Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

chore(release): merge release-21.04.next into 21.04.x #11819

Merged
merged 15 commits into from
Sep 21, 2022
+154 −195
Merged

chore(release): merge release-21.04.next into 21.04.x #11819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
1bf57b7
query sanitized in listServiceCategoriesà (#11597) (#11634)
emabassi-ext Aug 29, 2022
3808c88
sanitize and bind in centreon connector queriy (#11637)
emabassi-ext Aug 30, 2022
5b30a8d
Sanitize and bind listVirtualMetrics queries (#11649)
emabassi-ext Aug 30, 2022
a7c4316
sanitize and bind host categories queryà (#11591) (#11646)
emabassi-ext Aug 30, 2022
dd5074e
sanitize insrert queries in db-func (#11652)
emabassi-ext Aug 30, 2022
2bf653b
Sanitized and bound queries in service argumentsXml file (#11655)
emabassi-ext Aug 30, 2022
917ec42
(fix) service status : encoding issue on status page (#11583)
TamazC Aug 31, 2022
6ebe015
Sanitize and bind service group dependecies queries (#11667)
hyahiaoui-ext Sep 2, 2022
226cde8
fix(conf) fix parent template display in service template listing (#1…
a-launois Sep 2, 2022
09fe9e2
fix(details): remove dead code (#11672) (#11684)
adr-mo Sep 5, 2022
47092da
fix(clapi): Check that user is admin to use clapi (#11631) (#11638)
jeremyjaouen Sep 5, 2022
7e6cded
fix(widgets): retrieve possibility to not select poller in pref (#116…
kduret Sep 6, 2022
66a3ec7
fix(details): second part of code cleanup for "tools" (#11725)
adr-mo Sep 8, 2022
3a4ce8b
fix(resource): Fix bad SQL request (#11702) (#11751)
callapa Sep 13, 2022
4dbf746
chore(install): update version to 21.04.18
tuntoja Sep 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion www/api/class/centreon_clapi.class.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ public function authorize($action, $user, $isInternal = false)
{
if (
parent::authorize($action, $user, $isInternal)
|| ($user && $user->hasAccessRestApiConfiguration())
|| ($user && $user->is_admin())
) {
return true;
}
Expand Down
30 changes: 16 additions & 14 deletions www/class/centreonConnector.class.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,40 +35,40 @@

/*
* Class that contains various methods for managing connectors
*
*
* Usage example:
*
*
* <?php
* require_once realpath(dirname(__FILE__) . "/../../config/centreon.config.php");
* require_once _CENTREON_PATH_ . 'www/class/centreonConnector.class.php';
* require_once _CENTREON_PATH_ . 'www/class/centreonDB.class.php';
*
*
* $connector = new CentreonConnector(new CentreonDB);
*
*
* //$connector->create(array(
* // 'name' => 'jackyse',
* // 'description' => 'some jacky',
* // 'command_line' => 'ls -la',
* // 'enabled' => true
* // ), true);
*
*
* //$connector->update(10, array(
* // 'name' => 'soapy',
* // 'description' => 'Lorem ipsum',
* // 'enabled' => true,
* // 'command_line' => 'ls -laph --color'
* //));
*
*
* //$connector->getList(false, 20, false);
*
*
* //$connector->delete(10);
*
*
* //$connector->read(7);
*
*
* //$connector->copy(1, 5, true);
*
*
* //$connector->count(false);
*
*
* //$connector->isNameAvailable('norExists');
*/

Expand Down Expand Up @@ -165,11 +165,13 @@ public function create(array $connector, $returnId = false)
throw new RuntimeException('Field id for connector not selected in query or connector not inserted');
} else {
if (isset($connector["command_id"])) {
$statement = $this->dbConnection->prepare("UPDATE `command` " .
"SET connector_id = :conId WHERE `command_id` = :value");
foreach ($connector["command_id"] as $key => $value) {
try {
$query = "UPDATE `command` SET connector_id = '" . $lastId['id'] . "' " .
"WHERE `command_id` = '" . $value . "'";
$this->dbConnection->query($query);
$statement->bindValue(':conId', (int) $lastId['id'], \PDO::PARAM_INT);
$statement->bindValue(':value', (int) $value, \PDO::PARAM_INT);
$statement->execute();
} catch (\PDOException $e) {
throw new RuntimeException('Cannot update connector');
}
Expand Down
1 change: 1 addition & 0 deletions www/class/centreonWidget/Params/Connector/Poller.class.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ public function getListValues($paramId)
static $tab;

