, :sc_id)"; + $statement = $pearDB->prepare($mTpRq2); while ($sv = $dbResult3->fetch()) { - $mTpRq2 = "INSERT INTO `service_categories_relation` (`service_service_id`, `sc_id`) " . - "VALUES ('" . $maxId["MAX(service_id)"] . "', '" . $sv['sc_id'] . "')"; - $dbResult4 = $pearDB->query($mTpRq2); + $statement->bindValue( + ':service_service_id', + (int) $maxId["MAX(service_id)"], + \PDO::PARAM_INT + ); + $statement->bindValue(':sc_id', (int) $sv['sc_id'], \PDO::PARAM_INT); + $statement->execute(); } /* * get svc desc */ $query = "SELECT service_description FROM service " . - "WHERE service_id = '" . $maxId["MAX(service_id)"] . "' LIMIT 1"; - $DBRES = $pearDB->query($query); - if ($DBRES->rowCount()) { - $row2 = $DBRES->fetch(); + "WHERE service_id = :service_id LIMIT 1"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':service_id', (int) $maxId["MAX(service_id)"], \PDO::PARAM_INT); + $statement->execute(); + if ($statement->rowCount()) { + $row2 = $statement->fetch(PDO::FETCH_ASSOC); $description = $row2['service_description']; $centreon->CentreonLogAction->insertLog( "service", @@ -771,12 +869,14 @@ function multipleServiceInDB( } } } - $centreon->user->access->updateACL(array( - "type" => 'SERVICE', - 'id' => $maxId["MAX(service_id)"], - "action" => "DUP", - "duplicate_service" => $key - )); + $centreon->user->access->updateACL( + array( + "type" => 'SERVICE', + 'id' => $maxId["MAX(service_id)"], + "action" => "DUP", + "duplicate_service" => $key + ) + ); } } return ($maxId["MAX(service_id)"]); @@ -1140,9 +1240,13 @@ function insertService($ret = array(), $macro_on_demand = null) $macName = $my_tab[$macInput]; $macVal = $my_tab[$macValue]; $rq = "INSERT INTO on_demand_macro_service (`svc_macro_name`, `svc_macro_value`, `svc_svc_id`, " . - "`macro_order` ) VALUES ('\$_SERVICE" . CentreonDB::escape(strtoupper($macName)) . "\$', '" . - CentreonDB::escape($macVal) . "', " . $service_id["MAX(service_id)"] . ", " . $i . ")"; - $pearDB->query($rq); + "`macro_order` ) VALUES (:svc_macro_name, :svc_macro_value, :svc_svc_id, :macro_order)"; + $statement = $pearDB->prepare($rq); + $statement->bindValue(':svc_macro_name', '$_SERVICE' . strtoupper($macName) . '$', \PDO::PARAM_STR); + $statement->bindValue(':svc_macro_value', $macVal, \PDO::PARAM_STR); + $statement->bindValue(':svc_svc_id', (int) $service_id["MAX(service_id)"], \PDO::PARAM_INT); + $statement->bindValue(':macro_order', $i, \PDO::PARAM_INT); + $statement->execute(); $fields["_" . strtoupper($my_tab[$macInput]) . "_"] = $my_tab[$macValue]; $already_stored[strtolower($my_tab[$macInput])] = 1; } @@ -2156,10 +2260,12 @@ function updateServiceHost($service_id = null, $ret = array(), $from_MC = false) * Get actual config */ $rq = "SELECT host_host_id FROM escalation_service_relation " . - " WHERE service_service_id = '" . $service_id . "'"; - $dbResult = $pearDB->query($rq); + " WHERE service_service_id = :service_id"; + $statement = $pearDB->prepare($rq); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); $cacheEsc = array(); - while ($data = $dbResult->fetch()) { + while ($data = $statement->fetch(PDO::FETCH_ASSOC)) { $cacheEsc[$data['host_host_id']] = 1; } @@ -2167,49 +2273,64 @@ function updateServiceHost($service_id = null, $ret = array(), $from_MC = false) * Get actual config */ $rq = "SELECT host_host_id FROM host_service_relation " . - " WHERE service_service_id = '" . $service_id . "'"; - $dbResult = $pearDB->query($rq); + " WHERE service_service_id = :service_id "; + $statement = $pearDB->prepare($rq); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); $cache = array(); - while ($data = $dbResult->fetch()) { + while ($data = $statement->fetch(PDO::FETCH_ASSOC)) { $cache[$data['host_host_id']] = 1; } if (count($ret1) == 1) { foreach ($cache as $host_id => $flag) { if (!isset($cacheEsc[$host_id]) && count($cacheEsc)) { - $query = "UPDATE escalation_service_relation SET host_host_id = '" . $ret1[0] . - "' WHERE service_service_id = '" . $service_id . "'"; - $pearDB->query($query); + $query = "UPDATE escalation_service_relation + SET host_host_id = :host_host_id + WHERE service_service_id = :service_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':host_host_id', (int) $ret1[0], \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); } } } else { foreach ($cache as $host_id) { if (!isset($cache[$host_id]) && count($cacheEsc)) { - $query = "DELETE FROM escalation_service_relation WHERE host_host_id = '" . $ret1[0] . - "' AND service_service_id = '" . $service_id . "'"; - $pearDB->query($query); + $query = "DELETE FROM escalation_service_relation + WHERE host_host_id = :host_host_id AND service_service_id = :service_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->bindValue(':host_host_id', (int) $ret1[0], \PDO::PARAM_INT); + $statement->execute(); } } } if (!$from_MC) { $rq = "DELETE FROM host_service_relation " - . "WHERE service_service_id = '" . $service_id . "' "; - $dbResult = $pearDB->query($rq); + . "WHERE service_service_id = :service_id "; + $statement = $pearDB->prepare($rq); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); } else { # Purge service to host relations if (count($ret1)) { $rq = "DELETE FROM host_service_relation " - . "WHERE service_service_id = '" . $service_id . "' " + . "WHERE service_service_id = :service_id " . "AND host_host_id IS NOT NULL "; - $dbResult = $pearDB->query($rq); + $statement = $pearDB->prepare($rq); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); } # Purge service to hostgroup relations if (count($ret2)) { $rq = "DELETE FROM host_service_relation " - . "WHERE service_service_id = '" . $service_id . "' " + . "WHERE service_service_id = :service_id " . "AND hostgroup_hg_id IS NOT NULL "; - $dbResult = $pearDB->query($rq); + $statement = $pearDB->prepare($rq); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); } } @@ -2424,15 +2545,17 @@ function updateServiceCategories($service_id = null, $ret = array()) } $rq = "DELETE FROM service_categories_relation - WHERE service_service_id = '" . $service_id . "' + WHERE service_service_id = :service_id AND NOT EXISTS( SELECT sc_id FROM service_categories sc WHERE sc.sc_id = service_categories_relation.sc_id AND sc.level IS NOT NULL )"; - $dbResult = $pearDB->query($rq); + $statement = $pearDB->prepare($rq); + $statement->bindValue(':service_id', (int) $service_id, \PDO::PARAM_INT); + $statement->execute(); if (isset($ret["service_categories"])) { $ret = $ret["service_categories"]; } else { @@ -2458,16 +2581,25 @@ function setServiceCriticality($serviceId, $criticalityId) { global $pearDB; - $pearDB->query("DELETE FROM service_categories_relation - WHERE service_service_id = " . $pearDB->escape($serviceId) . " + $statement = $pearDB->prepare( + "DELETE FROM service_categories_relation + WHERE service_service_id =:service_service_id AND NOT EXISTS( SELECT sc_id FROM service_categories sc WHERE sc.sc_id = service_categories_relation.sc_id - AND