From babf55a8b9908f0a1e6635bfdd83169481c72c01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= Date: Wed, 13 Mar 2019 10:05:58 +0100 Subject: [PATCH 1/4] style: clean and remove dead code --- .../ServicesHostGroups/serviceGridByHG.php | 210 +++++++++--------- .../xml/serviceGridByHGXML.php | 70 +++--- .../xml/serviceGridBySGXML.php | 88 +++----- 3 files changed, 162 insertions(+), 206 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php index 8d25b61e698..b5f0814b26e 100644 --- a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php +++ b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php @@ -1,7 +1,7 @@ _("Details"), + "svcSumHG" => _("Summary") +); + +$aTypeAffichageLevel2 = array( + "" => _("All"), + "pb" => _("Problems"), + "ack_1" => _("Acknowledge"), + "ack_0" => _("Not Acknowledged"), +); + +// Check search value in Host search field +if (isset($_GET["host_search"])) { + $centreon->historySearch[$url] = $_GET["host_search"]; +} - include("./include/common/autoNumLimit.php"); - - !isset($_GET["sort_types"]) ? $sort_types = 0 : $sort_types = $_GET["sort_types"]; - !isset($_GET["order"]) ? $order = 'ASC' : $order = $_GET["order"]; - !isset($_GET["num"]) ? $num = 0 : $num = $_GET["num"]; - !isset($_GET["search_type_host"]) ? $search_type_host = 1 : $search_type_host = $_GET["search_type_host"]; - !isset($_GET["search_type_service"]) ? $search_type_service = 1 : $search_type_service = $_GET["search_type_service"]; - !isset($_GET["sort_type"]) ? $sort_type = "alias" : $sort_type = $_GET["sort_type"]; - !isset($_GET["host_search"]) ? $host_search = 0 : $host_search = $_GET["host_search"]; - - $aTypeAffichageLevel1 = array( - "svcOVHG" => _("Details"), - "svcSumHG" => _("Summary") - ); - - $aTypeAffichageLevel2 = array( - "" => _("All"), - "pb" => _("Problems"), - "ack_1" => _("Acknowledge"), - "ack_0" => _("Not Acknowledged"), - ); - - /* - * Check search value in Host search field - */ - if (isset($_GET["host_search"])) { - $centreon->historySearch[$url] = $_GET["host_search"]; +$tab_class = array("0" => "list_one", "1" => "list_two"); +$rows = 10; + +include_once("./include/monitoring/status/Common/default_poller.php"); +include_once("./include/monitoring/status/Common/default_hostgroups.php"); +include_once($hg_path."serviceGridByHGJS.php"); + +// Smarty template Init +$tpl = new Smarty(); +$tpl = initSmartyTpl($hg_path, $tpl, "/templates/"); +$tpl->assign("p", $p); +$tpl->assign('o', $o); +$tpl->assign("sort_types", $sort_types); +$tpl->assign("num", $num); +$tpl->assign("limit", $limit); +$tpl->assign("mon_host", _("Hosts")); +$tpl->assign("mon_status", _("Status")); +$tpl->assign("typeDisplay", _("Display")); +$tpl->assign("typeDisplay2", _("Display details")); +$tpl->assign("mon_ip", _("IP")); +$tpl->assign("mon_last_check", _("Last Check")); +$tpl->assign("mon_duration", _("Duration")); +$tpl->assign("mon_status_information", _("Status information")); +$tpl->assign('search', _('Search')); +$tpl->assign('pollerStr', _('Poller')); +$tpl->assign('poller_listing', $oreon->user->access->checkAction('poller_listing')); +$tpl->assign('hgStr', _('Hostgroup')); + +$form = new HTML_QuickForm('select_form', 'GET', "?p=".$p); +$form->addElement( + 'select', + 'typeDisplay', + _('Display'), + $aTypeAffichageLevel1, + array('id' => 'typeDisplay', 'onChange' => "displayingLevel1(this.value);") +); +$form->addElement( + 'select', + 'typeDisplay2', + _('Display '), + $aTypeAffichageLevel2, + array('id' => 'typeDisplay2', 'onChange' => "displayingLevel2(this.value);") +); +$form->setDefaults(array('typeDisplay2' => 'pb')); +$tpl->assign("order", strtolower($order)); +$tab_order = array("sort_asc" => "sort_desc", "sort_desc" => "sort_asc"); +$tpl->assign("tab_order", $tab_order); + +?