chore(release): merge release-21.10.next into 21.10.x (#11910)

* fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <[email protected]> Co-authored-by: VHS <[email protected]> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <[email protected]> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <[email protected]> Co-authored-by: VHS <[email protected]> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <[email protected]> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <[email protected]> Co-authored-by: VHS <[email protected]> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <[email protected]> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <[email protected]> Co-authored-by: VHS <[email protected]> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <[email protected]> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <[email protected]> Co-authored-by: VHS <[email protected]> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <[email protected]> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> * query sanitized in listServiceCategoriesÃ (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Charles Gautier <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> Co-authored-by: TamazC <[email protected]> Co-authored-by: Adrien Morais-Mestre <[email protected]> Co-authored-by: Laurent Calvet <[email protected]> Co-authored-by: Charles Gautier <[email protected]> Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> Co-authored-by: TamazC <[email protected]> Co-authored-by: Adrien Morais-Mestre <[email protected]> Co-authored-by: Laurent Calvet <[email protected]> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <[email protected]> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <[email protected]> Co-authored-by: TamazC <[email protected]> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Kevin Duret <[email protected]> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeÃ * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <[email protected]> Co-authored-by: Elmahdi ABBASSI <[email protected]> Co-authored-by: VHS <[email protected]> Co-authored-by: hyahiaoui-ext <[email protected]> Co-authored-by: jeremyjaouen <[email protected]> Co-authored-by: Stéphane Chapron <[email protected]> Co-authored-by: Stéphane Duret <[email protected]> Co-authored-by: alaunois <[email protected]> Co-authored-by: Charles Gautier <[email protected]> Co-authored-by: Dmytro Iosypenko <[email protected]> Co-authored-by: TamazC <[email protected]> Co-authored-by: Adrien Morais-Mestre <[email protected]> Co-authored-by: Laurent Calvet <[email protected]>
centreon · Oct 3, 2022 · 59a70af · 59a70af
1 parent 640435a
commit 59a70af
Show file tree

Hide file tree

Showing 39 changed files with 347 additions and 369 deletions.
diff --git a/src/Centreon/Domain/Repository/TopologyRepository.php b/src/Centreon/Domain/Repository/TopologyRepository.php
@@ -103,14 +103,15 @@ public function getReactTopologiesPerUserWithAcl($user)
                 if ($DBRESULT->rowCount()) {
                     $topology = array();
                     $tmp_topo_page = array();
+                    $statement = $this->db->prepare("SELECT topology_topology_id, acl_topology_relations.access_right "
+                        . "FROM acl_topology_relations, acl_topology "
+                        . "WHERE acl_topology.acl_topo_activate = '1' "
+                        . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
+                        . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ");
                     while ($topo_group = $DBRESULT->fetchRow()) {
-                        $query2 = "SELECT topology_topology_id, acl_topology_relations.access_right "
-                            . "FROM acl_topology_relations, acl_topology "
-                            . "WHERE acl_topology.acl_topo_activate = '1' "
-                            . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
-                            . "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' ";
-                        $DBRESULT2 = $this->db->query($query2);
-                        while ($topo_page = $DBRESULT2->fetchRow()) {
+                        $statement->bindValue(':acl_topo_id', $topo_group["acl_topology_id"], \PDO::PARAM_INT);
+                        $statement->execute();
+                        while ($topo_page = $statement->fetch(\PDO::FETCH_ASSOC)) {
                             $topology[] = (int)$topo_page["topology_topology_id"];
                             if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) {
                                 $tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"];
@@ -125,7 +126,7 @@ public function getReactTopologiesPerUserWithAcl($user)
                                 }
                             }
                         }
-                        $DBRESULT2->closeCursor();
+                        $statement->closeCursor();
                     }
                     $DBRESULT->closeCursor();
 

diff --git a/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php b/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php
@@ -46,7 +46,7 @@ protected function setUp(): void
                 . "FROM acl_topology_relations, acl_topology "
                 . "WHERE acl_topology.acl_topo_activate = '1' "
                 . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
-                . "AND acl_topology_relations.acl_topo_id = '1' ",
+                . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ",
                 'data' => [
                     [
                         'topology_topology_id' => 1,

diff --git a/www/class/centreon-clapi/centreonHostGroup.class.php b/www/class/centreon-clapi/centreonHostGroup.class.php
@@ -174,6 +174,7 @@ public function getparam($parameters = null)
             $listParam = explode('|', $params[1]);
             $exportedFields = [];
             $resultString = "";
+            $paramString = "";
             foreach ($listParam as $paramSearch) {
                 if (!$paramString) {
                     $paramString = $paramSearch;
@@ -257,20 +258,24 @@ public function initUpdateParameters($parameters = null)
     public function getIdIcon($path)
     {
         $iconData = explode('/', $path);
-        $query = 'SELECT dir_id FROM view_img_dir WHERE dir_name = "' . $iconData[0] . '"';
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $dirStatement = $this->db->prepare("SELECT dir_id FROM view_img_dir WHERE dir_name = :IconData");
+        $dirStatement->bindValue(':IconData', $iconData[0], \PDO::PARAM_STR);
+        $dirStatement->execute();
+        $row = $dirStatement->fetch();
         $dirId = $row['dir_id'];
 
