From 6e2574f7dd9b97f8be7705c0557c7b80092ef94a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= Date: Mon, 11 Mar 2019 15:39:04 +0100 Subject: [PATCH 1/5] style: clean and remove dead code --- .../xml/serviceGridByHGXML.php | 100 +++++++----------- 1 file changed, 39 insertions(+), 61 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index 888bca2b74c..41b98375218 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -1,7 +1,7 @@ DB); @@ -62,19 +59,14 @@ $statusService = isset($statusService) ? $statusService : null; $statusFilter = isset($statusFilter) ? $statusFilter : null; -/* Store in session the last type of call */ +// Store in session the last type of call $_SESSION['monitoring_serviceByHg_status'] = $statusService; $_SESSION['monitoring_serviceByHg_status_filter'] = $statusFilter; - -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* ************************************************** - * Check Arguments From GET tab - */ +// Check Arguments From GET tab $o = $obj->checkArgument("o", $_GET, "h"); $p = $obj->checkArgument("p", $_GET, "2"); $hg = $obj->checkArgument("hg", $_GET, ""); @@ -88,20 +80,17 @@ $dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); $grouplistStr = $obj->access->getAccessGroupsString(); -/** ************************************** - * Get Host status - * - */ -$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name as host_name, hgm.hostgroup_id, " . +//Get Host status +$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name AS host_name, hgm.hostgroup_id, " . "h.state hs, h.icon_image " . - " FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; + "FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; if (!$obj->is_admin) { $rq1 .= ", centreon_acl "; } -$rq1 .= " WHERE h.host_id = hgm.host_id" . - " AND hgm.hostgroup_id = hg.hostgroup_id" . - " AND h.enabled = '1' " . - " AND h.name not like '_Module_%'"; +$rq1 .= "WHERE h.host_id = hgm.host_id " . + "AND hgm.hostgroup_id = hg.hostgroup_id " . + "AND h.enabled = '1' " . + "AND h.name NOT LIKE '_Module_%' "; if (!$obj->is_admin) { $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . $obj->access->queryBuilder("AND", "group_id", $grouplistStr) . " " . @@ -112,21 +101,21 @@ } if ($o == "svcgrid_pb" || $o == "svcOVHG_pb") { $rq1 .= " AND h.host_id IN (" . - " SELECT s.host_id FROM services s " . - " WHERE s.state != 0 AND s.state != 4 AND s.enabled = 1)"; + "SELECT s.host_id FROM services s " . + "WHERE s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($o == "svcOVHG_ack_0") { $rq1 .= " AND h.host_id IN (" . - " SELECT s.host_id FROM services s " . - " WHERE s.acknowledged = 0 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; + "SELECT s.host_id FROM services s " . + "WHERE s.acknowledged = 0 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($o == "svcOVHG_ack_1") { $rq1 .= " AND h.host_id IN (" . - " SELECT s.host_id FROM services s " . - " WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; + "SELECT s.host_id FROM services s " . + "WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($search != "") { - $rq1 .= " AND h.name like '%" . $search . "%' "; + $rq1 .= " AND h.name LIKE '%" . $search . "%' "; } if ($hostgroups) { $rq1 .= " AND hg.hostgroup_id IN (" . $hostgroups . ")"; @@ -140,8 +129,8 @@ $tab_finalH = array(); $DBRESULT = $obj->DBC->query($rq1); -$numRows = $obj->DBC->numberRows(); -while ($ndo = $DBRESULT->fetchRow()) { +$numRows = $obj->DBC->rowCount(); +while ($ndo = $DBRESULT->fetch()) { if (!isset($tab_finalH[$ndo["alias"]])) { $tab_finalH[$ndo["alias"]] = array($ndo["host_name"] => array()); } @@ -153,46 +142,41 @@ } $DBRESULT->closeCursor(); - -/** ************************************** - * Get Services status - * - */ -$rq1 = " SELECT DISTINCT s.service_id, h.name as host_name, s.description, s.state svcs," - . " (case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " . - " FROM services s, hosts h "; +// Get Services status +$rq1 = "SELECT DISTINCT s.service_id, h.name as host_name, s.description, s.state svcs, " . + "(CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri " . + "FROM services s, hosts h "; if (!