add virtual entry "ALL" in ACL #11

centreon · 2008-11-20T09:42:12Z

Author Name: Nikolaus Filus (Nikolaus Filus)
Original Redmine Issue: 318, https://forge.centreon.com/issues/318

Original Assignee: Julien Mathis

In a changing environment it is hard to track all changes and adopt ACLs to current state. In the beginning of using ACLs it’s also hard to define a simple “read-only” ACL.

Please add a virtual entry “ALL” for hosts, host-groups, services and service-groups or categories.

[Milestone set to 2.0 as it would enhance the final point release and is a minor(?) change]

centreon · 2008-11-20T22:07:59Z

Original Redmine Comment
Author Name: Julien Mathis (Julien Mathis)
Original Date: 2008-11-20T22:07:59Z

Normaly, if you don’t add resources ACL, your user can have access to all hosts.

the “ALL” virtual entry is automatic.

Can you test ?

centreon · 2008-12-05T15:34:06Z

Original Redmine Comment
Author Name: Nikolaus Filus (Nikolaus Filus)
Original Date: 2008-12-05T15:34:06Z

No, that doesn’t work in RC8.

I have 2 ACLs for Ressources and the user group is not included in any of them. I can see problems on Home page, but nothing in Views → Host groups → Grid, Views → Service groups → Grid and absolutely no Graphs.

And BTW: with this implicit ALL it’s only possible either ALL for EVERYTHING or SOME for EVERYTHING – what about: “allow see all services for a selected hosts” (even after changing the amount of services without having to modify ACL)?

centreon · 2009-08-19T12:53:51Z

Original Redmine Comment
Author Name: Nikolaus Filus (Nikolaus Filus)
Original Date: 2009-08-19T12:53:51Z

Ok, my idea is as follows:

ALTER TABLE `acl_resources` ADD all_hosts enum('0','1') default '0' AFTER `acl_res_status` ;
ALTER TABLE `acl_resources` ADD all_hg    enum('0','1') default '0' AFTER `acl_res_status` ;
ALTER TABLE `acl_resources` ADD all_svcs  enum('0','1') default '0' AFTER `acl_res_status` ;
ALTER TABLE `acl_resources` ADD all_sg    enum('0','1') default '0' AFTER `acl_res_status` ;
ALTER TABLE `acl_resources` ADD all_sc    enum('0','1') default '0' AFTER `acl_res_status` ;
ALTER TABLE `acl_resources` ADD all_meta  enum('0','1') default '0' AFTER `acl_res_status` ;

Then we could modify centreonACL to something like:

if ($this->is_admin || $this->all_hosts) {
  $query = "SELECT * from hosts";
} else {
  $query = "SELECT * FROM acl_resources_host_relations AS rel WHERE rel.acl_res_id IN (".$this->accessGroups.")";
}

This would still need a concept how to proceed with ndo.centreon_acl ...
What do you think?

centreon · 2010-09-28T11:44:12Z

Original Redmine Comment
Author Name: Thomas - aka Jogarem - (Thomas - aka Jogarem -)
Original Date: 2010-09-28T11:44:12Z

we have the same issue/requirement and use v2.1.9 of Centreon.

Regards
Thomas

centreon · 2010-09-28T21:10:10Z

Original Redmine Comment
Author Name: Julien Mathis (Julien Mathis)
Original Date: 2010-09-28T21:10:10Z

I have just done last week a patch for that.

It's a little bit more difficult than that :)

centreon · 2010-10-22T21:28:02Z

Original Redmine Comment
Author Name: Julien Mathis (Julien Mathis)
Original Date: 2010-10-22T21:28:02Z

Now we have only to work on engine. Configuration UI ok.

centreon · 2010-11-18T05:04:55Z

Original Redmine Comment
Author Name: Julien Mathis (Julien Mathis)
Original Date: 2010-11-18T05:04:55Z

Appliqué par commit r11039.

#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeÃ * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeÃ * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge hotfix-mon-15318 in 21.10.x (#11948) * update version to 21.10.12 in insertBaseConf * fixed issue where notification number < 0 before update (#11935) Co-authored-by: dmyios <diosypenko@centreon.com> Refs: MON-15318 * add php update file for 21.10.12 Co-authored-by: Kevin Duret <kduret@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * fix(centreontrapd): check if conf file is not empty before to load it (#11708) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(conf): fix disabling additive inheritance (#11813) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(web): display command with status$ in the command definition (#11… (#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service te…

#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeÃ * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeÃ * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge hotfix-mon-15318 in 21.10.x (#11948) * update version to 21.10.12 in insertBaseConf * fixed issue where notification number < 0 before update (#11935) Co-authored-by: dmyios <diosypenko@centreon.com> Refs: MON-15318 * add php update file for 21.10.12 Co-authored-by: Kevin Duret <kduret@centreon.com> * chore(release): merge hotfix-mon-15384 in 21.10.x (Centreon WEB 21.10.13) (#11981) * enh(auth): autologin enhancement (#11957) Refs: MON-15384 * update version to 21.10.13 Co-authored-by: Kevin Duret <kduret@centreon.com> * fix(details): remove dead code (#11672) (#11685) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeÃ * fix(centreontrapd): check if conf file is not empty before to load it (#11708) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(conf): fix disabling additive inheritance (#11813) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(web): display command with status$ in the command definition (#11… (#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sani…

centreon added Status: Closed labels Jul 24, 2015

centreon added this to the Centreon-2.2 milestone Jul 24, 2015

centreon closed this as completed Jul 24, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add virtual entry "ALL" in ACL #11

add virtual entry "ALL" in ACL #11

centreon commented Nov 20, 2008

centreon commented Nov 20, 2008

centreon commented Dec 5, 2008

centreon commented Aug 19, 2009

centreon commented Sep 28, 2010

centreon commented Sep 28, 2010

centreon commented Oct 22, 2010

centreon commented Nov 18, 2010

add virtual entry "ALL" in ACL #11

add virtual entry "ALL" in ACL #11

Comments

centreon commented Nov 20, 2008

centreon commented Nov 20, 2008

centreon commented Dec 5, 2008

centreon commented Aug 19, 2009

centreon commented Sep 28, 2010

centreon commented Sep 28, 2010

centreon commented Oct 22, 2010

centreon commented Nov 18, 2010