Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
fix(secu): remove unused http parameters in hostXML file (#8079)
Browse files Browse the repository at this point in the history 
* style
* fix(secu): sanitize or remove unused params in hostXML file
  • Loading branch information
@sc979
sc979 committed Nov 12, 2019
1 parent 55f4a7b commit 51de910
Showing 1 changed file with 32 additions and 34 deletions.
66 changes: 32 additions & 34 deletions www/include/monitoring/status/Hosts/xml/hostXML.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
*
*/

require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php");
require_once realpath(__DIR__ . "/../../../../../../bootstrap.php");
include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php";
include_once _CENTREON_PATH_ . "www/class/centreonInstance.class.php";
Expand All @@ -48,47 +47,46 @@
CentreonSession::start();
$obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1);

if (isset($_SESSION['centreon'])) {
$centreon = $_SESSION['centreon'];
} else {
if (!isset($_SESSION['centreon'])) {
exit;
}
$centreon = $_SESSION['centreon'];
$criticality = new CentreonCriticality($obj->DB);
$instanceObj = new CentreonInstance($obj->DB);
$media = new CentreonMedia($obj->DB);

if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) {
;
} else {
if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) {
print "Bad Session ID";
exit();
}

/*
* Set Default Poller
*/
// Set Default Poller
$obj->getDefaultFilters();

/*
* Check Arguments from GET
*/
$o = $obj->checkArgument("o", $_GET, "h");
$p = $obj->checkArgument("p", $_GET, "2");
$num = $obj->checkArgument("num", $_GET, 0);
$limit = $obj->checkArgument("limit", $_GET, 20);
$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller);
$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups);
$search = $obj->checkArgument("search", $_GET, "");
$order = $obj->checkArgument("order", $_GET, "ASC");
$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s");

$statusHost = $obj->checkArgument("statusHost", $_GET, "");
$statusFilter = $obj->checkArgument("statusFilter", $_GET, "");

/* Store in session the last type of call */
$_SESSION['monitoring_host_status'] = $statusHost;
$_SESSION['monitoring_host_status_filter'] = $statusFilter;

// Check Arguments From GET tab
$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, array('options' => array('default' => 'h')));
$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, array('options' => array('default' => 2)));
$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0)));
$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20)));
$criticality_id = filter_input(
INPUT_GET,
'criticality',
FILTER_VALIDATE_INT,
array('options' => array('default' => $obj->defaultCriticality))
);
//if instance value is not set, displaying all active pollers linked resources
$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT);
$hostgroups = filter_var($obj->defaultHostgroups ?? 0, FILTER_VALIDATE_INT);

$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, array('options' => array('default' => '')));
$statusHost = filter_input(INPUT_GET, 'statusHost', FILTER_SANITIZE_STRING, array('options' => array('default' => '')));
$statusFilter = filter_input(INPUT_GET, 'statusFilter', FILTER_SANITIZE_STRING, array('options' => array('default' => '')));
$order = filter_input(
INPUT_GET,
'order',
FILTER_VALIDATE_REGEXP,
array('options' => array('default' => 'ASC', 'regexp' => '/^(ASC|DESC)$/'))
);
if (isset($_GET['sort_type']) && $_GET['sort_type'] == "host_name") {
$sort_type = "name";
} else {
Expand All @@ -98,11 +96,11 @@
$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name");
}
}
$criticality_id = $obj->checkArgument('criticality', $_GET, $obj->defaultCriticality);
// Store in session the last type of call
$_SESSION['monitoring_host_status'] = $statusHost;
$_SESSION['monitoring_host_status_filter'] = $statusFilter;

/*
* Backup poller selection
*/
// Backup poller selection
$obj->setInstanceHistory($instance);
$obj->setHostGroupsHistory($hostgroups);
$obj->setCriticality($criticality_id);
Expand Down

0 comments on commit 51de910

Please sign in to comment.