-        $query = 'SELECT img_id FROM view_img WHERE img_path = "' . $iconData[1] . '"';
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $imgStatement = $this->db->prepare("SELECT img_id FROM view_img WHERE img_path = :iconData");
+        $imgStatement->bindValue(':iconData', $iconData[1], \PDO::PARAM_STR);
+        $imgStatement->execute();
+        $row = $imgStatement->fetch();
         $iconId = $row['img_id'];
 
-        $query = 'SELECT vidr_id FROM view_img_dir_relation ' .
-            'WHERE dir_dir_parent_id = ' . $dirId . ' AND img_img_id = ' . $iconId;
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $vidrStatement = $this->db->prepare("SELECT vidr_id FROM view_img_dir_relation " .
+            "WHERE dir_dir_parent_id = :dirId AND img_img_id = :iconId");
+        $vidrStatement->bindValue(':dirId', (int) $dirId, \PDO::PARAM_INT);
+        $vidrStatement->bindValue(':iconId', (int) $iconId, \PDO::PARAM_INT);
+        $vidrStatement->execute();
+        $row = $vidrStatement->fetch();
         return $row['vidr_id'];
     }
 

diff --git a/www/class/centreon-clapi/centreonLDAP.class.php b/www/class/centreon-clapi/centreonLDAP.class.php
@@ -184,10 +184,12 @@ public function showserver($arName = null)
         }
         $sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order
                 FROM auth_ressource_host
-                WHERE auth_ressource_id = " . $arId . "
+                WHERE auth_ressource_id = :auth_ressource_id 
                 ORDER BY host_order";
-        $res = $this->db->query($sql);
-        $row = $res->fetchAll();
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT);
+        $statement->execute();
+        $row = $statement->fetchAll(\PDO::FETCH_ASSOC);
         echo "id;address;port;ssl;tls;order\n";
         foreach ($row as $srv) {
             echo $srv['ldap_host_id'] . $this->delim .

diff --git a/www/class/centreon-clapi/centreonService.class.php b/www/class/centreon-clapi/centreonService.class.php
@@ -1584,12 +1584,12 @@ public function getCustomMacroInDb($serviceId = null, $template = null)
         $arr = array();
         $i = 0;
         if ($serviceId) {
-            $res = $this->db->query("SELECT svc_macro_name, svc_macro_value, is_password, description
-                                FROM on_demand_macro_service
-                                WHERE svc_svc_id = " .
-                $serviceId . "
-                                ORDER BY macro_order ASC");
-            while ($row = $res->fetch()) {
+            $statement = $this->db->prepare("SELECT svc_macro_name, svc_macro_value, is_password, description " .
+                "FROM on_demand_macro_service " .
+                "WHERE svc_svc_id = :serviceId ORDER BY macro_order ASC");
+            $statement->bindValue(':serviceId', (int) $serviceId, \PDO::PARAM_INT);
+            $statement->execute();
+            while ($row = $statement->fetch()) {
                 if (preg_match('/\$_SERVICE(.*)\$$/', $row['svc_macro_name'], $matches)) {
                     $arr[$i]['svc_macro_name'] = $matches[1];
                     $arr[$i]['svc_macro_value'] = $row['svc_macro_value'];

diff --git a/www/class/centreon-knowledge/procedures.class.php b/www/class/centreon-knowledge/procedures.class.php
@@ -139,13 +139,15 @@ public function getMyHostMultipleTemplateModels($host_id = null)
             "WHERE host_host_id = '" . $host_id . "' " .
             "ORDER BY `order`"
         );
+        $statement = $this->centreon_DB->prepare(
+            "SELECT host_name " .
+            "FROM host " .
+            "WHERE host_id = :host_id LIMIT 1"
+        );
         while ($row = $dbResult->fetch()) {
-            $dbResult2 = $this->centreon_DB->query(
-                "SELECT host_name " .
-                "FROM host " .
-                "WHERE host_id = '" . $row['host_tpl_id'] . "' LIMIT 1"
-            );
-            $hTpl = $dbResult2->fetch();
+            $statement->bindValue(':host_id', $row['host_tpl_id'], \PDO::PARAM_INT);
+            $statement->execute();
+            $hTpl = $statement->fetch(\PDO::FETCH_ASSOC);
             $tplArr[$row['host_tpl_id']] = html_entity_decode($hTpl["host_name"], ENT_QUOTES);
         }
         unset($row);

diff --git a/www/class/centreon-partition/partEngine.class.php b/www/class/centreon-partition/partEngine.class.php
@@ -426,44 +426,6 @@ public function updateParts($table, $db)
         }
     }
 
