From 7a788c5b3b4e10dc32698aaaca427cef26c944f7 Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 6 Nov 2019 16:57:06 +0100 Subject: [PATCH] enh(BE): replace order filter's regexp using whitelist (#8094) * enh(UI): replace regexp by whitelist * fix(CI): sonar coding style issue --- .../status/HostGroups/xml/hostGroupXML.php | 12 +---------- .../monitoring/status/Hosts/xml/hostXML.php | 20 +++++++------------ .../status/Services/xml/serviceGridXML.php | 12 +---------- .../status/Services/xml/serviceSummaryXML.php | 12 +---------- .../status/Services/xml/serviceXML.php | 12 +---------- .../xml/serviceGridByHGXML.php | 12 +---------- .../xml/serviceSummaryByHGXML.php | 12 +---------- .../xml/serviceGridBySGXML.php | 12 +---------- .../xml/serviceSummaryBySGXML.php | 12 +---------- 9 files changed, 15 insertions(+), 101 deletions(-) diff --git a/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php b/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php index 99c7ee01ebe..f0691bfb3c7 100644 --- a/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php +++ b/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php @@ -77,17 +77,7 @@ $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); $instance = filter_input(INPUT_GET, 'instance', FILTER_VALIDATE_INT, array('options' => array('default' => -1))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/Hosts/xml/hostXML.php b/www/include/monitoring/status/Hosts/xml/hostXML.php index ec35c60b48a..a223140c497 100644 --- a/www/include/monitoring/status/Hosts/xml/hostXML.php +++ b/www/include/monitoring/status/Hosts/xml/hostXML.php @@ -78,17 +78,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); @@ -350,10 +340,14 @@ $obj->XML->writeElement("ha", $data["acknowledged"]); $obj->XML->writeElement("hdtm", $data["scheduled_downtime_depth"]); $obj->XML->writeElement( - "hdtmXml", "./include/monitoring/downtime/xml/broker/makeXMLForDowntime.php?hid=" . $data['host_id']); + "hdtmXml", + "./include/monitoring/downtime/xml/broker/makeXMLForDowntime.php?hid=" . $data['host_id'] + ); $obj->XML->writeElement("hdtmXsl", "./include/monitoring/downtime/xsl/popupForDowntime.xsl"); $obj->XML->writeElement( - "hackXml", "./include/monitoring/acknowlegement/xml/broker/makeXMLForAck.php?hid=" . $data['host_id']); + "hackXml", + "./include/monitoring/acknowlegement/xml/broker/makeXMLForAck.php?hid=" . $data['host_id'] + ); $obj->XML->writeElement("hackXsl", "./include/monitoring/acknowlegement/xsl/popupForAck.xsl"); $obj->XML->writeElement("hae", $data["active_checks"]); $obj->XML->writeElement("hpe", $data["passive_checks"]); diff --git a/www/include/monitoring/status/Services/xml/serviceGridXML.php b/www/include/monitoring/status/Services/xml/serviceGridXML.php index ec1aee82317..571ca3bbfa6 100644 --- a/www/include/monitoring/status/Services/xml/serviceGridXML.php +++ b/www/include/monitoring/status/Services/xml/serviceGridXML.php @@ -70,17 +70,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/Services/xml/serviceSummaryXML.php b/www/include/monitoring/status/Services/xml/serviceSummaryXML.php index a596c5d495c..847359c1ccc 100644 --- a/www/include/monitoring/status/Services/xml/serviceSummaryXML.php +++ b/www/include/monitoring/status/Services/xml/serviceSummaryXML.php @@ -67,17 +67,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/Services/xml/serviceXML.php b/www/include/monitoring/status/Services/xml/serviceXML.php index 2c18f3bb9c1..f886c5d159b 100644 --- a/www/include/monitoring/status/Services/xml/serviceXML.php +++ b/www/include/monitoring/status/Services/xml/serviceXML.php @@ -102,17 +102,7 @@ $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); $nc = filter_input(INPUT_GET, 'nc', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index 646fb732ad2..7367528e006 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -61,17 +61,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php index 5605c757255..3b5d14b5ed4 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php @@ -61,17 +61,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php index f52b4e51a3c..5f4fe3479e2 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php @@ -63,17 +63,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h"); diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php index 45270d81b94..80ab8d2c609 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php @@ -69,17 +69,7 @@ $num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, array('options' => array('default' => 0))); $limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, array('options' => array('default' => 20))); -$order = filter_input( - INPUT_GET, - 'order', - FILTER_VALIDATE_REGEXP, - array( - 'options' => array( - 'default' => "ASC", - 'regexp' => '/^(ASC|DESC)$/' - ) - ) -); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; // string values from the $_GET sanitized using the checkArgument() which call CentreonDB::escape() method $o = $obj->checkArgument("o", $_GET, "h");