diff --git a/www/include/monitoring/status/Common/xml/modelXML.php b/www/include/monitoring/status/Common/xml/modelXML.php deleted file mode 100644 index 76916b9dcd6..00000000000 --- a/www/include/monitoring/status/Common/xml/modelXML.php +++ /dev/null @@ -1,131 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - */ - -require_once realpath(dirname(__FILE__) . "/../../../../../../config/centreon.config.php"); -require_once realpath(__DIR__ . "/../../../../../../bootstrap.php"); - -include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; -include_once _CENTREON_PATH_ . "www/include/common/common-Func.php"; - -/* - * Create XML Request Objects - */ -session_start(); -session_write_close(); - -$obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1); - -if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { - print "Bad Session ID"; - exit(); -} - -/* - * Set Default Poller - */ -$obj->getDefaultFilters(); - -/* - * Check Arguments from GET - */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); - -/* - * Backup poller selection - */ -$obj->setInstanceHistory($instance); -$obj->setHostGroupsHistory($hostgroups); - -/* - * Get Host status - */ -$rq1 = ""; - -/* - * Set pagination - */ -$rq_pagination = $rq1; - -/* - * Get Pagination Rows - */ -$DBRESULT = $obj->DBNdo->query($rq_pagination); -$numRows = $DBRESULT->rowCount(); -$DBRESULT->closeCursor(); - -$rq1 .= " LIMIT ".($num * $limit).",".$limit; - -$obj->XML->startElement("reponse"); -$obj->XML->startElement("i"); -$obj->XML->writeElement("numrows", $numRows); -$obj->XML->writeElement("num", $num); -$obj->XML->writeElement("limit", $limit); -$obj->XML->writeElement("p", $p); -$obj->XML->writeElement("o", $o); -$obj->XML->writeElement("hard_state_label", _("Hard State Duration")); -$obj->XML->endElement(); - -$ct = 0; -$flag = 0; -$DBRESULT = $obj->DBNdo->query($rq1); -while ($ndo = $DBRESULT->fetchRow()) { - $obj->XML->startElement("l"); - $obj->XML->writeAttribute("class", $obj->getNextLineClass()); - /* - * All XML data here - */ - $obj->XML->endElement(); -} -$DBRESULT->closeCursor(); - -if (!$ct) { - $obj->XML->writeElement("infos", "none"); -} -$obj->XML->endElement(); - -$obj->header(); - -$obj->XML->output(); diff --git a/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php b/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php index 5d8c413272c..25dcef95178 100644 --- a/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php +++ b/www/include/monitoring/status/HostGroups/xml/hostGroupXML.php @@ -1,7 +1,7 @@ session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* - * Alias / Name convertion table - */ -$convertTable = array(); -$convertID = array(); -$DBRESULT = $obj->DBC->query("SELECT hostgroup_id, name FROM hostgroups"); -while ($hg = $DBRESULT->fetchRow()) { +// Alias / Name conversion table +$convertTable = []; +$convertID = []; +$dbResult = $obj->DBC->query("SELECT hostgroup_id, name FROM hostgroups"); +while ($hg = $dbResult->fetch()) { $convertTable[$hg["name"]] = $hg["name"]; $convertID[$hg["name"]] = $hg["hostgroup_id"]; } -$DBRESULT->closeCursor(); +$dbResult->closeCursor(); -/* - * Check Arguments from GET - */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +// Check Arguments From GET tab +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); + +$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + +//saving bound values +$queryValues = []; $groupStr = $obj->access->getAccessGroupsString(); -/* - * Backup poller selection - */ + +// Backup poller selection $obj->setInstanceHistory($instance); -$obj->setHostGroupsHistory($hostgroups); -/* - * Search string - */ -$searchStr = ""; +// Search string +$searchStr = " "; if ($search != "") { - $searchStr = " AND hg.name LIKE '%$search%' "; + $searchStr = " AND hg.name LIKE :search "; + $queryValues['search'] = [ + \PDO::PARAM_STR => '%' . $search . '%' + ]; } /* * Host state */ if ($obj->is_admin) { - $rq1 = "SELECT hg.name as alias, h.state, count(h.host_id) AS nb " . - "FROM hosts_hostgroups hhg, hosts h, hostgroups hg " . - "WHERE hg.hostgroup_id = hhg.hostgroup_id " . - "AND hhg.host_id = h.host_id " . - "AND h.enabled = 1 "; + $rq1 = "SELECT hg.name as alias, h.state, COUNT(h.host_id) AS nb + FROM hosts_hostgroups hhg, hosts h, hostgroups hg + WHERE hg.hostgroup_id = hhg.hostgroup_id + AND hhg.host_id = h.host_id + AND h.enabled = 1 "; if (isset($instance) && $instance > 0) { - $rq1 .= "AND h.instance_id = " . $obj->DBC->escape($instance) . " "; + $rq1 .= "AND h.instance_id = :instance"; + $queryValues['instance'] = [ + \PDO::PARAM_INT => $instance + ]; } - $rq1 .= $searchStr . - "GROUP BY hg.name, h.state"; + $rq1 .= $searchStr . "GROUP BY hg.name " . $order . ", h.state"; } else { - $rq1 = "SELECT hg.name as alias, h.state, count(DISTINCT h.host_id) AS nb " . - "FROM centreon_acl acl, hosts_hostgroups hhg, hosts h, hostgroups hg " . - "WHERE hg.hostgroup_id = hhg.hostgroup_id " . - "AND hhg.host_id = h.host_id " . - "AND h.enabled = 1 "; + $rq1 = "SELECT hg.name as alias, h.state, COUNT(DISTINCT h.host_id) AS nb + FROM centreon_acl acl, hosts_hostgroups hhg, hosts h, hostgroups hg + WHERE hg.hostgroup_id = hhg.hostgroup_id + AND hhg.host_id = h.host_id + AND h.enabled = 1 "; if (isset($instance) && $instance > 0) { - $rq1 .= "AND h.instance_id = " . $obj->DBC->escape($instance) . " "; + $rq1 .= "AND h.instance_id = :instance"; + $queryValues['instance'] = [ + \PDO::PARAM_INT => $instance + ]; + } + $rq1 .= $searchStr . $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")) . + "AND h.host_id = acl.host_id + AND acl.group_id in (" . $groupStr . ") + GROUP BY hg.name " . $order . ", h.state"; +} +$dbResult = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); } - $rq1 .= $searchStr . - $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")) . - "AND h.host_id = acl.host_id " . - "AND acl.group_id in ($groupStr) " . - "GROUP BY hg.name, h.state"; } -$DBRESULT = $obj->DBC->query($rq1); -while ($data = $DBRESULT->fetchRow()) { +$dbResult->execute(); + +while ($data = $dbResult->fetch()) { if (!isset($stats[$data["alias"]])) { $stats[$data["alias"]] = array( "h" => array(0 => 0, 1 => 0, 2 => 0, 3 => 0), @@ -139,47 +141,52 @@ } $stats[$data["alias"]]["h"][$data["state"]] = $data["nb"]; } -$DBRESULT->closeCursor(); +$dbResult->closeCursor(); /* * Get Services request */ if ($obj->is_admin) { - $rq2 = "SELECT hg.name as alias, s.state, count( s.service_id ) AS nb, " - . " (case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " . - "FROM hosts_hostgroups hhg, hosts h, hostgroups hg, services s " . - "WHERE hg.hostgroup_id = hhg.hostgroup_id " . - "AND hhg.host_id = h.host_id " . - "AND h.enabled = 1 " . - "AND h.host_id = s.host_id " . - "AND s.enabled = 1 "; + $rq2 = "SELECT hg.name AS alias, s.state, COUNT( s.service_id ) AS nb, + (CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri + FROM hosts_hostgroups hhg, hosts h, hostgroups hg, services s + WHERE hg.hostgroup_id = hhg.hostgroup_id + AND hhg.host_id = h.host_id + AND h.enabled = 1 + AND h.host_id = s.host_id + AND s.enabled = 1 "; if (isset($instance) && $instance > 0) { - $rq2 .= "AND h.instance_id = " . $obj->DBC->escape($instance) . " "; + $rq2 .= "AND h.instance_id = :instance"; } - $rq2 .= $searchStr . - "GROUP BY hg.name, s.state order by tri asc"; + $rq2 .= $searchStr . "GROUP BY hg.name, s.state ORDER BY tri ASC"; } else { - $rq2 = "SELECT hg.name as alias, s.state, count( s.service_id ) AS nb," - . " (case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " . - "FROM centreon_acl acl, hosts_hostgroups hhg, hosts h, hostgroups hg, services s " . - "WHERE hg.hostgroup_id = hhg.hostgroup_id " . - "AND hhg.host_id = h.host_id " . - "AND h.enabled = 1 " . - "AND h.host_id = s.host_id " . - "AND s.enabled = 1 "; + $rq2 = "SELECT hg.name as alias, s.state, COUNT( s.service_id ) AS nb, + (CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri + FROM centreon_acl acl, hosts_hostgroups hhg, hosts h, hostgroups hg, services s + WHERE hg.hostgroup_id = hhg.hostgroup_id + AND hhg.host_id = h.host_id + AND h.enabled = 1 + AND h.host_id = s.host_id + AND s.enabled = 1 "; if (isset($instance) && $instance > 0) { - $rq2 .= "AND h.instance_id = " . $obj->DBC->escape($instance) . " "; + $rq2 .= "AND h.instance_id = :instance"; + } + $rq2 .= $searchStr . $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")) . + "AND h.host_id = acl.host_id + AND s.service_id = acl.service_id + AND acl.group_id IN (" . $groupStr . ") + GROUP BY hg.name, s.state ORDER BY tri ASC"; +} + +$dbResult = $obj->DBC->prepare($rq2); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); } - $rq2 .= $searchStr . - $obj->access->queryBuilder("AND", "hg.name", $obj->access->getHostGroupsString("NAME")) . - "AND h.host_id = acl.host_id " . - "AND s.service_id = acl.service_id " . - "AND acl.group_id IN (" . $groupStr . ") " . - "GROUP BY hg.name, s.state order by tri asc"; } +$dbResult->execute(); -$DBRESULT = $obj->DBC->query($rq2); -while ($data = $DBRESULT->fetchRow()) { +while ($data = $dbResult->fetch()) { if (!isset($stats[$data["alias"]])) { $stats[$data["alias"]] = array( "h" => array(0 => 0, 1 => 0, 2 => 0, 3 => 0), @@ -194,7 +201,7 @@ /* * Get Pagination Rows */ -$stats = isset($stats) ? $stats : []; +$stats = $stats ?? []; $numRows = count($stats); $obj->XML->startElement("reponse"); @@ -210,9 +217,9 @@ if (isset($stats)) { foreach ($stats as $name => $stat) { - if (($i < (($num + 1) * $limit) && $i >= (($num) * $limit)) && - ((isset($converTable[$name]) && isset($acl[$convertTable[$name]])) || (!isset($acl))) && - $name != "meta_hostgroup" + if (($i < (($num + 1) * $limit) && $i >= (($num) * $limit)) + && ((isset($converTable[$name]) && isset($acl[$convertTable[$name]])) || (!isset($acl))) + && $name != "meta_hostgroup" ) { $class = $obj->getNextLineClass(); if (isset($stat["h"]) && count($stat["h"])) { diff --git a/www/include/monitoring/status/Hosts/xml/hostXML.php b/www/include/monitoring/status/Hosts/xml/hostXML.php index 450b6dd7c51..bcc053d8138 100644 --- a/www/include/monitoring/status/Hosts/xml/hostXML.php +++ b/www/include/monitoring/status/Hosts/xml/hostXML.php @@ -33,7 +33,6 @@ * */ -require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php"); require_once realpath(__DIR__ . "/../../../../../../bootstrap.php"); include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; include_once _CENTREON_PATH_ . "www/class/centreonInstance.class.php"; @@ -48,46 +47,41 @@ CentreonSession::start(); $obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1); -if (isset($_SESSION['centreon'])) { - $centreon = $_SESSION['centreon']; -} else { +if (!isset($_SESSION['centreon'])) { exit; } +$centreon = $_SESSION['centreon']; $criticality = new CentreonCriticality($obj->DB); $instanceObj = new CentreonInstance($obj->DB); $media = new CentreonMedia($obj->DB); -if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* - * Check Arguments from GET - */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$search = $obj->checkArgument("search", $_GET, ""); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); - -$statusHost = $obj->checkArgument("statusHost", $_GET, ""); -$statusFilter = $obj->checkArgument("statusFilter", $_GET, ""); - -/* Store in session the last type of call */ -$_SESSION['monitoring_host_status'] = $statusHost; -$_SESSION['monitoring_host_status_filter'] = $statusFilter; +// Check Arguments From GET tab +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +$criticalityId = filter_input( + INPUT_GET, + 'criticality', + FILTER_VALIDATE_INT, + ['options' => ['default' => $obj->defaultCriticality]] +); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hostgroups = filter_var($obj->defaultHostgroups ?? 