if (! isset($tab)) {
$tab = [null => null];
$userACL = new CentreonACL($this->userId);
$isContactAdmin = $userACL->admin;
$request = 'SELECT SQL_CALC_FOUND_ROWS id, name FROM nagios_server ns';
Expand Down
16 changes: 10 additions & 6 deletions www/include/configuration/configObject/contactgroup/DB-Func.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,20 +144,24 @@ function multipleContactGroupInDB($contactGroups = array(), $nbrDup = array())
"WHERE `cg_cg_id` = " . (int)$key;
$dbResult = $pearDB->query($query);
$fields["cg_aclRelation"] = "";
$aclContactStatement = $pearDB->prepare("INSERT INTO `acl_group_contactgroups_relations` " .
"VALUES (:maxId, :cgAcl)");
while ($cgAcl = $dbResult->fetch()) {
$query = "INSERT INTO `acl_group_contactgroups_relations` VALUES ('" .
$maxId["MAX(cg_id)"] . "', '" . $cgAcl['acl_group_id'] . "')";
$pearDB->query($query);
$aclContactStatement->bindValue(":maxId", (int) $maxId["MAX(cg_id)"], PDO::PARAM_INT);
$aclContactStatement->bindValue(":cgAcl", (int) $cgAcl['acl_group_id'], PDO::PARAM_INT);
$aclContactStatement->execute();
$fields["cg_aclRelation"] .= $cgAcl["acl_group_id"] . ",";
}
$query = "SELECT DISTINCT `cgcr`.`contact_contact_id` FROM `contactgroup_contact_relation` `cgcr`" .
" WHERE `cgcr`.`contactgroup_cg_id` = '" . (int)$key . "'";
$dbResult = $pearDB->query($query);
$fields["cg_contacts"] = "";
$contactStatement = $pearDB->prepare("INSERT INTO `contactgroup_contact_relation` " .
"VALUES (:cct, :maxId)");
while ($cct = $dbResult->fetch()) {
$query = "INSERT INTO `contactgroup_contact_relation` " .
"VALUES ('" . $cct["contact_contact_id"] . "', '" . $maxId["MAX(cg_id)"] . "')";
$pearDB->query($query);
$contactStatement->bindValue(":cct", (int) $cct["contact_contact_id"], \PDO::PARAM_INT);
$contactStatement->bindValue(":maxId", (int) $maxId["MAX(cg_id)"], \PDO::PARAM_INT);
$contactStatement->execute();
$fields["cg_contacts"] .= $cct["contact_contact_id"] . ",";
}
$fields["cg_contacts"] = trim($fields["cg_contacts"], ",");
Expand Down
7 changes: 4 additions & 3 deletions www/include/configuration/configObject/host_categories/DB-Func.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,10 +249,11 @@ function multipleHostCategoriesInDB($hostCategories = [], $nbrDup = [])
$statement3->bindValue(':hc_id', $hcId, \PDO::PARAM_INT);
$statement3->execute();
$fields["hc_hosts"] = "";
$hrstatement = $pearDB->prepare("INSERT INTO hostcategories_relation VALUES (:maxId, :hostId)");
while ($host = $statement3->fetch()) {
$query = "INSERT INTO hostcategories_relation VALUES ('" . $maxId["MAX(hc_id)"] .
"', '" . $host["host_host_id"] . "')";
$pearDB->query($query);
$hrstatement->bindValue(':maxId', (int) $maxId["MAX(hc_id)"], \PDO::PARAM_INT);
$hrstatement->bindValue(':hostId', (int) $host["host_host_id"], \PDO::PARAM_INT);
$hrstatement->execute();
$fields["hc_hosts"] .= $host["host_host_id"] . ",";
}
$fields["hc_hosts"] = trim($fields["hc_hosts"], ",");
Expand Down
22 changes: 12 additions & 10 deletions www/include/configuration/configObject/service/xml/argumentsXml.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,12 +131,13 @@
$exampleTab = array();
}