> + - +assign('limit', $limit); +$tpl->assign('limit', $limit); - $renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl); - $form->accept($renderer); +$renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl); +$form->accept($renderer); - $tpl->assign('form', $renderer->toArray()); - $tpl->display("serviceGrid.ihtml"); +$tpl->assign('form', $renderer->toArray()); +$tpl->display("serviceGrid.ihtml"); ?> \ No newline at end of file diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index d86433dd633..0c1d7a0746e 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -1,7 +1,7 @@ DB); - if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { ; } else { @@ -58,19 +53,14 @@ exit(); } -/* Store in session the last type of call */ +// Store in session the last type of call $_SESSION['monitoring_serviceByHg_status'] = $statusService; $_SESSION['monitoring_serviceByHg_status_filter'] = $statusFilter; - -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* ************************************************** - * Check Arguments From GET tab - */ +// Check Arguments From GET tab $o = $obj->checkArgument("o", $_GET, "h"); $p = $obj->checkArgument("p", $_GET, "2"); $hg = $obj->checkArgument("hg", $_GET, ""); @@ -84,12 +74,9 @@ $dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); $grouplistStr = $obj->access->getAccessGroupsString(); -/** ************************************** - * Get Host status - * - */ -$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name as host_name, hgm.hostgroup_id, h.state hs, h.icon_image ". - " FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; +// Get Host status +$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name as host_name, hgm.hostgroup_id, " + . "h.state hs, h.icon_image FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; if (!$obj->is_admin) { $rq1 .= ", centreon_acl "; } @@ -98,7 +85,9 @@ " AND h.enabled = '1' ". " AND h.name not like '_Module_%'"; if (!$obj->is_admin) { - $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . $obj->access->queryBuilder("AND", "group_id", $grouplistStr) . " " . $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")); + $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") + . $obj->access->queryBuilder("AND", "group_id", $grouplistStr) . " " + . $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")); } if ($instance != -1) { $rq1 .= " AND h.instance_id = ".$instance; @@ -146,14 +135,10 @@ } $DBRESULT->free(); - -/** ************************************** - * Get Services status - * - */ -$rq1 = " SELECT DISTINCT s.service_id, h.name as host_name, s.description, s.state svcs," - . " (case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " . - " FROM services s, hosts h "; +// Get Services status +$rq1 = " SELECT DISTINCT s.service_id, h.name AS host_name, s.description, s.state svcs," . + " (CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri" . + " FROM services s, hosts h "; if (!$obj->is_admin) { $rq1 .= ", centreon_acl "; } @@ -161,7 +146,9 @@ " AND h.name NOT LIKE '_Module_%' ". " AND h.enabled = '1' " . " AND s.enabled = '1' "; -$rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . $obj->access->queryBuilder("AND", "s.service_id", "centreon_acl.service_id") . $obj->access->queryBuilder("AND", "group_id", $grouplistStr); +$rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . + $obj->access->queryBuilder("AND", "s.service_id", "centreon_acl.service_id") . + $obj->access->queryBuilder("AND", "group_id", $grouplistStr); if ($o == "svcgrid_pb" || $o == "svcOVHG_pb" || $o == "svcgrid_ack_0" || $o == "svcOVHG_ack_0") { $rq1 .= " AND s.state != 0 AND s.state != 4 "; } @@ -177,8 +164,7 @@ if ($instance != -1) { $rq1 .= " AND h.instance_id = ".$instance; } -//$rq1 .= " ORDER BY s.description"; - $rq1 .= " order by tri asc, s.description asc"; +$rq1 .