0, FILTER_VALIDATE_INT); + +$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$statusHost = filter_input(INPUT_GET, 'statusHost', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$statusFilter = filter_input(INPUT_GET, 'statusFilter', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; if (isset($_GET['sort_type']) && $_GET['sort_type'] == "host_name") { $sort_type = "name"; @@ -98,70 +92,74 @@ $sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); } } -$criticality_id = $obj->checkArgument('criticality', $_GET, $obj->defaultCriticality); +// Store in session the last type of call +$_SESSION['monitoring_host_status'] = $statusHost; +$_SESSION['monitoring_host_status_filter'] = $statusFilter; -/* - * Backup poller selection - */ +// Backup poller selection $obj->setInstanceHistory($instance); $obj->setHostGroupsHistory($hostgroups); -$obj->setCriticality($criticality_id); +$obj->setCriticality($criticalityId); + +//saving bound values +$queryValues = []; /* * Get Host status */ -$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT h.state," . - " h.acknowledged, " . - " h.passive_checks," . - " h.active_checks," . - " h.notify," . - " h.last_state_change," . - " h.last_hard_state_change," . - " h.output," . - " h.last_check, " . - " h.address," . - " h.name," . - " h.alias," . - " h.action_url," . - " h.notes_url," . - " h.notes," . - " h.icon_image," . - " h.icon_image_alt," . - " h.max_check_attempts," . - " h.state_type," . - " h.check_attempt, " . - " h.scheduled_downtime_depth, " . - " h.host_id, " . - " h.flapping, " . - " hph.parent_id as is_parent, " . - " i.name as instance_name, " . - " cv.value as criticality, " . - " cv.value IS NULL as isnull "; -$rq1 .= " FROM instances i, "; +$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT h.state, + h.acknowledged, + h.passive_checks, + h.active_checks, + h.notify, + h.last_state_change, + h.last_hard_state_change, + h.output, + h.last_check, + h.address, + h.name, + h.alias, + h.action_url, + h.notes_url, + h.notes, + h.icon_image, + h.icon_image_alt, + h.max_check_attempts, + h.state_type, + h.check_attempt, + h.scheduled_downtime_depth, + h.host_id, + h.flapping, + hph.parent_id AS is_parent, + i.name AS instance_name, + cv.value AS criticality, + cv.value IS NULL AS isnull + FROM instances i, "; if (!$obj->is_admin) { $rq1 .= " centreon_acl, "; } if ($hostgroups) { $rq1 .= " hosts_hostgroups hhg, hostgroups hg, "; } -if ($criticality_id) { +if ($criticalityId) { $rq1 .= "customvariables cvs, "; } -$rq1 .= " `hosts` h "; -$rq1 .= " LEFT JOIN hosts_hosts_parents hph "; -$rq1 .= " ON hph.parent_id = h.host_id "; - -$rq1 .= " LEFT JOIN `customvariables` cv "; -$rq1 .= " ON (cv.host_id = h.host_id AND cv.service_id IS NULL AND cv.name = 'CRITICALITY_LEVEL') "; - -$rq1 .= " WHERE h.name NOT LIKE '_Module_%'"; -$rq1 .= " AND h.instance_id = i.instance_id "; - -if ($criticality_id) { +$rq1 .= " `hosts` h + LEFT JOIN hosts_hosts_parents hph + ON hph.parent_id = h.host_id + LEFT JOIN `customvariables` cv + ON (cv.host_id = h.host_id AND cv.service_id IS NULL AND cv.name = 'CRITICALITY_LEVEL') + WHERE h.name NOT LIKE '_Module_%' + AND h.instance_id = i.instance_id "; + +if ($criticalityId) { $rq1 .= " AND h.host_id = cvs.host_id - AND cvs.name = 'CRITICALITY_ID' - AND cvs.service_id IS NULL - AND cvs.value = '" . $obj->DBC->escape($criticality_id) . "' "; + AND cvs.name = 'CRITICALITY_ID' + AND cvs.service_id IS NULL + AND cvs.value = :criticalityId "; + $queryValues['criticalityId'] = [ + \PDO::PARAM_STR => $criticalityId + ]; } if (!$obj->is_admin) { @@ -169,16 +167,19 @@ $obj->access->queryBuilder("AND", "centreon_acl.group_id", $obj->grouplistStr); } if ($search != "") { - $rq1 .= " AND (h.name LIKE '%" . CentreonDB::escape($search) . "%' " . - "OR h.alias LIKE '%" . CentreonDB::escape($search) . "%' " . - "OR h.address LIKE '%" . CentreonDB::escape($search) . "%') "; + $rq1 .= " AND (h.name LIKE :search + OR h.alias LIKE :search + OR h.address LIKE :search) "; + $queryValues['search'] = [ + \PDO::PARAM_STR => '%' . $search . '%' + ]; } if ($statusHost == "h_unhandled") { - $rq1 .= " AND h.state = 1 "; - $rq1 .= " AND h.state_type = '1'"; - $rq1 .= " AND h.acknowledged = 0"; - $rq1 .= " AND h.scheduled_downtime_depth = 0"; + $rq1 .= " AND h.state = 1 + AND h.state_type = '1' + AND h.acknowledged = 0 + AND h.scheduled_downtime_depth = 0"; } elseif ($statusHost == "hpb") { $rq1 .= " AND (h.state != 0 AND h.state != 4) "; } @@ -194,66 +195,83 @@ } if ($hostgroups) { - $rq1 .= " AND h.host_id = hhg.host_id " . - "AND hg.hostgroup_id IN (" . $hostgroups . ") " . - "AND hhg.hostgroup_id = hg.hostgroup_id"; + $rq1 .= " AND h.host_id = hhg.host_id + AND hg.hostgroup_id = :hostgroup + AND hhg.hostgroup_id = hg.hostgroup_id"; + $queryValues['hostgroup'] = [ + \PDO::PARAM_INT => $hostgroups + ]; } if ($instance != -1 && !empty($instance)) { - $rq1 .= " AND h.instance_id = " . $instance; + $rq1 .= " AND h.instance_id = :instance "; + $queryValues['instance'] = [ + \PDO::PARAM_INT => $instance + ]; } -$rq1 .= " AND h.enabled = 1 "; +$rq1 .= " AND h.enabled = 1"; switch ($sort_type) { case 'name': $rq1 .= " ORDER BY h.name " . $order; break; case 'current_state': - $rq1 .= " ORDER BY h.state " . $order . ",h.name "; + $rq1 .= " ORDER BY h.state " . $order . ",h.name"; break; case 'last_state_change': - $rq1 .= " ORDER BY h.last_state_change " . $order . ",h.name "; + $rq1 .= " ORDER BY h.last_state_change " . $order . ",h.name"; break; case 'last_hard_state_change': - $rq1 .= " ORDER BY h.last_hard_state_change " . $order . ",h.name "; + $rq1 .= " ORDER BY h.last_hard_state_change " . $order . ",h.name"; break; case 'last_check': - $rq1 .= " ORDER BY h.last_check " . $order . ",h.name "; + $rq1 .= " ORDER BY h.last_check " . $order . ",h.name"; break; case 'current_check_attempt': - $rq1 .= " ORDER BY h.check_attempt " . $order . ",h.name "; + $rq1 .= " ORDER BY h.check_attempt " . $order . ",h.name"; break; case 'ip': - # Not SQL portable - $rq1 .= " ORDER BY IFNULL(inet_aton(h.address), h.address) " . $order . ",h.name "; + // Not SQL portable + $rq1 .= " ORDER BY IFNULL(inet_aton(h.address), h.address) " . $order . ",h.name"; break; case 'plugin_output': - $rq1 .= " ORDER BY h.output " . $order . ",h.name "; + $rq1 .= " ORDER BY h.output " . $order . ",h.name"; break; case 'criticality_id': - $rq1 .= " ORDER BY isnull $order, criticality $order, h.name "; - break; default: - $rq1 .= " ORDER BY isnull $order, criticality $order, h.name "; + $rq1 .= " ORDER BY isnull " . $order . ", criticality " . $order . ", h.name"; break; } -$rq1 .= " LIMIT " . ($num * $limit) . "," . $limit; +$rq1 .= " LIMIT :numLimit, :limit"; +$queryValues['numLimit'] = [ + \PDO::PARAM_INT => (int)($num * $limit) +]; +$queryValues['limit'] = [ + \PDO::PARAM_INT => (int)$limit +]; + +$dbResult = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } +} +$dbResult->execute(); $ct = 0; $flag = 0; -$dbResult = $obj->DBC->query($rq1); $numRows = $obj->DBC->numberRows(); /** * Get criticality ids */ $critRes = $obj->DBC->query( - "SELECT value, host_id " . - "FROM customvariables " . - "WHERE name = 'CRITICALITY_ID' " . - "AND service_id IS NULL" + "SELECT value, host_id + FROM customvariables + WHERE name = 'CRITICALITY_ID' + AND service_id IS NULL" ); $criticalityUsed = 0; -$critCache = array(); +$critCache = []; if ($obj->DBC->numberRows()) { $criticalityUsed = 1; while ($critRow = $critRes->fetch()) { @@ -302,10 +320,8 @@ $class = "line_downtime"; } elseif ($data["state"] == 1) { $data["acknowledged"] == 1 ? $class = "line_ack" : $class = "list_down"; - } else { - if ($data["acknowledged"] == 1) { - $class = "line_ack"; - } + } elseif ($data["acknowledged"] == 1) { + $class = "line_ack"; } $obj->XML->startElement("l"); diff --git a/www/include/monitoring/status/Services/xml/makeXMLForOneHost.php b/www/include/monitoring/status/Services/xml/makeXMLForOneHost.php index 4dff5b199ee..81da9a39087 100644 --- a/www/include/monitoring/status/Services/xml/makeXMLForOneHost.php +++ b/www/include/monitoring/status/Services/xml/makeXMLForOneHost.php @@ -1,7 +1,7 @@ session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +// Check Security +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print _("Bad Session ID"); exit(); } -/** ************************************************** - * Enable Lang Object - */ +// Enable Lang Object $centreonlang = new CentreonLang(_CENTREON_PATH_, $centreon); $centreonlang->bindLang(); -/** ************************************************** +/* * Check Arguments From GET tab */ -$host_id = $obj->checkArgument("host_id", $_GET, 0); -$enable = $obj->checkArgument("enable", $_GET, ""); -$disable = $obj->checkArgument("disable", $_GET, "disable"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); - -$host_id = filter_var( - $host_id ?? null, - FILTER_VALIDATE_INT -); +$hostId = filter_input(INPUT_GET, 'host_id', FILTER_VALIDATE_INT, ['options' => ['default' => false]]); -if ($host_id === false) { +if ($hostId === false) { print _("Bad host ID"); exit(); } @@ -99,58 +74,55 @@ if (!$isAdmin) { $userId = $centreon->user->user_id; $acl = new CentreonACL($userId, $isAdmin); - if (!$acl->checkHost($host_id)) { + if (!