$obj->is_admin) { $rq1 .= ", centreon_acl "; } -$rq1 .= " WHERE h.host_id = s.host_id " . - " AND h.name NOT LIKE '_Module_%' " . - " AND h.enabled = '1' " . - " AND s.enabled = '1' "; +$rq1 .= "WHERE h.host_id = s.host_id " . + "AND h.name NOT LIKE '_Module_%' " . + "AND h.enabled = '1' " . + "AND s.enabled = '1' "; $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . $obj->access->queryBuilder("AND", "s.service_id", "centreon_acl.service_id") . $obj->access->queryBuilder("AND", "group_id", $grouplistStr); if ($o == "svcgrid_pb" || $o == "svcOVHG_pb" || $o == "svcgrid_ack_0" || $o == "svcOVHG_ack_0") { - $rq1 .= " AND s.state != 0 AND s.state != 4 "; + $rq1 .= " AND s.state != 0 AND s.state != 4"; } if ($o == "svcgrid_ack_1" || $o == "svcOVHG_ack_1") { - $rq1 .= "AND s.acknowledged = 1"; + $rq1 .= " AND s.acknowledged = 1"; } if ($o == "svcgrid_ack_0" || $o == "svcOVHG_ack_0") { - $rq1 .= "AND s.acknowledged = 0"; + $rq1 .= " AND s.acknowledged = 0"; } if ($search != "") { - $rq1 .= " AND h.name like '%" . $search . "%' "; + $rq1 .= " AND h.name LIKE '%" . $search . "%'"; } if ($instance != -1) { $rq1 .= " AND h.instance_id = " . $instance; } -//$rq1 .= " ORDER BY s.description"; -$rq1 .= " order by tri asc, s.description asc"; +$rq1 .= " ORDER BY tri ASC, s.description ASC"; $tabService = array(); $tabHost = array(); $DBRESULT = $obj->DBC->query($rq1); -while ($ndo = $DBRESULT->fetchRow()) { +while ($ndo = $DBRESULT->fetch()) { if (!isset($tabService[$ndo["host_name"]])) { $tabService[$ndo["host_name"]] = array(); } @@ -204,9 +188,7 @@ } $DBRESULT->closeCursor(); -/* - * Begin XML Generation - */ +// Begin XML Generation $obj->XML = new CentreonXML(); $obj->XML->startElement("reponse"); $obj->XML->startElement("i"); @@ -268,12 +250,8 @@ } $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); From 338d24185d84e21d32dde137421ef90370517306 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= Date: Mon, 11 Mar 2019 17:39:15 +0100 Subject: [PATCH 2/5] fix(DB): protect pages against SQL injection in services by hg or sg --- .../ServicesHostGroups/serviceGridByHG.php | 29 ++++- .../ServicesHostGroups/serviceGridByHGJS.php | 24 ++-- .../templates/serviceGrid.ihtml | 13 ++- .../xml/serviceGridByHGXML.php | 78 +++++++++---- .../xml/serviceSummaryByHGXML.php | 97 ++++++++-------- .../xml/serviceGridBySGXML.php | 105 +++++++++--------- 6 files changed, 215 insertions(+), 131 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php index e67046bc175..4f8b90222d3 100644 --- a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php +++ b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php @@ -1,7 +1,7 @@ _("Not Acknowledged"), ); -/* - * Check search value in Host search field - */ +// Check search value in Host search field if (isset($_GET["host_search"])) { $centreon->historySearch[$url] = $_GET["host_search"]; } +// Check search value in Hostgroup list. $_GET["host_group_filter"] return the id of the HG +if (isset($_GET["hg_search"])) { + $centreon->historySearch[$hostgroup] = $_GET["hg_search"]; +} $tab_class = array("0" => "list_one", "1" => "list_two"); $rows = 10; @@ -101,6 +103,23 @@ $form = new HTML_QuickFormCustom('select_form', 'GET', "?p=" . $p); +//adding hostgroup's select2 list +$hostgroupsRoute = './include/common/webServices/rest/internal.php?object=centreon_configuration_hostgroup&action=list'; +$attrHostGroup = array( + 'datasourceOrigin' => 'ajax', + 'availableDatasetRoute' => $hostgroupsRoute, + 'defaultDatasetRoute' => "", + 'multiple' => false, + 'linkedObject' => 'centreonHostgroups' +); +$form->addElement( + 'select2', + 'hg_search', + _('Hostgroup List'), + array('id' => 'hg_search'), + $attrHostGroup +); + $form->addElement( 'select', 'typeDisplay', diff --git a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHGJS.php b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHGJS.php index f0615118059..3dcec7bca49 100644 --- a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHGJS.php +++ b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHGJS.php @@ -1,7 +1,7 @@ \ No newline at end of file + \ No newline at end of file diff --git a/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml b/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml index 3ebbc9eac2d..c2821ff945b 100644 --- a/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml +++ b/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml @@ -25,7 +25,7 @@ {if $poller_listing} {/if} - + {$form.hg_search.html} {$form.typeDisplay.html} {$form.typeDisplay2.html} @@ -62,3 +62,14 @@ {$form.hidden} + + diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index 41b98375218..855f002571b 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -33,11 +33,10 @@ * */ -require_once realpath(dirname(__FILE__) . "/../../../../../../config/centreon.config.php"); +require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php"); require_once realpath(__DIR__ . "/../../../../../../bootstrap.php"); include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php"; - include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; include_once _CENTREON_PATH_ . "www/include/monitoring/status/Common/common-Func.php"; include_once _CENTREON_PATH_ . "www/include/common/common-Func.php"; @@ -48,10 +47,7 @@ $obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1); $svcObj = new CentreonService($obj->DB); - -if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) && !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } @@ -73,13 +69,14 @@ $num = $obj->checkArgument("num", $_GET, 0); $limit = $obj->checkArgument("limit", $_GET, 20); $instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); +$hostgroup = $obj->checkArgument("hg_search", $_GET, ""); $search = $obj->checkArgument("search", $_GET, ""); $sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); $order = $obj->checkArgument("order", $_GET, "ASC"); $dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); $grouplistStr = $obj->access->getAccessGroupsString(); +$queryValues = array(); //Get Host status $rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name AS host_name, hgm.hostgroup_id, " . "h.state hs, h.icon_image " . @@ -97,7 +94,10 @@ $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")); } if ($instance != -1) { - $rq1 .= " AND h.instance_id = " . $instance; + $rq1 .= " AND h.instance_id = :instance "; + $queryValues[':instance'] = [ + PDO::PARAM_INT => (int)$instance + ]; } if ($o == "svcgrid_pb" || $o == "svcOVHG_pb") { $rq1 .= " AND h.host_id IN (" . @@ -115,21 +115,42 @@ "WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($search != "") { - $rq1 .= " AND h.name LIKE '%" . $search . "%' "; + $rq1 .= " AND h.name LIKE :search"; + $queryValues[':search'] = [ + PDO::PARAM_STR => "%" . $search . "%" + ]; +} +if ($hostgroup !== "") { + $rq1 .= " AND hg.name LIKE :hgName"; + $queryValues[':hgName'] = [ + PDO::PARAM_STR => $hostgroup + ]; } -if ($hostgroups) { - $rq1 .= " AND hg.hostgroup_id IN (" . $hostgroups . ")"; +$rq1 .