Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
[Fix]:Sanitize and bind queries in template of service listing (#11746)
Browse files Browse the repository at this point in the history 
* [Fix]:Sanitize and bind queries in template of service listing

* work on tamazC suggestion
  • Loading branch information
@emabassi-ext
emabassi-ext authored Sep 13, 2022
1 parent d78b88b commit 31482f6
Showing 1 changed file with 13 additions and 13 deletions.
26 changes: 13 additions & 13 deletions www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,22 +77,22 @@

//Service Template Model list
if ($search) {
$query = "SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description, sv.service_alias, " .
"sv.service_activate, sv.service_template_model_stm_id " .
"FROM service sv " .
"WHERE (sv.service_description LIKE '%" . $search . "%' OR sv.service_alias LIKE '%" . $search . "%') " .
$statement = $pearDB->prepare("SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description," .
" sv.service_alias, sv.service_activate, sv.service_template_model_stm_id FROM service sv " .
"WHERE (sv.service_description LIKE :search OR sv.service_alias LIKE :search) " .
"AND sv.service_register = '0' " .
$lockedFilter .
"ORDER BY service_description LIMIT " . $num * $limit . ", " . $limit;
"ORDER BY service_description LIMIT :offset, :limit");
$statement->bindValue(':search', '%' . $search . '%', \PDO::PARAM_STR);
} else {
$query = "SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description, sv.service_alias, " .
"sv.service_activate, sv.service_template_model_stm_id " .
"FROM service sv " .
"WHERE sv.service_register = '0' " .
$lockedFilter .
"ORDER BY service_description LIMIT " . $num * $limit . ", " . $limit;
$statement = $pearDB->prepare("SELECT SQL_CALC_FOUND_ROWS sv.service_id, sv.service_description," .
" sv.service_alias, sv.service_activate, sv.service_template_model_stm_id FROM service sv " .
"WHERE sv.service_register = '0' " . $lockedFilter .
"ORDER BY service_description LIMIT :offset, :limit");
}
$dbResult = $pearDB->query($query);
$statement->bindValue(':limit', (int) $limit, \PDO::PARAM_INT);
$statement->bindValue(':offset', (int) $num * (int) $limit, \PDO::PARAM_INT);
$statement->execute();
$rows = $pearDB->query("SELECT FOUND_ROWS()")->fetchColumn();

include "./include/common/checkPagination.php";
Expand Down Expand Up @@ -137,7 +137,7 @@

$centreonToken = createCSRFToken();

for ($i = 0; $service = $dbResult->fetch(); $i++) {
for ($i = 0; $service = $statement->fetch(); $i++) {
$moptions = "";
$selectedElements = $form->addElement('checkbox', "select[" . $service['service_id'] . "]");
if (isset($lockedElements[$service['service_id']])) {
Expand Down

0 comments on commit 31482f6

Please sign in to comment.