FIX: Sanitize and bind LDAP CLAPI listing (#11764)

* sanitize and bind clapi LDAP listing * removing unecessary code
centreon · Sep 19, 2022 · 72732a8 · 72732a8
1 parent 1e07242
commit 72732a8
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/www/class/centreon-clapi/centreonLDAP.class.php b/www/class/centreon-clapi/centreonLDAP.class.php
@@ -184,10 +184,12 @@ public function showserver($arName = null)
         }
         $sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order
                 FROM auth_ressource_host
-                WHERE auth_ressource_id = " . $arId . "
+                WHERE auth_ressource_id = :auth_ressource_id 
                 ORDER BY host_order";
-        $res = $this->db->query($sql);
-        $row = $res->fetchAll();
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT);
+        $statement->execute();
+        $row = $statement->fetchAll(\PDO::FETCH_ASSOC);
         echo "id;address;port;ssl;tls;order\n";
         foreach ($row as $srv) {
             echo $srv['ldap_host_id'] . $this->delim .