From 476b69c4307ce3054c04e317e971dd9ae1cc456e Mon Sep 17 00:00:00 2001
From: schapron <schapron@centreon.com>
Date: Wed, 13 Nov 2019 14:00:52 +0100
Subject: [PATCH 1/4] fix(BE): LDAP DN wrongly inserted

---
 www/class/centreonAuth.LDAP.class.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/www/class/centreonAuth.LDAP.class.php b/www/class/centreonAuth.LDAP.class.php
index ab908310f0e..aced6bc9b82 100644
--- a/www/class/centreonAuth.LDAP.class.php
+++ b/www/class/centreonAuth.LDAP.class.php
@@ -202,7 +202,6 @@ public function updateUserDn()
 
         if ($this->ldap->rebind()) {
             $userDn = $this->ldap->findUserDn($contactAlias);
-            $userDn = $this->pearDB->escape($userDn);
             if (false === $userDn) {
                 $this->CentreonLog->insertLog(3, "LDAP AUTH - Error : No DN for user " . $contactAlias);
                 return false;

From d4fb490853f8dc20e13bfd362b1def71dfb77170 Mon Sep 17 00:00:00 2001
From: schapron <schapron@centreon.com>
Date: Thu, 14 Nov 2019 10:23:04 +0100
Subject: [PATCH 2/4] fix(ldap): correct the LDAP DN during the upgrade

---
 www/install/php/Update-19.10.2.php | 40 ++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/www/install/php/Update-19.10.2.php b/www/install/php/Update-19.10.2.php
index 18ee41d1a2c..f9a3b117132 100644
--- a/www/install/php/Update-19.10.2.php
+++ b/www/install/php/Update-19.10.2.php
@@ -17,3 +17,43 @@
  * For more information : contact@centreon.com
  *
  */
+include_once __DIR__ . "/../../class/centreonLog.class.php";
+$centreonLog = new CentreonLog();
+
+// remove ldap users missing contact name
+// these users have been added using the auto-import ldap feature and will be re-imported at their next login.
+try {
+    $pearDB->query(
+        "DELETE FROM contact WHERE contact_name is NULL"
+    );
+} catch (\PDOException $e) {
+    $centreonLog->insertLog(
+        2,
+        "UPGRADE : 19.10.2 Unable to delete ldap auto-imported users with empty contact_name"
+    );
+}
+
+// correct the DN of manually imported users from an LDAP
+try {
+    // finding the data of contacts linked to an LDAP
+    $stmt = $this->pearDB->query(
+        "SELECT contact_id, contact_name, contact_ldap_dn FROM contact WHERE ar_id is NOT NULL"
+    );
+    while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
+        // removing the double slashes if needed and saving the corrected data
+        if (strpos($row['contact_ldap_dn'], "\\\\")) {
+            $newDn = str_replace("\\\\", "\\", $row['contact_ldap_dn']);
+            $updateDB = $this->pearDB->prepare(
+                "UPDATE contact SET contact_ldap_dn = :newDn WHERE contact_id = :contactId"
+            );
+            $updateDB->bindValue(':newDn', $newDn, \PDO::PARAM_STR);
+            $updateDB->bindValue(':contactId', $row['contact_id'], \PDO::PARAM_INT);
+            $updateDB->execute();
+        }
+    }
+} catch (\PDOException $e) {
+    $centreonLog->insertLog(
+        2,
+        "UPGRADE : 19.10.2 Unable to correct the LDAP DN data"
+    );
+}

From 1e0317ec644de058e2099cf395d3622c8d5feb00 Mon Sep 17 00:00:00 2001
From: schapron <schapron@centreon.com>
Date: Thu, 14 Nov 2019 20:52:37 +0100
Subject: [PATCH 3/4] enh(BE): get the prepare statement out of the while
 clause

---
 www/install/php/Update-19.10.2.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/www/install/php/Update-19.10.2.php b/www/install/php/Update-19.10.2.php
index f9a3b117132..01963288138 100644
--- a/www/install/php/Update-19.10.2.php
+++ b/www/install/php/Update-19.10.2.php
@@ -36,16 +36,17 @@
 // correct the DN of manually imported users from an LDAP
 try {
     // finding the data of contacts linked to an LDAP
-    $stmt = $this->pearDB->query(
+    $stmt = $pearDB->query(
         "SELECT contact_id, contact_name, contact_ldap_dn FROM contact WHERE ar_id is NOT NULL"
     );
+    $updateDB = $pearDB->prepare(
+        "UPDATE contact SET contact_ldap_dn = :newDn WHERE contact_id = :contactId"
+    );
     while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
         // removing the double slashes if needed and saving the corrected data
         if (strpos($row['contact_ldap_dn'], "\\\\")) {
             $newDn = str_replace("\\\\", "\\", $row['contact_ldap_dn']);
-            $updateDB = $this->pearDB->prepare(
-                "UPDATE contact SET contact_ldap_dn = :newDn WHERE contact_id = :contactId"
-            );
+
             $updateDB->bindValue(':newDn', $newDn, \PDO::PARAM_STR);
             $updateDB->bindValue(':contactId', $row['contact_id'], \PDO::PARAM_INT);
             $updateDB->execute();

From 45d86b1aa7a8e5ccca30ba1efbe26d4d3d1a60a8 Mon Sep 17 00:00:00 2001
From: schapron <schapron@centreon.com>
Date: Thu, 14 Nov 2019 23:02:35 +0100
Subject: [PATCH 4/4] fix(DB): properly delete contacts without name

---
 www/install/php/Update-19.10.2.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/install/php/Update-19.10.2.php b/www/install/php/Update-19.10.2.php
index 01963288138..7b084857b64 100644
--- a/www/install/php/Update-19.10.2.php
+++ b/www/install/php/Update-19.10.2.php
@@ -24,7 +24,7 @@
 // these users have been added using the auto-import ldap feature and will be re-imported at their next login.
 try {
     $pearDB->query(
-        "DELETE FROM contact WHERE contact_name is NULL"
+        'DELETE FROM contact WHERE contact_name = ""'
     );
 } catch (\PDOException $e) {
     $centreonLog->insertLog(