Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
chore(release): merge release-21.10.next into 21.10.x (#11910)
Browse files Browse the repository at this point in the history
* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <listas.vhs@gmail.com>

Co-authored-by: VHS <listas.vhs@gmail.com>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <sduret@centreon.com>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629)

* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <listas.vhs@gmail.com>

Co-authored-by: VHS <listas.vhs@gmail.com>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <sduret@centreon.com>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(install): Update version to 21.10.9

* fix(sql): fix query to select contact during ldap import (#11579)

Refs: MON-14263

* (fix)MON-14742 Escape database name in CentACL (#11602)

* fixed issue of using special chars in db names

* fix escape database name

* fixed security issue on sql requests

* fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619)

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>

* query sanitized in listServiceCategoriesà (#11597) (#11633)

* Sanitize and bind listVirtualMetrics queries (#11648)

* sanitize insrert queries in db-func (#11651)

MON-14667

* Sanitized and bound queries in service argumentsXml file  (#11654)

MON-14669

* sanitize and bind host categories query (#11644)

* Fix encoding issue on status serviceXML (#11582)

* sanitize and bind in centreon connector query (#11636)

* chore(git): update codeowners (#11593)

* fix(conf) fix parent template display in service template listing (#11671) (#11677)

* fix(poller): fix remote server duplication (#11552) (#11675)

Refs: MON-14579

* fix(clapi): Check that user is admin to use clapi (#11631) (#11639)

* Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666)

* fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699)

Refs: MON-14919

* Fix: In Acces group the second select not working [ACL] 21.10.x (#11710)

* fix second select not working

* applying suggested changes

* fix(details): remove dead code (#11672) (#11685)

* fix(details): second part of code cleanup for "tools" (#11718) (#11722)

* FIX: Sanitize and bind graph configuration queries 21.10.x (#11730)

* Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732)

* sanitize and bind CLAPI poller config

* remove unecessary comment

* revert deleted imports

* FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734)

* sanitize and bind meta service config

* applying suggested changes

* [Fix]:Sanitize and bind queries in template of service listing (#11745)

* fix(resource): Fix bad SQL request (#11702) (#11750)

* FIX: Sanitize and bind command configuration queries 21.10.x (#11755)

* Rebase dev2110x on 2110x (#11825)

* chore(release): merge release 21.10.9 into 21.10.x (#11628)

* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <listas.vhs@gmail.com>

Co-authored-by: VHS <listas.vhs@gmail.com>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <sduret@centreon.com>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(install): Update version to 21.10.9

* fix(sql): fix query to select contact during ldap import (#11579)

Refs: MON-14263

* (fix)MON-14742 Escape database name in CentACL (#11602)

* fixed issue of using special chars in db names

* fix escape database name

* fixed security issue on sql requests

* fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619)

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>

* chore(release): merge release-21.10.next into 21.10.x (#11820)

* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <listas.vhs@gmail.com>

Co-authored-by: VHS <listas.vhs@gmail.com>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <sduret@centreon.com>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629)

* fix(git): resync 21.10.x to dev-21.10.x (#11499)

* fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505)

Refs: MON-14585

* fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520)

Co-authored-by: VHS <listas.vhs@gmail.com>

Co-authored-by: VHS <listas.vhs@gmail.com>

* [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518)

1122

1153

1134

* [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515)

* Sanitize and bind ACL action access queries

_ sanitize if possible each variables inserted in a query

_ use PDO prepared statement and bind() method

_ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc)

* fix line length

* fix failed checks

* fix(cron): Escape database name in CentACL 21.10.x (#11509)

* fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529)

* fix(test): fix random fails on virtual metric test (#11524)

Refs: MON-14359

* enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508)

Refs: MON-14359

* doc(ack): acknowledge Hakaï security (#11539)

* fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557)

Refs: MON-12828

Co-authored-by: Stéphane Duret <sduret@centreon.com>

* SNYK: Sanitize and bind Broker listing queries (#11551)

* Sanitizing and binding broker listing queries

* applying suggested changes

* fix(conf) fix encoding in template service listing (#11558) (#11565)

* fix encoding

* remove useless function

* SNYK: Sanitize and bind generateImage queries (#11562)

* sanitize and bind generate image queries

* adding throw exception

* applying suggested changes

* Update www/include/views/graphs/generateGraphs/generateImage.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* SNYK: Sanitize and bind ACL actions queries (#11548)