sc.level IS NULL)"); + AND sc.level IS NULL)" + ); + $statement->bindValue(':service_service_id', $serviceId, \PDO::PARAM_INT); + $statement->execute(); if ($criticalityId) { - $pearDB->query("INSERT INTO service_categories_relation (sc_id, service_service_id) - VALUES (" . $pearDB->escape($criticalityId) . ", " . $pearDB->escape($serviceId) . ")"); + $statement = $pearDB->prepare( + "INSERT INTO service_categories_relation (sc_id, service_service_id) + VALUES (:sc_id,:service_service_id)" + ); + $statement->bindValue(':sc_id', $criticalityId, \PDO::PARAM_INT); + $statement->bindValue(':service_service_id', $serviceId, \PDO::PARAM_INT); + $statement->execute(); } } diff --git a/www/include/configuration/configObject/service_dependency/DB-Func.php b/www/include/configuration/configObject/service_dependency/DB-Func.php index 5be85de8811..4999fee3f2c 100644 --- a/www/include/configuration/configObject/service_dependency/DB-Func.php +++ b/www/include/configuration/configObject/service_dependency/DB-Func.php @@ -127,10 +127,12 @@ function multipleServiceDependencyInDB($dependencies = array(), $nbrDup = array( $query = "SELECT * FROM dependency_hostChild_relation WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hostPar"] = ""; + $query = "INSERT INTO dependency_hostChild_relation VALUES (:dep_id, :host_host_id)"; + $statement = $pearDB->prepare($query); while ($host = $dbResult->fetch()) { - $query = "INSERT INTO dependency_hostChild_relation VALUES ('" . $maxId["MAX(dep_id)"] . - "', '" . $host["host_host_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue(':host_host_id', (int) $host["host_host_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hostPar"] .= $host["host_host_id"] . ","; } $fields["dep_hostPar"] = trim($fields["dep_hostPar"], ","); @@ -138,21 +140,36 @@ function multipleServiceDependencyInDB($dependencies = array(), $nbrDup = array( $query = "SELECT * FROM dependency_serviceParent_relation WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hSvPar"] = ""; + $query = "INSERT INTO dependency_serviceParent_relation + VALUES (:dep_id, :service_service_id, :host_host_id)"; + $statement = $pearDB->prepare($query); while ($service = $dbResult->fetch()) { - $query = "INSERT INTO dependency_serviceParent_relation VALUES ('" . - $maxId["MAX(dep_id)"] . "', '" . $service["service_service_id"] . "', '" . - $service["host_host_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue( + ':service_service_id', + (int) $service["service_service_id"], + \PDO::PARAM_INT + ); + $statement->bindValue(':host_host_id', (int) $service["host_host_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hSvPar"] .= $service["service_service_id"] . ","; } $fields["dep_hSvPar"] = trim($fields["dep_hSvPar"], ","); $query = "SELECT * FROM dependency_serviceChild_relation WHERE dependency_dep_id = '" . $key . "'"; $dbResult = $pearDB->query($query); $fields["dep_hSvChi"] = ""; + $query = "INSERT INTO dependency_serviceChild_relation + VALUES (:dep_id, :service_service_id, :host_host_id)"; + $statement = $pearDB->prepare($query); while ($service = $dbResult->fetch()) { - $query = "INSERT INTO dependency_serviceChild_relation VALUES ('" . $maxId["MAX(dep_id)"] . - "', '" . $service["service_service_id"] . "', '" . $service["host_host_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT); + $statement->bindValue( + ':service_service_id', + (int) $service["service_service_id"], + \PDO::PARAM_INT + ); + $statement->bindValue(':host_host_id', (int) $service["host_host_id"], \PDO::PARAM_INT); + $statement->execute(); $fields["dep_hSvChi"] .= $service["service_service_id"] . ","; } $fields["dep_hSvChi"] = trim($fields["dep_hSvChi"], ","); diff --git a/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php b/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php index d1adc692dc6..8467ce4dc8d 100644 --- a/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php +++ b/www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php @@ -49,10 +49,7 @@ $o = ""; -$search = filter_var( - $_POST['searchST'] ?? $_GET['searchST'] ?? $centreon->historySearch[$url]['search'] ?? '', - FILTER_SANITIZE_STRING -); +$search = htmlspecialchars($_POST['searchST'] ?? $_GET['searchST'] ?? $centreon->historySearch[$url]['search'] ?? ''); $displayLocked = filter_var( $_POST['displayLocked'] ?? $_GET['displayLocked'] ?? 'off', @@ -229,11 +226,11 @@ $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), - "RowMenu_desc" => CentreonUtils::escapeSecure($service["service_description"]), - "RowMenu_alias" => CentreonUtils::escapeSecure($service["service_alias"]), - "RowMenu_parent" => CentreonUtils::escapeSecure($tplStr), + "RowMenu_desc" => htmlentities($service["service_description"]), + "RowMenu_alias" => htmlentities($service["service_alias"]), + "RowMenu_parent" => htmlentities($tplStr), "RowMenu_icon" => $svc_icon, - "RowMenu_retry" => CentreonUtils::escapeSecure( + "RowMenu_retry" => htmlentities( "$normal_check_interval $normal_units / $retry_check_interval $retry_units" ), "RowMenu_attempts" => getMyServiceField($service['service_id'], "service_max_check_attempts"), diff --git a/www/include/configuration/configObject/timeperiod/DB-Func.php b/www/include/configuration/configObject/timeperiod/DB-Func.php index 17f97be1351..633b1bcb54b 100644 --- a/www/include/configuration/configObject/timeperiod/DB-Func.php +++ b/www/include/configuration/configObject/timeperiod/DB-Func.php @@ -85,15 +85,19 @@ function testTPExistence($name = null) $id = $form->getSubmitValue('tp_id'); } - $query = "SELECT tp_name, tp_id FROM timeperiod WHERE tp_name = '" . - htmlentities($centreon->checkIllegalChar($name), ENT_QUOTES, "UTF-8") . "'"; - $dbResult = $pearDB->query($query); - $tp = $dbResult->fetch(); + $query = 'SELECT tp_name, tp_id FROM timeperiod WHERE tp_name = :tp_name'; + $statement = $pearDB->prepare($query); + $statement->bindValue( + ':tp_name', + htmlentities($centreon->checkIllegalChar($name), ENT_QUOTES, "UTF-8"), + \PDO::PARAM_STR + ); + $statement->execute(); + $tp = $statement->fetch(\PDO::FETCH_ASSOC); #Modif case - if ($dbResult->rowCount() >= 1 && $tp["tp_id"] == $id) { + if ($statement->rowCount() >= 1 && $tp["tp_id"] == $id) { return true; - } #Duplicate entry - elseif ($dbResult->rowCount() >= 1 && $tp["tp_id"] != $id) { + } elseif ($statement->rowCount() >= 1 && $tp["tp_id"] != $id) { #Duplicate entry return false; } else { return true; @@ -132,15 +136,13 @@ function multipleTimeperiodInDB($timeperiods = array(), $nbrDup = array()) $row = $dbResult->fetch(); $row["tp_id"] = null; for ($i = 1; $i <= $nbrDup[$key]; $i++) { - $val = null; + $val = []; foreach ($row as $key2 => $value2) { if ($key2 == "tp_name") { $value2 .= "_" . $i; } $key2 == "tp_name" ? ($tp_name = $value2) : ""; - $val - ? $val .= ($value2 != null ? (", '" . $value2 . "'") : ", NULL") - : $val .