From 59a70af20af9ff3e8c37c7c0baa5365c03dc31b8 Mon Sep 17 00:00:00 2001 From: tuntoja <58987095+tuntoja@users.noreply.github.com> Date: Mon, 3 Oct 2022 09:38:33 +0200 Subject: [PATCH] chore(release): merge release-21.10.next into 21.10.x (#11910) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS Co-authored-by: VHS * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS Co-authored-by: VHS * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS Co-authored-by: VHS * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS Co-authored-by: VHS * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS Co-authored-by: VHS * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret Co-authored-by: Kevin Duret * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret Co-authored-by: alaunois Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet --- .../Domain/Repository/TopologyRepository.php | 17 ++-- .../Repository/TopologyRepositoryTest.php | 2 +- .../centreonHostGroup.class.php | 25 +++-- .../centreon-clapi/centreonLDAP.class.php | 8 +- .../centreon-clapi/centreonService.class.php | 12 +-- .../centreon-knowledge/procedures.class.php | 14 +-- .../centreon-partition/partEngine.class.php | 38 -------- www/class/centreon.class.php | 10 -- www/class/centreonConfigCentreonBroker.php | 8 +- www/class/centreonCriticality.class.php | 25 ----- www/class/centreonDB.class.php | 43 +++++++++ www/class/centreonHostgroups.class.php | 15 +-- www/class/centreonMedia.class.php | 12 +-- www/class/centreonNotification.class.php | 8 +- www/class/centreonService.class.php | 10 +- www/class/config-generate/broker.class.php | 18 ++-- .../configCentreonBroker/DB-Func.php | 91 ++++++++++++++----- .../configGenerate/xml/restartPollers.php | 12 --- .../configKnowledge/display-hostTemplates.php | 4 +- .../configKnowledge/display-hosts.php | 4 +- .../display-serviceTemplates.php | 4 +- .../configKnowledge/display-services.php | 2 +- .../contactgroup/formContactGroup.php | 6 +- .../host_categories/listHostCategories.php | 12 +-- .../service/listServiceByHost.php | 12 ++- .../service/listServiceByHostGroup.php | 47 ++++++++-- .../configObject/traps-groups/DB-Func.php | 8 +- .../configObject/traps/listTraps.php | 8 +- www/include/monitoring/common-Func.php | 20 ---- .../objectDetails/serviceDetails.php | 19 ++-- .../actionsACL/listsActionsAccess.php | 5 - .../accessLists/menusACL/listsMenusAccess.php | 4 - .../resourcesACL/listsResourcesAccess.php | 7 -- .../graphs/exportData/ExportCSVMetricData.php | 79 ---------------- www/include/views/graphs/graph-periods.html | 41 +++------ www/install/insertBaseConf.sql | 2 +- www/install/installBroker.sql | 4 +- www/install/php/Update-21.10.11.php | 49 ++++++++++ www/install/steps/process/insertBaseConf.php | 11 ++- 39 files changed, 347 insertions(+), 369 deletions(-) delete mode 100644 www/include/views/graphs/exportData/ExportCSVMetricData.php create mode 100644 www/install/php/Update-21.10.11.php diff --git a/src/Centreon/Domain/Repository/TopologyRepository.php b/src/Centreon/Domain/Repository/TopologyRepository.php index 1e0eb9efb4c..e9ad93e38ce 100644 --- a/src/Centreon/Domain/Repository/TopologyRepository.php +++ b/src/Centreon/Domain/Repository/TopologyRepository.php @@ -103,14 +103,15 @@ public function getReactTopologiesPerUserWithAcl($user) if ($DBRESULT->rowCount()) { $topology = array(); $tmp_topo_page = array(); + $statement = $this->db->prepare("SELECT topology_topology_id, acl_topology_relations.access_right " + . "FROM acl_topology_relations, acl_topology " + . "WHERE acl_topology.acl_topo_activate = '1' " + . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " + . "AND acl_topology_relations.acl_topo_id = :acl_topo_id "); while ($topo_group = $DBRESULT->fetchRow()) { - $query2 = "SELECT topology_topology_id, acl_topology_relations.access_right " - . "FROM acl_topology_relations, acl_topology " - . "WHERE acl_topology.acl_topo_activate = '1' " - . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " - . "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' "; - $DBRESULT2 = $this->db->query($query2); - while ($topo_page = $DBRESULT2->fetchRow()) { + $statement->bindValue(':acl_topo_id', $topo_group["acl_topology_id"], \PDO::PARAM_INT); + $statement->execute(); + while ($topo_page = $statement->fetch(\PDO::FETCH_ASSOC)) { $topology[] = (int)$topo_page["topology_topology_id"]; if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) { $tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"]; @@ -125,7 +126,7 @@ public function getReactTopologiesPerUserWithAcl($user) } } } - $DBRESULT2->closeCursor(); + $statement->closeCursor(); } $DBRESULT->closeCursor(); diff --git a/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php b/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php index 6a7c787b2bf..fb7c72b87e9 100644 --- a/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php +++ b/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php @@ -46,7 +46,7 @@ protected function setUp(): void . "FROM acl_topology_relations, acl_topology " . "WHERE acl_topology.acl_topo_activate = '1' " . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " - . "AND acl_topology_relations.acl_topo_id = '1' ", + . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ", 'data' => [ [ 'topology_topology_id' => 1, diff --git a/www/class/centreon-clapi/centreonHostGroup.class.php b/www/class/centreon-clapi/centreonHostGroup.class.php index 56d254c49c1..fa722541278 100644 --- a/www/class/centreon-clapi/centreonHostGroup.class.php +++ b/www/class/centreon-clapi/centreonHostGroup.class.php @@ -174,6 +174,7 @@ public function getparam($parameters = null) $listParam = explode('|', $params[1]); $exportedFields = []; $resultString = ""; + $paramString = ""; foreach ($listParam as $paramSearch) { if (!