Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
Sanitize and bind service group dependecies queries (#11667)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hyahiaoui-ext
hyahiaoui-ext authored Sep 2, 2022
1 parent 917ec42 commit 6ebe015
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions www/include/configuration/configObject/servicegroup_dependency/DB-Func.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,10 +128,13 @@ function multipleServiceGroupDependencyInDB($dependencies = array(), $nbrDup = a
"WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_sgParents"] = "";
$query = "INSERT INTO dependency_servicegroupParent_relation " .
"VALUES (:dep_id, :servicegroup_sg_id)";
$statement = $pearDB->prepare($query);
while ($sg = $dbResult->fetch()) {
$query = "INSERT INTO dependency_servicegroupParent_relation " .
"VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $sg["servicegroup_sg_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':servicegroup_sg_id', (int) $sg["servicegroup_sg_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_sgParents"] .= $sg["servicegroup_sg_id"] . ",";
}
$fields["dep_sgParents"] = trim($fields["dep_sgParents"], ",");
Expand All @@ -140,10 +143,13 @@ function multipleServiceGroupDependencyInDB($dependencies = array(), $nbrDup = a
"WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_sgChilds"] = "";
$query = "INSERT INTO dependency_servicegroupChild_relation " .
"VALUES (:dep_id, :servicegroup_sg_id)";
$statement = $pearDB->prepare($query);
while ($sg = $dbResult->fetch()) {
$query = "INSERT INTO dependency_servicegroupChild_relation " .
"VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $sg["servicegroup_sg_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':servicegroup_sg_id', (int) $sg["servicegroup_sg_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_sgChilds"] .= $sg["servicegroup_sg_id"] . ",";
}
$fields["dep_sgChilds"] = trim($fields["dep_sgChilds"], ",");
Expand Down

0 comments on commit 6ebe015

Please sign in to comment.