= ($value2 != null ? ("'" . $value2 . "'") : "NULL"); + $val[] = $value2 ?: null; if ($key2 != "tp_id") { $fields[$key2] = $value2; } @@ -149,30 +151,12 @@ function multipleTimeperiodInDB($timeperiods = array(), $nbrDup = array()) } } if (isset($tp_name) && testTPExistence($tp_name)) { - $pearDB->query($val ? $rq = "INSERT INTO timeperiod VALUES (" . $val . ")" : $rq = null); - - /* - * Get Max ID - */ - $dbResult = $pearDB->query("SELECT MAX(tp_id) FROM `timeperiod`"); - $tp_id = $dbResult->fetch(); - - $query = "INSERT INTO timeperiod_exceptions (timeperiod_id, days, timerange) " . - "SELECT " . $tp_id['MAX(tp_id)'] . ", days, timerange FROM timeperiod_exceptions " . - "WHERE timeperiod_id = '" . $key . "'"; - $pearDB->query($query); - - $query = "INSERT INTO timeperiod_include_relations (timeperiod_id, timeperiod_include_id) " . - "SELECT " . $tp_id['MAX(tp_id)'] . ", timeperiod_include_id FROM timeperiod_include_relations " . - "WHERE timeperiod_id = '" . $key . "'"; - $pearDB->query($query); - - $query = "INSERT INTO timeperiod_exclude_relations (timeperiod_id, timeperiod_exclude_id) " . - "SELECT " . $tp_id['MAX(tp_id)'] . ", timeperiod_exclude_id FROM timeperiod_exclude_relations " . - "WHERE timeperiod_id = '" . $key . "'"; - $pearDB->query($query); - - $centreon->CentreonLogAction->insertLog("timeperiod", $tp_id["MAX(tp_id)"], $tp_name, "a", $fields); + $params = [ + 'values' => $val, + 'timeperiod_id' => $key + ]; + $tpId = duplicateTimePeriod($params); + $centreon->CentreonLogAction->insertLog("timeperiod", $tpId, $tp_name, "a", $fields); } } } @@ -329,16 +313,20 @@ function insertTimeperiod($ret = array(), $exceptions = null) } if (isset($my_tab['nbOfExceptions'])) { $already_stored = array(); + $query = "INSERT INTO timeperiod_exceptions (`timeperiod_id`, `days`, `timerange`) " . + "VALUES (:timeperiod_id, :days, :timerange)"; + $statement = $pearDB->prepare($query); for ($i = 0; $i <= $my_tab['nbOfExceptions']; $i++) { $exInput = "exceptionInput_" . $i; $exValue = "exceptionTimerange_" . $i; - if (isset($my_tab[$exInput]) && !isset($already_stored[strtolower($my_tab[$exInput])]) && + if ( + isset($my_tab[$exInput]) && !isset($already_stored[strtolower($my_tab[$exInput])]) && $my_tab[$exInput] ) { - $query = "INSERT INTO timeperiod_exceptions (`timeperiod_id`, `days`, `timerange`) " . - "VALUES ('" . $tp_id['MAX(tp_id)'] . "', LOWER('" . $pearDB->escape($my_tab[$exInput]) . "'), '" . - $pearDB->escape($my_tab[$exValue]) . "')"; - $pearDB->query($query); + $statement->bindValue(':timeperiod_id', (int) $tp_id['MAX(tp_id)'], \PDO::PARAM_INT); + $statement->bindValue(':days', strtolower($my_tab[$exInput]), \PDO::PARAM_STR); + $statement->bindValue(':timerange', $my_tab[$exValue], \PDO::PARAM_STR); + $statement->execute(); $fields[$my_tab[$exInput]] = $my_tab[$exValue]; $already_stored[strtolower($my_tab[$exInput])] = 1; } @@ -475,3 +463,114 @@ function testTemplateLoop($value) return true; } + +/** + * All in one function to duplicate time periods + * + * @param array $params + * @return int + */ +function duplicateTimePeriod(array $params): int +{ + global $pearDB; + + $isAlreadyInTransaction = $pearDB->inTransaction(); + if (!$isAlreadyInTransaction) { + $pearDB->beginTransaction(); + } + try { + $params['tp_id'] = createTimePeriod($params); + createTimePeriodsExceptions($params); + createTimePeriodsIncludeRelations($params); + createTimePeriodsExcludeRelations($params); + if (!$isAlreadyInTransaction) { + $pearDB->commit(); + } + } catch (\Exception $e) { + if (!$isAlreadyInTransaction) { + $pearDB->rollBack(); + } + } + return $params['tp_id']; +} + +/** + * Creates time period and returns id. + * + * @param array $params + * @return int + */ +function createTimePeriod(array $params): int +{ + global $pearDB; + + $queryBindValues = []; + foreach ($params['values'] as $index => $value) { + $queryBindValues[':value_' . $index] = $value; + } + $bindValues = implode(', ', array_keys($queryBindValues)); + $statement = $pearDB->prepare("INSERT INTO timeperiod VALUES ($bindValues)"); + foreach ($queryBindValues as $bindKey => $bindValue) { + if (array_key_first($queryBindValues) === $bindKey) { + $statement->bindValue($bindKey, (int) $bindValue, \PDO::PARAM_INT); + } else { + $statement->bindValue($bindKey, $bindValue, \PDO::PARAM_STR); + } + } + $statement->execute(); + return (int) $pearDB->lastInsertId(); +} + +/** + * Creates time periods exclude relations + * + * @param array $params + */ +function createTimePeriodsExcludeRelations(array $params): void +{ + global $pearDB; + + $query = "INSERT INTO timeperiod_exclude_relations (timeperiod_id, timeperiod_exclude_id) " . + "SELECT :tp_id, timeperiod_exclude_id FROM timeperiod_exclude_relations " . + "WHERE timeperiod_id = :timeperiod_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':tp_id', $params['tp_id'], \PDO::PARAM_INT); + $statement->bindValue(':timeperiod_id', (int) $params['timeperiod_id'], \PDO::PARAM_INT); + $statement->execute(); +} + +/** + * Creates time periods include relations + * + * @param array $params + */ +function createTimePeriodsIncludeRelations(array $params): void +{ + global $pearDB; + + $query = "INSERT INTO timeperiod_include_relations (timeperiod_id, timeperiod_include_id) " . + "SELECT :tp_id, timeperiod_include_id FROM timeperiod_include_relations " . + "WHERE timeperiod_id = :timeperiod_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':tp_id', $params['tp_id'], \PDO::PARAM_INT); + $statement->bindValue(':timeperiod_id', (int) $params['timeperiod_id'], \PDO::PARAM_INT); + $statement->execute(); +} + +/** + * Creates time periods exceptions + * + * @param array $params + */ +function createTimePeriodsExceptions(array $params): void +{ + global $pearDB; + + $query = "INSERT INTO timeperiod_exceptions (timeperiod_id, days, timerange) " . + "SELECT :tp_id, days, timerange FROM timeperiod_exceptions " . + "WHERE timeperiod_id = :timeperiod_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':tp_id', $params['tp_id'], \PDO::PARAM_INT); + $statement->bindValue(':timeperiod_id', (int) $params['timeperiod_id'], \PDO::PARAM_INT); + $statement->execute(); +} diff --git a/www/include/monitoring/recurrentDowntime/formDowntime.html b/www/include/monitoring/recurrentDowntime/formDowntime.html index bf31dfc284a..0d2000cae96 100644 --- a/www/include/monitoring/recurrentDowntime/formDowntime.html +++ b/www/include/monitoring/recurrentDowntime/formDowntime.html @@ -183,7 +183,7 @@ {/literal} -
{$msg_err}
+ {if $form.msgacl }
