fix(xss): fix SQL injection for GET parameter

- Fix $_GET['host_id'] => parse it as integer - remove unnecessary ';' in code
centreon · Feb 26, 2019 · 2db2327 · 2db2327
1 parent dd52e85
commit 2db2327
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/www/include/views/graphs/common/makeXML_ListServices.php b/www/include/views/graphs/common/makeXML_ListServices.php
@@ -57,7 +57,6 @@
     putenv("LANG=$locale");
     setlocale(LC_ALL, $locale);
     bindtextdomain("messages", _CENTREON_PATH_ . "www/locale/");
-;
     bind_textdomain_codeset("messages", "UTF-8");
     textdomain("messages");
 
@@ -71,7 +70,7 @@
     $mx_l = strlen($s_datas[""]);
 
 if (isset($_GET["host_id"]) && $_GET["host_id"] != 0) {
-    $pq_sql = $pearDBO->query("SELECT id index_id, service_description FROM index_data WHERE host_id='".$_GET['host_id']."'ORDER BY service_description");
+    $pq_sql = $pearDBO->query("SELECT id index_id, service_description FROM index_data WHERE host_id=".(int)$_GET['host_id']." ORDER BY service_description");
     while ($fw_sql = $pq_sql->fetchRow()) {
         $fw_sql["service_description"] = str_replace($a_this, $a_that, $fw_sql["service_description"]);
         $s_datas[$fw_sql["index_id"]] = $fw_sql["service_description"]."&nbsp;&nbsp;&nbsp;";
@@ -85,4 +84,4 @@
 for ($i = strlen($s_datas[""]); $i != $mx_l; $i++) {
     $s_datas[""] .= "&nbsp;";
 }
-    $buffer->output();
+$buffer->output();