$acl->checkHost($hostId)) { print _("You don't have access to this resource"); exit(); } } -/** *************************************************** +/** * Get Host status */ -$rq1 = " SELECT h.state," . - " h.address," . - " h.name," . - " h.alias," . - " i.name AS poller, " . - " h.perfdata," . - " h.check_attempt," . - " h.state_type," . - " h.last_check, " . - " h.next_check, " . - " h.latency," . - " h.execution_time," . - " h.last_state_change," . - " h.last_notification," . - " h.next_host_notification," . - " h.last_hard_state_change," . - " h.last_hard_state," . - " h.last_time_up," . - " h.last_time_down," . - " h.last_time_unreachable," . - " h.notification_number," . - " h.scheduled_downtime_depth," . - " h.output," . - " h.notes," . - " h.notify," . - " h.event_handler_enabled," . - " h.icon_image, " . - " h.timezone" . - " FROM hosts h, instances i " . - " WHERE h.host_id = " . $host_id . - " AND h.instance_id = i.instance_id " . - " LIMIT 1"; -/* - * Request - */ -$DBRESULT = $obj->DBC->query($rq1); +$rq1 = "SELECT h.state, + h.address, + h.name, + h.alias, + i.name AS poller, + h.perfdata, + h.check_attempt, + h.state_type, + h.last_check, + h.next_check, + h.latency, + h.execution_time, + h.last_state_change, + h.last_notification, + h.next_host_notification, + h.last_hard_state_change, + h.last_hard_state, + h.last_time_up, + h.last_time_down, + h.last_time_unreachable, + h.notification_number, + h.scheduled_downtime_depth, + h.output, + h.notes, + h.notify, + h.event_handler_enabled, + h.icon_image, + h.timezone + FROM hosts h, instances i + WHERE h.host_id = :hostId AND h.instance_id = i.instance_id LIMIT 1"; +$dbResult = $obj->DBC->prepare($rq1); +$dbResult->bindValue(':hostId', $hostId, \PDO::PARAM_INT); +$dbResult->execute(); /* * Start Buffer */ $obj->XML->startElement("reponse"); -if ($data = $DBRESULT->fetchRow()) { - /* Split the plugin_output */ +if ($data = $dbResult->fetch()) { + // Split the plugin_output $outputLines = explode("\n", $data['output']); $pluginShortOuput = $outputLines[0]; @@ -214,7 +186,7 @@ $obj->XML->writeElement("timezone_name", _("Timezone")); $obj->XML->writeElement("timezone", str_replace(':', '', $data["timezone"])); - /* Last State Info */ + // Last State Info if ($data["state"] == 0) { $status = _('DOWN'); $status_date = 0; @@ -247,29 +219,21 @@ } else { $obj->XML->writeElement("infos", "none"); } -$DBRESULT->closeCursor(); +$dbResult->closeCursor(); -/* - * Translations - */ +// Translations $obj->XML->writeElement("tr1", _("Check information"), 0); $obj->XML->writeElement("tr2", _("Notification information"), 0); $obj->XML->writeElement("tr3", _("Last Status Change"), 0); $obj->XML->writeElement("tr4", _("Extended information"), 0); $obj->XML->writeElement("tr5", _("Status Information"), 0); -/* - * End buffer - */ +// End buffer $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/Services/xml/makeXMLForOneService.php b/www/include/monitoring/status/Services/xml/makeXMLForOneService.php index 33fafd6889e..23d2bd5cc0c 100644 --- a/www/include/monitoring/status/Services/xml/makeXMLForOneService.php +++ b/www/include/monitoring/status/Services/xml/makeXMLForOneService.php @@ -1,7 +1,7 @@ session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +// Check Security +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print _("Bad Session ID"); exit(); } -/** ************************************************** - * Enable Lang Object - */ +// Enable Lang Object $centreonlang = new CentreonLang(_CENTREON_PATH_, $centreon); $centreonlang->bindLang(); -/** ************************************************** +/* * Check Arguments From GET tab */ -$svc_id = $obj->checkArgument("svc_id", $_GET, 0); -$enable = $obj->checkArgument("enable", $_GET, ""); -$disable = $obj->checkArgument("disable", $_GET, "disable"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +$svcId = filter_input(INPUT_GET, 'svc_id', FILTER_SANITIZE_STRING, ['options' => ['default' => 0]]); -$tab = preg_split('/\_/', $svc_id); -$host_id = filter_var( - $tab[0] ?? null, - FILTER_VALIDATE_INT -); +// splitting the host/service combination +if (!empty($svcId)) { + $tab = preg_split('/\_/', $svcId); +} -$service_id = filter_var( - $tab[1] ?? null, - FILTER_VALIDATE_INT -); +// checking splitted values consistency +$hostId = filter_var($tab[0] ?? null, FILTER_VALIDATE_INT); +$serviceId = filter_var($tab[1] ?? null, FILTER_VALIDATE_INT); -if ($host_id === false || $service_id === false) { +if ($hostId === false || $serviceId === false) { print _("Bad service ID"); exit(); } -// Get Check if user is not admin +// Check if the user is admin or not $isAdmin = $centreon->user->admin; if (!$isAdmin) { $userId = $centreon->user->user_id; $acl = new CentreonACL($userId, $isAdmin); - if (!$acl->checkService($service_id)) { + if (!$acl->checkService($serviceId)) { print _("You don't have access to this resource"); exit(); } } -/** ************************************************** - * Get Service status - */ -$rq1 = "SELECT s.state," . - " h.name, " . - " s.description," . - " s.last_check," . - " s.next_check," . - " s.last_state_change," . - " s.last_notification," . - " s.last_hard_state_change," . - " s.last_hard_state," . - " s.latency," . - " s.last_time_ok," . - " s.last_time_critical," . - " s.last_time_unknown," . - " s.last_time_warning," . - " s.notification_number," . - " s.scheduled_downtime_depth," . - " s.output," . - " s.notes," . - " ROUND(s.percent_state_change) as percent_state_change," . - " s.notify," . - " s.perfdata," . - " s.state_type," . - " s.execution_time," . - " s.event_handler_enabled, " . - " s.icon_image, " . - " s.display_name " . - " FROM hosts h, services s " . - " WHERE s.host_id = h.host_id " . - " AND s.host_id = $host_id AND service_id = $service_id LIMIT 1"; - /* - * Init Buffer + * Get Service status */ +$rq1 = "SELECT s.state, + h.name, + s.description, + s.last_check, + s.next_check, + s.last_state_change, + s.last_notification, + s.last_hard_state_change, + s.last_hard_state, + s.latency, + s.last_time_ok, + s.last_time_critical, + s.last_time_unknown, + s.last_time_warning, + s.notification_number, + s.scheduled_downtime_depth, + s.output, + s.notes, + ROUND(s.percent_state_change) as percent_state_change, + s.notify, + s.perfdata, + s.state_type, + s.execution_time, + s.event_handler_enabled, + s.icon_image, + s.display_name + FROM hosts h, services s WHERE s.host_id = h.host_id + AND s.host_id = :hostId AND service_id = :serviceId LIMIT 1"; +$dbResult = $obj->DBC->prepare($rq1); +$dbResult->bindValue(':hostId', $hostId, \PDO::PARAM_INT); +$dbResult->bindValue(':serviceId', $serviceId, \PDO::PARAM_INT); +$dbResult->execute(); + +// Init Buffer $obj->XML->startElement("reponse"); -/* - * Request - */ -$DBRESULT = $obj->DBC->query($rq1); -if ($data = $DBRESULT->fetchRow()) { +if ($data = $dbResult->fetch()) { /* Split the plugin_output */ $outputLines = preg_split('/
|
|\\\n|\x0A|\x0D\x0A|\n/', $data['output']); if (strlen($outputLines[0]) > 100) { @@ -161,7 +136,7 @@ } else { $pluginShortOuput = $outputLines[0]; } - $longOutput = array(); + $longOutput = []; if (isset($outputLines[1])) { for ($x = 1; isset($outputLines[$x]) && $x < 5; $x++) { $longOutput[] = $outputLines[$x]; @@ -213,9 +188,7 @@ $obj->XML->text(CentreonUtils::escapeSecure($pluginShortOuput), 0); $obj->XML->endElement(); - /* - * Long Output - */ + // Long Output $obj->XML->writeElement("long_name", _("Extended Status Information"), 0); foreach ($longOutput as $val) { if ($val != "") { @@ -262,7 +235,7 @@ $obj->XML->writeElement("is_downtime_name", _("In Scheduled Downtime?"), 0); $obj->XML->writeElement("ico", $data["icon_image"]); - /* Last State Info */ + // Last State Info if ($data["state"] == 0) { $status = ''; $status_date = 0; @@ -301,9 +274,7 @@ } unset($data); -/* - * Translations - */ +// Translations $obj->XML->writeElement("tr1", _("Check information"), 0); $obj->XML->writeElement("tr2", _("Notification Information"), 0); $obj->XML->writeElement("tr3", _("Last Status Change"), 0); @@ -311,18 +282,11 @@ $obj->XML->writeElement("tr5", _("Status Information"), 0); $obj->XML->writeElement("tr6", _("Output"), 0); -/* - * End Buffer - */ - +// End Buffer $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/Services/xml/serviceGridXML.php b/www/include/monitoring/status/Services/xml/serviceGridXML.php index fe1e2a7f131..94c25a313d2 100644 --- a/www/include/monitoring/status/Services/xml/serviceGridXML.php +++ b/www/include/monitoring/status/Services/xml/serviceGridXML.php @@ -1,7 +1,7 @@ DB); - -if (!CentreonSession::checkSession($obj->session_id, $obj->DB)) { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* ************************************************** - * Check Arguments From GET tab - */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$nc = $obj->checkArgument("nc", $_GET, "0"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); - -/* - * Backup poller selection - */ +// Check Arguments From GET tab +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hostgroups = filter_var($obj->defaultHostgroups ?? 0, FILTER_VALIDATE_INT); +$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sortType = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'host_name']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + +// Backup poller selection $obj->setInstanceHistory($instance); -/** ********************************************* +//saving bound values +$queryValues = []; + +/** * Get Host status */ -$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT hosts.name, hosts.state, hosts.icon_image, hosts.host_id " . - " FROM hosts "; +$rq1 = " SELECT SQL_CALC_FOUND_ROWS DISTINCT hosts.name, hosts.state, hosts.icon_image, hosts.host_id FROM hosts "; if ($hostgroups) { $rq1 .= ", hosts_hostgroups hg, hostgroups hg2 "; } @@ -96,8 +85,8 @@ } $rq1 .= " WHERE hosts.name NOT LIKE '_Module_%' "; if (!$obj->is_admin) { - $rq1 .= " AND hosts.host_id = centreon_acl.host_id "; - $rq1 .= $obj->access->queryBuilder("AND", "group_id", $obj->grouplistStr); + $rq1 .= " AND hosts.host_id = centreon_acl.host_id " . + $obj->access->queryBuilder("AND", "group_id", $obj->grouplistStr); } if ($o == "svcgrid_pb" || $o == "svcOV_pb" || $o == "svcgrid_ack_0" || $o == "svcOV_ack_0") { $rq1 .= " AND hosts.host_id IN (" . @@ -110,19 +99,23 @@ " WHERE s.acknowledged = '1' AND s.enabled = 1)"; } if ($search != "") { - $rq1 .= " AND hosts.name like '%" . $search . "%' "; + $rq1 .= " AND hosts.name like :search "; + $queryValues['search'] = [\PDO::PARAM_STR => '%' . $search . '%']; } if ($instance != -1) { - $rq1 .= " AND hosts.instance_id = " . $instance . ""; + $rq1 .= " AND hosts.instance_id = :instance "; + $queryValues['instance'] = [\PDO::PARAM_INT => $instance]; } if ($hostgroups) { - $rq1 .= " AND hosts.host_id = hg.host_id "; - $rq1 .= " AND hg.hostgroup_id IN (" . $hostgroups . ") "; - $rq1 .= " AND hg.hostgroup_id = hg2.hostgroup_id "; + $rq1 .= " AND hosts.host_id = hg.host_id + AND hg.hostgroup_id = :hostgroup + AND hg.hostgroup_id = hg2.hostgroup_id "; + // only one value is returned from the current "select" filter + $queryValues['hostgroup'] = [\PDO::PARAM_INT => $hostgroups]; } $rq1 .