diff --git a/www/include/options/accessLists/actionsACL/DB-Func.php b/www/include/options/accessLists/actionsACL/DB-Func.php index 10151912b7c..c2cb3a589d0 100644 --- a/www/include/options/accessLists/actionsACL/DB-Func.php +++ b/www/include/options/accessLists/actionsACL/DB-Func.php @@ -170,20 +170,24 @@ function multipleActionInDB($actions = array(), $nbrDup = array()) $query = "SELECT DISTINCT acl_group_id,acl_action_id FROM acl_group_actions_relations " . " WHERE acl_action_id = '" . $key . "'"; $dbResult = $pearDB->query($query); + $query = "INSERT INTO acl_group_actions_relations VALUES (:acl_action_id, :acl_group_id)"; + $statement = $pearDB->prepare($query); while ($cct = $dbResult->fetch()) { - $query = "INSERT INTO acl_group_actions_relations VALUES ('" . - $maxId["MAX(acl_action_id)"] . "', '" . $cct["acl_group_id"] . "')"; - $pearDB->query($query); + $statement->bindValue(':acl_action_id', (int) $maxId["MAX(acl_action_id)"], \PDO::PARAM_INT); + $statement->bindValue(':acl_group_id', (int) $cct["acl_group_id"], \PDO::PARAM_INT); + $statement->execute(); } # Duplicate Actions $query = "SELECT acl_action_rule_id,acl_action_name FROM acl_actions_rules " . "WHERE acl_action_rule_id = '" . $key . "'"; $dbResult = $pearDB->query($query); + $query = "INSERT INTO acl_actions_rules VALUES (NULL, :acl_action_id, :acl_action_name)"; + $statement = $pearDB->prepare($query); while ($acl = $dbResult->fetch()) { - $query = "INSERT INTO acl_actions_rules VALUES (NULL, '" . $maxId["MAX(acl_action_id)"] . - "', '" . $acl["acl_action_name"] . "')"; - $pearDB->query($query); + $statement->bindValue(':acl_action_id', (int) $maxId["MAX(acl_action_id)"], \PDO::PARAM_INT); + $statement->bindValue(':acl_action_name', $acl["acl_action_name"], \PDO::PARAM_STR); + $statement->execute(); } $dbResult->closeCursor(); @@ -298,8 +302,10 @@ function updateGroupActions($aclActionId, $ret = array()) } global $form, $pearDB; - $rq = "DELETE FROM acl_group_actions_relations WHERE acl_action_id = '" . $aclActionId . "'"; - $dbResult = $pearDB->query($rq); + $rq = "DELETE FROM acl_group_actions_relations WHERE acl_action_id = :acl_action_id"; + $statement = $pearDB->prepare($rq); + $statement->bindValue(':acl_action_id', (int) $aclActionId, \PDO::PARAM_INT); + $statement->execute(); if (isset($_POST["acl_groups"])) { foreach ($_POST["acl_groups"] as $id) { $rq = "INSERT INTO acl_group_actions_relations "; @@ -325,8 +331,10 @@ function updateRulesActions($aclActionId, $ret = array()) return; } - $rq = "DELETE FROM acl_actions_rules WHERE acl_action_rule_id = '" . $aclActionId . "'"; - $dbResult = $pearDB->query($rq); + $rq = "DELETE FROM acl_actions_rules WHERE acl_action_rule_id = :acl_action_rule_id"; + $statement = $pearDB->prepare($rq); + $statement->bindValue(':acl_action_rule_id', (int) $aclActionId, \PDO::PARAM_INT); + $statement->execute(); $actions = array(); $actions = listActions(); diff --git a/www/include/options/accessLists/menusACL/formMenusAccess.php b/www/include/options/accessLists/menusACL/formMenusAccess.php index 1939b23271c..6704e8b7ce8 100644 --- a/www/include/options/accessLists/menusACL/formMenusAccess.php +++ b/www/include/options/accessLists/menusACL/formMenusAccess.php @@ -209,9 +209,12 @@ $b = 0; $query = "SELECT topology_id, topology_page, topology_name, topology_parent, readonly FROM topology " . - "WHERE topology_parent = '" . $topo1["topology_page"] . "' ORDER BY topology_order"; - $DBRESULT2 = $pearDB->query($query); - while ($topo2 = $DBRESULT2->fetchRow()) { + "WHERE topology_parent = :topology_parent ORDER BY topology_order"; + + $statement2 = $pearDB->prepare($query); + $statement2->bindValue(':topology_parent', (int) $topo1["topology_page"], \PDO::PARAM_INT); + $statement2->execute(); + while ($topo2 = $statement2->fetchRow()) { $acl_topos2[$a]["childs"][$b] = array(); $acl_topos2[$a]["childs"][$b]["name"] = _($topo2["topology_name"]); $acl_topos2[$a]["childs"][$b]["id"] = $topo2["topology_id"]; @@ -231,10 +234,14 @@ $c = 0; $query = "SELECT topology_id, topology_name, topology_parent, topology_page, topology_group, readonly " . - "FROM topology WHERE topology_parent = '" . $topo2["topology_page"] . - "' AND topology_page IS NOT NULL ORDER BY topology_group, topology_order"; - $DBRESULT3 = $pearDB->query($query); - while ($topo3 = $DBRESULT3->fetchRow()) { + "FROM topology WHERE topology_parent = :topology_parent " . + "AND topology_page IS NOT NULL ORDER BY topology_group, topology_order"; + + $statement3 = $pearDB->prepare($query); + $statement3->bindValue(':topology_parent', (int) $topo2["topology_page"], \PDO::PARAM_INT); + $statement3->execute(); + + while ($topo3 = $statement3->fetchRow()) { $acl_topos2[$a]["childs"][$b]["childs"][$c] = array(); $acl_topos2[$a]["childs"][$b]["childs"][$c]["name"] = _($topo3["topology_name"]); @@ -264,10 +271,12 @@ $d = 0; $query = "SELECT topology_id, topology_name, topology_parent, readonly FROM topology " . - "WHERE topology_parent = '" . $topo3["topology_page"] . - "' AND topology_page IS NOT NULL ORDER BY topology_order"; - $DBRESULT4 = $pearDB->query($query); - while ($topo4 = $DBRESULT4->fetchRow()) { + "WHERE topology_parent = :topology_parent AND topology_page IS NOT NULL ORDER BY topology_order"; + $statement4 = $pearDB->prepare($query); + $statement4->bindValue(':topology_parent', (int) $topo3["topology_page"], \PDO::PARAM_INT); + $statement4->execute(); + + while ($topo4 = $statement4->fetchRow()) { $acl_topos2[$a]["childs"][$b]["childs"][$c]["childs"][$d] = array(); $acl_topos2[$a]["childs"][$b]["childs"][$c]["childs"][$d]["name"] = _($topo4["topology_name"]); $acl_topos2[$a]["childs"][$b]["childs"][$c]["childs"][$d]["id"] = $topo4["topology_id"]; diff --git a/www/include/options/media/images/syncDir.php b/www/include/options/media/images/syncDir.php index b9eee03bb0c..f6e2075a36a 100644 --- a/www/include/options/media/images/syncDir.php +++ b/www/include/options/media/images/syncDir.php @@ -173,12 +173,17 @@ function checkPicture($picture, $dirpath, $dir_id, $pearDB) $gdCounter++; } - $DBRESULT = $pearDB->query("SELECT img_id " . + $statement = $pearDB->prepare( + "SELECT img_id " . "FROM view_img, view_img_dir_relation vidh " . - "WHERE img_path = '" . $picture . "' " . - " AND vidh.dir_dir_parent_id = '" . $dir_id . "'" . - " AND vidh.img_img_id = img_id"); - if (!$DBRESULT->rowCount()) { + "WHERE img_path = :img_path " . + "AND vidh.dir_dir_parent_id = :dir_dir_parent_id " . + "AND vidh.img_img_id = img_id" + ); + $statement->bindValue(':img_path', $picture, \PDO::PARAM_STR); + $statement->bindValue(':dir_dir_parent_id', (int) $dir_id, \PDO::PARAM_INT); + $statement->execute(); + if (!