MON-14501 - sanitize query in centreonXmlbgRequest class (#11571)

* sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv
centreon · Aug 11, 2022 · c08f72c · c08f72c
1 parent 6390687
commit c08f72c
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/www/class/centreonXMLBGRequest.class.php b/www/class/centreonXMLBGRequest.class.php
@@ -221,11 +221,12 @@ public function __construct(
 
     private function isUserAdmin()
     {
-        $query = "SELECT contact_admin, contact_id FROM contact " .
-            "WHERE contact.contact_id = '" . CentreonDB::escape($this->user_id) . "' LIMIT 1";
-        $dbResult = $this->DB->query($query);
-        $admin = $dbResult->fetchRow();
-        $dbResult->closeCursor();
+        $statement = $this->DB->prepare("SELECT contact_admin, contact_id FROM contact " .
+            "WHERE contact.contact_id = :userId LIMIT 1");
+        $statement->bindValue(":userId", (int) $this->user_id, \PDO::PARAM_INT);
+        $statement->execute();
+        $admin = $statement->fetchRow();
+        $statement->closeCursor();
         if ($admin !== false && $admin["contact_admin"]) {
             $this->is_admin = 1;
         } else {