= " ORDER BY tri ASC, s.description ASC"; $tabService = array(); $tabHost = array(); @@ -195,9 +181,7 @@ } $DBRESULT->free(); -/* - * Begin XML Generation - */ +// Begin XML Generation $obj->XML = new CentreonXML(); $obj->XML->startElement("reponse"); $obj->XML->startElement("i"); @@ -207,7 +191,7 @@ $obj->XML->writeElement("host_name", _("Hosts"), 0); $obj->XML->writeElement("services", _("Services"), 0); $obj->XML->writeElement("p", $p); - $obj->XML->writeElement("s", "1"); +$obj->XML->writeElement("s", "1"); $obj->XML->endElement(); $ct = 0; @@ -259,12 +243,8 @@ } $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php index 7974a50e35d..460cad1816b 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php @@ -1,7 +1,7 @@ DB); - if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* ************************************************** - * Check Arguments From GET tab - */ +// Check Arguments From GET tab $o = $obj->checkArgument("o", $_GET, "h"); $p = $obj->checkArgument("p", $_GET, "2"); $nc = $obj->checkArgument("nc", $_GET, "0"); @@ -78,30 +69,22 @@ $order = $obj->checkArgument("order", $_GET, "ASC"); $dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); -/* - * Backup poller selection - */ +// Backup poller selection $obj->setInstanceHistory($instance); - $_SESSION['monitoring_service_groups'] = $sgSearch; -/** ********************************************** - * Prepare pagination - */ - +// Prepare pagination $s_search = ""; -/* Display service problems */ +// Display service problems if ($o == "svcgridSG_pb" || $o == "svcOVSG_pb") { $s_search .= " AND s.state != 0 AND s.state != 4 " ; } - -/* Display acknowledged services */ +// Display acknowledged services if ($o == "svcgridSG_ack_1" || $o == "svcOVSG_ack_1") { $s_search .= " AND s.acknowledged = '1' "; } - -/* Display not acknowledged services */ +// Display not acknowledged services if ($o == "svcgridSG_ack_0" || $o == "svcOVSG_ack_0") { $s_search .= " AND s.state != 0 AND s.state != 4 AND s.acknowledged = 0 " ; } @@ -115,25 +98,25 @@ . $obj->access->getACLServicesTableJoin($obj->DBC, "s.service_id") . "WHERE 1 = 1 "; -# Servicegroup ACL +// Servicegroup ACL $query .= $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID")); -/* Servicegroup search */ +// Servicegroup search if ($sgSearch != "") { $query .= "AND sg.name = '" . $sgSearch . "' "; } -/* Host search */ +// Host search $h_search = ''; if ($hSearch != "") { $h_search .= "AND h.name like '%" . $hSearch . "%' "; } $query .= $h_search; -/* Service search */ +// Service search $query .= $s_search; -/* Poller search */ +// Poller search if ($instance != -1) { $query .= " AND h.instance_id = " . $instance . " "; } @@ -145,9 +128,7 @@ $numRows = $obj->DBC->numberRows(); -/** *************************************************** - * Create XML Flow - */ +// Create XML Flow $obj->XML = new CentreonXML(); $obj->XML->startElement("reponse"); $obj->XML->startElement("i"); @@ -160,7 +141,7 @@ $obj->XML->writeElement("s", "1"); $obj->XML->endElement(); -/* Construct query for servigroups search */ +// Construct query for servicegroups search $aTab = array(); $sg_search = ""; $aTab = array(); @@ -176,7 +157,8 @@ foreach ($value as $hostId) { $hostsSql[] = $hostId; } - $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . " AND h.host_id IN (" . implode(',', $hostsSql) . ")) "; + $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . " AND h.host_id " . + "IN (" . implode(',', $hostsSql) . ")) "; } $sg_search .= implode(" OR ", $servicegroupsSql1); $sg_search .= ") "; @@ -184,16 +166,18 @@ $sg_search .