$statement->rowCount()) { $DBRESULT = $pearDB->query( "INSERT INTO view_img (`img_name`, `img_path`) VALUES ('" . $img_info["filename"] . "', '" . $picture . "')" @@ -189,13 +194,16 @@ function checkPicture($picture, $dirpath, $dir_id, $pearDB) ); $data = $DBRESULT->fetchRow(); $regCounter++; - $DBRESULT = $pearDB->query( - "INSERT INTO view_img_dir_relation (`dir_dir_parent_id`, `img_img_id`) VALUES ('" - . $dir_id . "', '" . $data['img_id'] . "')" + $statement = $pearDB->prepare( + "INSERT INTO view_img_dir_relation (`dir_dir_parent_id`, `img_img_id`) + VALUES (:dir_dir_parent_id, :img_img_id)" ); + $statement->bindValue(':dir_dir_parent_id', (int) $dir_id, \PDO::PARAM_INT); + $statement->bindValue(':img_img_id', (int) $data['img_id'], \PDO::PARAM_INT); + $statement->execute(); return $data['img_id']; } else { - $data = $DBRESULT->fetchRow(); + $data = $statement->fetchRow(\PDO::FETCH_ASSOC); return 0; } } @@ -211,9 +219,11 @@ function DeleteOldPictures($pearDB) . "view_img_dir vid, view_img_dir_relation vidr " . "WHERE vidr.img_img_id = vi.img_id AND vid.dir_id = vidr.dir_dir_parent_id" ); + $statement = $pearDB->prepare("DELETE FROM view_img WHERE img_id = :img_id"); while ($row2 = $DBRESULT->fetchRow()) { if (!file_exists("./img/media/" . $row2["dir_alias"] . "/" . $row2["img_path"])) { - $pearDB->query("DELETE FROM view_img WHERE img_id = '" . $row2["img_id"] . "'"); + $statement->bindValue(':img_id', (int) $row2["img_id"], \PDO::PARAM_INT); + $statement->execute(); $fileRemoved++; } } diff --git a/www/include/views/componentTemplates/formComponentTemplate.ihtml b/www/include/views/componentTemplates/formComponentTemplate.ihtml index d7996cf8eb5..41bc92869ae 100644 --- a/www/include/views/componentTemplates/formComponentTemplate.ihtml +++ b/www/include/views/componentTemplates/formComponentTemplate.ihtml @@ -35,6 +35,9 @@    + + + {/if} diff --git a/www/include/views/componentTemplates/formComponentTemplate.php b/www/include/views/componentTemplates/formComponentTemplate.php index 027c189e3de..ab4cf291b48 100644 --- a/www/include/views/componentTemplates/formComponentTemplate.php +++ b/www/include/views/componentTemplates/formComponentTemplate.php @@ -358,7 +358,7 @@ function insertValueQuery() { var e_input = document.Form.ds_name; var e_select = document.getElementById('sl_list_metrics'); var sd_o = e_select.selectedIndex; - if (sd_o != 0) { + if (sd_o != -1) { var chaineAj = ''; chaineAj = e_select.options[sd_o].text; chaineAj = chaineAj.replace(/\s(\[[CV]DEF\]|)\s*$/, ""); @@ -430,7 +430,6 @@ function popup_color_picker(t,name) } $vdef = 0; /* don't list VDEF in metrics list */ -include_once('./include/views/graphs/common/makeJS_formMetricsList.php'); if ($o === MODIFY_COMPONENT_TEMPLATE || $o === WATCH_COMPONENT_TEMPLATE) { $host_service_id = filter_var( $_POST['host_service_id'] ?? ($compo["host_id"] . '-' . $compo['service_id']), @@ -445,9 +444,20 @@ function popup_color_picker(t,name) ?> diff --git a/www/include/views/graphs/common/makeJS_formMetricsList.php b/www/include/views/graphs/common/makeJS_formMetricsList.php deleted file mode 100644 index b817ce94a11..00000000000 --- a/www/include/views/graphs/common/makeJS_formMetricsList.php +++ /dev/null @@ -1,177 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - * SVN : $URL$ - * SVN : $Id$ - * - */ - - /* - * Lang file - */ - $locale = $oreon->user->get_lang(); - putenv("LANG=$locale"); - setlocale(LC_ALL, $locale); - bindtextdomain("messages", _CENTREON_PATH_ . "www/locale/"); - bind_textdomain_codeset("messages", "UTF-8"); - textdomain("messages"); -?> diff --git a/www/include/views/graphs/common/makeXML_ListMetrics.php b/www/include/views/graphs/common/makeXML_ListMetrics.php deleted file mode 100644 index 5d7afe858b1..00000000000 --- a/www/include/views/graphs/common/makeXML_ListMetrics.php +++ /dev/null @@ -1,173 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - * SVN : $URL$ - * SVN : $Id$ - * - */ - - header('Content-Type: text/xml'); - header('Cache-Control: no-cache'); - - require_once realpath(dirname(__FILE__) . "/../../../../../config/centreon.config.php"); - require_once _CENTREON_PATH_."/www/class/centreonDB.class.php"; - require_once _CENTREON_PATH_."/www/class/centreonXML.class.php"; - -function compare($a, $b) -{ - if ($a["metric_name"] == $b["metric_name"]) { - return 0; - } - return ( $a["metric_name"] < $b["metric_name"] ) ? -1 : 1; -} - - $pearDB = new CentreonDB(); - $pearDBO = new CentreonDB("centstorage"); - - /* - * Get session - */ - require_once(_CENTREON_PATH_ . "www/class/centreonSession.class.php"); - require_once(_CENTREON_PATH_ . "www/class/centreon.class.php"); -if (!isset($_SESSION['centreon'])) { - CentreonSession::start(); -} - -if (isset($_SESSION['centreon'])) { - $oreon = $_SESSION['centreon']; -} else { - exit; -} - - /* - * Get language - */ - $locale = $oreon->user->get_lang(); - putenv("LANG=$locale"); - setlocale(LC_ALL, $locale); - bindtextdomain("messages", _CENTREON_PATH_ . "www/locale/"); -; - bind_textdomain_codeset("messages", "UTF-8"); - textdomain("messages"); - - # - # Existing Real Metric List comes from DBO -> Store in $rmetrics Array - # - $s_datas = array(); - $o_datas = array(""=> utf8_decode(_("List of known metrics"))); - $mx_l = strlen($o_datas[""]); - $where = ""; - $def_type = array(0=>"CDEF",1=>"VDEF"); - -if (isset($_GET['vdef']) && is_numeric($_GET['vdef']) && $_GET['vdef'] == 0) { - $where = " AND def_type='".$_GET["vdef"]."'"; -} - -if (isset($_GET["host_id"]) && $_GET["service_id"]) { - if (!is_numeric($_GET['host_id']) || !is_numeric($_GET['service_id'])) { - $buffer = new CentreonXML(); - $buffer->writeElement('error', 'Bad id format'); - $buffer->output(); - exit; - } - $host_id = $_GET["host_id"]; - $service_id = $_GET["service_id"]; - - $query = "SELECT id " - . "FROM index_data " - . "WHERE host_id = " . $pearDB->escape($host_id) . " " - . "AND service_id = " . $pearDB->escape($service_id) . " "; - - $index_id = 0; - $pq_sql = $pearDBO->query($query); - if ($row = $pq_sql->fetchRow()) { - $index_id = $row['id']; - } - - $query = "SELECT metric_id, metric_name " - . "FROM metrics " - . "WHERE index_id = " . $index_id . " "; - $pq_sql = $pearDBO->query($query); - while ($fw_sql = $pq_sql->fetchRow()) { - $sd_l = strlen($fw_sql["metric_name"]); - $fw_sql["metric_name"] = $fw_sql["metric_name"] . "   "; - $s_datas[] = $fw_sql; - if ($sd_l > $mx_l) { - $mx_l = $sd_l; - } - } - $pq_sql->closeCursor(); - $query = "SELECT vmetric_id, vmetric_name, def_type " - . "FROM virtual_metrics " - . "WHERE index_id = " . $index_id . " " - . $where . " "; - $pq_sql = $pearDB->query($query); - - while ($fw_sql = $pq_sql->fetchRow()) { - $sd_l = strlen($fw_sql["vmetric_name"]." [CDEF]"); - $fw_sql["metric_name"] = $fw_sql["vmetric_name"]." [".$def_type[$fw_sql["def_type"]]."]   "; - $fw_sql["metric_id"] = "v".$fw_sql["vmetric_id"]; - $s_datas[] = $fw_sql; - if ($sd_l > $mx_l) { - $mx_l = $sd_l; - } - $pq_sql->closeCursor(); - } -} - - usort($s_datas, "compare"); - -foreach ($s_datas as $key => $om) { - $o_datas[$om["metric_id"]] = $om["metric_name"]; -} - -for ($i = strlen($o_datas[""]); $i != $mx_l; $i++) { - $o_datas[""] .