= " AND hosts.enabled = 1 "; -switch ($sort_type) { +switch ($sortType) { case 'current_state': $rq1 .= " ORDER BY hosts.state " . $order . ",hosts.name "; break; @@ -130,12 +123,19 @@ $rq1 .= " ORDER BY hosts.name " . $order; break; } -$rq1 .= " LIMIT " . ($num * $limit) . "," . $limit; +$rq1 .= " LIMIT :numLimit, :limit"; +$queryValues['numLimit'] = [\PDO::PARAM_INT => ($num * $limit)]; +$queryValues['limit'] = [\PDO::PARAM_INT => $limit]; + +// Execute request +$dbResult = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } +} +$dbResult->execute(); -/* - * Execute request - */ -$DBRESULT = $obj->DBC->query($rq1); $numRows = $obj->DBC->numberRows(); $obj->XML->startElement("reponse"); @@ -148,9 +148,9 @@ preg_match("/svcOV/", $_GET["o"], $matches) ? $obj->XML->writeElement("s", "1") : $obj->XML->writeElement("s", "0"); $obj->XML->endElement(); -$tab_final = array(); +$tab_final = []; $str = ""; -while ($ndo = $DBRESULT->fetchRow()) { +while ($ndo = $dbResult->fetch()) { if ($str != "") { $str .= ","; } @@ -162,11 +162,9 @@ $tabIcone[$ndo["name"]] = "none"; } } -$DBRESULT->closeCursor(); +$dbResult->closeCursor(); -/* - * Get Service status - */ +// Get Service status $tab_svc = $obj->monObj->getServiceStatus($str, $obj, $o, $instance, $hostgroups); if (isset($tab_svc)) { foreach ($tab_svc as $host_name => $tab) { @@ -207,12 +205,8 @@ } $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/Services/xml/serviceSummaryXML.php b/www/include/monitoring/status/Services/xml/serviceSummaryXML.php index f63ace20782..46e04fd8dad 100644 --- a/www/include/monitoring/status/Services/xml/serviceSummaryXML.php +++ b/www/include/monitoring/status/Services/xml/serviceSummaryXML.php @@ -1,7 +1,7 @@ session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/* - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/* ************************************************** - * Check Arguments From GET tab - */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$nc = $obj->checkArgument("nc", $_GET, "0"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); -/* - * Backup poller selection - */ +// Check Arguments From GET tab +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hostgroups = filter_var($obj->defaultHostgroups ?? 0, FILTER_VALIDATE_INT); +$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sortType = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'host_name']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + +// Backup poller selection $obj->setInstanceHistory($instance); -$service = array(); -$host_status = array(); -$service_status = array(); -$host_services = array(); -$metaService_status = array(); -$tab_host_service = array(); -$tabIcone = array(); - -/** ********************************************* +$service = []; +$host_status = []; +$service_status = []; +$host_services = []; +$metaService_status = []; +$tab_host_service = []; +$tabIcone = []; +//saving bound values +$queryValues = []; + +/** * Get status */ -$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT hosts.name, hosts.state, hosts.icon_image, hosts.host_id " - . "FROM hosts "; +$rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT hosts.name, hosts.state, hosts.icon_image, hosts.host_id FROM hosts "; if ($hostgroups) { $rq1 .= ", hosts_hostgroups hg, hostgroups hg2 "; } @@ -102,8 +91,7 @@ $rq1 .= ", centreon_acl "; } -$rq1 .= "WHERE hosts.name NOT LIKE '_Module_%' " - . "AND hosts.enabled = 1 " +$rq1 .= "WHERE hosts.name NOT LIKE '_Module_%' AND hosts.enabled = 1 " . $obj->access->queryBuilder("AND", "hosts.host_id", "centreon_acl.host_id") . " " . $obj->access->queryBuilder("AND", "group_id", $obj->grouplistStr) . " "; @@ -129,21 +117,24 @@ } if ($search != "") { - $rq1 .= "AND hosts.name like '%" . $search . "%' "; + $rq1 .= "AND hosts.name like :search "; + $queryValues['search'] = [\PDO::PARAM_STR => '%' . $search . '%']; } if ($instance != -1) { - $rq1 .= "AND hosts.instance_id = " . $instance . " "; + $rq1 .= "AND hosts.instance_id = :instance "; + $queryValues['instance'] = [\PDO::PARAM_INT => $instance]; } if ($hostgroups) { - $rq1 .= " AND hosts.host_id = hg.host_id " - . "AND hg.hostgroup_id IN (" . $hostgroups . ") " - . "AND hg.hostgroup_id = hg2.hostgroup_id "; + $rq1 .= " AND hosts.host_id = hg.host_id + AND hg.hostgroup_id = :hostGroup + AND hg.hostgroup_id = hg2.hostgroup_id "; + $queryValues['hostGroup'] = [\PDO::PARAM_INT => $hostgroups]; } -# ORDER BY -switch ($sort_type) { +// Sort order +switch ($sortType) { case 'current_state': $rq1 .= "ORDER BY hosts.state " . $order . ",hosts.name "; break; @@ -152,19 +143,22 @@ break; } -# LIMIT -$rq1 .= "LIMIT " . ($num * $limit) . "," . $limit . " "; +// Limit +$rq1 .= " LIMIT :numLimit, :limit"; +$queryValues['numLimit'] = [\PDO::PARAM_INT => ($num * $limit)]; +$queryValues['limit'] = [\PDO::PARAM_INT => $limit]; +$dbResult = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } +} +$dbResult->execute(); -/* - * Execute request - */ -$DBRESULT = $obj->DBC->query($rq1); $numRows = $obj->DBC->numberRows(); -/* - * Info / Pagination - */ +// Info / Pagination $obj->XML->startElement("reponse"); $obj->XML->startElement("i"); $obj->XML->writeElement("numrows", $numRows); @@ -174,9 +168,17 @@ $obj->XML->endElement(); $ct = 0; -$tab_final = array(); -$DBRESULT_NDO1 = $obj->DBC->query($rq1); -while ($ndo = $DBRESULT_NDO1->fetchRow()) { +$tab_final = []; +$dbResultNDO1 = $obj->DBC->query($rq1); +$dbResultNDO1 = $obj->DBC->prepare($rq1); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } +} +$dbResultNDO1->execute(); + +while ($ndo = $dbResultNDO1->fetch()) { $tab_final[$ndo["name"]]["nb_service_k"] = 0; $tab_final[$ndo["name"]]["host_id"] = $ndo["host_id"]; if ($o != "svcSum_pb" && $o != "svcSum_ack_1" && $o != "svcSum_ack_0") { @@ -223,12 +225,8 @@ } $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/Services/xml/serviceXML.php b/www/include/monitoring/status/Services/xml/serviceXML.php index d0266b3c1d1..e1dd44a1f9d 100644 --- a/www/include/monitoring/status/Services/xml/serviceXML.php +++ b/www/include/monitoring/status/Services/xml/serviceXML.php @@ -1,7 +1,7 @@ user->get_lang(); putenv("LANG=$locale"); setlocale(LC_ALL, $locale); @@ -84,106 +70,79 @@ $instanceObj = new CentreonInstance($obj->DB); $media = new CentreonMedia($obj->DB); -if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - ; -} else { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } -/** - * Set Default Poller - */ +// Set Default Poller $obj->getDefaultFilters(); -/** * ************************************************* - * Check Arguments From GET tab - */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$nc = $obj->checkArgument("nc", $_GET, "0"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$servicegroups = $obj->checkArgument("servicegroups", $_GET, $obj->defaultServicegroups); -$search = $obj->checkArgument("search", $_GET, ""); -$search_host = $obj->checkArgument("search_host", $_GET, ""); -$search_output = $obj->checkArgument("search_output", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); -$search_type_host = $obj->checkArgument("search_type_host", $_GET, 1); -$search_type_service = $obj->checkArgument("search_type_service", $_GET, 1); -$criticality_id = $obj->checkArgument('criticality', $_GET, $obj->defaultCriticality); - -$statusService = $obj->checkArgument("statusService", $_GET, ""); -$statusFilter = $obj->checkArgument("statusFilter", $_GET, ""); - -CentreonDb::checkInjection($o); -CentreonDb::checkInjection($p); -CentreonDb::checkInjection($nc); -CentreonDb::checkInjection($num); -CentreonDb::checkInjection($limit); -CentreonDb::checkInjection($instance); -CentreonDb::checkInjection($hostgroups); -CentreonDb::checkInjection($servicegroups); -CentreonDb::checkInjection($search); -CentreonDb::checkInjection($search_host); -CentreonDb::checkInjection($search_output); -CentreonDb::checkInjection($sort_type); -CentreonDb::checkInjection($order); -CentreonDb::checkInjection($dateFormat); -CentreonDb::checkInjection($search_type_host); -CentreonDb::checkInjection($search_type_service); -CentreonDb::checkInjection($criticality_id); - -/* Store in session the last type of call */ +// Check Arguments From GET tab +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +$nc = filter_input(INPUT_GET, 'nc', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$criticalityId = filter_input(INPUT_GET, 'criticality', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$serviceToSearch = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$hostToSearch = filter_input(INPUT_GET, 'search_host', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$outputToSearch = filter_input(INPUT_GET, 'search_output', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sortType = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'host_name']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; +$statusService = filter_input(INPUT_GET, 'statusService', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$statusFilter = filter_input(INPUT_GET, 'statusFilter', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$dateFormat = "Y/m/d H:i:s"; +//if instance, hostgroup or servicegroup values are not set, displaying each active linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hostgroups = filter_var($obj->defaultHostgroups ?? 0, FILTER_VALIDATE_INT); +$servicegroups = filter_var($obj->defaultServicegroups ?? 0, FILTER_VALIDATE_INT); + +// Store in session the last type of call $_SESSION['monitoring_service_status'] = $statusService; $_SESSION['monitoring_service_status_filter'] = $statusFilter; - -/** * ************************************************* - * Backup poller selection - */ +// Backup poller selection $obj->setInstanceHistory($instance); -/** * ************************************************* - * Backup criticality id - */ -$obj->setCriticality($criticality_id); +// Backup criticality id +$obj->setCriticality($criticalityId); -/** - * Graphs Tables - */ -$graphs = array(); +// Saving bound values +$queryValues = []; -/** * ************************************************* - * Get Service status - */ -$instance_filter = ""; -if ($instance != -1 && !empty($instance)) { - $instance_filter = " AND h.instance_id = " . $instance . " "; +// Graphs Tables +$graphs = []; + +// Get Service status +$instance_filter = " "; +if (!empty($instance) && $instance != -1) { + $instance_filter = " AND h.instance_id = :instance"; + $queryValues['instance'] = [\PDO::PARAM_INT => $instance]; } -$searchHost = ""; -if ($search_host) { - $searchHost .= " AND (h.name LIKE '%$search_host%' "; - $searchHost .