= "AND sg.name = '" . $sgSearch . "' "; } - $query2 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.name AS sg_name, sg.name as alias, h.name as host_name, h.state as host_state, h.icon_image, h.host_id, s.state, s.description, s.service_id, " - . " (case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " + $query2 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.name AS sg_name, sg.name AS alias, h.name AS host_name, " + . "h.state AS host_state, h.icon_image, h.host_id, s.state, s.description, s.service_id, " + . "(CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri " . "FROM servicegroups sg, services_servicegroups sgm, services s, hosts h " - . "WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id AND sg.servicegroup_id=sgm.servicegroup_id " + . "WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id AND " + . "sg.servicegroup_id=sgm.servicegroup_id " . $s_search . $sg_search . $h_search . $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID")) . $obj->access->queryBuilder("AND", "s.service_id", $obj->access->getServicesString("ID", $obj->DBC)) - . " order by tri asc"; + . " ORDER BY tri ASC"; $DBRESULT = $obj->DBC->query($query2); @@ -202,7 +186,6 @@ $h = ""; $flag = 0; $count = 0; - while ($tab = $DBRESULT->fetchRow()) { if (!isset($aTab[$tab["sg_name"]])) { $aTab[$tab["sg_name"]] = array( @@ -211,7 +194,6 @@ 'host' => array() ); } - if (!isset($aTab[$tab["sg_name"]]['host'][$tab["host_name"]])) { $count++; if ($tab["icon_image"]) { @@ -232,10 +214,8 @@ 'service' => array() ); } - if (!isset($aTab[$tab["sg_name"]]['host'][$tab["host_name"]]['service'][$tab['description']])) { $aTab[$tab["sg_name"]]['host'][$tab["host_name"]]['service'][$tab['description']] = array( - "sn" => CentreonUtils::escapeSecure($tab['description']), "snl" => CentreonUtils::escapeSecure(urlencode($tab['description'])), "sc" => $obj->colorService[$tab['state']], @@ -248,9 +228,8 @@ foreach ($aTab as $key => $element) { $obj->XML->startElement("sg"); - $obj->XML->writeElement("sgn", $element['sgn']); - $obj->XML->writeElement("o", $element['o']); - + $obj->XML->writeElement("sgn", $element['sgn']); + $obj->XML->writeElement("o", $element['o']); foreach ($element['host'] as $host) { $obj->XML->startElement("h"); $obj->XML->writeAttribute("class", $obj->getNextLineClass()); @@ -272,19 +251,12 @@ $obj->XML->endElement(); $count++; } - $obj->XML->endElement(); } - - $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); From 73d1bb25edeac633472836168a58b778b48cf995 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= Date: Wed, 13 Mar 2019 10:55:25 +0100 Subject: [PATCH 2/4] fix(DB): protect pages against SQL injection in services by hg or sg --- .../xml/serviceGridByHGXML.php | 12 +- .../xml/serviceSummaryByHGXML.php | 104 ++++++++++-------- .../xml/serviceGridBySGXML.php | 10 +- 3 files changed, 71 insertions(+), 55 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index 0c1d7a0746e..ddffd4a9bc6 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -90,7 +90,7 @@ . $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")); } if ($instance != -1) { - $rq1 .= " AND h.instance_id = ".$instance; + $rq1 .= " AND h.instance_id = ". (int)$instance; } if ($o == "svcgrid_pb" || $o == "svcOVHG_pb") { $rq1 .= " AND h.host_id IN (" . @@ -108,14 +108,14 @@ " WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($search != "") { - $rq1 .= " AND h.name like '%" . $search . "%' "; + $rq1 .= " AND h.name like '%" . CentreonDB::escape($search) . "%' "; } if ($hostgroups) { $rq1 .= " AND hg.hostgroup_id IN (" . $hostgroups . ")"; } $rq1 .= " AND h.enabled = 1 "; -$rq1 .= " ORDER BY $sort_type, hg.name $order, host_name ASC "; -$rq1 .= " LIMIT ".($num * $limit).",".$limit; +$rq1 .= " ORDER BY " . CentreonDB::escape($sort_type) . ", hg.name " . CentreonDB::escape($order) . ", host_name ASC "; +$rq1 .= " LIMIT " . (int)($num * $limit) . ", " . (int)$limit; $tabH = array(); $tabHG = array(); @@ -159,10 +159,10 @@ $rq1 .= "AND s.acknowledged = 0"; } if ($search != "") { - $rq1 .= " AND h.name like '%" . $search . "%' "; + $rq1 .= " AND h.name like '%" . CentreonDB::escape($search) . "%' "; } if ($instance != -1) { - $rq1 .= " AND h.instance_id = ".$instance; + $rq1 .= " AND h.instance_id = " . (int)$instance; } $rq1 .