$query3 = "SELECT command_command_id_arg " .
$cmdStatement = $db->prepare("SELECT command_command_id_arg " .
"FROM service " .
"WHERE service_id = '" . $svcId . "' LIMIT 1";
$res3 = $db->query($query3);
if ($res3->rowCount()) {
$row3 = $res3->fetchRow();
"WHERE service_id = :svcId LIMIT 1");
$cmdStatement->bindValue(':svcId', (int) $svcId, PDO::PARAM_INT);
$cmdStatement->execute();
if ($cmdStatement->rowCount()) {
$row3 = $cmdStatement->fetchRow();
$valueTab = preg_split('/(?<!\\\)\!/', $row3['command_command_id_arg']);
if (is_array($valueTab)) {
foreach ($valueTab as $key => $value) {
Expand All @@ -149,14 +150,15 @@
}
}

$query = "SELECT macro_name, macro_description " .
$macroStatement = $db->prepare("SELECT macro_name, macro_description " .
"FROM command_arg_description " .
"WHERE cmd_id = '" . $cmdId . "' ORDER BY macro_name";
$res = $db->query($query);
while ($row = $res->fetchRow()) {
"WHERE cmd_id = :cmdId ORDER BY macro_name");
$macroStatement->bindValue(':cmdId', (int) $cmdId, \PDO::PARAM_INT);
$macroStatement->execute();
while ($row = $macroStatement->fetchRow()) {
$argTab[$row['macro_name']] = $row['macro_description'];
}
$res->closeCursor();
$macroStatement->closeCursor();

/*
* Write XML
Expand Down
8 changes: 4 additions & 4 deletions www/include/configuration/configObject/service_categories/listServiceCategories.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,12 +119,12 @@
$elemArr = array();
$centreonToken = createCSRFToken();

$statement = $pearDB->prepare("SELECT COUNT(*) FROM `service_categories_relation` WHERE `sc_id` = :sc_id");
for ($i = 0; $sc = $dbResult->fetch(); $i++) {
$moptions = "";
$dbResult2 = $pearDB->query(
"SELECT COUNT(*) FROM `service_categories_relation` WHERE `sc_id` = '" . $sc['sc_id'] . "'"
);
$nb_svc = $dbResult2->fetch();
$statement->bindValue(':sc_id', (int) $sc['sc_id'], \PDO::PARAM_INT);
$statement->execute();
$nb_svc = $statement->fetch();

$selectedElements = $form->addElement('checkbox', "select[" . $sc['sc_id'] . "]");

Expand Down
2 changes: 1 addition & 1 deletion www/include/configuration/configObject/service_template_model/listServiceTemplateModel.ihtml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@
<td class="ListColLeft resizeTitle"><a
href="{$elemArr[elem].RowMenu_link}">{$elemArr[elem].RowMenu_alias}</a></td>
<td class="ListColCenter">{$elemArr[elem].RowMenu_retry}</td>
<td class="ListColRight">{$elemArr[elem].RowMenu_parent}</td>
<td class="ListColLeft">{$elemArr[elem].RowMenu_parent}</td>
<td class="ListColCenter"><span
class="badge {$elemArr[elem].RowMenu_badge}">{$elemArr[elem].RowMenu_status}</span></td>
<td class="ListColRight" align="right">{if $mode_access == 'w' }{$elemArr[elem].RowMenu_options}{else}&nbsp;{/if}</td>
Expand Down
5 changes: 3 additions & 2 deletions www/include/configuration/configObject/service_template_model/listServiceTemplateModel.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,8 @@
foreach ($tplArr as $key => $value) {
$value = str_replace('#S#', "/", $value);
$value = str_replace('#BS#', "\\", $value);
$tplStr .= "&nbsp;->&nbsp;<a href='main.php?p=60206&o=c&service_id=" . $key . "'>" . $value . "</a>";
$tplStr .= "&nbsp;->&nbsp;<a href='main.php?p=60206&o=c&service_id=" . $key . "'>"
. htmlentities($value) . "</a>";
}
}