= " OR h.alias LIKE '%$search_host%' "; - $searchHost .= " OR h.address LIKE '%$search_host%' ) "; +$searchHost = " "; +if ($hostToSearch) { + $searchHost = " AND (h.name LIKE :hostToSearch + OR h.alias LIKE :hostToSearch + OR h.address LIKE :hostToSearch) "; + $queryValues['hostToSearch'] = [\PDO::PARAM_STR => '%' . $hostToSearch . '%']; } -$searchService = ""; -if ($search) { - $searchService .= " AND (s.description LIKE '%$search%' OR s.display_name LIKE '%$search%')"; +$searchService = " "; +if ($serviceToSearch) { + $searchService = " AND (s.description LIKE :serviceToSearch OR s.display_name LIKE :serviceToSearch) "; + $queryValues['serviceToSearch'] = [\PDO::PARAM_STR => '%' . $serviceToSearch . '%']; } -$searchOutput = ""; -if ($search_output) { - $searchOutput .= " AND s.output LIKE '%$search_output%' "; + +$searchOutput = " "; +if ($outputToSearch) { + $searchOutput = " AND s.output LIKE :outputToSearch "; + $queryValues['outputToSearch'] = [\PDO::PARAM_STR => '%' . $outputToSearch . '%']; } -$tabOrder = array(); -$tabOrder["criticality_id"] = " ORDER BY isnull $order, criticality $order, h.name, s.description "; +$tabOrder = []; +$tabOrder["criticality_id"] = " ORDER BY isnull " .$order . ", criticality " . $order . ", h.name, s.description "; $tabOrder["host_name"] = " ORDER BY h.name " . $order . ", s.description "; $tabOrder["service_description"] = " ORDER BY s.description " . $order . ", h.name"; $tabOrder["current_state"] = " ORDER BY s.state " . $order . ", h.name, s.description"; @@ -194,61 +153,56 @@ $tabOrder["output"] = " ORDER BY s.output " . $order . ", h.name, s.description"; $tabOrder["default"] = $tabOrder['criticality_id']; -$request = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name, h.alias, h.address, h.host_id, s.description, " - . "s.service_id, s.notes, s.notes_url, s.action_url, s.max_check_attempts, " - . "s.icon_image, s.display_name, s.state, s.output as plugin_output, " - . "s.state_type, s.check_attempt as current_attempt, s.last_update as status_update_time, s.last_state_change, " - . "s.last_hard_state_change, s.last_check, s.next_check, " - . "s.notify, s.acknowledged, s.passive_checks, s.active_checks, s.event_handler_enabled, s.flapping, " - . "s.scheduled_downtime_depth, s.flap_detection, h.state as host_state, h.acknowledged AS h_acknowledged, " - . "h.scheduled_downtime_depth AS h_scheduled_downtime_depth, " - . "h.icon_image AS h_icon_images, h.display_name AS h_display_name, h.action_url AS h_action_url, " - . "h.notes_url AS h_notes_url, h.notes AS h_notes, h.address, " - . "h.passive_checks AS h_passive_checks, h.active_checks AS h_active_checks, " - . "i.name as instance_name, cv.value as criticality, cv.value IS NULL as isnull "; -$request .= " FROM hosts h, instances i "; +$request = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name, h.alias, h.address, h.host_id, s.description, + s.service_id, s.notes, s.notes_url, s.action_url, s.max_check_attempts, + s.icon_image, s.display_name, s.state, s.output as plugin_output, + s.state_type, s.check_attempt as current_attempt, s.last_update as status_update_time, s.last_state_change, + s.last_hard_state_change, s.last_check, s.next_check, + s.notify, s.acknowledged, s.passive_checks, s.active_checks, s.event_handler_enabled, s.flapping, + s.scheduled_downtime_depth, s.flap_detection, h.state as host_state, h.acknowledged AS h_acknowledged, + h.scheduled_downtime_depth AS h_scheduled_downtime_depth, + h.icon_image AS h_icon_images, h.display_name AS h_display_name, h.action_url AS h_action_url, + h.notes_url AS h_notes_url, h.notes AS h_notes, h.address, + h.passive_checks AS h_passive_checks, h.active_checks AS h_active_checks, + i.name as instance_name, cv.value as criticality, cv.value IS NULL as isnull + FROM hosts h, instances i "; if (isset($hostgroups) && $hostgroups != 0) { $request .= ", hosts_hostgroups hg, hostgroups hg2"; } if (isset($servicegroups) && $servicegroups != 0) { $request .= ", services_servicegroups ssg, servicegroups sg"; } -if ($criticality_id) { +if ($criticalityId) { $request .= ", customvariables cvs "; } if (!$obj->is_admin) { $request .= ", centreon_acl "; } -$request .= ", services s LEFT JOIN customvariables cv ON (s.service_id = cv.service_id " - . "AND cv.host_id = s.host_id AND cv.name = 'CRITICALITY_LEVEL') "; -$request .= " WHERE h.host_id = s.host_id - AND s.enabled = 1 - AND h.enabled = 1 - AND h.instance_id = i.instance_id "; -if ($criticality_id) { +$request .= ", services s LEFT JOIN customvariables cv ON (s.service_id = cv.service_id + AND cv.host_id = s.host_id AND cv.name = 'CRITICALITY_LEVEL') + WHERE h.host_id = s.host_id + AND s.enabled = 1 + AND h.enabled = 1 + AND h.instance_id = i.instance_id "; +if ($criticalityId) { $request .= " AND s.service_id = cvs. service_id - AND cvs.host_id = h.host_id - AND cvs.name = 'CRITICALITY_ID' - AND cvs.value = '" . $obj->DBC->escape($criticality_id) . "' "; -} -$request .= " AND h.name NOT LIKE '_Module_BAM%' "; - -if ($searchHost) { - $request .= $searchHost; + AND cvs.host_id = h.host_id + AND cvs.name = 'CRITICALITY_ID' + AND cvs.value = :criticalityValue"; + // the variable bounded to criticalityValue must be an integer. But is inserted in a DB's varchar column + $queryValues['criticalityValue'] = [\PDO::PARAM_STR => $criticalityId]; } -if ($searchService) { - $request .= $searchService; -} -if ($searchOutput) { - $request .= $searchOutput; -} -$request .= $instance_filter; +$request .= " AND h.name NOT LIKE '_Module_BAM%' " + . $searchHost + . $searchService + . $searchOutput + . $instance_filter; if ($statusService == 'svc_unhandled') { - $request .= " AND s.state_type = 1"; - $request .= " AND s.acknowledged = 0"; - $request .= " AND s.scheduled_downtime_depth = 0"; - $request .= " AND h.acknowledged = 0 AND h.scheduled_downtime_depth = 0 "; + $request .= " AND s.state_type = 1 + AND s.acknowledged = 0 + AND s.scheduled_downtime_depth = 0 + AND h.acknowledged = 0 AND h.scheduled_downtime_depth = 0 "; } if ($statusService === 'svc_unhandled' || $statusService === 'svcpb') { @@ -285,55 +239,61 @@ } } -/** - * HostGroup Filter - */ +// HostGroup Filter if (isset($hostgroups) && $hostgroups != 0) { - $request .= " AND hg.hostgroup_id = hg2.hostgroup_id " - . "AND hg.host_id = h.host_id AND hg.hostgroup_id IN (" . $hostgroups . ") "; + $request .= " AND hg.hostgroup_id = hg2.hostgroup_id + AND hg.host_id = h.host_id AND hg.hostgroup_id = :hostGroup "; + $queryValues['hostGroup'] = [\PDO::PARAM_INT => $hostgroups]; } -/** - * ServiceGroup Filter - */ + +// ServiceGroup Filter if (isset($servicegroups) && $servicegroups != 0) { - $request .= " AND ssg.servicegroup_id = sg.servicegroup_id " - . "AND ssg.service_id = s.service_id AND ssg.servicegroup_id IN (" . $servicegroups . ") "; + $request .= " AND ssg.servicegroup_id = sg.servicegroup_id + AND ssg.service_id = s.service_id AND ssg.servicegroup_id = :serviceGroup "; + $queryValues['serviceGroup'] = [\PDO::PARAM_INT => $servicegroups]; } -/** - * ACL activation - */ +// ACL activation if (!$obj->is_admin) { - $request .= " AND h.host_id = centreon_acl.host_id " - . "AND s.service_id = centreon_acl.service_id AND group_id IN (" . $obj->grouplistStr . ") "; + $request .= " AND h.host_id = centreon_acl.host_id + AND s.service_id = centreon_acl.service_id AND group_id IN (" . $obj->grouplistStr . ") "; } -(isset($tabOrder[$sort_type])) ? $request .= $tabOrder[$sort_type] : $request .= $tabOrder["default"]; -$request .= " LIMIT " . ($num * $limit) . "," . $limit; +// Sort order by +$request .= isset($tabOrder[$sortType]) + ? $tabOrder[$sortType] + : $tabOrder["default"]; -/** * ************************************************** - * Get Pagination Rows - */ +$request .= " LIMIT :numLimit, :limit"; +$queryValues['numLimit'] = [\PDO::PARAM_INT => ($num * $limit)]; +$queryValues['limit'] = [\PDO::PARAM_INT => $limit]; + +// Get Pagination Rows $sqlError = false; try { - $DBRESULT = $obj->DBC->query($request); + $dbResult = $obj->DBC->prepare($request); + foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } + } + $dbResult->execute(); + $numRows = $obj->DBC->numberRows(); } catch (\PDOException $e) { $sqlError = true; $numRows = 0; } -/** - * Get criticality ids - */ +// Get criticality ids $critRes = $obj->DBC->query( "SELECT value, service_id FROM customvariables WHERE name = 'CRITICALITY_ID' AND service_id IS NOT NULL" ); $criticalityUsed = 0; -$critCache = array(); +$critCache = []; if ($critRes->rowCount()) { $criticalityUsed = 1; - while ($critRow = $critRes->fetchRow()) { + while ($critRow = $critRes->fetch()) { $critCache[$critRow['service_id']] = $critRow['value']; } } @@ -343,7 +303,7 @@ && ($statusFilter === 'ok' || $statusFilter === 'pending') ); -/* * ************************************************** +/** * Create Buffer */ $obj->XML->startElement("reponse"); @@ -375,13 +335,13 @@ $flag = 0; if (!$sqlError) { - while ($data = $DBRESULT->fetchRow()) { + while ($data = $dbResult->fetch()) { $passive = 0; $active = 1; $last_check = " "; $duration = " "; - /* Split the plugin_output */ + // Split the plugin_output $outputLines = explode("\n", $data['plugin_output']); $pluginShortOuput = $outputLines[0]; @@ -602,10 +562,7 @@ $obj->XML->writeElement( "snu", CentreonUtils::escapeSecure( - $obj->serviceObj->replaceMacroInString( - $data["service_id"], - $data["notes_url"] - ) + $obj->serviceObj->replaceMacroInString($data["service_id"], $data["notes_url"]) ) ); } else { @@ -677,21 +634,25 @@ * Get Service Graph index */ if (!isset($graphs[$data["host_id"]]) || !isset($graphs[$data["host_id"]][$data["service_id"]])) { - $request2 = "SELECT DISTINCT service_id, id " - . "FROM index_data, metrics " - . "WHERE metrics.index_id = index_data.id " - . "AND host_id = " . $data["host_id"] . " " - . "AND service_id = " . $data["service_id"] . " " - . "AND index_data.hidden = '0' "; - $DBRESULT2 = $obj->DBC->query($request2); - while ($dataG = $DBRESULT2->fetchRow()) { + $request2 = "SELECT DISTINCT service_id, id + FROM index_data, metrics + WHERE metrics.index_id = index_data.id + AND host_id = :hostId + AND service_id = :serviceId + AND index_data.hidden = '0'"; + $dbResult2 = $obj->DBC->prepare($request2); + $dbResult2->bindValue(':hostId', $data["host_id"], \PDO::PARAM_INT); + $dbResult2->bindValue(':serviceId', $data["service_id"], \PDO::PARAM_INT); + $dbResult2->execute(); + + while ($dataG = $dbResult2->fetch()) { if (!isset($graphs[$data["host_id"]])) { - $graphs[$data["host_id"]] = array(); + $graphs[$data["host_id"]] = []; } $graphs[$data["host_id"]][$dataG["service_id"]] = $dataG["id"]; } if (!isset($graphs[$data["host_id"]])) { - $graphs[$data["host_id"]] = array(); + $graphs[$data["host_id"]] = []; } } $obj->XML->writeElement( @@ -700,7 +661,7 @@ ); $obj->XML->endElement(); } - $DBRESULT->closeCursor(); + $dbResult->closeCursor(); } unset($data); @@ -713,12 +674,8 @@ $obj->XML->writeElement("sid", $obj->session_id); $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php index 2a7969bf252..25271953877 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceGridByHGXML.php @@ -33,9 +33,7 @@ * */ -require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php"); require_once realpath(__DIR__ . "/../../../../../../bootstrap.php"); - include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php"; include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; include_once _CENTREON_PATH_ . "www/include/monitoring/status/Common/common-Func.php"; @@ -47,7 +45,7 @@ $obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1); $svcObj = new CentreonService($obj->DB); -if (!isset($obj->session_id) && !CentreonSession::checkSession($obj->session_id, $obj->DB)) { +if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); } @@ -63,20 +61,22 @@ $obj->getDefaultFilters(); // Check Arguments From GET tab -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$hg = $obj->checkArgument("hg", $_GET, ""); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroup = $obj->checkArgument("hg_search", $_GET, ""); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hostgroup = filter_input(INPUT_GET, 'hg_search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sort_type = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'host_name']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + $grouplistStr = $obj->access->getAccessGroupsString(); -$queryValues = array(); +//saving bound values +$queryValues = []; + //Get Host status $rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT hg.name AS alias, h.host_id id, h.name AS host_name, hgm.hostgroup_id, " . "h.state hs, h.icon_image " . @@ -147,24 +147,24 @@ } $DBRESULT->execute(); -$tabH = array(); -$tabHG = array(); -$tab_finalH = array(); +$tabH = []; +$tabHG = []; +$tab_finalH = []; $numRows = $obj->DBC->query("SELECT FOUND_ROWS()")->fetchColumn(); while ($ndo = $DBRESULT->fetch()) { if (!isset($tab_finalH[$ndo["alias"]])) { - $tab_finalH[$ndo["alias"]] = array($ndo["host_name"] => array()); + $tab_finalH[$ndo["alias"]] = array($ndo["host_name"] => []); } $tab_finalH[$ndo["alias"]][$ndo["host_name"]]["cs"] = $ndo["hs"]; $tab_finalH[$ndo["alias"]][$ndo["host_name"]]["icon"] = $ndo['icon_image']; - $tab_finalH[$ndo["alias"]][$ndo["host_name"]]["tab_svc"] = array(); + $tab_finalH[$ndo["alias"]][$ndo["host_name"]]["tab_svc"] = []; $tabH[$ndo["host_name"]] = $ndo["id"]; $tabHG[$ndo["alias"]] = $ndo["hostgroup_id"]; } $DBRESULT->closeCursor(); // Resetting $queryValues -$queryValues = array(); +$queryValues = []; // Get Services status $rq1 = "SELECT DISTINCT s.service_id, h.name as host_name, s.description, s.state svcs, " . @@ -203,8 +203,8 @@ } $rq1 .= " ORDER BY tri ASC, s.description ASC"; -$tabService = array(); -$tabHost = array(); +$tabService = []; +$tabHost = []; $DBRESULT = $obj->DBC->prepare($rq1); foreach ($queryValues as $bindId => $bindData) { @@ -216,10 +216,10 @@ while ($ndo = $DBRESULT->fetch()) { if (!isset($tabService[$ndo["host_name"]])) { - $tabService[$ndo["host_name"]] = array(); + $tabService[$ndo["host_name"]] = []; } if (!isset($tabService[$ndo["host_name"]])) { - $tabService[$ndo["host_name"]] = array("tab_svc" => array()); + $tabService[$ndo["host_name"]] = array("tab_svc" => []); } $tabService[$ndo["host_name"]]["tab_svc"][$ndo["description"]] = $ndo["svcs"]; $tabHost[$ndo["host_name"]] = $ndo["service_id"]; diff --git a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php index 8e005e87bb5..919dce445e3 100644 --- a/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php +++ b/www/include/monitoring/status/ServicesHostGroups/xml/serviceSummaryByHGXML.php @@ -1,5 +1,4 @@ getDefaultFilters(); // Check Arguments From GET tab -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$hg = $obj->checkArgument("hg", $_GET, ""); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroup = $obj->checkArgument("hg_search", $_GET, ""); -$search = $obj->checkArgument("search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "alias"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hostgroup = filter_input(INPUT_GET, 'hg_search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sort_type = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'alias']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + $grouplistStr = $obj->access->getAccessGroupsString(); -$queryValues = array(); +//saving bound values +$queryValues = []; + // Get Host status $rq1 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT h.name AS host_name, hg.name AS hgname, hgm.hostgroup_id, h.host_id, " . "h.state, h.icon_image FROM hostgroups hg, hosts_hostgroups hgm, hosts h "; @@ -90,7 +90,7 @@ if ($instance != -1) { $rq1 .= "AND h.instance_id = :instance "; $queryValues[':instance'] = [ - PDO::PARAM_INT => (int) $instance + PDO::PARAM_INT => (int)$instance ]; } @@ -133,10 +133,10 @@ PDO::PARAM_STR => $sort_type ]; $queryValues[':numLimit'] = [ - PDO::PARAM_INT => (int) ($num * $limit) + PDO::PARAM_INT => (int)($num * $limit) ]; $queryValues[':limit'] = [ - PDO::PARAM_INT => (int) $limit + PDO::PARAM_INT => (int)$limit ]; $DBRESULT = $obj->DBC->prepare($rq1); @@ -150,8 +150,8 @@ $class = "list_one"; $ct = 0; -$tab_final = array(); -$tabHGUrl = array(); +$tab_final = []; +$tabHGUrl = []; $obj->XML = new CentreonXML(); $obj->XML->startElement("reponse"); @@ -165,7 +165,7 @@ while ($ndo = $DBRESULT->fetch()) { if (!isset($tab_final[$ndo["hgname"]])) { - $tab_final[$ndo["hgname"]] = array(); + $tab_final[$ndo["hgname"]] = []; } if (!isset($tab_final[$ndo["hgname"]][$ndo["host_name"]])) { $tab_final[$ndo["hgname"]][$ndo["host_name"]] = array("0" => 0, "1" => 0, "2" => 0, "3" => 0, "4" => 0); diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php index c95d8b1508c..ae44d3804b1 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceGridBySGXML.php @@ -35,18 +35,15 @@ ini_set("display_errors", "Off"); -require_once realpath(__DIR__ . "/../../../../../../config/centreon.config.php"); require_once realpath(__DIR__ . "/../../../../../../bootstrap.php"); - include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php"; - include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; include_once _CENTREON_PATH_ . "www/include/monitoring/status/Common/common-Func.php"; include_once _CENTREON_PATH_ . "www/include/common/common-Func.php"; include_once _CENTREON_PATH_ . "www/class/centreonService.class.php"; // Create XML Request Objects - CentreonSession::start(); +CentreonSession::start(); $obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, 1); $svcObj = new CentreonService($obj->DB); @@ -59,19 +56,20 @@ $obj->getDefaultFilters(); // Check Arguments From GET tab -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$nc = $obj->checkArgument("nc", $_GET, "0"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$hSearch = $obj->checkArgument("host_search", $_GET, ""); -$sgSearch = $obj->checkArgument("sg_search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); -$queryValues = array(); +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hSearch = filter_input(INPUT_GET, 'host_search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sgSearch = filter_input(INPUT_GET, 'sg_search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sort_type = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'host_name']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + +//saving bound values +$queryValues = []; +$queryValues2 = []; // Backup poller selection $obj->setInstanceHistory($instance); @@ -97,16 +95,16 @@ } // this query allows to manage pagination -$query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.servicegroup_id, h.host_id " - . "FROM servicegroups sg, services_servicegroups sgm, hosts h, services s "; +$query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.servicegroup_id, h.host_id + FROM servicegroups sg, services_servicegroups sgm, hosts h, services s "; if (!$obj->is_admin) { $query .= ", centreon_acl "; } -$query .= "WHERE sgm.servicegroup_id = sg.servicegroup_id " - . "AND sgm.host_id = h.host_id " - . "AND sgm.service_id = s.service_id "; +$query .= "WHERE sgm.servicegroup_id = sg.servicegroup_id + AND sgm.host_id = h.host_id + AND sgm.service_id = s.service_id "; // filter elements with acl (host, service, servicegroup) if (!$obj->is_admin) { @@ -119,18 +117,20 @@ // Servicegroup search if ($sgSearch != "") { - $query .= "AND sg.name = :sgSearch "; - $queryValues[':sgSearch'] = [ - PDO::PARAM_STR => $sgSearch + $query .= " AND sg.name = :sgSearch "; + $queryValues['sgSearch'] = [ + \PDO::PARAM_STR => $sgSearch ]; } // Host search $h_search = ''; if ($hSearch != "") { - $h_search .= "AND h.name like :hSearch "; - $queryValues[':hSearch'] = [ - PDO::PARAM_STR => "%" . $hSearch . "%" + $h_search .= " AND h.name LIKE :hSearch "; + // as this partial request is used in two queries, we need to bound it two times using two arrays + // to avoid incoherent number of bound variables in the second query + $queryValues['hSearch'] = $queryValues2['hSearch'] = [ + \PDO::PARAM_STR => "%" . $hSearch . "%" ]; } $query .= $h_search; @@ -141,26 +141,25 @@ // Poller search if ($instance != -1) { $query .= " AND h.instance_id = :instance "; - $queryValues[':instance'] = [ - PDO::PARAM_INT => $instance + $queryValues['instance'] = [ + \PDO::PARAM_INT => $instance ]; } -$query .= "ORDER BY sg.name " . $order - . " LIMIT :numLimit, :limit"; -$queryValues[':numLimit'] = [ - PDO::PARAM_INT => (int) ($num * $limit) +$query .= " ORDER BY sg.name " . $order . " LIMIT :numLimit, :limit"; +$queryValues['numLimit'] = [ + \PDO::PARAM_INT => (int)($num * $limit) ]; -$queryValues[':limit'] = [ - PDO::PARAM_INT => (int) $limit +$queryValues['limit'] = [ + \PDO::PARAM_INT => (int)$limit ]; -$DBRESULT = $obj->DBC->prepare($query); +$dbResult = $obj->DBC->prepare($query); foreach ($queryValues as $bindId => $bindData) { foreach ($bindData as $bindType => $bindValue) { - $DBRESULT->bindValue($bindId, $bindValue, $bindType); + $dbResult->bindValue($bindId, $bindValue, $bindType); } } -$DBRESULT->execute(); +$dbResult->execute(); $numRows = $obj->DBC->query("SELECT FOUND_ROWS()")->fetchColumn(); // Create XML Flow @@ -177,42 +176,48 @@ $obj->XML->endElement(); // Construct query for servicegroups search -$aTab = array(); +$aTab = []; $sg_search = ""; -$aTab = array(); +$aTab = []; if ($numRows > 0) { $sg_search .