From 237f599ca81873f6a61cabb41352a0d9944731a5 Mon Sep 17 00:00:00 2001
From: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Date: Fri, 9 Sep 2022 10:54:48 +0100
Subject: [PATCH] FIX: Sanitize and bind graph configuration queries 21.10.x
 (#11730)

---
 www/class/centreonGraph.class.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/www/class/centreonGraph.class.php b/www/class/centreonGraph.class.php
index 4ae3ef297d8..6eadab1b33e 100644
--- a/www/class/centreonGraph.class.php
+++ b/www/class/centreonGraph.class.php
@@ -1133,13 +1133,15 @@ public function setTemplate($template_id = null)
         } else {
             $this->templateId = htmlentities($_GET["template_id"], ENT_QUOTES, "UTF-8");
         }
-        $DBRESULT = $this->DB->query(
+        $statement = $this->DB->prepare(
             "SELECT *
                 FROM giv_graphs_template
-                WHERE graph_id = '" . $this->templateId . "' LIMIT 1"
+                WHERE graph_id = :graph_id LIMIT 1"
         );
-        $this->templateInformations = $DBRESULT->fetch();
-        $DBRESULT->closeCursor();
+        $statement->bindValue(':graph_id', (int) $this->templateId, \PDO::PARAM_INT);
+        $statement->execute();
+        $this->templateInformations = $statement->fetch(\PDO::FETCH_ASSOC);
+        $statement->closeCursor();
     }
 
     /**