Expand Down Expand Up @@ -228,7 +229,7 @@
"RowMenu_select" => $selectedElements->toHtml(),
"RowMenu_desc" => htmlentities($service["service_description"]),
"RowMenu_alias" => htmlentities($service["service_alias"]),
"RowMenu_parent" => htmlentities($tplStr),
"RowMenu_parent" => $tplStr,
"RowMenu_icon" => $svc_icon,
"RowMenu_retry" => htmlentities(
"$normal_check_interval $normal_units / $retry_check_interval $retry_units"
Expand Down
18 changes: 12 additions & 6 deletions www/include/configuration/configObject/servicegroup_dependency/DB-Func.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,10 +128,13 @@ function multipleServiceGroupDependencyInDB($dependencies = array(), $nbrDup = a
"WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_sgParents"] = "";
$query = "INSERT INTO dependency_servicegroupParent_relation " .
"VALUES (:dep_id, :servicegroup_sg_id)";
$statement = $pearDB->prepare($query);
while ($sg = $dbResult->fetch()) {
$query = "INSERT INTO dependency_servicegroupParent_relation " .
"VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $sg["servicegroup_sg_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':servicegroup_sg_id', (int) $sg["servicegroup_sg_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_sgParents"] .= $sg["servicegroup_sg_id"] . ",";
}
$fields["dep_sgParents"] = trim($fields["dep_sgParents"], ",");
Expand All @@ -140,10 +143,13 @@ function multipleServiceGroupDependencyInDB($dependencies = array(), $nbrDup = a
"WHERE dependency_dep_id = '" . $key . "'";
$dbResult = $pearDB->query($query);
$fields["dep_sgChilds"] = "";
$query = "INSERT INTO dependency_servicegroupChild_relation " .
"VALUES (:dep_id, :servicegroup_sg_id)";
$statement = $pearDB->prepare($query);
while ($sg = $dbResult->fetch()) {
$query = "INSERT INTO dependency_servicegroupChild_relation " .
"VALUES ('" . $maxId["MAX(dep_id)"] . "', '" . $sg["servicegroup_sg_id"] . "')";
$pearDB->query($query);
$statement->bindValue(':dep_id', (int) $maxId["MAX(dep_id)"], \PDO::PARAM_INT);
$statement->bindValue(':servicegroup_sg_id', (int) $sg["servicegroup_sg_id"], \PDO::PARAM_INT);
$statement->execute();
$fields["dep_sgChilds"] .= $sg["servicegroup_sg_id"] . ",";
}
$fields["dep_sgChilds"] = trim($fields["dep_sgChilds"], ",");
Expand Down
45 changes: 28 additions & 17 deletions www/include/configuration/configResources/DB-Func.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -294,23 +294,34 @@ function insertResource($ret = array())
if (!count($ret)) {
$ret = $form->getSubmitValues();
}
$rq = "INSERT INTO cfg_resource ";
$rq .= "(resource_name, resource_line, resource_comment, resource_activate) ";
$rq .= "VALUES (";
isset($ret["resource_name"]) && $ret["resource_name"] != null
? $rq .= "'" . $pearDB->escape($ret["resource_name"]) . "', "
: $rq .= "NULL, ";
isset($ret["resource_line"]) && $ret["resource_line"] != null
? $rq .= "'" . $pearDB->escape($ret["resource_line"]) . "', "
: $rq .= "NULL, ";
isset($ret["resource_comment"]) && $ret["resource_comment"] != null
? $rq .= "'" . $pearDB->escape($ret["resource_comment"]) . "', "
: $rq .= "NULL, ";
isset($ret["resource_activate"]["resource_activate"]) && $ret["resource_activate"]["resource_activate"] != null
? $rq .= "'" . $ret["resource_activate"]["resource_activate"] . "'"
: $rq .= "NULL";
$rq .= ")";
$pearDB->query($rq);
$statement = $pearDB->prepare(
"INSERT INTO cfg_resource
(resource_name, resource_line, resource_comment, resource_activate)
VALUES (:name, :line, :comment, :is_activated)"
);
$statement->bindValue(
':name',
! empty($ret["resource_name"])
? $ret["resource_name"]
: null
);
$statement->bindValue(
':line',
! empty($ret["resource_line"])
? $ret["resource_line"]
: null
);
$statement->bindValue(
':comment',
! empty($ret["resource_comment"])
? $ret["resource_comment"]
: null
);
$isActivated = isset($ret["resource_activate"]["resource_activate"])
&& (bool) (int) $ret["resource_activate"]["resource_activate"];
$statement->bindValue(':is_activated', (string) (int) $isActivated);
$statement->execute();