$paramString) { $paramString = $paramSearch; @@ -257,20 +258,24 @@ public function initUpdateParameters($parameters = null) public function getIdIcon($path) { $iconData = explode('/', $path); - $query = 'SELECT dir_id FROM view_img_dir WHERE dir_name = "' . $iconData[0] . '"'; - $res = $this->db->query($query); - $row = $res->fetch(); + $dirStatement = $this->db->prepare("SELECT dir_id FROM view_img_dir WHERE dir_name = :IconData"); + $dirStatement->bindValue(':IconData', $iconData[0], \PDO::PARAM_STR); + $dirStatement->execute(); + $row = $dirStatement->fetch(); $dirId = $row['dir_id']; - $query = 'SELECT img_id FROM view_img WHERE img_path = "' . $iconData[1] . '"'; - $res = $this->db->query($query); - $row = $res->fetch(); + $imgStatement = $this->db->prepare("SELECT img_id FROM view_img WHERE img_path = :iconData"); + $imgStatement->bindValue(':iconData', $iconData[1], \PDO::PARAM_STR); + $imgStatement->execute(); + $row = $imgStatement->fetch(); $iconId = $row['img_id']; - $query = 'SELECT vidr_id FROM view_img_dir_relation ' . - 'WHERE dir_dir_parent_id = ' . $dirId . ' AND img_img_id = ' . $iconId; - $res = $this->db->query($query); - $row = $res->fetch(); + $vidrStatement = $this->db->prepare("SELECT vidr_id FROM view_img_dir_relation " . + "WHERE dir_dir_parent_id = :dirId AND img_img_id = :iconId"); + $vidrStatement->bindValue(':dirId', (int) $dirId, \PDO::PARAM_INT); + $vidrStatement->bindValue(':iconId', (int) $iconId, \PDO::PARAM_INT); + $vidrStatement->execute(); + $row = $vidrStatement->fetch(); return $row['vidr_id']; } diff --git a/www/class/centreon-clapi/centreonLDAP.class.php b/www/class/centreon-clapi/centreonLDAP.class.php index 67b6a702ba5..4aacbc33a45 100644 --- a/www/class/centreon-clapi/centreonLDAP.class.php +++ b/www/class/centreon-clapi/centreonLDAP.class.php @@ -184,10 +184,12 @@ public function showserver($arName = null) } $sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order FROM auth_ressource_host - WHERE auth_ressource_id = " . $arId . " + WHERE auth_ressource_id = :auth_ressource_id ORDER BY host_order"; - $res = $this->db->query($sql); - $row = $res->fetchAll(); + $statement = $this->db->prepare($sql); + $statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT); + $statement->execute(); + $row = $statement->fetchAll(\PDO::FETCH_ASSOC); echo "id;address;port;ssl;tls;order\n"; foreach ($row as $srv) { echo $srv['ldap_host_id'] . $this->delim . diff --git a/www/class/centreon-clapi/centreonService.class.php b/www/class/centreon-clapi/centreonService.class.php index e02b0e76d0e..d3f8ec84b6f 100644 --- a/www/class/centreon-clapi/centreonService.class.php +++ b/www/class/centreon-clapi/centreonService.class.php @@ -1584,12 +1584,12 @@ public function getCustomMacroInDb($serviceId = null, $template = null) $arr = array(); $i = 0; if ($serviceId) { - $res = $this->db->query("SELECT svc_macro_name, svc_macro_value, is_password, description - FROM on_demand_macro_service - WHERE svc_svc_id = " . - $serviceId . " - ORDER BY macro_order ASC"); - while ($row = $res->fetch()) { + $statement = $this->db->prepare("SELECT svc_macro_name, svc_macro_value, is_password, description " . + "FROM on_demand_macro_service " . + "WHERE svc_svc_id = :serviceId ORDER BY macro_order ASC"); + $statement->bindValue(':serviceId', (int) $serviceId, \PDO::PARAM_INT); + $statement->execute(); + while ($row = $statement->fetch()) { if (preg_match('/\$_SERVICE(.*)\$$/', $row['svc_macro_name'], $matches)) { $arr[$i]['svc_macro_name'] = $matches[1]; $arr[$i]['svc_macro_value'] = $row['svc_macro_value']; diff --git a/www/class/centreon-knowledge/procedures.class.php b/www/class/centreon-knowledge/procedures.class.php index c20a0a99f7e..cc4feac9351 100644 --- a/www/class/centreon-knowledge/procedures.class.php +++ b/www/class/centreon-knowledge/procedures.class.php @@ -139,13 +139,15 @@ public function getMyHostMultipleTemplateModels($host_id = null) "WHERE host_host_id = '" . $host_id . "' " . "ORDER BY `order`" ); + $statement = $this->centreon_DB->prepare( + "SELECT host_name " . + "FROM host " . + "WHERE host_id = :host_id LIMIT 1" + ); while ($row = $dbResult->fetch()) { - $dbResult2 = $this->centreon_DB->query( - "SELECT host_name " . - "FROM host " . - "WHERE host_id = '" . $row['host_tpl_id'] . "' LIMIT 1" - ); - $hTpl = $dbResult2->fetch(); + $statement->bindValue(':host_id', $row['host_tpl_id'], \PDO::PARAM_INT); + $statement->execute(); + $hTpl = $statement->fetch(\PDO::FETCH_ASSOC); $tplArr[$row['host_tpl_id']] = html_entity_decode($hTpl["host_name"], ENT_QUOTES); } unset($row); diff --git a/www/class/centreon-partition/partEngine.class.php b/www/class/centreon-partition/partEngine.class.php index bf488a95e58..ed688a6d96f 100644 --- a/www/class/centreon-partition/partEngine.class.php +++ b/www/class/centreon-partition/partEngine.class.php @@ -426,44 +426,6 @@ public function updateParts($table, $db) } } - /** - * optimize all partitions for a table - * - * @param MysqlTable $table - */ - public function optimizeTablePartitions($table, $db) - { - $tableName = "`" . $table->getSchema() . "`." . $table->getName(); - if (!$table->exists()) { - throw new Exception("Optimize error: Table " . $tableName . " does not exists\n"); - } - - $request = "SELECT PARTITION_NAME FROM information_schema.`PARTITIONS` "; - $request .= "WHERE `TABLE_NAME`='" . $table->getName() . "' "; - $request .= "AND TABLE_SCHEMA='" . $table->getSchema() . "' "; - try { - $dbResult = $db->query($request); - } catch (\PDOException $e) { - throw new Exception( - "Error : Cannot get table schema information for " - . $tableName . ", " . $e->getMessage() . "\n" - ); - } - - while ($row = $dbResult->fetch()) { - $request = "ALTER TABLE " . $tableName . " OPTIMIZE PARTITION `" . $row["PARTITION_NAME"] . "`;"; - try { - $dbResult2 = $db->query($request); - } catch (\PDOException $e) { - throw new Exception( - "Optimize error : Cannot optimize partition " . $row["PARTITION_NAME"] - . " of table " . $tableName . ", " . $e->getMessage() . "\n" - ); - } - } - - $dbResult->closeCursor(); - } /** * list all partitions for a table diff --git a/www/class/centreon.class.php b/www/class/centreon.class.php index c2c09831cbc..07d440217bb 100644 --- a/www/class/centreon.class.php +++ b/www/class/centreon.class.php @@ -162,22 +162,12 @@ public function creatModuleList() $this->modules[$result["name"]] = array( "name" => $result["name"], "gen" => false, - "restart" => false, "license" => false ); if (is_dir("./modules/" . $result["name"] . "/generate_files/")) { $this->modules[$result["name"]]["gen"] = true; } - if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) { - $this->modules[$result["name"]]["restart"] = true; - } - if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) { - $this->modules[$result["name"]]["restart"] = true; - } - if (file_exists("./modules/" . $result["name"] . "/license/merethis_lic.zl")) { - $this->modules[$result["name"]]["license"] = true; - } } $dbResult = null; } diff --git a/www/class/centreonConfigCentreonBroker.php b/www/class/centreonConfigCentreonBroker.php index f1e58a3d2f5..e92d80b31ff 100644 --- a/www/class/centreonConfigCentreonBroker.php +++ b/www/class/centreonConfigCentreonBroker.php @@ -731,13 +731,15 @@ public function insertConfig($values) /* * Get the ID */ - $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = '" . $values['name'] . "'"; + $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = :config_name"; try { - $res = $this->db->query($query); + $statement = $this->db->prepare($query); + $statement->bindValue(':config_name', $values['name'], \PDO::PARAM_STR); + $statement->execute(); } catch (\PDOException $e) { return false; } - $row = $res->fetch(); + $row = $statement->fetch(\PDO::FETCH_ASSOC); $id = $row['config_id']; /* diff --git a/www/class/centreonCriticality.class.php b/www/class/centreonCriticality.class.php index a64f673422f..4c45040b485 100644 --- a/www/class/centreonCriticality.class.php +++ b/www/class/centreonCriticality.class.php @@ -358,29 +358,4 @@ protected function getServiceCriticality($service_id) } return 0; } - - public function getHostTplCriticities($host_id, $cache) - { - global $pearDB; - - if (!$host_id) { - return null; - } - - $rq = "SELECT host_tpl_id " . - "FROM host_template_relation " . - "WHERE host_host_id = '".$host_id."' " . - "ORDER BY `order`"; - $DBRESULT = $pearDB->query($rq); - while ($row = $DBRESULT->fetchRow()) { - if (isset($cache[$row['host_tpl_id']])) { - return $this->getData($cache[$row['host_tpl_id']], false); - } else { - if ($result_field = $this->getHostTplCriticities($row['host_tpl_id'], $cache)) { - return $result_field; - } - } - } - return null; - } } diff --git a/www/class/centreonDB.class.php b/www/class/centreonDB.class.php index 20bb0d3f8f3..374ec335376 100644 --- a/www/class/centreonDB.class.php +++ b/www/class/centreonDB.class.php @@ -447,4 +447,47 @@ public function isColumnExist(string $table = null, string $column = null): int return -1; } } + + /** + * Write SQL errors messages and queries + * + * @param string $query the query string to write to log + * @param string $message the message to write to log + */ + private function logSqlError(string $query, string $message): void + { + $this->log->insertLog(2, $message . " QUERY : " . $query); + } + + /** + * This method returns a column type from a given table and column. + * + * @param string $tableName + * @param string $columnName + * @return string + */ + public function getColumnType(string $tableName, string $columnName): string + { + $query = 'SELECT COLUMN_TYPE + FROM INFORMATION_SCHEMA.COLUMNS + WHERE TABLE_SCHEMA = :dbName + AND TABLE_NAME = :tableName + AND COLUMN_NAME = :columnName'; + + $stmt = $this->prepare($query); + + try { + $stmt->bindValue(':dbName', $this->dsn['database'], \PDO::PARAM_STR); + $stmt->bindValue(':tableName', $tableName, \PDO::PARAM_STR); + $stmt->bindValue(':columnName', $columnName, \PDO::PARAM_STR); + $stmt->execute(); + $result = $stmt->fetch(\PDO::FETCH_ASSOC); + if (! empty($result)) { + return $result['COLUMN_TYPE']; + } + throw new \PDOException("Unable to get column type"); + } catch (\PDOException $e) { + $this->logSqlError($query, $e->getMessage()); + } + } } diff --git a/www/class/centreonHostgroups.class.php b/www/class/centreonHostgroups.class.php index 34dd68d6947..81ff496279a 100644 --- a/www/class/centreonHostgroups.class.php +++ b/www/class/centreonHostgroups.class.php @@ -100,18 +100,19 @@ public function getHostGroupHosts($hg_id = null) } $hosts = array(); - $DBRESULT = $this->DB->query( - "SELECT hgr.host_host_id " . + $statement = $this->DB->prepare("SELECT hgr.host_host_id " . "FROM hostgroup_relation hgr, host h " . - "WHERE hgr.hostgroup_hg_id = '" . $this->DB->escape($hg_id) . "' " . + "WHERE hgr.hostgroup_hg_id = :hgId " . "AND h.host_id = hgr.host_host_id " . - "ORDER by h.host_name" - ); - while ($elem = $DBRESULT->fetchRow()) { + "ORDER by h.host_name"); + $statement->bindValue(':hgId', (int) $hg_id, \PDO::PARAM_INT); + $statement->execute(); + + while ($elem = $statement->fetchRow()) { $ref[$elem["host_host_id"]] = $elem["host_host_id"]; $hosts[] = $elem["host_host_id"]; } - $DBRESULT->closeCursor(); + $statement->closeCursor(); unset($elem); if (isset($hostgroups) && count($hostgroups)) { diff --git a/www/class/centreonMedia.class.php b/www/class/centreonMedia.class.php index 37e1a14319a..f9a3377f89c 100644 --- a/www/class/centreonMedia.class.php +++ b/www/class/centreonMedia.class.php @@ -410,14 +410,12 @@ public function addImage($parameters, $binary = null) $imageId = $row['img_id']; // Insert relation between directory and image - $query = 'INSERT INTO view_img_dir_relation ' - . '(dir_dir_parent_id, img_img_id) ' - . 'VALUES (' - . $directoryId . ', ' - . $imageId . ' ' - . ') '; + $statement = $this->db->prepare("INSERT INTO view_img_dir_relation (dir_dir_parent_id, img_img_id) " . + "VALUES (:dirId, :imgId) "); + $statement->bindValue(':dirId', (int) $directoryId, \PDO::PARAM_INT); + $statement->bindValue(':imgId', (int) $imageId, \PDO::PARAM_INT); try { - $this->db->query($query); + $statement->execute(); } catch (\PDOException $e) { throw new \Exception('Error while inserting relation between' . $imageName . ' and ' . $directoryName); } diff --git a/www/class/centreonNotification.class.php b/www/class/centreonNotification.class.php index 0875cbcb9b1..2c8df61679a 100644 --- a/www/class/centreonNotification.class.php +++ b/www/class/centreonNotification.class.php @@ -342,10 +342,12 @@ protected function getHostTemplateNotifications($hostId, $templates) FROM host_template_relation htr LEFT JOIN contact_host_relation ctr ON htr.host_host_id = ctr.host_host_id LEFT JOIN contactgroup_host_relation ctr2 ON htr.host_host_id = ctr2.host_host_id - WHERE htr.host_host_id = " . $hostId . " + WHERE htr.host_host_id = :host_id ORDER BY `order`"; - $res = $this->db->query($sql); - while ($row = $res->fetchRow()) { + $statement = $this->db->prepare($sql); + $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT); + $statement->execute(); + while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) { if ($row['contact_id']) { $this->hostBreak[1] = true; } diff --git a/www/class/centreonService.class.php b/www/class/centreonService.class.php index 67149a75a20..19b09c52d96 100644 --- a/www/class/centreonService.class.php +++ b/www/class/centreonService.class.php @@ -1727,12 +1727,14 @@ public function getTemplatesChain($svcId, $alreadyProcessed = array()) } else { $alreadyProcessed[] = $svcId; - $res = $this->db->query( - "SELECT service_template_model_stm_id FROM service WHERE service_id = " . $this->db->escape($svcId) + $statement = $this->db->prepare( + "SELECT service_template_model_stm_id FROM service WHERE service_id = :service_id" ); + $statement->bindValue(':service_id', (int) $svcId, \PDO::PARAM_INT); + $statement->execute(); - if ($res->rowCount()) { - $row = $res->fetchRow(); + if ($statement->rowCount()) { + $row = $statement->fetch(\PDO::FETCH_ASSOC); if (!empty($row['service_template_model_stm_id']) && $row['service_template_model_stm_id'] !