* sanitizing and binding acl actions queries

* fix missing bind

* MON-14501 - sanitize query in centreonXmlbgRequest class  (#11571)

* sanitize query in centreonXmlbgRequest class

* add closeCursor func to resolve conv

* SNYK: Sanitize and bind Meta-Services dependency queries  (#11568)

* sanityze 2 insert queries

* spaces removed in a query

* chore(install): Update version to 21.10.9

* fix(sql): fix query to select contact during ldap import (#11579)

Refs: MON-14263

* (fix)MON-14742 Escape database name in CentACL (#11602)

* fixed issue of using special chars in db names

* fix escape database name

* fixed security issue on sql requests

* fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619)

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>

* query sanitized in listServiceCategoriesà (#11597) (#11633)

* Sanitize and bind listVirtualMetrics queries (#11648)

* sanitize insrert queries in db-func (#11651)

MON-14667

* Sanitized and bound queries in service argumentsXml file  (#11654)

MON-14669

* sanitize and bind host categories query (#11644)

* Fix encoding issue on status serviceXML (#11582)

* sanitize and bind in centreon connector query (#11636)

* chore(git): update codeowners (#11593)

* fix(conf) fix parent template display in service template listing (#11671) (#11677)

* fix(poller): fix remote server duplication (#11552) (#11675)

Refs: MON-14579

* fix(clapi): Check that user is admin to use clapi (#11631) (#11639)

* Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666)

* fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699)

Refs: MON-14919

* Fix: In Acces group the second select not working [ACL] 21.10.x (#11710)

* fix second select not working

* applying suggested changes

* fix(details): remove dead code (#11672) (#11685)

* fix(details): second part of code cleanup for "tools" (#11718) (#11722)

* FIX: Sanitize and bind graph configuration queries 21.10.x (#11730)

* Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732)

* sanitize and bind CLAPI poller config

* remove unecessary comment

* revert deleted imports

* FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734)

* sanitize and bind meta service config

* applying suggested changes

* [Fix]:Sanitize and bind queries in template of service listing (#11745)

* fix(resource): Fix bad SQL request (#11702) (#11750)

* FIX: Sanitize and bind command configuration queries 21.10.x (#11755)

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>
Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>
Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com>
Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com>
Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>
Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>
Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com>
Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* Fix: Remove obsolete code in ACL configuration listing (#11793)

* [Fix]: Sanitize and bind service by hostgroups listing (#11795)

* sanitize nad bind service by hostgroups listing

* fix exceeded linee

* Fix : Sanitize and bind centreon hostgroups class (#11800)

* Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802)

* Fix: Sanitize and bind host category listing  (#11805)

* fix(conf/export) broker RRDcacheD export (#11811) (#11834)

* FIX: SQLi in poller's broker configuration 21.10.x (#11778)

* sanitize and bind pollers broker config queries

* applying suggested changes

* FIX: Sanitize and bind default configuration queries 21.10.x (#11787)

* FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792)

* FIX: Sanitize and bind Centreon Notification class (#11757)

* Update www/class/centreonNotification.class.php

Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>

* FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797)

* sanitize and bind clapi LDAP listing

* removing unecessary code

* FIX: Sanitize and bind service listing 21.10.x (#11801)

* sanitizing and binding service listing queries

* removing var casting

* FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807)

* Fix: Sanitize and bind Media import (#11788)

* Fix: Remove obsolete code in monitoring common functions  (#11844)

* Fix: Sanitize and bind SNMP Traps listing  (#11842)

* Fix: Remove obsolete code in Criticality class  (#11841)

* remove obsolete function getHostTplCriticality in criticality class

* Update www/class/centreonCriticality.class.php

Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>

Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>

* Fix: Sanitize and bind CALPI Centreon service class  (#11836)

* sanitize and bine clapi centreon service class

* Update www/class/centreon-clapi/centreonService.class.php

space added into query

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

Co-authored-by: Kevin Duret <kduret@centreon.com>

* FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855)

* removing obsolet code

* removing more useless code

* FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857)

* FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859)

* Fix: Remove obsolete code in database partitioning functions (#11839)

* FIX: Sanitize and bind Centreon Service class 21.10.x (#11865)

* sanitize and bind service class queries and fix bug mediawiki links

* fixing links host templates mediawiki

* backport MON-14223 -> dev-21.10.x (#11863)

