From 3815a9f4448d4757f331ac83e6bca31a8f02ec32 Mon Sep 17 00:00:00 2001
From: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Date: Wed, 21 Sep 2022 23:05:26 +0100
Subject: [PATCH] FIX: Sanitize and bind Centreon Notification class 21.10.x
 (#11792)

* FIX: Sanitize and bind Centreon Notification class (#11757)

* Update www/class/centreonNotification.class.php

Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>
---
 www/class/centreonNotification.class.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/www/class/centreonNotification.class.php b/www/class/centreonNotification.class.php
index 0875cbcb9b1..2c8df61679a 100644
--- a/www/class/centreonNotification.class.php
+++ b/www/class/centreonNotification.class.php
@@ -342,10 +342,12 @@ protected function getHostTemplateNotifications($hostId, $templates)
         		FROM host_template_relation htr
         		LEFT JOIN contact_host_relation ctr ON htr.host_host_id = ctr.host_host_id
         		LEFT JOIN contactgroup_host_relation ctr2 ON htr.host_host_id = ctr2.host_host_id
-        		WHERE htr.host_host_id = " . $hostId . "
+        		WHERE htr.host_host_id = :host_id 
         		ORDER BY `order`";
-        $res = $this->db->query($sql);
-        while ($row = $res->fetchRow()) {
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT);
+        $statement->execute();
+        while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) {
             if ($row['contact_id']) {
                 $this->hostBreak[1] = true;
             }