-    /**
-     * optimize all partitions for a table
-     *
-     * @param MysqlTable $table
-     */
-    public function optimizeTablePartitions($table, $db)
-    {
-        $tableName = "`" . $table->getSchema() . "`." . $table->getName();
-        if (!$table->exists()) {
-            throw new Exception("Optimize error: Table " . $tableName . " does not exists\n");
-        }
-
-        $request = "SELECT PARTITION_NAME FROM information_schema.`PARTITIONS` ";
-        $request .= "WHERE `TABLE_NAME`='" . $table->getName() . "' ";
-        $request .= "AND TABLE_SCHEMA='" . $table->getSchema() . "' ";
-        try {
-            $dbResult = $db->query($request);
-        } catch (\PDOException $e) {
-            throw new Exception(
-                "Error : Cannot get table schema information  for "
-                . $tableName . ", " . $e->getMessage() . "\n"
-            );
-        }
-
-        while ($row = $dbResult->fetch()) {
-            $request = "ALTER TABLE " . $tableName . " OPTIMIZE PARTITION `" . $row["PARTITION_NAME"] . "`;";
-            try {
-                $dbResult2 = $db->query($request);
-            } catch (\PDOException $e) {
-                throw new Exception(
-                    "Optimize error : Cannot optimize partition " . $row["PARTITION_NAME"]
-                    . " of table " . $tableName . ", " . $e->getMessage() . "\n"
-                );
-            }
-        }
-
-        $dbResult->closeCursor();
-    }
 
     /**
      * list all partitions for a table

diff --git a/www/class/centreon.class.php b/www/class/centreon.class.php
@@ -162,22 +162,12 @@ public function creatModuleList()
             $this->modules[$result["name"]] = array(
                 "name" => $result["name"],
                 "gen" => false,
-                "restart" => false,
                 "license" => false
             );
 
             if (is_dir("./modules/" . $result["name"] . "/generate_files/")) {
                 $this->modules[$result["name"]]["gen"] = true;
             }
-            if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) {
-                $this->modules[$result["name"]]["restart"] = true;
-            }
-            if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) {
-                $this->modules[$result["name"]]["restart"] = true;
-            }
-            if (file_exists("./modules/" . $result["name"] . "/license/merethis_lic.zl")) {
-                $this->modules[$result["name"]]["license"] = true;
-            }
         }
         $dbResult = null;
     }

diff --git a/www/class/centreonConfigCentreonBroker.php b/www/class/centreonConfigCentreonBroker.php
@@ -731,13 +731,15 @@ public function insertConfig($values)
         /*
          * Get the ID
          */
-        $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = '" . $values['name'] . "'";
+        $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = :config_name";
         try {
-            $res = $this->db->query($query);
+            $statement = $this->db->prepare($query);
+            $statement->bindValue(':config_name', $values['name'], \PDO::PARAM_STR);
+            $statement->execute();
         } catch (\PDOException $e) {
             return false;
         }
-        $row = $res->fetch();
+        $row = $statement->fetch(\PDO::FETCH_ASSOC);
         $id = $row['config_id'];
 