* FIX: SQLi in contact groups form 21.10.x (#11875)

* Fix: Remove obsolete code in legacy service detail page (#11848) (#11880)

* Remove obsolete code in legacy service detail page

* restore deleted code

* remove obsolete code in legacy service detail page and query sanitizeÃ

* Fix: Sanitize and bind menu topology listing (#11832) (#11883)

* sanitize and bind menu topology listing

* fix bug in query closing

* editing TopologyRepositoryTest file and change the query

* typo

* chore(release): update version to 21.10.11

Co-authored-by: Kevin Duret <kduret@centreon.com>
Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Co-authored-by: VHS <listas.vhs@gmail.com>
Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com>
Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com>
Co-authored-by: Stéphane Duret <sduret@centreon.com>
Co-authored-by: alaunois <alaunois@centreon.com>
Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com>
Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>
Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>
Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com>
Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
  • Loading branch information
14 people authored Oct 3, 2022
1 parent 640435a commit 59a70af
Show file tree
Hide file tree
Showing 39 changed files with 347 additions and 369 deletions.
17 changes: 9 additions & 8 deletions src/Centreon/Domain/Repository/TopologyRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -103,14 +103,15 @@ public function getReactTopologiesPerUserWithAcl($user)
if ($DBRESULT->rowCount()) {
$topology = array();
$tmp_topo_page = array();
$statement = $this->db->prepare("SELECT topology_topology_id, acl_topology_relations.access_right "
. "FROM acl_topology_relations, acl_topology "
. "WHERE acl_topology.acl_topo_activate = '1' "
. "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
. "AND acl_topology_relations.acl_topo_id = :acl_topo_id ");
while ($topo_group = $DBRESULT->fetchRow()) {
$query2 = "SELECT topology_topology_id, acl_topology_relations.access_right "
. "FROM acl_topology_relations, acl_topology "
. "WHERE acl_topology.acl_topo_activate = '1' "
. "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
. "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' ";
$DBRESULT2 = $this->db->query($query2);
while ($topo_page = $DBRESULT2->fetchRow()) {
$statement->bindValue(':acl_topo_id', $topo_group["acl_topology_id"], \PDO::PARAM_INT);
$statement->execute();
while ($topo_page = $statement->fetch(\PDO::FETCH_ASSOC)) {
$topology[] = (int)$topo_page["topology_topology_id"];
if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) {
$tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"];
Expand All @@ -125,7 +126,7 @@ public function getReactTopologiesPerUserWithAcl($user)
}
}
}
$DBRESULT2->closeCursor();
$statement->closeCursor();
}
$DBRESULT->closeCursor();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ protected function setUp(): void
. "FROM acl_topology_relations, acl_topology "
. "WHERE acl_topology.acl_topo_activate = '1' "
. "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
. "AND acl_topology_relations.acl_topo_id = '1' ",
. "AND acl_topology_relations.acl_topo_id = :acl_topo_id ",
'data' => [
[
'topology_topology_id' => 1,
Expand Down
25 changes: 15 additions & 10 deletions www/class/centreon-clapi/centreonHostGroup.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ public function getparam($parameters = null)
$listParam = explode('|', $params[1]);
$exportedFields = [];
$resultString = "";
$paramString = "";
foreach ($listParam as $paramSearch) {
if (!$paramString) {
$paramString = $paramSearch;
Expand Down Expand Up @@ -257,20 +258,24 @@ public function initUpdateParameters($parameters = null)
public function getIdIcon($path)
{
$iconData = explode('/', $path);
$query = 'SELECT dir_id FROM view_img_dir WHERE dir_name = "' . $iconData[0] . '"';
$res = $this->db->query($query);
$row = $res->fetch();
$dirStatement = $this->db->prepare("SELECT dir_id FROM view_img_dir WHERE dir_name = :IconData");
$dirStatement->bindValue(':IconData', $iconData[0], \PDO::PARAM_STR);
$dirStatement->execute();
$row = $dirStatement->fetch();
$dirId = $row['dir_id'];

$query = 'SELECT img_id FROM view_img WHERE img_path = "' . $iconData[1] . '"';
$res = $this->db->query($query);
$row = $res->fetch();
$imgStatement = $this->db->prepare("SELECT img_id FROM view_img WHERE img_path = :iconData");
$imgStatement->bindValue(':iconData', $iconData[1], \PDO::PARAM_STR);
$imgStatement->execute();
$row = $imgStatement->fetch();
$iconId = $row['img_id'];