= " AND h.enabled = 1 ORDER BY :sort_type, host_name "; +("ASC" != $order) ? $rq1 .= "DESC" : $rq1 .= "ASC"; +$rq1 .= " LIMIT :numLimit, :limit"; +$queryValues[':sort_type'] = [ + PDO::PARAM_STR => $sort_type +]; +$queryValues[':numLimit'] = [ + PDO::PARAM_INT => (int)($num * $limit) +]; +$queryValues[':limit'] = [ + PDO::PARAM_INT => (int)$limit +]; + +$DBRESULT = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $DBRESULT->bindValue($bindId, $bindValue, $bindType); + } } -$rq1 .= " AND h.enabled = 1 "; -$rq1 .= " ORDER BY $sort_type, hg.name $order, host_name ASC "; -$rq1 .= " LIMIT " . ($num * $limit) . "," . $limit; +$DBRESULT->execute(); $tabH = array(); $tabHG = array(); $tab_finalH = array(); - -$DBRESULT = $obj->DBC->query($rq1); -$numRows = $obj->DBC->rowCount(); +$numRows = $DBRESULT->rowCount(); while ($ndo = $DBRESULT->fetch()) { if (!isset($tab_finalH[$ndo["alias"]])) { $tab_finalH[$ndo["alias"]] = array($ndo["host_name"] => array()); @@ -142,6 +163,9 @@ } $DBRESULT->closeCursor(); +// Resetting $queryValues +$queryValues = array(); + // Get Services status $rq1 = "SELECT DISTINCT s.service_id, h.name as host_name, s.description, s.state svcs, " . "(CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri " . @@ -166,16 +190,30 @@ $rq1 .= " AND s.acknowledged = 0"; } if ($search != "") { - $rq1 .= " AND h.name LIKE '%" . $search . "%'"; + $rq1 .= " AND h.name LIKE :search"; + $queryValues[":search"] = [ + PDO::PARAM_STR => "%" . $search . "%" + ]; } if ($instance != -1) { - $rq1 .= " AND h.instance_id = " . $instance; + $rq1 .= " AND h.instance_id = :instance "; + $queryValues[":instance"] = [ + PDO::PARAM_INT => $instance + ]; } $rq1 .= " ORDER BY tri ASC, s.description ASC"; $tabService = array(); $tabHost = array(); -$DBRESULT = $obj->DBC->query($rq1); + +$DBRESULT = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $DBRESULT->bindValue($bindId, $bindValue, $bindType); + } +} +$DBRESULT->execute(); + while ($ndo = $DBRESULT->fetch()) { if (!isset($tabService[$ndo["host_name"]])) { $tabService[$ndo["host_name"]] = array(); diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php index 917345adb46..8c256c135a3 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php @@ -1,8 +1,8 @@ session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/*************************************************** - * Check Arguments From GET tab - */ +// Check Arguments From GET tab $o = $obj->checkArgument("o", $_GET, "h"); $p = $obj->checkArgument("p", $_GET, "2"); $hg = $obj->checkArgument("hg", $_GET, ""); $num = $obj->checkArgument("num", $_GET, 0); $limit = $obj->checkArgument("limit", $_GET, 20); $instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); +$hostgroup = $obj->checkArgument("hg_search", $_GET, ""); $search = $obj->checkArgument("search", $_GET, ""); $sort_type = $obj->checkArgument("sort_type", $_GET, "alias"); $order = $obj->checkArgument("order", $_GET, "ASC"); $dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); $grouplistStr = $obj->access->getAccessGroupsString(); - -/**************************************** - * Get Host status - * - */ -$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name as host_name, hg.name as hgname, hgm.hostgroup_id, h.host_id, " . +$queryValues = array(); +// Get Host status +$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name AS host_name, hg.name AS hgname, hgm.hostgroup_id, h.host_id, " . "h.state, h.icon_image FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; if (!$obj->is_admin) { @@ -93,7 +79,7 @@ $rq1 .= "WHERE h.host_id = hgm.host_id " . "AND hgm.hostgroup_id = hg.hostgroup_id " . "AND h.enabled = '1' " - . "AND h.name not like '_Module_%' "; + . "AND h.name NOT LIKE '_Module_%' "; if (!