= " ORDER BY tri ASC, s.description ASC"; diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php index 8c98bf35300..b985018c44c 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php @@ -1,8 +1,8 @@ session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/*************************************************** - * Check Arguments From GET tab - */ +// Check Arguments From GET tab $o = $obj->checkArgument("o", $_GET, "h"); $p = $obj->checkArgument("p", $_GET, "2"); $hg = $obj->checkArgument("hg", $_GET, ""); @@ -78,52 +68,48 @@ $grouplistStr = $obj->access->getAccessGroupsString(); -/**************************************** - * Get Host status - * - */ -$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name as host_name, hg.name as hgname, hgm.hostgroup_id, h.host_id, h.state, h.icon_image " - . "FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; +// Get Host status +$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name AS host_name, hg.name AS hgname, hgm.hostgroup_id, h.host_id, " . + "h.state, h.icon_image FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; if (!$obj->is_admin) { $rq1 .= ", centreon_acl "; } - $rq1 .= "WHERE h.host_id = hgm.host_id " - . "AND hgm.hostgroup_id = hg.hostgroup_id " - . "AND h.enabled = '1' " - . "AND h.name not like '_Module_%' "; + . "AND hgm.hostgroup_id = hg.hostgroup_id " + . "AND h.enabled = '1' " + . "AND h.name not like '_Module_%' "; if (!$obj->is_admin) { $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . " " - . $obj->access->queryBuilder("AND", "group_id", $grouplistStr) . " " - . $obj->access->queryBuilder("AND", "hg.hostgroup_id", $obj->access->getHostGroupsString("ID")) . " "; + . $obj->access->queryBuilder("AND", "group_id", $grouplistStr) . " " + . $obj->access->queryBuilder("AND", "hg.hostgroup_id", $obj->access->getHostGroupsString("ID")) . " "; } if ($instance != -1) { - $rq1 .= "AND h.instance_id = " . $instance . " "; + $rq1 .= "AND h.instance_id = " . (int)$instance . " "; } if ($o == "svcgridHG_pb" || $o == "svcSumHG_pb") { $rq1 .= " AND h.host_id IN ( " - . "SELECT s.host_id FROM services s " - . "WHERE s.state != 0 AND s.state != 4 AND s.enabled = 1) "; + . "SELECT s.host_id FROM services s " + . "WHERE s.state != 0 AND s.state != 4 AND s.enabled = 1) "; } if ($o == "svcSumHG_ack_0") { $rq1 .= "AND h.host_id IN ( " - . "SELECT s.host_id FROM services s " - . "WHERE s.acknowledged = 0 AND s.state != 0 AND s.state != 4 AND s.enabled = 1) "; + . "SELECT s.host_id FROM services s " + . "WHERE s.acknowledged = 0 AND s.state != 0 AND s.state != 4 AND s.enabled = 1) "; } if ($o == "svcSumHG_ack_1") { $rq1 .= "AND h.host_id IN ( " - . "SELECT s.host_id FROM services s " - . "WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1) "; + . "SELECT s.host_id FROM services s " + . "WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1) "; } if ($search != "") { - $rq1 .= "AND h.name like '%" . $search . "%' "; + $rq1 .= "AND h.name like '%" . CentreonDB::escape($search) . "%' "; } if ($hostgroups) { @@ -131,8 +117,8 @@ } $rq1 .= "AND h.enabled = 1 " - . "ORDER BY " . $sort_type . ", h.name " . $order . " " - . "LIMIT " . ($num * $limit) . "," . $limit . " "; + . "ORDER BY " . CentreonDB::escape($sort_type) . ", h.name " . CentreonDB::escape($order) . " " + . "LIMIT " . (int)($num * $limit) . "," . (int)$limit . " "; $obj->XML = new CentreonXML(); $obj->XML->startElement("reponse"); @@ -161,12 +147,42 @@ $tab_final[$ndo["hgname"]][$ndo["host_name"]] = array("0" => 0, "1" => 0, "2" => 0, "3" => 0, "4" => 0); } if ($o != "svcSum_pb" && $o != "svcSum_ack_1" && $o != "svcSum_ack_0") { - $tab_final[$ndo["hgname"]][$ndo["host_name"]][0] = $obj->monObj->getServiceStatusCount($ndo["host_name"], $obj, $o, 0, $obj); + $tab_final[$ndo["hgname"]][$ndo["host_name"]][0] = $obj->monObj->getServiceStatusCount( + $ndo["host_name"], + $obj, + $o, + 0, + $obj + ); } - $tab_final[$ndo["hgname"]][$ndo["host_name"]][1] = 