= " "; -} - - # The first element of the select is empty - $buffer = new CentreonXML(); - $buffer->startElement("options_data"); - $buffer->writeElement("td_id", "td_list_metrics"); - $buffer->writeElement("select_id", "sl_list_metrics"); - - # Now we fill out the select with templates id and names -foreach ($o_datas as $o_id => $o_alias) { - $buffer->startElement("option"); - $buffer->writeElement("o_id", $o_id); - $buffer->writeElement("o_alias", $o_alias); - $buffer->endElement(); -} - - $buffer->endElement(); - $buffer->output(); diff --git a/www/include/views/graphs/generateGraphs/generateImage.php b/www/include/views/graphs/generateGraphs/generateImage.php index 54632504a17..2d43aa60992 100644 --- a/www/include/views/graphs/generateGraphs/generateImage.php +++ b/www/include/views/graphs/generateGraphs/generateImage.php @@ -95,6 +95,8 @@ } else { die('Invalid token'); } +} else { + throw new \Exception('Username and token query strings must be set.'); } $index = filter_var( @@ -182,19 +184,37 @@ $dbstorage = new CentreonDB('centstorage'); $aclGroups = $acl->getAccessGroupsString(); - $sql = "SELECT host_id, service_id FROM index_data WHERE id = " .$pearDB->escape($index); - $res = $dbstorage->query($sql); - if (!$res->rowCount()) { + $sql = "SELECT host_id, service_id FROM index_data WHERE id = :index_data_id"; + $statement = $dbstorage->prepare($sql); + $statement->bindValue(':index_data_id', (int) $index, \PDO::PARAM_INT); + $statement->execute(); + if (!$statement->rowCount()) { die('Graph not found'); } - $row = $res->fetch(); - unset($res); + $row = $statement->fetch(\PDO::FETCH_ASSOC); + unset($statement); $hostId = $row['host_id']; $serviceId = $row['service_id']; - $sql = "SELECT service_id FROM centreon_acl WHERE host_id = $hostId AND service_id = $serviceId - AND group_id IN ($aclGroups)"; - $res = $pearDBO->query($sql); - if (!$res->rowCount()) { + $aclGroupsExploded = explode(',', $aclGroups); + if (empty($aclGroupsExploded)) { + throw new \Exception('Access denied'); + } + + $aclGroupsQueryBinds = []; + foreach ($aclGroupsExploded as $key => $value) { + $aclGroupsQueryBinds[':acl_group_' . $key] = $value; + } + $aclGroupBinds = implode(',', array_keys($aclGroupsQueryBinds)); + $sql = "SELECT service_id FROM centreon_acl WHERE host_id = :host_id AND service_id = :service_id + AND group_id IN ($aclGroupBinds)"; + $statement = $pearDBO->prepare($sql); + $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $serviceId, \PDO::PARAM_INT); + foreach ($aclGroupsQueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, \PDO::PARAM_INT); + } + $statement->execute(); + if (!$statement->rowCount()) { die('Access denied'); } } diff --git a/www/include/views/virtualMetrics/DB-Func.php b/www/include/views/virtualMetrics/DB-Func.php index 198bcde313f..db3d9aaf5a8 100644 --- a/www/include/views/virtualMetrics/DB-Func.php +++ b/www/include/views/virtualMetrics/DB-Func.php @@ -467,8 +467,12 @@ function disableVirtualMetricInDB($vmetric_id = null, $force = 0) if (!count($v_dis)) { return 0; } + $statement = $pearDB->prepare( + "UPDATE `virtual_metrics` SET `vmetric_activate` = '0' WHERE `vmetric_id` = :vmetric_id" + ); foreach ($v_dis as $vm) { - $pearDB->query("UPDATE `virtual_metrics` SET `vmetric_activate` = '0' WHERE `vmetric_id` ='$vm';"); + $statement->bindValue(':vmetric_id', (int) $vm, \PDO::PARAM_INT); + $statement->execute(); } return 1; } @@ -481,15 +485,25 @@ function &disableVirtualMetric($v_id = null, $force = 0) $repA = array("*", "+", "-", "?", "^", "$"); $repB = array("\\\\*", "\\\\+", "\\\\-", "\\\\?", "\\\\^", "\\\\$"); $l_where = ($force == 0) ? " AND `vmetric_activate` = '1'" : ""; - $l_pqy = $pearDB->query("SELECT index_id, vmetric_name FROM `virtual_metrics` WHERE `vmetric_id`='$v_id'$l_where;"); - if ($l_pqy->rowCount() == 1) { - $vmetric = $l_pqy->fetch(); - $l_pqy->closeCursor(); - $query = "SELECT vmetric_id FROM `virtual_metrics` WHERE `index_id`='" . $vmetric["index_id"] . - "' AND `vmetric_activate` = '1' " . - "AND `rpn_function` REGEXP '(^|,)" . str_replace($repA, $repB, $vmetric["vmetric_name"]) . "(,|$)';"; - $l_pqy = $pearDB->query($query); - while ($d_vmetric = $l_pqy->fetch()) { + $statement = $pearDB->prepare( + "SELECT index_id, vmetric_name FROM `virtual_metrics` WHERE `vmetric_id`=:vmetric_id$l_where" + ); + $statement->bindValue(':vmetric_id', (int) $v_id, \PDO::PARAM_INT); + $statement->execute(); + if ($statement->rowCount() == 1) { + $vmetric = $statement->fetch(\PDO::FETCH_ASSOC); + $statement->closeCursor(); + $query = "SELECT vmetric_id FROM `virtual_metrics` WHERE `index_id`= :index_id AND `vmetric_activate` = '1' " . + "AND `rpn_function` REGEXP :rpn_function"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':index_id', (int) $vmetric["index_id"], \PDO::PARAM_INT); + $statement->bindValue( + ':rpn_function', + '(^|,)' . str_replace($repA, $repB, $vmetric["vmetric_name"]) . '(,|$)', + \PDO::PARAM_STR + ); + $statement->execute(); + while ($d_vmetric = $statement->fetch(\PDO::FETCH_ASSOC)) { $lv_dis = disableVirtualMetric($d_vmetric["vmetric_id"]); if (is_array($lv_dis)) { foreach ($lv_dis as $pkey => $vm) { @@ -497,7 +511,7 @@ function &disableVirtualMetric($v_id = null, $force = 0) } } } - $l_pqy->closeCursor(); + $statement->closeCursor(); if (!$force) { $v_dis[] = $v_id; } @@ -517,13 +531,17 @@ function enableVirtualMetricInDB($vmetric_id = null) if (!count($v_ena)) { return 0; } + $statement = $pearDB->prepare( + "UPDATE `virtual_metrics` SET `vmetric_activate` = '1' WHERE `vmetric_id` = :vmetric_id" + ); foreach ($v_ena as $v_id) { list($rc, $output) = checkRRDGraphData($v_id); if ($rc) { $error = preg_replace('/^ERROR:\s*/', '', $output); throw new Exception("Wrong RPN syntax (RRDtool said: $error)"); } - $pearDB->query("UPDATE `virtual_metrics` SET `vmetric_activate` = '1' WHERE `vmetric_id` ='$v_id';"); + $statement->bindValue(':vmetric_id', (int) $v_id, \PDO::PARAM_INT); + $statement->execute(); } return 1; } @@ -533,16 +551,23 @@ function enableVirtualMetric($v_id, $v_name = null, $index_id = null) global $pearDB; $v_ena = array(); - $l_where = "vmetric_id = '$v_id'"; + $l_where = "vmetric_id = :vmetric_id"; if (is_null($v_id)) { - $l_where = "vmetric_name = '$v_name' AND index_id ='$index_id'"; + $l_where = "vmetric_name = :vmetric_name AND index_id = :index_id"; } $query = "SELECT vmetric_id, index_id, rpn_function FROM virtual_metrics " . "WHERE $l_where AND (vmetric_activate = '0' OR vmetric_activate IS NULL);"; - $l_pqy = $pearDB->query($query); - if ($l_pqy->rowCount() == 1) { - $p_vmetric = $l_pqy->fetch(); + $statement = $pearDB->prepare($query); + if (is_null($v_id)) { + $statement->bindValue(':vmetric_name', $v_name, \PDO::PARAM_STR); + $statement->bindValue(':index_id', (int) $index_id, \PDO::PARAM_INT); + } else { + $statement->bindValue(':vmetric_id', (int) $v_id, \PDO::PARAM_INT); + } + $statement->execute(); + if ($statement->rowCount() == 1) { + $p_vmetric = $statement->fetch(\PDO::FETCH_ASSOC); $l_mlist = preg_split("/\,/", $p_vmetric["rpn_function"]); foreach ($l_mlist as $l_mnane) { $lv_ena = enableVirtualMetric(null, $l_mnane, $p_vmetric["index_id"]); @@ -554,7 +579,7 @@ function enableVirtualMetric($v_id, $v_name = null, $index_id = null) } $v_ena[] = $p_vmetric["vmetric_id"]; } - $l_pqy->closeCursor(); + $statement->closeCursor(); return $v_ena; } @@ -567,9 +592,11 @@ function checkRRDGraphData($v_id = null, $force = 0) /* Check if already Valid */ $query = "SELECT vmetric_id, def_type FROM virtual_metrics " . - "WHERE vmetric_id = '$v_id' AND ( ck_state <> '1' OR ck_state IS NULL );"; - $l_pqy = $pearDB->query($query); - if ($l_pqy->rowCount() == 1) { + "WHERE vmetric_id = :vmetric_id AND ( ck_state <> '1' OR ck_state IS NULL );"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':vmetric_id', (int) $v_id, \PDO::PARAM_INT); + $statement->execute(); + if ($statement->rowCount() == 1) { /** * Create XML Request Objects */ @@ -599,7 +626,12 @@ function checkRRDGraphData($v_id = null, $force = 0) */ $lastline = exec($oreon->optGen["rrdtool_path_bin"] . $obj->displayImageFlow() . " 2>&1", $result, $rc); $ckstate = (!