$query = 'SELECT vidr_id FROM view_img_dir_relation ' .
'WHERE dir_dir_parent_id = ' . $dirId . ' AND img_img_id = ' . $iconId;
$res = $this->db->query($query);
$row = $res->fetch();
$vidrStatement = $this->db->prepare("SELECT vidr_id FROM view_img_dir_relation " .
"WHERE dir_dir_parent_id = :dirId AND img_img_id = :iconId");
$vidrStatement->bindValue(':dirId', (int) $dirId, \PDO::PARAM_INT);
$vidrStatement->bindValue(':iconId', (int) $iconId, \PDO::PARAM_INT);
$vidrStatement->execute();
$row = $vidrStatement->fetch();
return $row['vidr_id'];
}

Expand Down
8 changes: 5 additions & 3 deletions www/class/centreon-clapi/centreonLDAP.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -184,10 +184,12 @@ public function showserver($arName = null)
}
$sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order
FROM auth_ressource_host
WHERE auth_ressource_id = " . $arId . "
WHERE auth_ressource_id = :auth_ressource_id
ORDER BY host_order";
$res = $this->db->query($sql);
$row = $res->fetchAll();
$statement = $this->db->prepare($sql);
$statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT);
$statement->execute();
$row = $statement->fetchAll(\PDO::FETCH_ASSOC);
echo "id;address;port;ssl;tls;order\n";
foreach ($row as $srv) {
echo $srv['ldap_host_id'] . $this->delim .
Expand Down
12 changes: 6 additions & 6 deletions www/class/centreon-clapi/centreonService.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -1584,12 +1584,12 @@ public function getCustomMacroInDb($serviceId = null, $template = null)
$arr = array();
$i = 0;
if ($serviceId) {
$res = $this->db->query("SELECT svc_macro_name, svc_macro_value, is_password, description
FROM on_demand_macro_service
WHERE svc_svc_id = " .
$serviceId . "
ORDER BY macro_order ASC");
while ($row = $res->fetch()) {
$statement = $this->db->prepare("SELECT svc_macro_name, svc_macro_value, is_password, description " .
"FROM on_demand_macro_service " .
"WHERE svc_svc_id = :serviceId ORDER BY macro_order ASC");
$statement->bindValue(':serviceId', (int) $serviceId, \PDO::PARAM_INT);
$statement->execute();
while ($row = $statement->fetch()) {
if (preg_match('/\$_SERVICE(.*)\$$/', $row['svc_macro_name'], $matches)) {
$arr[$i]['svc_macro_name'] = $matches[1];
$arr[$i]['svc_macro_value'] = $row['svc_macro_value'];
Expand Down
14 changes: 8 additions & 6 deletions www/class/centreon-knowledge/procedures.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -139,13 +139,15 @@ public function getMyHostMultipleTemplateModels($host_id = null)
"WHERE host_host_id = '" . $host_id . "' " .
"ORDER BY `order`"
);
$statement = $this->centreon_DB->prepare(
"SELECT host_name " .
"FROM host " .
"WHERE host_id = :host_id LIMIT 1"
);
while ($row = $dbResult->fetch()) {
$dbResult2 = $this->centreon_DB->query(
"SELECT host_name " .
"FROM host " .
"WHERE host_id = '" . $row['host_tpl_id'] . "' LIMIT 1"
);
$hTpl = $dbResult2->fetch();
$statement->bindValue(':host_id', $row['host_tpl_id'], \PDO::PARAM_INT);
$statement->execute();
$hTpl = $statement->fetch(\PDO::FETCH_ASSOC);
$tplArr[$row['host_tpl_id']] = html_entity_decode($hTpl["host_name"], ENT_QUOTES);
}
unset($row);
Expand Down
38 changes: 0 additions & 38 deletions www/class/centreon-partition/partEngine.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -426,44 +426,6 @@ public function updateParts($table, $db)
}
}

/**
* optimize all partitions for a table
*
* @param MysqlTable $table
*/
public function optimizeTablePartitions($table, $db)
{
$tableName = "`" . $table->getSchema() . "`." . $table->getName();
if (!$table->exists()) {
throw new Exception("Optimize error: Table " . $tableName . " does not exists\n");
}