$obj->is_admin) { $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . " " @@ -102,7 +88,10 @@ } if ($instance != -1) { - $rq1 .= "AND h.instance_id = " . $instance . " "; + $rq1 .= "AND h.instance_id = :instance "; + $queryValues[':instance'] = [ + PDO::PARAM_INT => (int) $instance + ]; } if ($o == "svcgridHG_pb" || $o == "svcSumHG_pb") { @@ -124,28 +113,48 @@ } if ($search != "") { - $rq1 .= "AND h.name like '%" . $search . "%' "; + $rq1 .= "AND h.name LIKE :search"; + $queryValues[':search'] = [ + PDO::PARAM_STR => "%" . $search . "%" + ]; } -if ($hostgroups) { - $rq1 .= "AND hg.hostgroup_id IN (" . $hostgroups . ") "; +if ($hostgroup != "") { + $rq1 .= " AND hg.name LIKE :hgName"; + $queryValues[':hgName'] = [ + PDO::PARAM_STR => $hostgroup + ]; } -$rq1 .= "AND h.enabled = 1 " - . "ORDER BY " . $sort_type . ", h.name " . $order . " " - . "LIMIT " . ($num * $limit) . "," . $limit . " "; - -$obj->XML = new CentreonXML(); -$obj->XML->startElement("reponse"); +$rq1 .= " AND h.enabled = 1 ORDER BY :sort_type, host_name "; +("ASC" != $order) ? $rq1 .= "DESC" : $rq1 .= "ASC"; +$rq1 .= " LIMIT :numLimit, :limit"; +$queryValues[':sort_type'] = [ + PDO::PARAM_STR => $sort_type +]; +$queryValues[':numLimit'] = [ + PDO::PARAM_INT => (int) ($num * $limit) +]; +$queryValues[':limit'] = [ + PDO::PARAM_INT => (int) $limit +]; + +$DBRESULT = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $DBRESULT->bindValue($bindId, $bindValue, $bindType); + } +} +$DBRESULT->execute(); +$numRows = $DBRESULT->rowCount(); $class = "list_one"; $ct = 0; - $tab_final = array(); $tabHGUrl = array(); -$DBRESULT = $obj->DBC->query($rq1); -$numRows = $obj->DBC->numberRows(); +$obj->XML = new CentreonXML(); +$obj->XML->startElement("reponse"); $obj->XML->startElement("i"); $obj->XML->writeElement("numrows", $numRows); $obj->XML->writeElement("num", $num); @@ -154,7 +163,7 @@ $obj->XML->writeElement("s", "1"); $obj->XML->endElement(); -while ($ndo = $DBRESULT->fetchRow()) { +while ($ndo = $DBRESULT->fetch()) { if (!isset($tab_final[$ndo["hgname"]])) { $tab_final[$ndo["hgname"]] = array(); } @@ -227,12 +236,8 @@ } $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php index 7d7ca5f6f08..d10a2713668 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php @@ -1,7 +1,7 @@ DB); - if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* ************************************************** - * Check Arguments From GET tab - */ +// Check Arguments From GET tab $o = $obj->checkArgument("o", $_GET, "h"); $p = $obj->checkArgument("p", $_GET, "2"); $nc = $obj->checkArgument("nc", $_GET, "0"); @@ -78,31 +71,27 @@ $sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); $order = $obj->checkArgument("order", $_GET, "ASC"); $dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +$queryValues = array(); -/* - * Backup poller selection - */ +// Backup poller selection $obj->setInstanceHistory($instance); - $_SESSION['monitoring_service_groups'] = $sgSearch; -/** ********************************************** - * Prepare pagination - */ - +// Prepare pagination $s_search = ""; -/* Display service problems */ + +// Display service problems if ($o == "svcgridSG_pb" || $o == "svcOVSG_pb") { $s_search .= " AND s.state != 0 AND s.state != 4 "; } -/* Display acknowledged services */ +// Display acknowledged services if ($o == "svcgridSG_ack_1" || $o == "svcOVSG_ack_1") { $s_search .= " AND s.acknowledged = '1' "; } -/* Display not acknowledged services */ +// Display not acknowledged services if ($o == "svcgridSG_ack_0" || $o == "svcOVSG_ack_0") { $s_search .