Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
fix(secu): sanitize ACL group enabling action (#10791)
Browse files Browse the repository at this point in the history 
* fix(secu): sanitize ACL group disabling action

* Update www/include/options/accessLists/groupsACL/DB-Func.php

Co-authored-by: Kevin Duret <kduret@centreon.com>

* style

* fix(secu): sanitize ACL group disabling action (#10794)

* fix(secu): sanitize ACL group disabling action

* fix(secu): sanitize ACL group delete action (#10795)

Co-authored-by: Kevin Duret <kduret@centreon.com>
  • Loading branch information
@sc979 @kduret
sc979 and kduret authored Feb 24, 2022
1 parent aec4d39 commit f2c9312
Showing 1 changed file with 32 additions and 13 deletions.
45 changes: 32 additions & 13 deletions www/include/options/accessLists/groupsACL/DB-Func.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,15 +99,22 @@ function enableGroupInDB($acl_group_id = null, $groups = array())
}

if ($acl_group_id) {
$groups = array($acl_group_id => "1");
$groups = [$acl_group_id => "1"];
}

foreach ($groups as $key => $value) {
$pearDB->query("UPDATE acl_groups SET acl_group_activate = '1' WHERE acl_group_id = '" . $key . "'");
$query = "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = '" . (int)$key . "' LIMIT 1";
$dbResult = $pearDB->query($query);
$dbResult = $pearDB->prepare("UPDATE acl_groups SET acl_group_activate = '1' WHERE acl_group_id = :aclGroupId");
$dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT);
$dbResult->execute();

$dbResult = $pearDB->prepare(
"SELECT acl_group_name FROM `acl_groups`
WHERE acl_group_id = :aclGroupId LIMIT 1"
);
$dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT);
$dbResult->execute();
$row = $dbResult->fetch();
$centreon->CentreonLogAction->insertLog("access group", $key, $row['acl_group_name'], "enable");
$centreon->CentreonLogAction->insertLog("access group", (int) $key, $row['acl_group_name'], "enable");
}
}

Expand All @@ -127,11 +134,18 @@ function disableGroupInDB($acl_group_id = null, $groups = array())
}

foreach ($groups as $key => $value) {
$pearDB->query("UPDATE acl_groups SET acl_group_activate = '0' WHERE acl_group_id = '" . $key . "'");
$query = "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = '" . (int)$key . "' LIMIT 1";
$dbResult = $pearDB->query($query);
$dbResult = $pearDB->prepare(
"UPDATE acl_groups SET acl_group_activate = '0' WHERE acl_group_id = :aclGroupId"
);
$dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT);
$dbResult->execute();
$dbResult = $pearDB->prepare(
"SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = :aclGroupId LIMIT 1"
);
$dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT);
$dbResult->execute();
$row = $dbResult->fetch();
$centreon->CentreonLogAction->insertLog("access group", $key, $row['acl_group_name'], "disable");
$centreon->CentreonLogAction->insertLog("access group", (int) $key, $row['acl_group_name'], "disable");
}
}

Expand All @@ -145,11 +159,16 @@ function deleteGroupInDB($groups = array())
global $pearDB, $centreon;

foreach ($groups as $key => $value) {
$query = "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = '" . (int)$key . "' LIMIT 1";
$dbResult = $pearDB->query($query);
$dbResult = $pearDB->prepare(
"SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = :aclGroupId LIMIT 1"
);
$dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT);
$dbResult->execute();
$row = $dbResult->fetch();
$pearDB->query("DELETE FROM acl_groups WHERE acl_group_id = '" . $key . "'");
$centreon->CentreonLogAction->insertLog("access group", $key, $row['acl_group_name'], "d");
$dbResult = $pearDB->prepare("DELETE FROM acl_groups WHERE acl_group_id = :aclGroupId");
$dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT);
$dbResult->execute();
$centreon->CentreonLogAction->insertLog("access group", (int) $key, $row['acl_group_name'], "d");
}
}

Expand Down

0 comments on commit f2c9312

Please sign in to comment.