== null) { $svcTmpl = array_merge( $svcTmpl, diff --git a/www/class/config-generate/broker.class.php b/www/class/config-generate/broker.class.php index 719461fc0bc..23bd603ea17 100644 --- a/www/class/config-generate/broker.class.php +++ b/www/class/config-generate/broker.class.php @@ -219,7 +219,8 @@ private function generate($poller_id, $localhost) } $subValuesToCastInArray = []; - $rrdCacheOption = 'disable'; + $rrdCacheOption = null; + $rrdCached = null; foreach ($value as $subvalue) { if (!isset($subvalue['fieldIndex']) || $subvalue['fieldIndex'] == "" || @@ -237,21 +238,20 @@ private function generate($poller_id, $localhost) } elseif ($subvalue['config_key'] === 'category') { $object[$key][$subvalue['config_group_id']]['filters'][$subvalue['config_key']][] = $subvalue['config_value']; - } else { + } elseif (in_array($subvalue['config_key'], ['rrd_cached_option', 'rrd_cached'])) { if ($subvalue['config_key'] === 'rrd_cached_option') { $rrdCacheOption = $subvalue['config_value']; - continue; + } elseif ($subvalue['config_key'] === 'rrd_cached') { + $rrdCached = $subvalue['config_value']; } - - if ($subvalue['config_key'] === 'rrd_cached') { + if ($rrdCached && $rrdCacheOption) { if ($rrdCacheOption === 'tcp') { - $object[$key][$subvalue['config_group_id']]['port'] = $subvalue['config_value']; + $object[$key][$subvalue['config_group_id']]['port'] = $rrdCached; } elseif ($rrdCacheOption === 'unix') { - $object[$key][$subvalue['config_group_id']]['path'] = $subvalue['config_value']; + $object[$key][$subvalue['config_group_id']]['path'] = $rrdCached; } - continue; } - + } else { $object[$key][$subvalue['config_group_id']][$subvalue['config_key']] = $subvalue['config_value']; diff --git a/www/include/configuration/configCentreonBroker/DB-Func.php b/www/include/configuration/configCentreonBroker/DB-Func.php index ef6b18e3f7a..e76b4384db9 100644 --- a/www/include/configuration/configCentreonBroker/DB-Func.php +++ b/www/include/configuration/configCentreonBroker/DB-Func.php @@ -74,8 +74,10 @@ function enableCentreonBrokerInDB($id) return; } - $query = "UPDATE cfg_centreonbroker SET config_activate = '1' WHERE config_id = " . $id; - $pearDB->query($query); + $query = "UPDATE cfg_centreonbroker SET config_activate = '1' WHERE config_id = :config_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', (int) $id, \PDO::PARAM_INT); + $statement->execute(); } /** @@ -91,8 +93,10 @@ function disablCentreonBrokerInDB($id) return; } - $query = "UPDATE cfg_centreonbroker SET config_activate = '0' WHERE config_id = " . $id; - $pearDB->query($query); + $query = "UPDATE cfg_centreonbroker SET config_activate = '0' WHERE config_id = :config_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', (int) $id, \PDO::PARAM_INT); + $statement->execute(); } /** @@ -104,8 +108,10 @@ function deleteCentreonBrokerInDB($ids = array()) { global $pearDB; + $statement = $pearDB->prepare("DELETE FROM cfg_centreonbroker WHERE config_id = :config_id"); foreach ($ids as $key => $value) { - $pearDB->query("DELETE FROM cfg_centreonbroker WHERE config_id = " . $key); + $statement->bindValue(':config_id', (int) $key, \PDO::PARAM_INT); + $statement->execute(); } } @@ -194,13 +200,7 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) foreach ($ids as $id => $value) { $cbObj = new CentreonConfigCentreonBroker($pearDB); - $query = "SELECT config_name, config_filename, config_activate, ns_nagios_server, - event_queue_max_size, cache_directory, daemon " - . "FROM cfg_centreonbroker " - . "WHERE config_id = " . $id . " "; - $dbResult = $pearDB->query($query); - $row = $dbResult->fetch(); - $dbResult->closeCursor(); + $row = getCfgBrokerData((int) $id); # Prepare values $values = array(); @@ -210,14 +210,11 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) $values['event_queue_max_size'] = $row['event_queue_max_size']; $values['cache_directory'] = $row['cache_directory']; $values['activate_watchdog']['activate_watchdog'] = $row['daemon']; - $query = "SELECT config_key, config_value, config_group, config_group_id " - . "FROM cfg_centreonbroker_info " - . "WHERE config_id = " . $id . " "; - $dbResult = $pearDB->query($query); $values['output'] = array(); $values['input'] = array(); $values['logger'] = array(); - while ($rowOpt = $dbResult->fetch()) { + $brokerCfgInfoData = getCfgBrokerInfoData((int) $id); + foreach ($brokerCfgInfoData as $rowOpt) { if ($rowOpt['config_key'] == 'filters') { continue; } elseif ($rowOpt['config_key'] == 'category') { @@ -228,7 +225,6 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) $rowOpt['config_value']; } } - $dbResult->closeCursor(); # Convert values radio button foreach ($values as $group => $groups) { @@ -254,6 +250,8 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) # Copy the configuration $j = 1; + $query = "SELECT COUNT(*) as nb FROM cfg_centreonbroker WHERE config_name = :config_name"; + $statement = $pearDB->prepare($query); for ($i = 1; $i <= $nbrDup[$id]; $i++) { $nameNOk = true; @@ -261,9 +259,9 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) while ($nameNOk) { $newname = $row['config_name'] . '_' . $j; $newfilename = $j . '_' . $row['config_filename']; - $query = "SELECT COUNT(*) as nb FROM cfg_centreonbroker WHERE config_name = '" . $newname . "'"; - $res = $pearDB->query($query); - $rowNb = $res->fetch(); + $statement->bindValue(':config_name', $newname, \PDO::PARAM_STR); + $statement->execute(); + $rowNb = $statement->fetch(\PDO::FETCH_ASSOC); if ($rowNb['nb'] == 0) { $nameNOk = false; } @@ -293,3 +291,54 @@ function isPositiveNumeric($size): bool } return $isPositive; } + +/** + * Getting Centreon CFG broker data + * + * @param int $configId + * @return array + */ +function getCfgBrokerData(int $configId): array +{ + global $pearDB; + + $query = "SELECT config_name, config_filename, config_activate, ns_nagios_server, + event_queue_max_size, cache_directory, daemon " + . "FROM cfg_centreonbroker " + . "WHERE config_id = :config_id "; + try { + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', $configId, \PDO::PARAM_INT); + $statement->execute(); + $cfgBrokerData = $statement->fetch(\PDO::FETCH_ASSOC); + } catch (PDOException $exception) { + throw new \Exception("Cannot fetch Broker config data"); + } + $statement->closeCursor(); + return $cfgBrokerData; +} + +/** + * Getting Centreon CFG broker Info data + * + * @param int $configId + * @return array + */ +function getCfgBrokerInfoData(int $configId): array +{ + global $pearDB; + + $query = "SELECT config_key, config_value, config_group, config_group_id " + . "FROM cfg_centreonbroker_info " + . "WHERE config_id = :config_id"; + try { + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', $configId, \PDO::PARAM_INT); + $statement->execute(); + $cfgBrokerInfoData = $statement->fetchAll(\PDO::FETCH_ASSOC); + } catch (\PDOException $exception) { + throw new \Exception("Cannot fetch Broker info config data"); + } + $statement->closeCursor(); + return $cfgBrokerInfoData; +} diff --git a/www/include/configuration/configGenerate/xml/restartPollers.php b/www/include/configuration/configGenerate/xml/restartPollers.php index ac25b2f18ec..ae9350cdac2 100644 --- a/www/include/configuration/configGenerate/xml/restartPollers.php +++ b/www/include/configuration/configGenerate/xml/restartPollers.php @@ -246,18 +246,6 @@ function log_error($errno, $errstr, $errfile, $errline) $msg_restart[$key] = str_replace("\n", "
", $str); } - /* Find restart / reload action from modules */ - foreach ($centreon->modules as $key => $value) { - if ( - $value["restart"] - && $files = glob(_CENTREON_PATH_ . "www/modules/" . $key . "/restart_pollers/*.php") - ) { - foreach ($files as $filename) { - include $filename; - } - } - } - $xml->startElement("response"); $xml->writeElement("status", $okMsg); $xml->writeElement("statuscode", STATUS_OK); diff --git a/www/include/configuration/configKnowledge/display-hostTemplates.php b/www/include/configuration/configKnowledge/display-hostTemplates.php index 9595a6560a4..c64be5baf06 100644 --- a/www/include/configuration/configKnowledge/display-hostTemplates.php +++ b/www/include/configuration/configKnowledge/display-hostTemplates.php @@ -167,11 +167,11 @@ foreach ($tplArr as $key1 => $value1) { if ($firstTpl) { $tplStr .= " " . $value1 . " "; + "/index.php?title=Host-Template_:_" . $value1 . "' target = '_blank' > " . $value1 . " "; $firstTpl = 0; } else { $tplStr .= " |  " . $value1 . " "; + "/index.php?title=Host-Template_:_" . $value1 . "' target = '_blank' > " . $value1 . " "; } } } diff --git a/www/include/configuration/configKnowledge/display-hosts.php b/www/include/configuration/configKnowledge/display-hosts.php index 0bc0e4d525a..bfa2e97dab6 100644 --- a/www/include/configuration/configKnowledge/display-hosts.php +++ b/www/include/configuration/configKnowledge/display-hosts.php @@ -192,11 +192,11 @@ foreach ($tplArr as $key1 => $value1) { if ($firstTpl) { $tplStr .= "" . $value1 . ""; + "/index.php?title=Host-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; $firstTpl = 0; } else { $tplStr .= " | " . $value1 . ""; + "/index.php?title=Host-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; } } } diff --git a/www/include/configuration/configKnowledge/display-serviceTemplates.php b/www/include/configuration/configKnowledge/display-serviceTemplates.php index a609fc22e54..fab6889c54b 100644 --- a/www/include/configuration/configKnowledge/display-serviceTemplates.php +++ b/www/include/configuration/configKnowledge/display-serviceTemplates.php @@ -170,11 +170,11 @@ foreach ($tplArr as $key1 => $value1) { if ($firstTpl) { $tplStr .= "" . $value1 . ""; + "/index.php?title=Service-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; $firstTpl = 0; } else { $tplStr .= " | " . $value1 . ""; + "/index.php?title=Service-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; } } } diff --git a/www/include/configuration/configKnowledge/display-services.php b/www/include/configuration/configKnowledge/display-services.php index 6143fc24a50..14c8ab0f829 100644 --- a/www/include/configuration/configKnowledge/display-services.php +++ b/www/include/configuration/configKnowledge/display-services.php @@ -274,7 +274,7 @@ $tplStr .= " | "; } $tplStr .= "" . $value1 . ""; + "/index.php?title=Service-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; } } $templateHostArray[$key] = $tplStr; diff --git a/www/include/configuration/configObject/contactgroup/formContactGroup.php b/www/include/configuration/configObject/contactgroup/formContactGroup.php index 4112ceb27b7..fa2bfb9215a 100644 --- a/www/include/configuration/configObject/contactgroup/formContactGroup.php +++ b/www/include/configuration/configObject/contactgroup/formContactGroup.php @@ -64,12 +64,14 @@ /* * Get host Group information */ - $DBRESULT = $pearDB->query("SELECT * FROM `contactgroup` WHERE `cg_id` = '" . $cg_id . "' LIMIT 1"); + $statement = $pearDB->prepare("SELECT * FROM `contactgroup` WHERE `cg_id` = :cg_id LIMIT 1"); + $statement->bindValue(':cg_id', (int) $cg_id, \PDO::PARAM_INT); + $statement->execute(); /* * Set base value */ - $cg = array_map("myDecode", $DBRESULT->fetchRow()); + $cg = array_map("myDecode", $statement->fetch(\PDO::FETCH_ASSOC)); } $attrsText = array("size" => "30"); diff --git a/www/include/configuration/configObject/host_categories/listHostCategories.php b/www/include/configuration/configObject/host_categories/listHostCategories.php index bc454267abe..81a3ae8c25a 100644 --- a/www/include/configuration/configObject/host_categories/listHostCategories.php +++ b/www/include/configuration/configObject/host_categories/listHostCategories.php @@ -141,16 +141,16 @@ $aclFrom = ", $aclDbName.centreon_acl acl "; $aclCond = " AND h.host_id = acl.host_id AND acl.group_id IN (" . $acl->getAccessGroupsString() . ") "; } - $DBRESULT2 = $pearDB->query( - "SELECT h.host_id, h.host_activate " . + $hcStatement = $pearDB->prepare("SELECT h.host_id, h.host_activate " . "FROM hostcategories_relation hcr, host h " . $aclFrom . - " WHERE hostcategories_hc_id = '" . $hc['hc_id'] . "'" . + " WHERE hostcategories_hc_id = :hcId" . " AND h.host_id = hcr.host_host_id " . $aclCond . - " AND h.host_register = '1' " - ); + " AND h.host_register = '1' "); + $hcStatement->bindValue(':hcId', (int) $hc['hc_id'], \PDO::PARAM_INT); + $hcStatement->execute(); $nbrhostActArr = array(); $nbrhostDeactArr = array(); - while ($row = $DBRESULT2->fetch()) { + while ($row = $hcStatement->fetch()) { if ($row['host_activate']) { $nbrhostActArr[$row['host_id']] = true; } else { diff --git a/www/include/configuration/configObject/service/listServiceByHost.php b/www/include/configuration/configObject/service/listServiceByHost.php index e2181452d4e..e5cc23fb00e 100644 --- a/www/include/configuration/configObject/service/listServiceByHost.php +++ b/www/include/configuration/configObject/service/listServiceByHost.php @@ -245,14 +245,16 @@ $centreonToken = createCSRFToken(); +$statement = $pearDB->prepare( + "SELECT COUNT(*) FROM host_service_relation WHERE service_service_id = :service_id" +); for ($i = 0; $service = $dbResult->fetch(); $i++) { //Get Number of Hosts linked to this one. - $dbResult2 = $pearDB->query( - "SELECT COUNT(*) FROM host_service_relation WHERE service_service_id = '" . $service["service_id"] . "'" - ); - $data = $dbResult2->fetch(); + $statement->bindValue(':service_id', $service["service_id"], \PDO::PARAM_INT); + $statement->execute(); + $data = $statement->fetch(\PDO::FETCH_ASSOC); $service["nbr"] = $data["COUNT(*)"]; - $dbResult2->closeCursor(); + $statement->closeCursor(); unset($data); /** diff --git a/www/include/configuration/configObject/service/listServiceByHostGroup.php b/www/include/configuration/configObject/service/listServiceByHostGroup.php index 10724fe36fe..5a43d147d95 100644 --- a/www/include/configuration/configObject/service/listServiceByHostGroup.php +++ b/www/include/configuration/configObject/service/listServiceByHostGroup.php @@ -202,27 +202,56 @@ * HostGroup/service list */ if ($searchS || $searchHG) { + //preparing tmp binds + $tmpIds = explode(',', $tmp); + $tmpQueryBinds = []; + foreach ($tmpIds as $key => $value) { + $tmpQueryBinds[':tmp_id_' . $key] = $value; + } + $tmpBinds = implode(',', array_keys($tmpQueryBinds)); + //preparing tmp2 binds + $tmp2Ids = explode(',', $tmp2); + $tmp2QueryBinds = []; + foreach ($tmp2Ids as $key => $value) { + $tmp2QueryBinds[':tmp2_id_' . $key] = $value; + } + $tmp2Binds = implode(',', array_keys($tmp2QueryBinds)); + $query = "SELECT $distinct @nbr:=(SELECT COUNT(*) FROM host_service_relation " . "WHERE service_service_id = sv.service_id GROUP BY sv.service_id ) AS nbr, sv.service_id, " . "sv.service_description, sv.service_activate, sv.service_template_model_stm_id, hg.hg_id, hg.hg_name " . "FROM service sv, hostgroup hg, host_service_relation hsr $aclFrom " . - "WHERE sv.service_register = '1' $sqlFilterCase AND sv.service_id IN (" . ($tmp ? $tmp : 'NULL') . - ") AND hsr.hostgroup_hg_id IN (" . ($tmp2 ? $tmp2 : 'NULL') . ") " . - ((isset($template) && $template) ? " AND service_template_model_stm_id = '$template' " : "") . + "WHERE sv.service_register = '1' $sqlFilterCase AND sv.service_id " . + "IN ($tmpBinds) AND hsr.hostgroup_hg_id IN ($tmp2Binds) " . + ((isset($template) && $template) ? " AND service_template_model_stm_id = :template " : "") . " AND hsr.service_service_id = sv.service_id AND hg.hg_id = hsr.hostgroup_hg_id " . $aclCond . - "ORDER BY hg.hg_name, sv.service_description LIMIT " . $num * $limit . ", " . $limit; + "ORDER BY hg.hg_name, sv.service_description LIMIT :offset_, :limit"; + $statement = $pearDB->prepare($query); + //tmp bind values + foreach ($tmpQueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, PDO::PARAM_INT); + } + //tmp bind values + foreach ($tmp2QueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, PDO::PARAM_INT); + } } else { $query = "SELECT $distinct @nbr:=(SELECT COUNT(*) FROM host_service_relation " . "WHERE service_service_id = sv.service_id GROUP BY sv.service_id ) AS nbr, sv.service_id, " . "sv.service_description, sv.service_activate, sv.service_template_model_stm_id, hg.hg_id, hg.hg_name " . "FROM service sv, hostgroup hg, host_service_relation hsr $aclFrom " . "WHERE sv.service_register = '1' $sqlFilterCase " . - ((isset($template) && $template) ? " AND service_template_model_stm_id = '$template' " : "") . + ((isset($template) && $template) ? " AND service_template_model_stm_id = :template " : "") . " AND hsr.service_service_id = sv.service_id AND hg.hg_id = hsr.hostgroup_hg_id " . $aclCond . - "ORDER BY hg.hg_name, sv.service_description LIMIT " . $num * $limit . ", " . $limit; + "ORDER BY hg.hg_name, sv.service_description LIMIT :offset_, :limit"; + $statement = $pearDB->prepare($query); } -$dbResult = $pearDB->query($query); - +$statement->bindValue(':offset_', (int) $num * (int) $limit, \PDO::PARAM_INT); +$statement->bindValue(':limit', (int) $limit, \PDO::PARAM_INT); +if ((isset($template) && $template)) { + $statement->bindValue(':template', (int) $template, \PDO::PARAM_INT); +} +$statement->execute(); $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p); // Different style between each lines @@ -263,7 +292,7 @@ $centreonToken = createCSRFToken(); -for ($i = 0; $service = $dbResult->fetch(); $i++) { +for ($i = 0; $service = $statement->fetch(); $i++) { $moptions = ""; $fgHostgroup["value"] != $service["hg_name"] ? ($fgHostgroup["print"] = true && $fgHostgroup["value"] = $service["hg_name"]) diff --git a/www/include/configuration/configObject/traps-groups/DB-Func.php b/www/include/configuration/configObject/traps-groups/DB-Func.php index b36febd1d22..fe45b6abc19 100644 --- a/www/include/configuration/configObject/traps-groups/DB-Func.php +++ b/www/include/configuration/configObject/traps-groups/DB-Func.php @@ -172,10 +172,12 @@ function insertTrapGroup($ret = array()) $fields = array(); if (isset($ret['traps'])) { + $query = "INSERT INTO traps_group_relation (traps_group_id, traps_id) VALUES (:traps_group_id, :traps_id)"; + $statement = $pearDB->prepare($query); foreach ($ret['traps'] as $trap_id) { - $query = "INSERT INTO traps_group_relation (traps_group_id, traps_id) VALUES (" . - $pearDB->escape($trap_group_id['max_id']) . ",'" . $pearDB->escape($trap_id) . "')"; - $pearDB->query($query); + $statement->bindValue(':traps_group_id', $trap_group_id['max_id'], \PDO::PARAM_INT); + $statement->bindValue(':traps_id', (int) $trap_id, \PDO::PARAM_INT); + $statement->execute(); } } diff --git a/www/include/configuration/configObject/traps/listTraps.php b/www/include/configuration/configObject/traps/listTraps.php index 9c96c83ced7..1dfafef18a1 100644 --- a/www/include/configuration/configObject/traps/listTraps.php +++ b/www/include/configuration/configObject/traps/listTraps.php @@ -200,9 +200,11 @@ "event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;" . "\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[" . $trap['traps_id'] . "]' />"; - $dbResult2 = $pearDB->query("select alias from traps_vendor where id='" . $trap['manufacturer_id'] . "' LIMIT 1"); - $mnftr = $dbResult2->fetch(); - $dbResult2->closeCursor(); + $statement = $pearDB->prepare("select alias from traps_vendor where id= :trap LIMIT 1"); + $statement->bindValue(':trap', (int) $trap['manufacturer_id'], \PDO::PARAM_INT); + $statement->execute(); + $mnftr = $statement->fetch(); + $statement->closeCursor(); $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), diff --git a/www/include/monitoring/common-Func.php b/www/include/monitoring/common-Func.php index cb8fb71330c..f940fcbf379 100644 --- a/www/include/monitoring/common-Func.php +++ b/www/include/monitoring/common-Func.php @@ -41,26 +41,6 @@ exit(); } -function getMyHostRow($host_id = null, $rowdata) -{ - global $pearDB; - if (!