$request = "SELECT PARTITION_NAME FROM information_schema.`PARTITIONS` ";
$request .= "WHERE `TABLE_NAME`='" . $table->getName() . "' ";
$request .= "AND TABLE_SCHEMA='" . $table->getSchema() . "' ";
try {
$dbResult = $db->query($request);
} catch (\PDOException $e) {
throw new Exception(
"Error : Cannot get table schema information for "
. $tableName . ", " . $e->getMessage() . "\n"
);
}

while ($row = $dbResult->fetch()) {
$request = "ALTER TABLE " . $tableName . " OPTIMIZE PARTITION `" . $row["PARTITION_NAME"] . "`;";
try {
$dbResult2 = $db->query($request);
} catch (\PDOException $e) {
throw new Exception(
"Optimize error : Cannot optimize partition " . $row["PARTITION_NAME"]
. " of table " . $tableName . ", " . $e->getMessage() . "\n"
);
}
}

$dbResult->closeCursor();
}

/**
* list all partitions for a table
Expand Down
10 changes: 0 additions & 10 deletions www/class/centreon.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -162,22 +162,12 @@ public function creatModuleList()
$this->modules[$result["name"]] = array(
"name" => $result["name"],
"gen" => false,
"restart" => false,
"license" => false
);

if (is_dir("./modules/" . $result["name"] . "/generate_files/")) {
$this->modules[$result["name"]]["gen"] = true;
}
if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) {
$this->modules[$result["name"]]["restart"] = true;
}
if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) {
$this->modules[$result["name"]]["restart"] = true;
}
if (file_exists("./modules/" . $result["name"] . "/license/merethis_lic.zl")) {
$this->modules[$result["name"]]["license"] = true;
}
}
$dbResult = null;
}
Expand Down
8 changes: 5 additions & 3 deletions www/class/centreonConfigCentreonBroker.php
Original file line number Diff line number Diff line change
Expand Up @@ -731,13 +731,15 @@ public function insertConfig($values)
/*
* Get the ID
*/
$query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = '" . $values['name'] . "'";
$query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = :config_name";
try {
$res = $this->db->query($query);
$statement = $this->db->prepare($query);
$statement->bindValue(':config_name', $values['name'], \PDO::PARAM_STR);
$statement->execute();
} catch (\PDOException $e) {
return false;
}
$row = $res->fetch();
$row = $statement->fetch(\PDO::FETCH_ASSOC);
$id = $row['config_id'];

/*
Expand Down
25 changes: 0 additions & 25 deletions www/class/centreonCriticality.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -358,29 +358,4 @@ protected function getServiceCriticality($service_id)
}
return 0;
}

public function getHostTplCriticities($host_id, $cache)
{
global $pearDB;

if (!$host_id) {
return null;
}

$rq = "SELECT host_tpl_id " .
"FROM host_template_relation " .
"WHERE host_host_id = '".$host_id."' " .
"ORDER BY `order`";
$DBRESULT = $pearDB->query($rq);
while ($row = $DBRESULT->fetchRow()) {
if (isset($cache[$row['host_tpl_id']])) {
return $this->getData($cache[$row['host_tpl_id']], false);
} else {
if ($result_field = $this->getHostTplCriticities($row['host_tpl_id'], $cache)) {
return $result_field;
}
}
}
return null;
}
}
43 changes: 43 additions & 0 deletions www/class/centreonDB.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -447,4 +447,47 @@ public function isColumnExist(string $table = null, string $column = null): int
return -1;
}
}

/**
* Write SQL errors messages and queries
*
* @param string $query the query string to write to log
* @param string $message the message to write to log
*/
private function logSqlError(string $query, string $message): void
{
$this->log->insertLog(2, $message . " QUERY : " . $query);
}

/**
* This method returns a column type from a given table and column.
*
* @param string $tableName
* @param string $columnName
* @return string
*/
public function getColumnType(string $tableName, string $columnName): string
{
$query = 'SELECT COLUMN_TYPE
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = :dbName
AND TABLE_NAME = :tableName
AND COLUMN_NAME = :columnName';

