Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

SNYK: Sanitize and bind generateImage queries 21.10.x #11562

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 29 additions & 9 deletions www/include/views/graphs/generateGraphs/generateImage.php
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@
} else {
die('Invalid token');
}
} else {
throw new \Exception('Username and token query strings must be set.');
}

$index = filter_var(
Expand Down Expand Up @@ -182,19 +184,37 @@
$dbstorage = new CentreonDB('centstorage');

$aclGroups = $acl->getAccessGroupsString();
$sql = "SELECT host_id, service_id FROM index_data WHERE id = " .$pearDB->escape($index);
$res = $dbstorage->query($sql);
if (!$res->rowCount()) {
$sql = "SELECT host_id, service_id FROM index_data WHERE id = :index_data_id";
$statement = $dbstorage->prepare($sql);
$statement->bindValue(':index_data_id', (int) $index, \PDO::PARAM_INT);
$statement->execute();
if (!$statement->rowCount()) {
die('Graph not found');
}
$row = $res->fetch();
unset($res);
$row = $statement->fetch(\PDO::FETCH_ASSOC);
unset($statement);
$hostId = $row['host_id'];
$serviceId = $row['service_id'];
$sql = "SELECT service_id FROM centreon_acl WHERE host_id = $hostId AND service_id = $serviceId
AND group_id IN ($aclGroups)";
$res = $pearDBO->query($sql);
if (!$res->rowCount()) {
$aclGroupsExploded = explode(',', $aclGroups);
if (empty($aclGroupsExploded)) {
throw new \Exception('Access denied');
}

$aclGroupsQueryBinds = [];
foreach ($aclGroupsExploded as $key => $value) {
$aclGroupsQueryBinds[':acl_group_' . $key] = $value;
}
$aclGroupBinds = implode(',', array_keys($aclGroupsQueryBinds));
$sql = "SELECT service_id FROM centreon_acl WHERE host_id = :host_id AND service_id = :service_id
AND group_id IN ($aclGroupBinds)";
$statement = $pearDBO->prepare($sql);
$statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT);
$statement->bindValue(':service_id', (int) $serviceId, \PDO::PARAM_INT);
foreach ($aclGroupsQueryBinds as $key => $value) {
$statement->bindValue($key, (int) $value, \PDO::PARAM_INT);
}
$statement->execute();
if (!$statement->rowCount()) {
die('Access denied');
}
}
Expand Down