$host_id) { - exit(); - } - while (1) { - $DBRESULT = $pearDB->query("SELECT host_" . $rowdata . - ", host_template_model_htm_id FROM host WHERE host_id = '" . CentreonDB::escape($host_id) . "' LIMIT 1"); - $row = $DBRESULT->fetchRow(); - if ($row["host_" . $rowdata]) { - return $row["host_$rowdata"]; - } elseif ($row["host_template_model_htm_id"]) { - $host_id = $row["host_template_model_htm_id"]; - } else { - break; - } - } -} - function get_user_param($user_id, $pearDB) { $list_param = array( diff --git a/www/include/monitoring/objectDetails/serviceDetails.php b/www/include/monitoring/objectDetails/serviceDetails.php index 1c4e3ca334b..3d27476948b 100644 --- a/www/include/monitoring/objectDetails/serviceDetails.php +++ b/www/include/monitoring/objectDetails/serviceDetails.php @@ -621,18 +621,17 @@ $status .= "&value[" . $key . "]=" . $value; } - $optionsURL = "host_name=" . urlencode($host_name) . "&service_description=" . urlencode($svc_description); - - $query = "SELECT id FROM `index_data`, `metrics` WHERE host_name = '" . $pearDBO->escape($host_name) . - "' AND service_description = '" . $pearDBO->escape($svc_description) . "' AND id = index_id LIMIT 1"; - $DBRES = $pearDBO->query($query); + $query = "SELECT id FROM `index_data`, `metrics` WHERE host_name = :host_name" . + " AND service_description = :svc_description AND id = index_id LIMIT 1"; + $statement = $pearDBO->prepare($query); + $statement->bindValue(':host_name', $host_name, \PDO::PARAM_STR); + $statement->bindValue(':svc_description', $svc_description, \PDO::PARAM_STR); + $statement->execute(); $index_data = 0; - if ($DBRES->rowCount()) { - $row = $DBRES->fetchRow(); + if ($statement->rowCount()) { + $row = $statement->fetchRow(); $index_data = $row['id']; } - $optionsURL2 = "index=" . $index_data; - /* * Assign translations */ @@ -875,9 +874,7 @@ $tpl->assign("sv_ext_action_url_lang", _("Action URL")); $tpl->assign("sv_ext_action_url", CentreonUtils::escapeSecure($actionurl)); $tpl->assign("sv_ext_icon_image_alt", getMyServiceExtendedInfoField($service_id, "esi_icon_image_alt")); - $tpl->assign("options", $optionsURL); $tpl->assign("index_data", $index_data); - $tpl->assign("options2", CentreonUtils::escapeSecure($optionsURL2)); /** * Build the service detail URI that will be used in the diff --git a/www/include/options/accessLists/actionsACL/listsActionsAccess.php b/www/include/options/accessLists/actionsACL/listsActionsAccess.php index 156bee063e1..8427c6ade46 100644 --- a/www/include/options/accessLists/actionsACL/listsActionsAccess.php +++ b/www/include/options/accessLists/actionsACL/listsActionsAccess.php @@ -118,11 +118,6 @@ "return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[" . $topo['acl_action_id'] . "]' />"; /* Contacts */ - $ctNbr = array(); - $rq = "SELECT COUNT(*) AS nbr FROM acl_group_actions_relations " . - "WHERE acl_action_id = '" . $topo['acl_action_id'] . "'"; - $DBRESULT2 = $pearDB->query($rq); - $ctNbr = $DBRESULT2->fetchRow(); $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), diff --git a/www/include/options/accessLists/menusACL/listsMenusAccess.php b/www/include/options/accessLists/menusACL/listsMenusAccess.php index b577522220e..f263f150c27 100644 --- a/www/include/options/accessLists/menusACL/listsMenusAccess.php +++ b/www/include/options/accessLists/menusACL/listsMenusAccess.php @@ -116,10 +116,6 @@ "return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[" . $topo['acl_topo_id'] . "]' />"; /* Contacts */ - $ctNbr = array(); - $rq2 = "SELECT COUNT(*) AS nbr FROM acl_topology_relations WHERE acl_topo_id = '" . $topo['acl_topo_id'] . "'"; - $dbResult2 = $pearDB->query($rq2); - $ctNbr = $dbResult2->fetchRow(); $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), diff --git a/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php b/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php index ccf7b110d9c..9a32d81e659 100644 --- a/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php +++ b/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php @@ -130,13 +130,6 @@ . $resources['acl_res_id'] . "]'>"; /* Contacts */ - $ctNbr = array(); - $rq = "SELECT COUNT(*) AS nbr - FROM acl_resources_host_relations - WHERE acl_res_id = '" . $resources['acl_res_id'] . "'"; - $DBRESULT2 = $pearDB->query($rq); - $ctNbr = $DBRESULT2->fetchRow(); - $allHostgroups = (isset($resources["all_hostgroups"]) && $resources["all_hostgroups"] == 1 ? _("Yes") : _("No")); $allServicegroups = (isset($resources["all_servicegroups"]) && $resources["all_servicegroups"] == 1 ? _("Yes") : diff --git a/www/include/views/graphs/exportData/ExportCSVMetricData.php b/www/include/views/graphs/exportData/ExportCSVMetricData.php deleted file mode 100644 index ebb1f49a513..00000000000 --- a/www/include/views/graphs/exportData/ExportCSVMetricData.php +++ /dev/null @@ -1,79 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - */ - -function get_error($str) -{ - echo $str."
"; - exit(0); -} - -require_once realpath(dirname(__FILE__) . "/../../../../../config/centreon.config.php"); -require_once '../../../class/centreonDB.class.php'; - -$pearDB = new CentreonDB(); -$pearDBO = new CentreonDB("centstorage"); - -session_start(); -session_write_close(); - -$sid = session_id(); -if (isset($sid)) { - $res = $pearDB->query("SELECT * FROM session WHERE session_id = '".$sid."'"); - if (!$session = $res->fetchRow()) { - get_error('bad session id'); - } -} else { - get_error('need session identifiant !'); -} - -isset($_GET["metric_id"]) ? $mtrcs = htmlentities($_GET["metric_id"], ENT_QUOTES, "UTF-8") : $mtrcs = null; -isset($_POST["metric_id"]) ? $mtrcs = htmlentities($_POST["metric_id"], ENT_QUOTES, "UTF-8") : $mtrcs = $mtrcs; - -require_once '../../../class/centreonDuration.class.php'; -require_once '../../common/common-Func.php'; - -$period = (isset($_POST["period"])) ? htmlentities($_POST["period"], ENT_QUOTES, "UTF-8") : "today"; -$period = (isset($_GET["period"])) ? htmlentities($_GET["period"], ENT_QUOTES, "UTF-8") : $period; - -header("Content-Type: application/csv-tab-delimited-table"); -header("Content-disposition: filename=".$mhost.".csv"); - -print "Date;value\n"; -$begin = time() - 26000; - -$res = $pearDB->query("SELECT ctime, value FROM data_bin WHERE id_metric = '".$mtrcs."' AND CTIME >= '".$begin."'"); -while ($data = $res->fetchRow()) { - print $data["ctime"].";".$data["value"].";".date("Y-m-d H:i:s", $data["ctime"])."\n"; -} diff --git a/www/include/views/graphs/graph-periods.html b/www/include/views/graphs/graph-periods.html index b0524ae4700..3d2fdc6a3ee 100644 --- a/www/include/views/graphs/graph-periods.html +++ b/www/include/views/graphs/graph-periods.html @@ -11,7 +11,7 @@
{foreach from=$periods item=period} -
+
{$srv_name} during {$period.long} @@ -54,36 +54,21 @@ /* Add events on click on action download image/CSV */ jQuery('.graphZone').delegate('a.actions', 'click', function (e) { - var $a = jQuery(this); - var baseUrl = $a.data('href'); - var chartId = $a.parents('.graph').data('graphId'); - var start; - var end; - var timezone = localStorage.getItem('realTimezone') + let $a = jQuery(this); + let baseUrl = $a.data('href'); + let chartId = $a.parents('.graph').data('graphId'); + let start; + let end; + let timezone = localStorage.getItem('realTimezone') ? localStorage.getItem('realTimezone') : moment.tz.guess(); - /* Get the period */ - if (jQuery('select[name="period"]').val() === '') { - start = moment.tz( - jQuery('#StartDate').val() + ' ' + jQuery('#StartTime').val(), - timezone - ); - end = moment.tz( - jQuery('#EndDate').val() + ' ' + jQuery('#EndTime').val(), - timezone - ); - duration = moment.duration(end.diff(start)); - } else { - parseInterval = jQuery('select[name="period"]').val().match(/(\d+)([a-z]+)/i); - duration = moment.duration( - parseInt(parseInterval[1], 10), - parseInterval[2] - ); - start = moment().tz(timezone); - end = moment().tz(timezone); - start.subtract(parseInterval[1], parseInterval[2]); - } + //Defining the period + let graphPeriod = $a.parents('.graph').data('graphPeriod'); + let parseInterval = graphPeriod.match(/(\d+)([a-z]+)/i); + start = moment().tz(timezone); + end = moment().tz(timezone); + start.subtract(parseInterval[1], parseInterval[2]); e.preventDefault(); baseUrl += '?chartId=' + chartId + '&start=' + start.unix() + '&end=' + end.unix(); diff --git a/www/install/insertBaseConf.sql b/www/install/insertBaseConf.sql index c08019ce84f..2da8737b69e 100644 --- a/www/install/insertBaseConf.sql +++ b/www/install/insertBaseConf.sql @@ -2,7 +2,7 @@ -- Insert version -- -INSERT INTO `informations` (`key` ,`value`) VALUES ('version', '21.10.10'); +INSERT INTO `informations` (`key` ,`value`) VALUES ('version', '21.10.11'); -- -- Contenu de la table `contact` diff --git a/www/install/installBroker.sql b/www/install/installBroker.sql index 17683ae47d6..5fc59876a46 100644 --- a/www/install/installBroker.sql +++ b/www/install/installBroker.sql @@ -258,7 +258,7 @@ CREATE TABLE `hosts` ( `notes` varchar(512) DEFAULT NULL, `notes_url` varchar(2048) DEFAULT NULL, `notification_interval` double DEFAULT NULL, - `notification_number` smallint(6) DEFAULT NULL, + `notification_number` bigint(20) unsigned DEFAULT NULL, `notification_period` varchar(75) DEFAULT NULL, `notify` tinyint(1) DEFAULT NULL, `notify_on_down` tinyint(1) DEFAULT NULL, @@ -591,7 +591,7 @@ CREATE TABLE `services` ( `notes` varchar(512) DEFAULT NULL, `notes_url` varchar(2048) DEFAULT NULL, `notification_interval` double DEFAULT NULL, - `notification_number` smallint(6) DEFAULT NULL, + `notification_number` bigint(20) unsigned DEFAULT NULL, `notification_period` varchar(75) DEFAULT NULL, `notify` tinyint(1) DEFAULT NULL, `notify_on_critical` tinyint(1) DEFAULT NULL, diff --git a/www/install/php/Update-21.10.11.php b/www/install/php/Update-21.10.11.php new file mode 100644 index 00000000000..c97310ee79a --- /dev/null +++ b/www/install/php/Update-21.10.11.php @@ -0,0 +1,49 @@ +getColumnType('hosts', 'notification_number')), 'bigint')) { + $pearDBO->query("ALTER TABLE `hosts` MODIFY `notification_number` BIGINT(20) UNSIGNED DEFAULT NULL"); + } + + $errorMessage = "Impossible to update 'services' table"; + if (! str_contains(strtolower($pearDBO->getColumnType('services', 'notification_number')), 'bigint')) { + $pearDBO->query("ALTER TABLE `services` MODIFY `notification_number` BIGINT(20) UNSIGNED DEFAULT NULL"); + } +} catch (\Exception $e) { + $centreonLog->insertLog( + 4, + $versionOfTheUpgrade . $errorMessage . + " - Code : " . (int)$e->getCode() . + " - Error : " . $e->getMessage() . + " - Trace : " . $e->getTraceAsString() + ); + + throw new \Exception($versionOfTheUpgrade . $errorMessage, (int) $e->getCode(), $e); +} diff --git a/www/install/steps/process/insertBaseConf.php b/www/install/steps/process/insertBaseConf.php index 6a39d15aec4..3bb69afb817 100644 --- a/www/install/steps/process/insertBaseConf.php +++ b/www/install/steps/process/insertBaseConf.php @@ -123,18 +123,21 @@ // Manage timezone $timezone = date_default_timezone_get(); -$resTimezone = $link->query("SELECT timezone_id FROM timezone WHERE timezone_name= '" . $timezone . "'"); -if (!$resTimezone) { +$statement = $link->prepare("SELECT timezone_id FROM timezone WHERE timezone_name= :timezone_name"); +$statement->bindValue(':timezone_name', $timezone, \PDO::PARAM_STR); +if (!$statement->execute()) { $return['msg'] = _('Cannot get timezone information'); echo json_encode($return); exit; } -if ($row = $resTimezone->fetch()) { +if ($row = $statement->fetch(\PDO::FETCH_ASSOC)) { $timezoneId = $row['timezone_id']; } else { $timezoneId = '334'; # Europe/London timezone } -$link->exec("INSERT INTO `options` (`key`, `value`) VALUES ('gmt','" . $timezoneId . "')"); +$statement = $link->prepare("INSERT INTO `options` (`key`, `value`) VALUES ('gmt', :value)"); +$statement->bindValue(':value', $timezoneId, \PDO::PARAM_STR); +$statement->execute(); # Generate random key for this instance and set it to be not central and not remote $uniqueKey = md5(uniqid(rand(), true));