$stmt = $this->prepare($query);

try {
$stmt->bindValue(':dbName', $this->dsn['database'], \PDO::PARAM_STR);
$stmt->bindValue(':tableName', $tableName, \PDO::PARAM_STR);
$stmt->bindValue(':columnName', $columnName, \PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(\PDO::FETCH_ASSOC);
if (! empty($result)) {
return $result['COLUMN_TYPE'];
}
throw new \PDOException("Unable to get column type");
} catch (\PDOException $e) {
$this->logSqlError($query, $e->getMessage());
}
}
}
15 changes: 8 additions & 7 deletions www/class/centreonHostgroups.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,18 +100,19 @@ public function getHostGroupHosts($hg_id = null)
}

$hosts = array();
$DBRESULT = $this->DB->query(
"SELECT hgr.host_host_id " .
$statement = $this->DB->prepare("SELECT hgr.host_host_id " .
"FROM hostgroup_relation hgr, host h " .
"WHERE hgr.hostgroup_hg_id = '" . $this->DB->escape($hg_id) . "' " .
"WHERE hgr.hostgroup_hg_id = :hgId " .
"AND h.host_id = hgr.host_host_id " .
"ORDER by h.host_name"
);
while ($elem = $DBRESULT->fetchRow()) {
"ORDER by h.host_name");
$statement->bindValue(':hgId', (int) $hg_id, \PDO::PARAM_INT);
$statement->execute();

while ($elem = $statement->fetchRow()) {
$ref[$elem["host_host_id"]] = $elem["host_host_id"];
$hosts[] = $elem["host_host_id"];
}
$DBRESULT->closeCursor();
$statement->closeCursor();
unset($elem);

if (isset($hostgroups) && count($hostgroups)) {
Expand Down
12 changes: 5 additions & 7 deletions www/class/centreonMedia.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -410,14 +410,12 @@ public function addImage($parameters, $binary = null)
$imageId = $row['img_id'];

// Insert relation between directory and image
$query = 'INSERT INTO view_img_dir_relation '
. '(dir_dir_parent_id, img_img_id) '
. 'VALUES ('
. $directoryId . ', '
. $imageId . ' '
. ') ';
$statement = $this->db->prepare("INSERT INTO view_img_dir_relation (dir_dir_parent_id, img_img_id) " .
"VALUES (:dirId, :imgId) ");
$statement->bindValue(':dirId', (int) $directoryId, \PDO::PARAM_INT);
$statement->bindValue(':imgId', (int) $imageId, \PDO::PARAM_INT);
try {
$this->db->query($query);
$statement->execute();
} catch (\PDOException $e) {
throw new \Exception('Error while inserting relation between' . $imageName . ' and ' . $directoryName);
}
Expand Down
8 changes: 5 additions & 3 deletions www/class/centreonNotification.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -342,10 +342,12 @@ protected function getHostTemplateNotifications($hostId, $templates)
FROM host_template_relation htr
LEFT JOIN contact_host_relation ctr ON htr.host_host_id = ctr.host_host_id
LEFT JOIN contactgroup_host_relation ctr2 ON htr.host_host_id = ctr2.host_host_id
WHERE htr.host_host_id = " . $hostId . "
WHERE htr.host_host_id = :host_id
ORDER BY `order`";
$res = $this->db->query($sql);
while ($row = $res->fetchRow()) {
$statement = $this->db->prepare($sql);
$statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT);
$statement->execute();
while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) {
if ($row['contact_id']) {
$this->hostBreak[1] = true;
}
Expand Down
10 changes: 6 additions & 4 deletions www/class/centreonService.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -1727,12 +1727,14 @@ public function getTemplatesChain($svcId, $alreadyProcessed = array())
} else {
$alreadyProcessed[] = $svcId;

$res = $this->db->query(
"SELECT service_template_model_stm_id FROM service WHERE service_id = " . $this->db->escape($svcId)
$statement = $this->db->prepare(
"SELECT service_template_model_stm_id FROM service WHERE service_id = :service_id"
);
$statement->bindValue(':service_id', (int) $svcId, \PDO::PARAM_INT);
$statement->execute();

if ($res->rowCount()) {
$row = $res->fetchRow();
if ($statement->rowCount()) {
$row = $statement->fetch(\PDO::FETCH_ASSOC);
if (!empty($row['service_template_model_stm_id']) && $row['service_template_model_stm_id'] !== null) {
$svcTmpl = array_merge(
$svcTmpl,
Expand Down
Loading

0 comments on commit 59a70af

Please sign in to comment.