[SNYK] Sanitize and bind ACL class queries (#11392) #11405

emabassi-ext · 2022-07-20T09:42:26Z

Description

Queries sanitized and bound using PDO statement to reduce attack surface and clean legacy code.

File: www/class/centreonACL.class.php - methods setTopology() and updateACL()
Lines : 410 - 1698 - 1709 - 1736
Fixes # MON-14262

Approved and merged on develop branch

Type of change

Patch fixing an issue (non-breaking change)
New functionality (non-breaking change)
Breaking change (patch or feature) that might cause side effects breaking part of the Software

Target serie

21.04.x
21.10.x
22.04.x
22.10.x (master)

How this pull request can be tested ?

Using ACL on a non admin user, change access menu, save and logout.

Login again and check that ACL are applied as expected

Checklist

Community contributors & Centreon team

I have followed the coding style guidelines provided by Centreon
I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
I have commented my code, especially hard-to-understand areas of the PR.
I have rebased my development branch on the base branch (master, maintenance).

* Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters