Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733)
Browse files Browse the repository at this point in the history 
* sanitize and bind meta service config

* applying suggested changes
  • Loading branch information
@hyahiaoui-ext
hyahiaoui-ext authored Sep 13, 2022
1 parent 0df5876 commit 2aebf3e
Showing 1 changed file with 13 additions and 6 deletions.
19 changes: 13 additions & 6 deletions www/class/centreonMeta.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,20 +305,27 @@ public function insertVirtualService($metaId, $metaName)
$row = $res->fetchRow();
$serviceId = $row['service_id'];
if ($row['display_name'] !== $metaName) {
$query = 'UPDATE service SET display_name = "' . $metaName . '" WHERE service_id = ' . $serviceId;
$this->db->query($query);
$query = 'UPDATE service SET display_name = :display_name WHERE service_id = :service_id';
$statement = $this->db->prepare($query);
$statement->bindValue(':display_name', $metaName, \PDO::PARAM_STR);
$statement->bindValue(':service_id', (int) $serviceId, \PDO::PARAM_INT);
$statement->execute();
}
} else {
$query = 'INSERT INTO service (service_description, display_name, service_register) '
. 'VALUES '
. '("' . $composedName . '", "' . $metaName . '", "2")';
$this->db->query($query);
$query = 'INSERT INTO host_service_relation(host_host_id, service_service_id) '
. 'VALUES ('
. $hostId . ','
. '(SELECT service_id FROM service WHERE service_description = "' . $composedName . '" AND service_register = "2" LIMIT 1)'
. 'VALUES (:host_id,'
. '(SELECT service_id
FROM service
WHERE service_description = :service_description AND service_register = "2" LIMIT 1)'
. ')';
$this->db->query($query);
$statement = $this->db->prepare($query);
$statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT);
$statement->bindValue(':service_description', $composedName, \PDO::PARAM_STR);
$statement->execute();
$res = $this->db->query($queryService);
if ($res->rowCount()) {
$row = $res->fetchRow();
Expand Down

0 comments on commit 2aebf3e

Please sign in to comment.