0 + $obj->monObj->getServiceStatusCount($ndo["host_name"], $obj, $o, 1, $obj); - $tab_final[$ndo["hgname"]][$ndo["host_name"]][2] = 0 + $obj->monObj->getServiceStatusCount($ndo["host_name"], $obj, $o, 2, $obj); - $tab_final[$ndo["hgname"]][$ndo["host_name"]][3] = 0 + $obj->monObj->getServiceStatusCount($ndo["host_name"], $obj, $o, 3, $obj); - $tab_final[$ndo["hgname"]][$ndo["host_name"]][4] = 0 + $obj->monObj->getServiceStatusCount($ndo["host_name"], $obj, $o, 4, $obj); + $tab_final[$ndo["hgname"]][$ndo["host_name"]][1] = 0 + $obj->monObj->getServiceStatusCount( + $ndo["host_name"], + $obj, + $o, + 1, + $obj + ); + $tab_final[$ndo["hgname"]][$ndo["host_name"]][2] = 0 + $obj->monObj->getServiceStatusCount( + $ndo["host_name"], + $obj, + $o, + 2, + $obj + ); + $tab_final[$ndo["hgname"]][$ndo["host_name"]][3] = 0 + $obj->monObj->getServiceStatusCount( + $ndo["host_name"], + $obj, + $o, + 3, + $obj + ); + $tab_final[$ndo["hgname"]][$ndo["host_name"]][4] = 0 + $obj->monObj->getServiceStatusCount( + $ndo["host_name"], + $obj, + $o, + 4, + $obj + ); $tab_final[$ndo["hgname"]][$ndo["host_name"]]["cs"] = $ndo["state"]; $tab_final[$ndo["hgname"]][$ndo["host_name"]]["hid"] = $ndo["host_id"]; $tab_final[$ndo["hgname"]][$ndo["host_name"]]["icon"] = $ndo["icon_image"]; diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php index 460cad1816b..9a47b09908d 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php @@ -103,13 +103,13 @@ // Servicegroup search if ($sgSearch != "") { - $query .= "AND sg.name = '" . $sgSearch . "' "; + $query .= "AND sg.name = '" . CentreonDB::escape($sgSearch) . "' "; } // Host search $h_search = ''; if ($hSearch != "") { - $h_search .= "AND h.name like '%" . $hSearch . "%' "; + $h_search .= "AND h.name like '%" . CentreonDB::escape($hSearch) . "%' "; } $query .= $h_search; @@ -118,11 +118,11 @@ // Poller search if ($instance != -1) { - $query .= " AND h.instance_id = " . $instance . " "; + $query .= " AND h.instance_id = " . (int)$instance . " "; } -$query .= "ORDER BY sg.name " . $order . " " - . "LIMIT " . ($num * $limit) . "," . $limit; +$query .= "ORDER BY sg.name " . CentreonDB::escape($order) . " " + . "LIMIT " . (int)($num * $limit) . "," . (int)$limit; $DBRESULT = $obj->DBC->query($query); From 38f7089eaa07386ea2eec29f42e5b91f74812e3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= Date: Wed, 13 Mar 2019 11:47:36 +0100 Subject: [PATCH 3/4] style and indentation --- .../ServicesHostGroups/serviceSummaryByHG.php | 189 +++++++++--------- .../xml/serviceGridByHGXML.php | 53 +++-- 2 files changed, 121 insertions(+), 121 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/serviceSummaryByHG.php b/www/include/monitoring/status/ServicesHostGroups/serviceSummaryByHG.php index 113bf2b4f1a..262a39fa5d8 100644 --- a/www/include/monitoring/status/ServicesHostGroups/serviceSummaryByHG.php +++ b/www/include/monitoring/status/ServicesHostGroups/serviceSummaryByHG.php @@ -1,7 +1,7 @@ historySearch[$url] = $_GET["host_search"]; } - - $aTypeAffichageLevel1 = array( - "svcOVHG" => _("Details"), - "svcSumHG" => _("Summary") - ); - - $aTypeAffichageLevel2 = array( - "" => _("All"), - "pb" => _("Problems"), - "ack_1" => _("Acknowledge"), - "ack_0" => _("Not Acknowledged"), - ); +$aTypeAffichageLevel1 = array( + "svcOVHG" => _("Details"), + "svcSumHG" => _("Summary") +); - $tab_class = array("0" => "list_one", "1" => "list_two"); - $rows = 10; +$aTypeAffichageLevel2 = array( + "" => _("All"), + "pb" => _("Problems"), + "ack_1" => _("Acknowledge"), + "ack_0" => _("Not Acknowledged"), +); - include_once("./include/monitoring/status/Common/default_poller.php"); - include_once("./include/monitoring/status/Common/default_hostgroups.php"); - include_once($hg_path."serviceSummaryByHGJS.php"); +$tab_class = array("0" => "list_one", "1" => "list_two"); +$rows = 10; - # Smarty template Init - $tpl = new