diff --git a/www/include/options/accessLists/groupsACL/DB-Func.php b/www/include/options/accessLists/groupsACL/DB-Func.php index 7f956573929..cd37f4343f1 100644 --- a/www/include/options/accessLists/groupsACL/DB-Func.php +++ b/www/include/options/accessLists/groupsACL/DB-Func.php @@ -99,15 +99,22 @@ function enableGroupInDB($acl_group_id = null, $groups = array()) } if ($acl_group_id) { - $groups = array($acl_group_id => "1"); + $groups = [$acl_group_id => "1"]; } foreach ($groups as $key => $value) { - $pearDB->query("UPDATE acl_groups SET acl_group_activate = '1' WHERE acl_group_id = '" . $key . "'"); - $query = "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = '" . (int)$key . "' LIMIT 1"; - $dbResult = $pearDB->query($query); + $dbResult = $pearDB->prepare("UPDATE acl_groups SET acl_group_activate = '1' WHERE acl_group_id = :aclGroupId"); + $dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT); + $dbResult->execute(); + + $dbResult = $pearDB->prepare( + "SELECT acl_group_name FROM `acl_groups` + WHERE acl_group_id = :aclGroupId LIMIT 1" + ); + $dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT); + $dbResult->execute(); $row = $dbResult->fetch(); - $centreon->CentreonLogAction->insertLog("access group", $key, $row['acl_group_name'], "enable"); + $centreon->CentreonLogAction->insertLog("access group", (int) $key, $row['acl_group_name'], "enable"); } } @@ -127,11 +134,18 @@ function disableGroupInDB($acl_group_id = null, $groups = array()) } foreach ($groups as $key => $value) { - $pearDB->query("UPDATE acl_groups SET acl_group_activate = '0' WHERE acl_group_id = '" . $key . "'"); - $query = "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = '" . (int)$key . "' LIMIT 1"; - $dbResult = $pearDB->query($query); + $dbResult = $pearDB->prepare( + "UPDATE acl_groups SET acl_group_activate = '0' WHERE acl_group_id = :aclGroupId" + ); + $dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT); + $dbResult->execute(); + $dbResult = $pearDB->prepare( + "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = :aclGroupId LIMIT 1" + ); + $dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT); + $dbResult->execute(); $row = $dbResult->fetch(); - $centreon->CentreonLogAction->insertLog("access group", $key, $row['acl_group_name'], "disable"); + $centreon->CentreonLogAction->insertLog("access group", (int) $key, $row['acl_group_name'], "disable"); } } @@ -145,11 +159,16 @@ function deleteGroupInDB($groups = array()) global $pearDB, $centreon; foreach ($groups as $key => $value) { - $query = "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = '" . (int)$key . "' LIMIT 1"; - $dbResult = $pearDB->query($query); + $dbResult = $pearDB->prepare( + "SELECT acl_group_name FROM `acl_groups` WHERE acl_group_id = :aclGroupId LIMIT 1" + ); + $dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT); + $dbResult->execute(); $row = $dbResult->fetch(); - $pearDB->query("DELETE FROM acl_groups WHERE acl_group_id = '" . $key . "'"); - $centreon->CentreonLogAction->insertLog("access group", $key, $row['acl_group_name'], "d"); + $dbResult = $pearDB->prepare("DELETE FROM acl_groups WHERE acl_group_id = :aclGroupId"); + $dbResult->bindValue('aclGroupId', $key, PDO::PARAM_INT); + $dbResult->execute(); + $centreon->CentreonLogAction->insertLog("access group", (int) $key, $row['acl_group_name'], "d"); } }