= "AND ("; - $servicegroups = array(); - while ($row = $DBRESULT->fetch()) { + $servicegroups = []; + while ($row = $dbResult->fetch()) { $servicesgroups[$row['servicegroup_id']][] = $row['host_id']; } - $servicegroupsSql1 = array(); + $servicegroupsSql1 = []; foreach ($servicesgroups as $key => $value) { - $hostsSql = array(); + $hostsSql = []; foreach ($value as $hostId) { $hostsSql[] = $hostId; } - $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . " AND h.host_id IN (" . - implode(',', $hostsSql) . ")) "; + $servicegroupsSql1[] = "(sg.servicegroup_id = " . $key . + " AND h.host_id IN (" . implode(',', $hostsSql) . ")) "; } $sg_search .= implode(" OR ", $servicegroupsSql1); $sg_search .= ") "; if ($sgSearch != "") { - $sg_search .= "AND sg.name = '" . $sgSearch . "' "; + $sg_search .= "AND sg.name = :sgSearch"; + $queryValues2['sgSearch'] = [ + \PDO::PARAM_STR => $sgSearch + ]; } - $query2 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.name AS sg_name, sg.name as alias, h.name as host_name, " - . "h.state as host_state, h.icon_image, h.host_id, s.state, s.description, s.service_id, " - . "(case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " - . "FROM servicegroups sg, services_servicegroups sgm, services s, hosts h "; + $query2 = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.name AS sg_name, + sg.name AS alias, + h.name AS host_name, + h.state as host_state, + h.icon_image, h.host_id, s.state, s.description, s.service_id, + (CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri + FROM servicegroups sg, services_servicegroups sgm, services s, hosts h "; if (!$obj->is_admin) { $query2 .= ", centreon_acl "; } - $query2 .= "WHERE sgm.servicegroup_id = sg.servicegroup_id " - . "AND sgm.host_id = h.host_id " - . "AND sgm.service_id = s.service_id "; + $query2 .= "WHERE sgm.servicegroup_id = sg.servicegroup_id + AND sgm.host_id = h.host_id + AND sgm.service_id = s.service_id "; // filter elements with acl (host, service, servicegroup) if (!$obj->is_admin) { @@ -224,7 +229,13 @@ } $query2 .= $sg_search . $h_search . $s_search . " ORDER BY sg_name, tri ASC"; - $DBRESULT = $obj->DBC->query($query2); + $dbResult = $obj->DBC->prepare($query2); + foreach ($queryValues2 as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } + } + $dbResult->execute(); $ct = 0; $sg = ""; @@ -232,12 +243,12 @@ $flag = 0; $count = 0; - while ($tab = $DBRESULT->fetch()) { + while ($tab = $dbResult->fetch()) { if (!isset($aTab[$tab["sg_name"]])) { $aTab[$tab["sg_name"]] = array( 'sgn' => CentreonUtils::escapeSecure($tab["sg_name"]), 'o' => $ct, - 'host' => array() + 'host' => [] ); } @@ -250,21 +261,19 @@ } $aTab[$tab["sg_name"]]['host'][$tab["host_name"]] = array( 'h' => $tab["host_name"], - 'hs' => $tab["host_state"], + 'hs' => _($obj->statusHost[$tab["host_state"]]), 'hn' => CentreonUtils::escapeSecure($tab["host_name"]), 'hico' => $icone, 'hnl' => CentreonUtils::escapeSecure(urlencode($tab["host_name"])), 'hid' => $tab["host_id"], "hcount" => $count, - "hs" => _($obj->statusHost[$tab["host_state"]]), "hc" => $obj->colorHost[$tab["host_state"]], - 'service' => array() + 'service' => [] ); } if (!isset($aTab[$tab["sg_name"]]['host'][$tab["host_name"]]['service'][$tab['description']])) { $aTab[$tab["sg_name"]]['host'][$tab["host_name"]]['service'][$tab['description']] = array( - "sn" => CentreonUtils::escapeSecure($tab['description']), "snl" => CentreonUtils::escapeSecure(urlencode($tab['description'])), "sc" => $obj->colorService[$tab['state']], diff --git a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php index 05513e38b9b..0dd813c7821 100644 --- a/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php +++ b/www/include/monitoring/status/ServicesServiceGroups/xml/serviceSummaryBySGXML.php @@ -1,7 +1,7 @@ DB); - if (!isset($obj->session_id) || !CentreonSession::checkSession($obj->session_id, $obj->DB)) { print "Bad Session ID"; exit(); @@ -63,88 +59,109 @@ */ $obj->getDefaultFilters(); -/* ************************************************** +/* * Check Arguments From GET tab */ -$o = $obj->checkArgument("o", $_GET, "h"); -$p = $obj->checkArgument("p", $_GET, "2"); -$nc = $obj->checkArgument("nc", $_GET, "0"); -$num = $obj->checkArgument("num", $_GET, 0); -$limit = $obj->checkArgument("limit", $_GET, 20); -$instance = $obj->checkArgument("instance", $_GET, $obj->defaultPoller); -$hostgroups = $obj->checkArgument("hostgroups", $_GET, $obj->defaultHostgroups); -$hSearch = $obj->checkArgument("host_search", $_GET, ""); -$sgSearch = $obj->checkArgument("sg_search", $_GET, ""); -$sort_type = $obj->checkArgument("sort_type", $_GET, "host_name"); -$order = $obj->checkArgument("order", $_GET, "ASC"); -$dateFormat = $obj->checkArgument("date_time_format_status", $_GET, "Y/m/d H:i:s"); +$o = filter_input(INPUT_GET, 'o', FILTER_SANITIZE_STRING, ['options' => ['default' => 'h']]); +$p = filter_input(INPUT_GET, 'p', FILTER_VALIDATE_INT, ['options' => ['default' => 2]]); +$num = filter_input(INPUT_GET, 'num', FILTER_VALIDATE_INT, ['options' => ['default' => 0]]); +$limit = filter_input(INPUT_GET, 'limit', FILTER_VALIDATE_INT, ['options' => ['default' => 20]]); +//if instance value is not set, displaying all active pollers linked resources +$instance = filter_var($obj->defaultPoller ?? -1, FILTER_VALIDATE_INT); +$hSearch = filter_input(INPUT_GET, 'host_search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sgSearch = filter_input(INPUT_GET, 'sg_search', FILTER_SANITIZE_STRING, ['options' => ['default' => '']]); +$sort_type = filter_input(INPUT_GET, 'sort_type', FILTER_SANITIZE_STRING, ['options' => ['default' => 'host_name']]); +$order = isset($_GET['order']) && $_GET['order'] === "DESC" ? "DESC" : "ASC"; + +//saving bound values +$queryValues = []; +$queryValues2 = []; /* * Backup poller selection */ $obj->setInstanceHistory($instance); -/** ********************************************** +/** * Prepare pagination */ - $s_search = ""; -/* Display service problems */ +// Display service problems if ($o == "svcgridSG_pb" || $o == "svcOVSG_pb") { $s_search .= " AND s.state != 0 AND s.state != 4 "; } -/* Display acknowledged services */ +// Display acknowledged services if ($o == "svcgridSG_ack_1" || $o == "svcOVSG_ack_1") { $s_search .= " AND s.acknowledged = '1' "; } -/* Display not acknowledged services */ +// Display not acknowledged services if ($o == "svcgridSG_ack_0" || $o == "svcOVSG_ack_0") { $s_search .= " AND s.state != 0 AND s.state != 4 AND s.acknowledged = 0 "; } -$query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.servicegroup_id, h.host_id " - . "FROM servicegroups sg " - . "INNER JOIN services_servicegroups sgm ON sg.servicegroup_id = sgm.servicegroup_id " - . "INNER JOIN services s ON s.service_id = sgm.service_id " - . "INNER JOIN hosts h ON sgm.host_id = h.host_id AND h.host_id = s.host_id " +$query = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sg.servicegroup_id, h.host_id + FROM servicegroups sg + INNER JOIN services_servicegroups sgm ON sg.servicegroup_id = sgm.servicegroup_id + INNER JOIN services s ON s.service_id = sgm.service_id + INNER JOIN hosts h ON sgm.host_id = h.host_id AND h.host_id = s.host_id " . $obj->access->getACLHostsTableJoin($obj->DBC, "h.host_id") . $obj->access->getACLServicesTableJoin($obj->DBC, "s.service_id") - . "WHERE 1 = 1 "; + . " WHERE 1 = 1 "; -# Servicegroup ACL +// Servicegroup ACL $query .= $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID")); -/* Servicegroup search */ +// Servicegroup search if ($sgSearch != "") { - $query .= "AND sg.name = '" . $sgSearch . "' "; + $query .= "AND sg.name = :sgSearch "; + $queryValues['sgSearch'] = [ + \PDO::PARAM_STR => $sgSearch + ]; } -/* Host search */ +// Host search $h_search = ''; if ($hSearch != "") { - $h_search .= "AND h.name like '%" . $hSearch . "%' "; + $h_search .= " AND h.name LIKE :hSearch "; + // as this partial request is used in two queries, we need to bound it two times using two arrays + // to avoid incoherent number of bound variables in the second query + $queryValues['hSearch'] = $queryValues2['hSearch'] = [ + \PDO::PARAM_STR => "%" . $hSearch . "%" + ]; } $query .= $h_search; -/* Service search */ +// Service search $query .= $s_search; -/* Poller search */ +// Poller search if ($instance != -1) { - $query .= " AND h.instance_id = " . $instance . " "; + $query .= " AND h.instance_id = :instance "; + $queryValues['instance'] = [ + \PDO::PARAM_INT => $instance + ]; } -$query .= "ORDER BY sg.name " . $order . " " - . "LIMIT " . ($num * $limit) . "," . $limit; - -$DBRESULT = $obj->DBC->query($query); - +$query .= "ORDER BY sg.name " . $order . " LIMIT :numLimit, :limit"; +$queryValues['numLimit'] = [ + \PDO::PARAM_INT => (int)($num * $limit) +]; +$queryValues['limit'] = [ + \PDO::PARAM_INT => (int)$limit +]; + +$dbResult = $obj->DBC->prepare($query); +foreach ($queryValues as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } +} +$dbResult->execute(); $numRows = $obj->DBC->query("SELECT FOUND_ROWS()")->fetchColumn(); - -/** *************************************************** +/** * Create XML Flow */ $obj->XML = new CentreonXML(); @@ -164,17 +181,17 @@ $obj->XML->writeElement("s", "1"); $obj->XML->endElement(); -/* Construct query for servigroups search */ +// Construct query for servicegroups search $sg_search = ""; if ($numRows > 0) { $sg_search .= "AND ("; - $servicegroups = array(); - while ($row = $DBRESULT->fetchRow()) { + $servicegroups = []; + while ($row = $dbResult->fetch()) { $servicesgroups[$row['servicegroup_id']][] = $row['host_id']; } - $servicegroupsSql1 = array(); + $servicegroupsSql1 = []; foreach ($servicesgroups as $key => $value) { - $hostsSql = array(); + $hostsSql = []; foreach ($value as $hostId) { $hostsSql[] = $hostId; } @@ -184,23 +201,35 @@ $sg_search .= implode(" OR ", $servicegroupsSql1); $sg_search .= ") "; if ($sgSearch != "") { - $sg_search .= "AND sg.name = '" . $sgSearch . "' "; + $sg_search .