Smarty(); - $tpl = initSmartyTpl($hg_path, $tpl, "/templates/"); +include_once("./include/monitoring/status/Common/default_poller.php"); +include_once("./include/monitoring/status/Common/default_hostgroups.php"); +include_once($hg_path."serviceSummaryByHGJS.php"); - $tpl->assign("p", $p); - $tpl->assign('o', $o); - $tpl->assign("sort_types", $sort_types); - $tpl->assign("num", $num); - $tpl->assign("limit", $limit); - $tpl->assign("mon_host", _("Hosts")); - $tpl->assign("mon_status", _("Status")); - $tpl->assign("typeDisplay", _("Display")); - $tpl->assign("typeDisplay2", _("Display details")); - $tpl->assign("mon_ip", _("IP")); - $tpl->assign("mon_last_check", _("Last Check")); - $tpl->assign("mon_duration", _("Duration")); - $tpl->assign("mon_status_information", _("Status information")); - $tpl->assign('search', _('Search')); - $tpl->assign('pollerStr', _('Poller')); - $tpl->assign('poller_listing', $oreon->user->access->checkAction('poller_listing')); - $tpl->assign('hgStr', _('Hostgroup')); +# Smarty template Init +$tpl = new Smarty(); +$tpl = initSmartyTpl($hg_path, $tpl, "/templates/"); +$tpl->assign("p", $p); +$tpl->assign('o', $o); +$tpl->assign("sort_types", $sort_types); +$tpl->assign("num", $num); +$tpl->assign("limit", $limit); +$tpl->assign("mon_host", _("Hosts")); +$tpl->assign("mon_status", _("Status")); +$tpl->assign("typeDisplay", _("Display")); +$tpl->assign("typeDisplay2", _("Display details")); +$tpl->assign("mon_ip", _("IP")); +$tpl->assign("mon_last_check", _("Last Check")); +$tpl->assign("mon_duration", _("Duration")); +$tpl->assign("mon_status_information", _("Status information")); +$tpl->assign('search', _('Search')); +$tpl->assign('pollerStr', _('Poller')); +$tpl->assign('poller_listing', $oreon->user->access->checkAction('poller_listing')); +$tpl->assign('hgStr', _('Hostgroup')); - $form = new HTML_QuickForm('select_form', 'GET', "?p=".$p); - - $form->addElement('select', 'typeDisplay', _('Display'), $aTypeAffichageLevel1, array('id' => 'typeDisplay', 'onChange' => "displayingLevel1(this.value);")); - $form->addElement('select', 'typeDisplay2', _('Display '), $aTypeAffichageLevel2, array('id' => 'typeDisplay2', 'onChange' => "displayingLevel2(this.value);")); - - $tpl->assign("order", strtolower($order)); - $tab_order = array("sort_asc" => "sort_desc", "sort_desc" => "sort_asc"); - $tpl->assign("tab_order", $tab_order); +$form = new HTML_QuickForm('select_form', 'GET', "?p=".$p); +$form->addElement( + 'select', + 'typeDisplay', + _('Display'), + $aTypeAffichageLevel1, + array('id' => 'typeDisplay', 'onChange' => "displayingLevel1(this.value);") +); +$form->addElement( + 'select', + 'typeDisplay2', + _('Display '), + $aTypeAffichageLevel2, array('id' => 'typeDisplay2', 'onChange' => "displayingLevel2(this.value);") +); - ?> - - assign("order", strtolower($order)); +$tab_order = array("sort_asc" => "sort_desc", "sort_desc" => "sort_asc"); +$tpl->assign("tab_order", $tab_order); +?> + +assign('limit', $limit); +$tpl->assign('limit', $limit); - $renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl); - $form->accept($renderer); +$renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl); +$form->accept($renderer); - $tpl->assign('form', $renderer->toArray()); - $tpl->display("serviceGrid.ihtml"); +$tpl->assign('form', $renderer->toArray()); +$tpl->display("serviceGrid.ihtml"); ?