= " AND s.state != 0 AND s.state != 4 AND s.acknowledged = 0 "; } @@ -128,36 +117,56 @@ . $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID")) . " "; } -/* Servicegroup search */ +// Servicegroup search if ($sgSearch != "") { - $query .= "AND sg.name = '" . $sgSearch . "' "; + $query .= "AND sg.name = :sgSearch "; + $queryValues[':sgSearch'] = [ + PDO::PARAM_STR => $sgSearch + ]; } -/* Host search */ +// Host search $h_search = ''; if ($hSearch != "") { - $h_search .= "AND h.name like '%" . $hSearch . "%' "; + $h_search .= "AND h.name like :hSearch "; + $queryValues[':hSearch'] = [ + PDO::PARAM_STR => "%" . $hSearch . "%" + ]; } $query .= $h_search; -/* Service search */ +// Service search $query .= $s_search; -/* Poller search */ +// Poller search if ($instance != -1) { - $query .= " AND h.instance_id = " . $instance . " "; + $query .= " AND h.instance_id = :instance "; + $queryValues[':instance'] = [ + PDO::PARAM_INT => $instance + ]; } +$query .= "ORDER BY sg.name :order " + . "LIMIT :numLimit, :limit"; +$queryValues[':order'] = [ + PDO::PARAM_INT => $instance +]; +$queryValues[':numLimit'] = [ + PDO::PARAM_INT => (int) ($num * $limit) +]; +$queryValues[':limit'] = [ + PDO::PARAM_INT => (int) $limit +]; + +$DBRESULT = $obj->DBC->prepare($query); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $DBRESULT->bindValue($bindId, $bindValue, $bindType); + } +} +$DBRESULT->execute(); +$numRows = $DBRESULT->rowCount(); -$query .= "ORDER BY sg.name " . $order . " " - . "LIMIT " . ($num * $limit) . "," . $limit; - -$DBRESULT = $obj->DBC->query($query); - -$numRows = $obj->DBC->numberRows(); - -/** *************************************************** - * Create XML Flow - */ +// Create XML Flow $obj->XML = new CentreonXML(); $obj->XML->startElement("reponse"); $obj->XML->startElement("i"); @@ -170,7 +179,7 @@ $obj->XML->writeElement("s", "1"); $obj->XML->endElement(); -/* Construct query for servigroups search */ +// Construct query for servicegroups search $aTab = array(); $sg_search = ""; $aTab = array(); @@ -273,7 +282,6 @@ $obj->XML->startElement("sg"); $obj->XML->writeElement("sgn", $element['sgn']); $obj->XML->writeElement("o", $element['o']); - foreach ($element['host'] as $host) { $obj->XML->startElement("h"); $obj->XML->writeAttribute("class", $obj->getNextLineClass()); @@ -299,15 +307,10 @@ $obj->XML->endElement(); } - $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); From db79f5abb5214f66aa2d8f601cf520f8f1d668b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= Date: Wed, 13 Mar 2019 09:38:50 +0100 Subject: [PATCH 3/5] style and indentation --- .../templates/serviceGrid.ihtml | 66 +++++++++++-------- 1 file changed, 38 insertions(+), 28 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml b/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml index c2821ff945b..6d5318bebd0 100644 --- a/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml +++ b/www/include/monitoring/status/ServicesHostGroups/templates/serviceGrid.ihtml @@ -4,42 +4,52 @@ {assign var='nbCol' value='4'} {if $poller_listing} -{assign var='nbCol' value='$nbCol+1'} + {assign var='nbCol' value='$nbCol+1'} {/if} - - - - - - {if $poller_listing} + + + + + + {if $poller_listing} - {/if} - - - - - - - {if $poller_listing} - - {/if} - - - - + {/if} + + + + + + + {if $poller_listing} + + {/if} + + + +
{t}Filters{/t}

{$search}

{t}Filters{/t}

{$search}

{$pollerStr}

{$hgStr}

{$typeDisplay}

{$typeDisplay2}

{$form.hg_search.html}{$form.typeDisplay.html}{$form.typeDisplay2.html}

{$hgStr}

{$typeDisplay}

{$typeDisplay2}

{$form.hg_search.html}{$form.typeDisplay.html}{$form.typeDisplay2.html}
@@ -55,11 +65,11 @@
- Refresh - Play - Play - Pause - Pause + + + Refresh + + + Play + + Play + + + + Pause + + Pause +
{if $host_name} - + {/if} - + {$form.hidden}