$rc) ? '1' : '2'; - $pearDB->query("UPDATE `virtual_metrics` SET `ck_state` = '$ckstate' WHERE `vmetric_id` ='$v_id';"); + $statement = $pearDB->prepare( + "UPDATE `virtual_metrics` SET `ck_state` = :ck_state WHERE `vmetric_id` = :vmetric_id" + ); + $statement->bindValue(':ck_state', $ckstate, \PDO::PARAM_STR); + $statement->bindValue(':vmetric_id', (int) $v_id, \PDO::PARAM_INT); + $statement->execute(); return array($rc, $lastline); } return null; diff --git a/www/include/views/virtualMetrics/formVirtualMetrics.ihtml b/www/include/views/virtualMetrics/formVirtualMetrics.ihtml index 84cabcb0662..cac8f9b2c86 100644 --- a/www/include/views/virtualMetrics/formVirtualMetrics.ihtml +++ b/www/include/views/virtualMetrics/formVirtualMetrics.ihtml @@ -48,7 +48,10 @@ {$form.rpn_function.html} {if $o == "a" || $o == "c"} -    +    + + + {/if} diff --git a/www/include/views/virtualMetrics/formVirtualMetrics.php b/www/include/views/virtualMetrics/formVirtualMetrics.php index 258a90313de..386ac1a0318 100644 --- a/www/include/views/virtualMetrics/formVirtualMetrics.php +++ b/www/include/views/virtualMetrics/formVirtualMetrics.php @@ -229,7 +229,7 @@ function insertValueQuery() { var e_txtarea = document.Form.rpn_function; var e_select = document.getElementById('sl_list_metrics'); var sd_o = e_select.selectedIndex; - if (sd_o != 0) { + if (sd_o != -1) { var chaineAj = ''; chaineAj = e_select.options[sd_o].text; //chaineAj = chaineAj.substring(0, chaineAj.length - 3); @@ -322,7 +322,7 @@ function manageVDEF() { $tpl->display("formVirtualMetrics.ihtml"); } $vdef = 1; /* Display VDEF too */ -include_once("./include/views/graphs/common/makeJS_formMetricsList.php"); + if ($o == METRIC_MODIFY || $o == METRIC_WATCH) { isset($_POST["host_id"]) && $_POST["host_id"] != null ? $host_service_id = $_POST["host_id"] @@ -333,11 +333,21 @@ function manageVDEF() { : $host_service_id = 0; } ?> - diff --git a/www/install/insertBaseConf.sql b/www/install/insertBaseConf.sql index 731da3d6626..806031a0770 100644 --- a/www/install/insertBaseConf.sql +++ b/www/install/insertBaseConf.sql @@ -2,7 +2,7 @@ -- Insert version -- -INSERT INTO `informations` (`key` ,`value`) VALUES ('version', '21.04.16'); +INSERT INTO `informations` (`key` ,`value`) VALUES ('version', '21.04.17'); -- -- Contenu de la table `contact` diff --git a/www/install/install.css b/www/install/install.css index f0bbebc7eb4..ab442843ba3 100644 --- a/www/install/install.css +++ b/www/install/install.css @@ -60,7 +60,11 @@ a:link, a:visited { font-size: 12px; color: #333333; text-decoration: none; - } +} + +.field_msg a:link { + font-size: 11px; +} a:hover { color: #0072ce; diff --git a/www/install/php/Update-18.10.0.post.php b/www/install/php/Update-18.10.0.post.php index 1a99772d3d7..1368b444db0 100644 --- a/www/install/php/Update-18.10.0.post.php +++ b/www/install/php/Update-18.10.0.post.php @@ -54,7 +54,8 @@ // Update to new path if necessary. if ($row && preg_match('#/usr/lib/nagios/plugins/?#', $row['value']) - && is_dir('/usr/lib64/nagios/plugins')) { + && is_dir('/usr/lib64/nagios/plugins') +) { // options table. $query = "UPDATE options SET value='/usr/lib64/nagios/plugins/' WHERE `key`='nagios_path_plugins'"; $pearDB->query($query); @@ -114,11 +115,21 @@ // insert missing parent topology relations if (count($aclToInsert)) { - $statement = $pearDB->query( + $bindedValues = []; + foreach ($aclToInsert as $aclIndex => $aclValue) { + $bindedValues[':acl_' . $aclIndex] = (int) $aclValue; + } + $bindedQueries = implode(', ', array_keys($bindedValues)); + $statement = $pearDB->prepare( 'INSERT INTO acl_topology_relations(acl_topo_id, topology_topology_id) ' . - 'SELECT ' . $aclTopologyId . ', t.topology_id ' . + 'SELECT :acl_topology_id, t.topology_id ' . 'FROM topology t ' . - 'WHERE t.topology_page IN (' . implode(',', $aclToInsert) . ')' + "WHERE t.topology_page IN ($bindedQueries)" ); + $statement->bindValue(":acl_topology_id", (int) $aclTopologyId, \PDO::PARAM_INT); + foreach ($bindedValues as $bindedIndex => $bindedValue) { + $statement->bindValue($bindedIndex, $bindedValue, \PDO::PARAM_INT); + } + $statement->execute(); } } diff --git a/www/install/php/Update-19.10.0-beta.3.php b/www/install/php/Update-19.10.0-beta.3.php index d58c0beb1cf..929bd0428b8 100644 --- a/www/install/php/Update-19.10.0-beta.3.php +++ b/www/install/php/Update-19.10.0-beta.3.php @@ -340,31 +340,78 @@ while ($row = $res->fetch()) { if ($port['value']) { + $brokerInfoData = [ + [ + 'config_id' => $row['config_id'], + 'config_key' => 'rrd_cached_option', + 'config_value' => 'tcp', + 'config_group' => $row['config_group'], + 'config_group_id' => $row['config_group_id'] + ], + [ + 'config_id' => $row['config_id'], + 'config_key' => 'rrd_cached', + 'config_value' => $port['value'], + 'config_group' => $row['config_group'], + 'config_group_id' => $row['config_group_id'] + ], + ]; $query = 'INSERT INTO cfg_centreonbroker_info (config_id, config_key, config_value, ' . 'config_group, config_group_id ) VALUES ' - . '( ' . $row['config_id'] . ',"rrd_cached_option","tcp", "' - . $row['config_group'] . '",' . $row['config_group_id'] . ' ),' - . '( ' . $row['config_id'] . ',"rrd_cached","' . $port['value'] . '","' - . $row['config_group'] . '",' . $row['config_group_id'] . ' )'; - $pearDB->query($query); + . '( :config_id, :config_key, :config_value, ' + . ':config_group, :config_group_id)'; + $statement = $pearDB->prepare($query); + foreach ($brokerInfoData as $dataRow) { + $statement->bindValue(":config_id", (int) $dataRow['config_id'], \PDO::PARAM_INT); + $statement->bindValue(":config_key", $dataRow['config_key']); + $statement->bindValue(":config_value", $dataRow['config_value']); + $statement->bindValue(":config_group", $dataRow['config_group']); + $statement->bindValue(":config_group_id", (int) $dataRow['config_group_id'], \PDO::PARAM_INT); + $statement->execute(); + } } else { $result = $pearDB->query("SELECT `value` FROM options WHERE `key` = 'rrdcached_unix_path' "); $path = $result->fetch(); + $brokerInfoData = [ + [ + 'config_id' => $row['config_id'], + 'config_key' => 'rrd_cached_option', + 'config_value' => 'unix', + 'config_group' => $row['config_group'], + 'config_group_id' => $row['config_group_id'] + ], + [ + 'config_id' => $row['config_id'], + 'config_key' => 'rrd_cached', + 'config_value' => $path['value'], + 'config_group' => $row['config_group'], + 'config_group_id' => $row['config_group_id'] + ], + ]; $query = 'INSERT INTO cfg_centreonbroker_info (config_id, config_key, config_value, ' . 