> \ No newline at end of file diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index ddffd4a9bc6..e41d02d0d44 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -33,7 +33,6 @@ * */ - require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php"); include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php"; include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; @@ -46,33 +45,27 @@ $obj = new CentreonXMLBGRequest(session_id(), 1, 1, 0, 1); $svcObj = new CentreonService($obj->DB); -if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { - print "Bad Session ID"; - exit(); +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { + print "Bad Session ID"; + exit(); } -// Store in session the last type of call -$_SESSION['monitoring_serviceByHg_status'] = $statusService; -$_SESSION['monitoring_serviceByHg_status_filter'] = $statusFilter; - // Set Default Poller $obj->getDefaultFilters(); // Check Arguments From GET tab -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$hg = $obj->checkArgument("hg", $_GET, ""); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); +$o = $obj->checkArgument("o", $_GET, "h"); +$p = $obj->checkArgument("p", $_GET, "2"); +$hg = $obj->checkArgument("hg", $_GET, ""); +$num = $obj->checkArgument("num", $_GET, 0); +$limit = $obj->checkArgument("limit", $_GET, 20); +$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); $hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); -$grouplistStr = $obj->access->getAccessGroupsString(); +$search = $obj->checkArgument("search", $_GET, ""); +$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); +$order = $obj->checkArgument("order", $_GET, "ASC"); +$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +$grouplistStr = $obj->access->getAccessGroupsString(); // Get Host status $rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name as host_name, hgm.hostgroup_id, " @@ -94,18 +87,18 @@ } if ($o == "svcgrid_pb" || $o == "svcOVHG_pb") { $rq1 .= " AND h.host_id IN (" . - " SELECT s.host_id FROM services s " . - " WHERE s.state != 0 AND s.state != 4 AND s.enabled = 1)"; + " SELECT s.host_id FROM services s " . + " WHERE s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($o == "svcOVHG_ack_0") { $rq1 .= " AND h.host_id IN (" . - " SELECT s.host_id FROM services s " . - " WHERE s.acknowledged = 0 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; + " SELECT s.host_id FROM services s " . + " WHERE s.acknowledged = 0 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($o == "svcOVHG_ack_1") { $rq1 .= " AND h.host_id IN (" . - " SELECT s.host_id FROM services s " . - " WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; + " SELECT s.host_id FROM services s " . + " WHERE s.acknowledged = 1 AND s.state != 0 AND s.state != 4 AND s.enabled = 1)"; } if ($search != "") { $rq1 .= " AND h.name like '%" . CentreonDB::escape($search) . "%' "; @@ -143,9 +136,9 @@ $rq1 .= ", centreon_acl "; } $rq1 .= " WHERE h.host_id = s.host_id ". - " AND h.name NOT LIKE '_Module_%' ". - " AND h.enabled = '1' " . - " AND s.enabled = '1' "; + " AND h.name NOT LIKE '_Module_%' ". + " AND h.enabled = '1' " . + " AND s.enabled = '1' "; $rq1 .= $obj->access->queryBuilder("AND", "h.host_id", "centreon_acl.host_id") . $obj->access->queryBuilder("AND", "s.service_id", "centreon_acl.service_id") . $obj->access->queryBuilder("AND", "group_id", $grouplistStr); From 4117ae05147240dd67c5ddd05167d3efc62e33b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Delpierre?= Date: Thu, 14 Mar 2019 14:40:05 +0100 Subject: [PATCH 4/4] psr2 style Co-Authored-By: sc979 <34628915+sc979@users.noreply.github.com> --- .../monitoring/status/ServicesHostGroups/serviceGridByHG.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php index b5f0814b26e..7853a44f1d1 100644 --- a/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php +++ b/www/include/monitoring/status/ServicesHostGroups/serviceGridByHG.php @@ -71,7 +71,7 @@ include_once("./include/monitoring/status/Common/default_poller.php"); include_once("./include/monitoring/status/Common/default_hostgroups.php"); -include_once($hg_path."serviceGridByHGJS.php"); +include_once($hg_path . "serviceGridByHGJS.php"); // Smarty template Init $tpl = new Smarty(); @@ -150,4 +150,4 @@ function displayingLevel2(val) $tpl->assign('form', $renderer->toArray()); $tpl->display("serviceGrid.ihtml"); -?> \ No newline at end of file +?>