= "AND sg.name = :sgSearch"; + $queryValues2['sgSearch'] = [ + \PDO::PARAM_STR => $sgSearch + ]; } - $query2 = "SELECT SQL_CALC_FOUND_ROWS count(s.state) as count_state, sg.name AS sg_name, h.name as host_name, " - . "h.state as host_state, h.icon_image, h.host_id, s.state, " . - "(case s.state when 0 then 3 when 2 then 0 when 3 then 2 else s.state END) as tri " - . "FROM servicegroups sg, services_servicegroups sgm, services s, hosts h " - . "WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id " - . "AND sg.servicegroup_id=sgm.servicegroup_id " + $query2 = "SELECT SQL_CALC_FOUND_ROWS count(s.state) as count_state, + sg.name AS sg_name, + h.name AS host_name, + h.state AS host_state, + h.icon_image, h.host_id, s.state, + (CASE s.state WHEN 0 THEN 3 WHEN 2 THEN 0 WHEN 3 THEN 2 ELSE s.state END) AS tri + FROM servicegroups sg, services_servicegroups sgm, services s, hosts h + WHERE h.host_id = s.host_id AND s.host_id = sgm.host_id AND s.service_id=sgm.service_id + AND sg.servicegroup_id=sgm.servicegroup_id " . $s_search . $sg_search . $h_search . $obj->access->queryBuilder("AND", "sg.servicegroup_id", $obj->access->getServiceGroupsString("ID")) . $obj->access->queryBuilder("AND", "s.service_id", $obj->access->getServicesString("ID", $obj->DBC)) - . "GROUP BY sg_name,host_name,host_state,icon_image,host_id, s.state order by tri asc "; + . " GROUP BY sg_name,host_name,host_state,icon_image,host_id, s.state ORDER BY tri ASC "; - $DBRESULT = $obj->DBC->query($query2); + $dbResult = $obj->DBC->prepare($query2); + foreach ($queryValues2 as $bindId => $bindData) { + foreach ($bindData as $bindType => $bindValue) { + $dbResult->bindValue($bindId, $bindValue, $bindType); + } + } + $dbResult->execute(); $states = array( 0 => 'sk', @@ -210,8 +239,8 @@ 4 => 'sp' ); - $sg_list = array(); - while ($tab = $DBRESULT->fetchRow()) { + $sg_list = []; + while ($tab = $dbResult->fetch()) { $sg_list[$tab["sg_name"]][$tab["host_name"]]['host_id'] = $tab['host_id']; $sg_list[$tab["sg_name"]][$tab["host_name"]]['icon_image'] = $tab['icon_image']; $sg_list[$tab["sg_name"]][$tab["host_name"]]['host_state'] = $tab['host_state']; @@ -253,12 +282,8 @@ $obj->XML->endElement(); -/* - * Send Header - */ +// Send Header $obj->header(); -/* - * Send XML - */ +// Send XML $obj->XML->output(); diff --git a/www/include/monitoring/status/TopCounter/xml/statusCounter.php b/www/include/monitoring/status/TopCounter/xml/statusCounter.php deleted file mode 100644 index 1e669b7bda7..00000000000 --- a/www/include/monitoring/status/TopCounter/xml/statusCounter.php +++ /dev/null @@ -1,305 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - */ - -ini_set("display_errors", "Off"); - -$debug = 0; - -require_once realpath(dirname(__FILE__) . "/../../../../../../config/centreon.config.php"); -require_once realpath(__DIR__ . "/../../../../../../bootstrap.php"); - -require_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php"; -require_once _CENTREON_PATH_ . 'www/class/centreonLang.class.php'; -include_once _CENTREON_PATH_ . "www/include/common/common-Func.php"; - -session_start(); -session_write_close(); - -if (!isset($_SESSION['centreon'])) { - exit(); -} -$centreon = $_SESSION['centreon']; - -$centreonLang = new CentreonLang(_CENTREON_PATH_, $centreon); -$centreonLang->bindLang(); - -/* - * Create XML Request Objects - */ -$obj = new CentreonXMLBGRequest($dependencyInjector, session_id(), 1, 1, 0, $debug, 1, 0); - -if (isset($obj->session_id) && CentreonSession::checkSession($obj->session_id, $obj->DB)) { - $obj->reloadSession(); -} else { - print "Bad Session ID"; - exit(); -} - -/* ********************************************* -* Get active poller only -*/ -$pollerList = ""; -$request = "SELECT name FROM nagios_server WHERE ns_activate = '1'"; -$DBRESULT = $obj->DB->query($request); -while ($d = $DBRESULT->fetchRow()) { - if ($pollerList != "") { - $pollerList .= ", "; - } - $pollerList .= "'" . $d["name"] . "'"; -} - -$DBRESULT->closeCursor(); - -/* ********************************************* - * Get Host stats - */ -$rq1 = " SELECT count(DISTINCT name), state " . - " FROM hosts "; -if (!$obj->is_admin) { - $rq1 .= " , centreon_acl "; -} -$rq1 .= " WHERE name NOT LIKE '_Module_%' "; -if (!$obj->is_admin) { - $rq1 .= " AND hosts.host_id = centreon_acl.host_id "; -} -$rq1 .= " AND hosts.enabled = 1 "; -$rq1 .= $obj->access->queryBuilder("AND", "centreon_acl.group_id", $obj->grouplistStr); -$rq1 .= " GROUP BY state"; - -$hostCounter = 0; -$host_stat = array(0 => 0, 1 => 0, 2 => 0, 3 => 0, 4 => 0); -$DBRESULT = $obj->DBC->query($rq1); -while ($data = $DBRESULT->fetch()) { - $host_stat[$data["state"]] = $data["count(DISTINCT name)"]; - $hostCounter += $host_stat[$data["state"]]; -} -$DBRESULT->closeCursor(); - -/* ********************************************* - * Get Service stats - */ -$query_svc_status = "SELECT " . - "SUM(CASE WHEN s.state = 0 THEN 1 ELSE 0 END) AS OK_TOTAL, " . - "SUM(CASE WHEN s.state = 1 THEN 1 ELSE 0 END) AS WARNING_TOTAL, " . - "SUM(CASE WHEN s.state = 1 AND (s.acknowledged = '1' OR s.scheduled_downtime_depth = '1') " . - " THEN 1 ELSE 0 END) AS WARNING_ACK_DT, " . - "SUM(CASE WHEN s.state = 2 THEN 1 ELSE 0 END) AS CRITICAL_TOTAL, " . - "SUM(CASE WHEN s.state = 2 AND (s.acknowledged = '1' OR s.scheduled_downtime_depth = '1') " . - " THEN 1 ELSE 0 END) AS CRITICAL_ACK_DT, " . - "SUM(CASE WHEN s.state = 3 THEN 1 ELSE 0 END) AS UNKNOWN_TOTAL, " . - "SUM(CASE WHEN s.state = 3 AND (s.acknowledged = '1' OR s.scheduled_downtime_depth = '1') " . - " THEN 1 ELSE 0 END) AS UNKNOWN_ACK_DT, " . - "SUM(CASE WHEN s.state = 4 THEN 1 ELSE 0 END) AS PENDING_TOTAL " . - "FROM hosts h, services s, instances i " . - "WHERE i.deleted = 0 " . - "AND h.enabled = 1 " . - "AND s.enabled = 1 " . - "AND i.instance_id = h.instance_id " . - "AND h.host_id = s.host_id " . - "AND (h.name NOT LIKE '_Module_%' OR h.name LIKE '_Module_Meta%') "; -if (!$obj->is_admin) { - $query_svc_status .= "AND EXISTS (" . - "SELECT service_id " . - "FROM centreon_acl " . - "WHERE centreon_acl.host_id = h.host_id " . - "AND centreon_acl.service_id = s.service_id " . - "AND centreon_acl.group_id IN (" . $obj->grouplistStr . ")" . - ") "; -} -$DBRESULT = $obj->DBC->query($query_svc_status); -$svc_stat = array_map("myDecodeToInteger", $DBRESULT->fetch()); -$DBRESULT->closeCursor(); -$serviceCounter = $svc_stat["OK_TOTAL"] + $svc_stat["WARNING_TOTAL"] - + $svc_stat["CRITICAL_TOTAL"] + $svc_stat["UNKNOWN_TOTAL"] - + $svc_stat["PENDING_TOTAL"]; - -/* ******************************************** - * Check Poller Status - */ -$status = 0; -$latency = 0; -$activity = 0; -$error = ""; -$pollerListInError = ""; -$pollersWithLatency = array(); - -$timeUnit = 300; - -$inactivInstance = ""; -$pollerInError = ""; - -if ($pollerList != "") { - $request = "SELECT `last_alive` AS last_update, `running`, name, instance_id FROM instances WHERE deleted = 0 - AND name IN ($pollerList)"; - $DBRESULT = $obj->DBC->query($request); - while ($data = $DBRESULT->fetchRow()) { - /* Get Instance ID */ - if ($pollerList != "") { - $pollerList .= ", "; - } - $pollerList .= "'" . $data["instance_id"] . "'"; - - /* - * Running - */ - if ($status != 2 && ($data["running"] == 0 || (time() - $data["last_update"] >= $timeUnit * 5))) { - $status = 1; - $pollerInError = $data["name"]; - } - if ($data["running"] == 0 || (time() - $data["last_update"] >= $timeUnit * 10)) { - $status = 2; - $pollerInError = $data["name"]; - } - if ($pollerListInError != "" && $pollerInError != "") { - $pollerListInError .= ", "; - } - $pollerListInError .= $pollerInError; - $pollerInError = ''; - - /* - * Activity - */ - if ($activity != 2 && (time() - $data["last_update"] >= $timeUnit * 5)) { - $activity = 2; - if ($inactivInstance != "") { - $inactivInstance .= ","; - } - $inactivInstance .= $data["name"] . " [" . (time() - $data["last_update"]) . "s / " . - ($timeUnit * 5) . "s]"; - } elseif ((time() - $data["last_update"] >= $timeUnit * 10)) { - $activity = 1; - if ($inactivInstance != "") { - $inactivInstance .= ","; - } - $inactivInstance .= $data["name"] . " [" . (time() - $data["last_update"]) . - "s / " . ($timeUnit * 10) . "s]"; - } - } -} -$DBRESULT->closeCursor(); -if ($pollerListInError != '') { - $error = "$pollerListInError not running"; -} - -if ($pollerList != "") { - $request = " SELECT stat_value, i.instance_id, name " . - " FROM `nagios_stats` ns, instances i " . - " WHERE ns.stat_label = 'Service Check Latency' " . - " AND ns.stat_key LIKE 'Average' " . - " AND ns.instance_id = i.instance_id" . - " AND i.deleted = 0" . - " AND i.instance_id IN ($pollerList)"; - $DBRESULT = $obj->DBC->query($request); - while ($data = $DBRESULT->fetchRow()) { - if (!$latency && $data["stat_value"] >= 60) { - $latency = 1; - $pollersWithLatency[$data['instance_id']] = $data['name']; - } - if ($data["stat_value"] >= 120) { - $latency = 2; - $pollersWithLatency[$data['instance_id']] = $data['name']; - } - } - $DBRESULT->closeCursor(); - unset($data); -} - -/* ******************************************** - * Error Messages - */ -if ($status != 0) { - $errorPstt = "$error"; -} else { - $errorPstt = _("OK: all pollers are running"); -} - -if ($latency && count($pollersWithLatency)) { - $errorLtc = sprintf( - _("Latency detected on %s; check configuration for better optimisation"), - implode(',', $pollersWithLatency) - ); -} else { - $errorLtc = _("OK: no latency detected on your platform"); -} - -if ($activity != 0) { - $errorAct = _("Some database poller updates are not active; check your Monitoring platform"); -} else { - $errorAct = _("OK: all database poller updates are active"); -} - -/* ********************************************* - * Create Buffer - */ -$obj->XML = new CentreonXML(); -$obj->XML->startElement("reponse"); -$obj->XML->startElement("infos"); -$obj->XML->writeElement("filetime", time()); -$obj->XML->endElement(); -$obj->XML->startElement("s"); -$obj->XML->writeElement("th", $hostCounter); -$obj->XML->writeElement("ts", $serviceCounter); -$obj->XML->writeElement("o", ($svc_stat["OK_TOTAL"] ? $svc_stat["OK_TOTAL"] : "0")); -$obj->XML->writeElement("w", ($svc_stat["WARNING_TOTAL"] ? $svc_stat["WARNING_TOTAL"] : "0")); -$obj->XML->writeElement("wU", ($svc_stat["WARNING_TOTAL"] - $svc_stat["WARNING_ACK_DT"])); -$obj->XML->writeElement("c", ($svc_stat["CRITICAL_TOTAL"] ? $svc_stat["CRITICAL_TOTAL"] : "0")); -$obj->XML->writeElement("cU", ($svc_stat["CRITICAL_TOTAL"] - $svc_stat["CRITICAL_ACK_DT"])); -$obj->XML->writeElement("un1", ($svc_stat["UNKNOWN_TOTAL"] ? $svc_stat["UNKNOWN_TOTAL"] : "0")); -$obj->XML->writeElement("un1U", ($svc_stat["UNKNOWN_TOTAL"] - $svc_stat["UNKNOWN_ACK_DT"])); -$obj->XML->writeElement("p1", ($svc_stat["PENDING_TOTAL"] ? $svc_stat["PENDING_TOTAL"] : "0")); -$obj->XML->writeElement("up", $host_stat["0"]); -$obj->XML->writeElement("d", $host_stat["1"]); -$obj->XML->writeElement("un2", $host_stat["2"]); -$obj->XML->writeElement("p2", $host_stat["4"]); -$obj->XML->endElement(); -$obj->XML->startElement("m"); -$obj->XML->writeElement("pstt", $status); -$obj->XML->writeElement("ltc", $latency); -$obj->XML->writeElement("act", $activity); -$obj->XML->writeElement("errorPstt", $errorPstt); -$obj->XML->writeElement("errorLtc", $errorLtc); -$obj->XML->writeElement("errorAct", $errorAct); -$obj->XML->endElement(); -$obj->XML->endElement(); - -/* - * Send headers - */ -$obj->header(); - -/* - * Display XML data - */ -$obj->XML->output();