Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
fix(secu): remove unused http parameters in service by servicegroup s…
Browse files Browse the repository at this point in the history 
…ummary XML (#8064)

* fix(secu): remove or sanitize unused https arguments in service by servicegroup summary
* Update www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php
  • Loading branch information
@sc979
sc979 committed Nov 12, 2019
1 parent a5a084f commit 3fa6e29
Showing 1 changed file with 53 additions and 53 deletions.
106 changes: 53 additions & 53 deletions www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php
/*
* Copyright 2005-2015 Centreon
* Centreon is developped by : Julien Mathis and Romain Le Merlus under
* Copyright 2005-2019 Centreon
* Centreon is developed by : Julien Mathis and Romain Le Merlus under
* GPL Licence 2.0.
*
* This program is free software; you can redistribute it and/or modify it under
Expand Down Expand Up @@ -35,11 +35,8 @@

ini_set("display_errors", "Off");

require_once realpath(dirname(__FILE__) . "/../../../../../../config/centreon.config.php");
require_once realpath(__DIR__ . "/../../../../../../bootstrap.php");

include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php";

include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php";
include_once _CENTREON_PATH_ . "www/include/monitoring/status/Common/common-Func.php";
include_once _CENTREON_PATH_ . "www/include/common/common-Func.php";
Expand All @@ -52,7 +49,6 @@
$obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1);
$svcObj = new CentreonService($obj->DB);


if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) {
print "Bad Session ID";
exit();
Expand All @@ -63,88 +59,93 @@
*/
$obj->getDefaultFilters();

/* **************************************************
/*
* Check Arguments From GET tab
*/
$o = $obj->checkArgument("o", $_GET, "h");
$p = $obj->checkArgument("p", $_GET, "2");
$nc = $obj->checkArgument("nc", $_GET, "0");
$num = $obj->checkArgument("num", $_GET, 0);
$limit = $obj->checkArgument("limit", $_GET, 20);
$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller);
$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups);
$hSearch = $obj->checkArgument("host_search", $_GET, "");
$sgSearch = $obj->checkArgument("sg_search", $_GET, "");
$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name");
$order = $obj->checkArgument("order", $_GET, "ASC");
$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s");
$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, array('options' => array('default' => 'h')));
$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, array('options' => array('default' => 2)));
$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20)));
//if instance value is not set, displaying all active pollers linked resources
$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT);
$hSearch = filter_input(INPUT_GET, 'host_search', FILTER_SANITIZE_STRING, array('options' => array('default' => '')));
$sgSearch = filter_input(INPUT_GET, 'sg_search', FILTER_SANITIZE_STRING, array('options' => array('default' => '')));
$sort_type = filter_input(
INPUT_GET,
'sort_type',
FILTER_SANITIZE_STRING,
array('options' => array('default' => 'host_name'))
);
$order = filter_input(
INPUT_GET,
'order',
FILTER_VALIDATE_REGEXP,
array('options' => array('default' => 'ASC', 'regexp' => '/^(ASC|DESC)$/'))
);

/*
* Backup poller selection
*/
$obj->setInstanceHistory($instance);

/** **********************************************
/**
* Prepare pagination
*/

$s_search = "";
/* Display service problems */
// Display service problems
if ($o == "svcgridSG_pb" || $o == "svcOVSG_pb") {
$s_search .= " AND s.state != 0 AND s.state != 4 ";
}

/* Display acknowledged services */
// Display acknowledged services
if ($o == "svcgridSG_ack_1" || $o == "svcOVSG_ack_1") {
$s_search .= " AND s.acknowledged = '1' ";
}

/* Display not acknowledged services */
// Display not acknowledged services
if ($o == "svcgridSG_ack_0" || $o == "svcOVSG_ack_0") {
$s_search .= " AND s.state != 0 AND s.state != 4 AND s.acknowledged = 0 ";
}