$dbResult = $pearDB->query("SELECT MAX(resource_id) FROM cfg_resource");
$resource_id = $dbResult->fetch();

Expand Down
34 changes: 0 additions & 34 deletions www/include/monitoring/objectDetails/hostDetails.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -663,40 +663,6 @@
$tpl->assign("h_ext_icon_image_alt", getMyHostExtendedInfoField($hostDB["host_id"], "ehi_icon_image_alt"));
}

/*
* Dynamics tools
*/
$tools = array();
$DBRESULT = $pearDB->query("SELECT * FROM modules_informations");
while ($module = $DBRESULT->fetchrow()) {
if (
isset($module['host_tools']) && $module['host_tools'] == 1
&& file_exists('modules/' . $module['name'] . '/host_tools.php')
) {
include('modules/' . $module['name'] . '/host_tools.php');
}
}
$DBRESULT->closeCursor();

foreach ($tools as $key => $tab) {
$tools[$key]['url'] = str_replace("@host_id@", $host_id, $tools[$key]['url']);
$tools[$key]['url'] = str_replace("@host_name@", $host_name, $tools[$key]['url']);
$tools[$key]['url'] = str_replace(
"@current_state@",
$host_status[$host_name]["current_state"],
$tools[$key]['url']
);
$tools[$key]['url'] = str_replace(
"@plugin_output@",
$host_status[$host_name]["plugin_output"],
$tools[$key]['url']
);
}

if (count($tools) > 0) {
$tpl->assign("tools", $tools);
}

// Check if central or remote server
$DBRESULT = $pearDB->query("SELECT `value` FROM `informations` WHERE `key` = 'isRemote'");
$result = $DBRESULT->fetchRow();
Expand Down
29 changes: 0 additions & 29 deletions www/include/monitoring/objectDetails/serviceDetails.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -799,35 +799,6 @@
$tpl->assign("index_data", $index_data);
$tpl->assign("options2", CentreonUtils::escapeSecure($optionsURL2));

/*
* Dynamics tools
*/
$tools = array();
$DBRESULT = $pearDB->query("SELECT * FROM modules_informations");
while ($module = $DBRESULT->fetchrow()) {
if (
isset($module['svc_tools'])
&& $module['svc_tools'] == 1
&& file_exists('modules/' . $module['name'] . '/svc_tools.php')
) {
include('modules/' . $module['name'] . '/svc_tools.php');
}
}
$DBRESULT->closeCursor();

foreach ($tools as $key => $tab) {
$tools[$key]['url'] = str_replace("@host_id@", $host_id, $tools[$key]['url']);
$tools[$key]['url'] = str_replace("@host_name@", $host_name, $tools[$key]['url']);
$tools[$key]['url'] = str_replace("@svc_description@", $svc_description, $tools[$key]['url']);
$tools[$key]['url'] = str_replace("@svc_id@", $service_id, $tools[$key]['url']);
$tools[$key]['url'] = str_replace("@current_state@", $service_status["current_state"], $tools[$key]['url']);
$tools[$key]['url'] = str_replace("@plugin_output@", $service_status["plugin_output"], $tools[$key]['url']);
}

if (count($tools) > 0) {
$tpl->assign("tools", CentreonUtils::escapeSecure($tools));
}

/**
* Build the service detail URI that will be used in the
* deprecated banner
Expand Down
11 changes: 0 additions & 11 deletions www/include/monitoring/objectDetails/template/hostDetails.ihtml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -473,17 +473,6 @@
</td>
</tr>
{/if}
{section name=tool loop=$tools}
<tr class='list_two'>
<td class="ListColLeft ColPopup">
{if $tools[tool].popup == ""}
<a href="{$tools[tool].url}" target="{$tools[tool].target}">
{else}
<a href="#tools" name="tools" onClick="window.open('{$tools[tool].url}','','toolbar=no,location=no,directories=no,status=no,scrollbars=yes,resizable=yes,copyhistory=no, width={$tools[tool].width}, height={$tools[tool].height}');">
{/if}
&#9679;&nbsp;{$tools[tool].name}</a></td>
</tr>
{/section}
</table>
</td>
</tr>
Expand Down
Loading