Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732)
Browse files Browse the repository at this point in the history 
* sanitize and bind CLAPI poller config

* remove unecessary comment

* revert deleted imports
  • Loading branch information
@hyahiaoui-ext
hyahiaoui-ext authored Sep 9, 2022
1 parent 237f599 commit a22ad91
Showing 1 changed file with 22 additions and 14 deletions.
36 changes: 22 additions & 14 deletions www/class/centreon-clapi/centreon.Config.Poller.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,20 +175,24 @@ public function pollerReload($variables)
$poller_id = $this->getPollerId($variables);
$this->testPollerId($poller_id);

$result = $this->DB->query(
"SELECT * FROM `nagios_server` WHERE `id` = '" . $this->DB->escape($poller_id) . "' LIMIT 1"
$statement = $this->DB->prepare(
"SELECT * FROM `nagios_server` WHERE `id` = :poller_id LIMIT 1"
);
$host = $result->fetch();
$result->closeCursor();
$statement->bindValue(':poller_id', (int) $poller_id, \PDO::PARAM_INT);
$statement->execute();
$host = $statement->fetch(\PDO::FETCH_ASSOC);
$statement->closeCursor();

exec("echo 'RELOAD:" . $host["id"] . "' >> " . $this->centcore_pipe, $stdout, $return_code);
exec("echo 'RELOADBROKER:" . $host["id"] . "' >> " . $this->centcore_pipe, $stdout, $return_code);
$msg_restart = _("OK: A reload signal has been sent to '" . $host["name"] . "'");
print $msg_restart . "\n";
$this->DB->query(
"UPDATE `nagios_server` SET `last_restart` = '" . time()
. "' WHERE `id` = '" . $this->DB->escape($poller_id) . "' LIMIT 1"
$statement = $this->DB->prepare(
"UPDATE `nagios_server` SET `last_restart` = :last_restart WHERE `id` = :poller_id LIMIT 1"
);
$statement->bindValue(':last_restart', time(), \PDO::PARAM_INT);
$statement->bindValue(':poller_id', (int) $poller_id, \PDO::PARAM_INT);
$statement->execute();
return $return_code;
}

Expand Down Expand Up @@ -243,20 +247,24 @@ public function pollerRestart($variables)
$this->testPollerId($variables);
$poller_id = $this->getPollerId($variables);

$result = $this->DB->query(
"SELECT * FROM `nagios_server` WHERE `id` = '" . $this->DB->escape($poller_id) . "' LIMIT 1"
$statement = $this->DB->prepare(
"SELECT * FROM `nagios_server` WHERE `id` = :poller_id LIMIT 1"
);
$host = $result->fetch();
$result->closeCursor();
$statement->bindValue(':poller_id', (int) $poller_id, \PDO::PARAM_INT);
$statement->execute();
$host = $statement->fetch(\PDO::FETCH_ASSOC);
$statement->closeCursor();

exec("echo 'RESTART:" . $host["id"] . "' >> " . $this->centcore_pipe, $stdout, $return_code);
exec("echo 'RELOADBROKER:" . $host["id"] . "' >> " . $this->centcore_pipe, $stdout, $return_code);
$msg_restart = _("OK: A restart signal has been sent to '" . $host["name"] . "'");
print $msg_restart . "\n";
$this->DB->query(
"UPDATE `nagios_server` SET `last_restart` = '" . time()
. "' WHERE `id` = '" . $this->DB->escape($poller_id) . "' LIMIT 1"
$statement = $this->DB->prepare(
"UPDATE `nagios_server` SET `last_restart` = :last_restart WHERE `id` = :poller_id LIMIT 1"
);
$statement->bindValue(':last_restart', time(), \PDO::PARAM_INT);
$statement->bindValue(':poller_id', (int) $poller_id, \PDO::PARAM_INT);
$statement->execute();
return $return_code;
}

Expand Down

0 comments on commit a22ad91

Please sign in to comment.