$query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.servicegroup_id, h.host_id "
. "FROM servicegroups sg "
. "INNER JOIN services_servicegroups sgm ON sg.servicegroup_id = sgm.servicegroup_id "
. "INNER JOIN services s ON s.service_id = sgm.service_id "
. "INNER JOIN hosts h ON sgm.host_id = h.host_id AND h.host_id = s.host_id "
$query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.servicegroup_id, h.host_id
FROM servicegroups sg
INNER JOIN services_servicegroups sgm ON sg.servicegroup_id = sgm.servicegroup_id
INNER JOIN services s ON s.service_id = sgm.service_id
INNER JOIN hosts h ON sgm.host_id = h.host_id AND h.host_id = s.host_id "
. $obj->access->getACLHostsTableJoin($obj->DBC, "h.host_id")
. $obj->access->getACLServicesTableJoin($obj->DBC, "s.service_id")
. "WHERE 1 = 1 ";
. " WHERE 1 = 1 ";

# Servicegroup ACL
// Servicegroup ACL
$query .= $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID"));

/* Servicegroup search */
// Servicegroup search
if ($sgSearch != "") {
$query .= "AND sg.name = '" . $sgSearch . "' ";
}

/* Host search */
// Host search
$h_search = '';
if ($hSearch != "") {
$h_search .= "AND h.name like '%" . $hSearch . "%' ";
}
$query .= $h_search;

/* Service search */
// Service search
$query .= $s_search;

/* Poller search */
// Poller search
if ($instance != -1) {
$query .= " AND h.instance_id = " . $instance . " ";
}

$query .= "ORDER BY sg.name " . $order . " "
. "LIMIT " . ($num * $limit) . "," . $limit;
$query .= "ORDER BY sg.name " . $order . " LIMIT " . ($num * $limit) . ", " . $limit;

$DBRESULT = $obj->DBC->query($query);

$numRows = $obj->DBC->query("SELECT FOUND_ROWS()")->fetchColumn();


/** ***************************************************
/**
* Create XML Flow
*/
$obj->XML = new CentreonXML();
Expand All @@ -164,7 +165,7 @@
$obj->XML->writeElement("s", "1");
$obj->XML->endElement();

/* Construct query for servigroups search */
// Construct query for servicegroups search
$sg_search = "";
if ($numRows > 0) {
$sg_search .= "AND (";
Expand All @@ -187,18 +188,21 @@
$sg_search .= "AND sg.name = '" . $sgSearch . "' ";
}

$query2 = "SELECT SQL_CALC_FOUND_ROWS count(s.state) as count_state, sg.name AS sg_name, h.name as host_name, "
. "h.state as host_state, h.icon_image, h.host_id, s.state, " .
"(case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri "
. "FROM servicegroups sg, services_servicegroups sgm, services s, hosts h "
. "WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id "
. "AND sg.servicegroup_id=sgm.servicegroup_id "
$query2 = "SELECT SQL_CALC_FOUND_ROWS count(s.state) as count_state,
sg.name AS sg_name,
h.name AS host_name,
h.state AS host_state,
h.icon_image, h.host_id, s.state,
(CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri
FROM servicegroups sg, services_servicegroups sgm, services s, hosts h
WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id
AND sg.servicegroup_id=sgm.servicegroup_id "
. $s_search
. $sg_search
. $h_search
. $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID"))
. $obj->access->queryBuilder("AND", "s.service_id", $obj->access->getServicesString("ID", $obj->DBC))
. "GROUP BY sg_name,host_name,host_state,icon_image,host_id, s.state order by tri asc ";
. " GROUP BY sg_name,host_name,host_state,icon_image,host_id, s.state ORDER BY tri ASC ";

$DBRESULT = $obj->DBC->query($query2);

Expand Down Expand Up @@ -253,12 +257,8 @@

$obj->XML->endElement();

/*
* Send Header
*/
// Send Header
$obj->header();

/*
* Send XML
*/
// Send XML
$obj->XML->output();

0 comments on commit 3fa6e29

Please sign in to comment.