'config_group, config_group_id ) VALUES ' - . '( ' . $row['config_id'] . ',"rrd_cached_option","unix","' - . $row['config_group'] . '",' . $row['config_group_id'] . ' ),' - . '( ' . $row['config_id'] . ',"rrd_cached","' . $path['value'] . '","' - . $row['config_group'] . '",' . $row['config_group_id'] . ' )'; - $pearDB->query($query); + . '( :config_id, :config_key, :config_value, ' + . ':config_group, :config_group_id)'; + $statement = $pearDB->prepare($query); + foreach ($brokerInfoData as $rowData) { + $statement->bindValue(':config_id', (int) $rowData['config_id'], \PDO::PARAM_INT); + $statement->bindValue(':config_key', $rowData['config_key']); + $statement->bindValue(':config_value', $rowData['config_value']); + $statement->bindValue(':config_group', $rowData['config_group']); + $statement->bindValue(':config_group_id', (int) $rowData['config_group_id'], \PDO::PARAM_INT); + $statement->execute(); + } } - $pearDB->query( - "DELETE FROM cfg_centreonbroker_info WHERE `config_id` = " . $row['config_id'] - . " AND config_group_id = " . $row['config_group_id'] + $statement = $pearDB->prepare( + "DELETE FROM cfg_centreonbroker_info WHERE `config_id` = :config_id" + . " AND config_group_id = :config_group_id" . " AND config_group = 'output' AND ( config_key = 'port' OR config_key = 'path') " ); + $statement->bindValue(':config_id', (int) $row['config_id'], \PDO::PARAM_INT); + $statement->bindValue(':config_group_id', (int) $row['config_group_id'], \PDO::PARAM_INT); + $statement->execute(); } $pearDB->query( "DELETE FROM options WHERE `key` = 'rrdcached_enable' @@ -372,7 +419,6 @@ ); $pearDB->commit(); } catch (\PDOException $e) { - $centreonLog->insertLog( 2, // sql-error.log "UPGRADE : 19.10.0-beta.3 Unable to move rrd global cache option on broker form" diff --git a/www/install/php/Update-2.8.0.php b/www/install/php/Update-2.8.0.php index b5839e7fa00..138fbfaa662 100644 --- a/www/install/php/Update-2.8.0.php +++ b/www/install/php/Update-2.8.0.php @@ -77,11 +77,13 @@ /* Check existing relations between virtual services and virtual host */ $query = 'SELECT s.service_id, s.service_description ' . 'FROM service s, host_service_relation hsr ' - . 'WHERE hsr.host_host_id = "' . $hostId . '" ' + . 'WHERE hsr.host_host_id = :host_id ' . 'AND s.service_register = "2" ' . 'AND s.service_description LIKE "meta_%" '; - $res = $pearDB->query($query); - while ($row = $res->fetchRow()) { + $statement = $pearDB->prepare($query); + $statement->bindValue(':host_id', (int)$hostId, \PDO::PARAM_INT); + $statement->execute(); + while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) { if (preg_match('/meta_(\d+)/', $row['service_description'], $matches)) { $metaId = $matches[1]; $virtualServices[$matches[1]]['relation'] = true; @@ -99,8 +101,11 @@ } if (!isset($virtualServices[$row['meta_id']]) || !isset($virtualServices[$row['meta_id']]['relation'])) { $query = 'INSERT INTO host_service_relation (host_host_id, service_service_id) ' - . 'VALUES (' . $hostId . ',' . $serviceId . ') '; - $pearDB->query($query); + . 'VALUES (:host_id, :service_id) '; + $statement = $pearDB->prepare($query); + $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT); + $statement->bindValue(':service_id', (int) $serviceId, \PDO::PARAM_INT); + $statement->execute(); } } } diff --git a/www/install/php/Update-2.8.5.post.php b/www/install/php/Update-2.8.5.post.php index b238962fe7f..bdc0766a871 100644 --- a/www/install/php/Update-2.8.5.post.php +++ b/www/install/php/Update-2.8.5.post.php @@ -14,8 +14,11 @@ $daemon = 1; } $query = 'UPDATE cfg_centreonbroker ' - . 'SET daemon = ' . $daemon . ' ' - . 'WHERE config_id = ' . $row['config_id']; - $pearDB->query($query); + . 'SET daemon = :daemon ' + . 'WHERE config_id = :config_id '; + $statement = $pearDB->prepare($query); + $statement->bindValue(":daemon", $daemon, \PDO::PARAM_INT); + $statement->bindValue(":config_id", (int) $row['config_id'], \PDO::PARAM_INT); + $statement->execute(); } } diff --git a/www/install/php/Update-21.04.0-beta.1.php b/www/install/php/Update-21.04.0-beta.1.php index 0efa1a1f4be..63af149eb4f 100644 --- a/www/install/php/Update-21.04.0-beta.1.php +++ b/www/install/php/Update-21.04.0-beta.1.php @@ -185,20 +185,22 @@ $stmt = $pearDB->query( "SELECT config_id FROM cfg_centreonbroker" ); + $statement = $pearDB->prepare( + 'INSERT INTO `cfg_centreonbroker_log` (`id_centreonbroker`, `id_log`, `id_level`) + VALUES (:id_centreonbroker,1,5), + (:id_centreonbroker,2,3), + (:id_centreonbroker,3,3), + (:id_centreonbroker,4,3), + (:id_centreonbroker,5,3), + (:id_centreonbroker,6,3), + (:id_centreonbroker,7,3), + (:id_centreonbroker,8,3), + (:id_centreonbroker,9,3), + (:id_centreonbroker,10,3)' + ); while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) { - $pearDB->query( - "INSERT INTO `cfg_centreonbroker_log` (`id_centreonbroker`, `id_log`, `id_level`) - VALUES (" . $row['config_id'] . ",1,5), - (" . $row['config_id'] . ",2,3), - (" . $row['config_id'] . ",3,3), - (" . $row['config_id'] . ",4,3), - (" . $row['config_id'] . ",5,3), - (" . $row['config_id'] . ",6,3), - (" . $row['config_id'] . ",7,3), - (" . $row['config_id'] . ",8,3), - (" . $row['config_id'] . ",9,3), - (" . $row['config_id'] . ",10,3)" - ); + $statement->bindValue(':id_centreonbroker', (int) $row['config_id'], \PDO::PARAM_INT); + $statement->execute(); } $pearDB->commit(); } catch (\Exception $e) { diff --git a/www/install/php/Update-21.04.17.php b/www/install/php/Update-21.04.17.php new file mode 100644 index 00000000000..8572f2a05df --- /dev/null +++ b/www/install/php/Update-21.04.17.php @@ -0,0 +1,20 @@ +commit(); + if ($pearDB->inTransaction()) { + $pearDB->commit(); + } } catch (\Exception $e) { - $pearDB->rollBack(); + if ($pearDB->inTransaction()) { + $pearDB->rollBack(); + } $centreonLog->insertLog( 4, $versionOfTheUpgrade . $errorMessage . diff --git a/www/install/steps/process/process_step6.php b/www/install/steps/process/process_step6.php index a5ca4589275..501ff1e8fd9 100644 --- a/www/install/steps/process/process_step6.php +++ b/www/install/steps/process/process_step6.php @@ -36,6 +36,8 @@ session_start(); require_once __DIR__ . '/../../../../bootstrap.php'; +define('SQL_ERROR_CODE_ACCESS_DENIED', 1698); + $requiredParameters = array( 'db_configuration', 'db_storage', @@ -79,7 +81,15 @@ $parameters['root_password'] ); } catch (\PDOException $e) { - $err['connection'] = $e->getMessage(); + if ((int) $e->getCode() === SQL_ERROR_CODE_ACCESS_DENIED) { + $err['connection'] = + 'Please check the root database username and password. ' + . 'If the problem persists, check that you have properly ' + . 'secured your DBMS'; + } else { + $err['connection'] = $e->getMessage(); + } } $link = null;