(fix) service status : encoding issue on status page #11583

TamazC · 2022-08-12T13:22:41Z

Description

Fixes # (issue)
MON-14190

Type of change

Patch fixing an issue (non-breaking change)
New functionality (non-breaking change)
Breaking change (patch or feature) that might cause side effects breaking part of the Software

Target serie

21.04.x
21.10.x
22.04.x
develop

How this pull request can be tested ?

Create a test-xss file in the tmp folder.
in this file add:
<img onerror='alert("tmp2")' src="foo" width=0 height=0>"test"
Go to configuration > commands > checks and create a new check: cat /tmp/test-xss
Link this check to a service linked to a valid host and export the configuration.
enable deprecated pages display.
go to monitoring > status details > services.
any popup shouldn't launched

Checklist

Community contributors & Centreon team

I have followed the coding style guidelines provided by Centreon
I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
I have commented my code, especially hard-to-understand areas of the PR.
I have rebased my development branch on the base branch (master, maintenance).

* Sanitize and bind ACL host dependency queries * fix issues

1122 1153 1134

…test (#11498) (#11506) Refs: MON-14585

* Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks

* Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters

#11484) (#11530) Refs: MON-14039

* sanitizing and binding acl actions queries * fix missing bind

* Sanitizing and binding broker listing queries * applying suggested changes

* fix encoding * remove useless function

* sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com>

* sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv

…1569) * sanityze 2 insert queries * spaces removed in a query

…tail_dev-21.04

sonarqube-decoration · 2022-08-31T08:29:01Z

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
7 Code Smells

No Coverage information
0.0% Duplication

* query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/install/php/Update-21.04.19.php Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>

* chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge hotfix-mon-15384 in 21.04.x (#11980) * enh(auth): autologin enhancement (#11958) Refs: MON-15384 * update version to 21.04.20 Co-authored-by: Kevin Duret <kduret@centreon.com> * chore(release):rebase dev-21.04.x on 21.04.x (#11916) * chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesÃ (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryÃ (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/install/php/Update-21.04.19.php Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) (#11903) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: SQLi in contact groups form 21.04.x (#11890) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com>

kduret and others added 16 commits August 6, 2022 19:45

fix(git): sync dev-21.04.x with 21.04.x (#11526)

065031c

[SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521)

b2f03b0

* Sanitize and bind ACL host dependency queries * fix issues

[SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517)

e8e1194

1122 1153 1134

removed old variable userCrypted and the use of it (#11334) (#11516)

b667811

fix(test): wait 8s before checking downtime is active in rest api v1 …

cabad1b

…test (#11498) (#11506) Refs: MON-14585

fix(pendo): correctly set locale when language is detection by browser (

6bc2b2e

#11484) (#11530) Refs: MON-14039

doc(ack): acknowledge Hakaï security (#11538)

3907bab

SNYK: Sanitize and bind ACL actions queries (#11549)

5967804

* sanitizing and binding acl actions queries * fix missing bind

SNYK: Sanitize and bind Broker listing queries (#11553)

b8eb592

* Sanitizing and binding broker listing queries * applying suggested changes

fix(conf) fix encoding in template service listing (#11558) (#11566)

5998080

* fix encoding * remove useless function

MON-14501 - sanitize query in centreonXmlbgRequest class (#11572)

53a6c28

* sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv

SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#1…

46fde16

…1569) * sanityze 2 insert queries * spaces removed in a query

Fix encoding issue on status serviceXML

b7adc2b

TamazC requested review from a team, adr-mo and wtermellil and removed request for a team August 12, 2022 13:22

kduret approved these changes Aug 12, 2022

View reviewed changes

dmyios approved these changes Aug 16, 2022

View reviewed changes

wtermellil approved these changes Aug 16, 2022

View reviewed changes

chgautier force-pushed the dev-21.04.x branch from 46fde16 to 16d8eee Compare August 23, 2022 09:16

chgautier requested review from a team, JKancel and jdelpierre and removed request for a team August 23, 2022 09:16

Merge branch 'dev-21.04.x' into bugfix_MON-14190-deprecated_status_de…

4df9fc8

…tail_dev-21.04

TamazC merged commit 917ec42 into dev-21.04.x Aug 31, 2022

TamazC deleted the bugfix_MON-14190-deprecated_status_detail_dev-21.04 branch August 31, 2022 13:26

tuntoja mentioned this pull request Sep 21, 2022

rebase dev-21.04.x on 21.04.x #11826

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(fix) service status : encoding issue on status page #11583

(fix) service status : encoding issue on status page #11583

TamazC commented Aug 12, 2022

sonarqube-decoration bot commented Aug 31, 2022

(fix) service status : encoding issue on status page #11583

(fix) service status : encoding issue on status page #11583

Conversation

TamazC commented Aug 12, 2022

Description

Type of change

Target serie

How this pull request can be tested ?

Checklist

Community contributors & Centreon team

sonarqube-decoration bot commented Aug 31, 2022