         /*

diff --git a/www/class/centreonCriticality.class.php b/www/class/centreonCriticality.class.php
@@ -358,29 +358,4 @@ protected function getServiceCriticality($service_id)
         }
         return 0;
     }
-
-    public function getHostTplCriticities($host_id, $cache)
-    {
-        global $pearDB;
-
-        if (!$host_id) {
-            return null;
-        }
-
-        $rq = "SELECT host_tpl_id " .
-            "FROM host_template_relation " .
-            "WHERE host_host_id = '".$host_id."' " .
-            "ORDER BY `order`";
-        $DBRESULT = $pearDB->query($rq);
-        while ($row = $DBRESULT->fetchRow()) {
-            if (isset($cache[$row['host_tpl_id']])) {
-                return $this->getData($cache[$row['host_tpl_id']], false);
-            } else {
-                if ($result_field = $this->getHostTplCriticities($row['host_tpl_id'], $cache)) {
-                    return $result_field;
-                }
-            }
-        }
-        return null;
-    }
 }
diff --git a/www/class/centreonDB.class.php b/www/class/centreonDB.class.php
@@ -447,4 +447,47 @@ public function isColumnExist(string $table = null, string $column = null): int
             return -1;
         }
     }
+
+    /**
+     * Write SQL errors messages and queries
+     *
+     * @param string $query the query string to write to log
+     * @param string $message the message to write to log
+     */
+    private function logSqlError(string $query, string $message): void
+    {
+        $this->log->insertLog(2, $message . " QUERY : " . $query);
+    }
+
+    /**
+     * This method returns a column type from a given table and column.
+     *
+     * @param string $tableName
+     * @param string $columnName
+     * @return string
+     */
+    public function getColumnType(string $tableName, string $columnName): string
+    {
+        $query = 'SELECT COLUMN_TYPE
+            FROM INFORMATION_SCHEMA.COLUMNS
+            WHERE TABLE_SCHEMA = :dbName
+            AND TABLE_NAME = :tableName
+            AND COLUMN_NAME = :columnName';
+
+        $stmt = $this->prepare($query);
+
+        try {
+            $stmt->bindValue(':dbName', $this->dsn['database'], \PDO::PARAM_STR);
+            $stmt->bindValue(':tableName', $tableName, \PDO::PARAM_STR);
+            $stmt->bindValue(':columnName', $columnName, \PDO::PARAM_STR);
+            $stmt->execute();
+            $result = $stmt->fetch(\PDO::FETCH_ASSOC);
+            if (! empty($result)) {
+                return $result['COLUMN_TYPE'];
+            }
+            throw new \PDOException("Unable to get column type");
+        } catch (\PDOException $e) {
+            $this->logSqlError($query, $e->getMessage());
+        }
+    }
 }
diff --git a/www/class/centreonHostgroups.class.php b/www/class/centreonHostgroups.class.php
@@ -100,18 +100,19 @@ public function getHostGroupHosts($hg_id = null)
         }
 
         $hosts = array();
-        $DBRESULT = $this->DB->query(
-            "SELECT hgr.host_host_id " .
+        $statement = $this->DB->prepare("SELECT hgr.host_host_id " .
             "FROM hostgroup_relation hgr, host h " .
-            "WHERE hgr.hostgroup_hg_id = '" . $this->DB->escape($hg_id) . "' " .
+            "WHERE hgr.hostgroup_hg_id = :hgId " .
             "AND h.host_id = hgr.host_host_id " .
-            "ORDER by h.host_name"
-        );
-        while ($elem = $DBRESULT->fetchRow()) {
+            "ORDER by h.host_name");
+        $statement->bindValue(':hgId', (int) $hg_id, \PDO::PARAM_INT);
+        $statement->execute();
+
+        while ($elem = $statement->fetchRow()) {
             $ref[$elem["host_host_id"]] = $elem["host_host_id"];
             $hosts[] = $elem["host_host_id"];
         }
-        $DBRESULT->closeCursor();
+        $statement->closeCursor();
         unset($elem);
 
         if (isset($hostgroups) && count($hostgroups)) {

diff --git a/www/class/centreonMedia.class.php b/www/class/centreonMedia.class.php
@@ -410,14 +410,12 @@ public function addImage($parameters, $binary = null)
             $imageId = $row['img_id'];
 
             // Insert relation between directory and image
-            $query = 'INSERT INTO view_img_dir_relation '
-                . '(dir_dir_parent_id, img_img_id) '
-                . 'VALUES ('
-                . $directoryId . ', '
-                . $imageId . ' '
-                . ') ';
+            $statement = $this->db->prepare("INSERT INTO view_img_dir_relation (dir_dir_parent_id, img_img_id) " .
+                "VALUES (:dirId, :imgId) ");
+            $statement->bindValue(':dirId', (int) $directoryId, \PDO::PARAM_INT);
+            $statement->bindValue(':imgId', (int) $imageId, \PDO::PARAM_INT);
             try {
-                $this->db->query($query);
+                $statement->execute();
             } catch (\PDOException $e) {
                 throw new \Exception('Error while inserting relation between' . $imageName . ' and ' . $directoryName);
             }

diff --git a/www/class/centreonNotification.class.php b/www/class/centreonNotification.class.php
@@ -342,10 +342,12 @@ protected function getHostTemplateNotifications($hostId, $templates)
         		FROM host_template_relation htr
         		LEFT JOIN contact_host_relation ctr ON htr.host_host_id = ctr.host_host_id
         		LEFT JOIN contactgroup_host_relation ctr2 ON htr.host_host_id = ctr2.host_host_id
-        		WHERE htr.host_host_id = " . $hostId . "
+        		WHERE htr.host_host_id = :host_id 
         		ORDER BY `order`";
-        $res = $this->db->query($sql);
-        while ($row = $res->fetchRow()) {
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT);
+        $statement->execute();
+        while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) {
             if ($row['contact_id']) {
                 $this->hostBreak[1] = true;
             }

diff --git a/www/class/centreonService.class.php b/www/class/centreonService.class.php
@@ -1727,12 +1727,14 @@ public function getTemplatesChain($svcId, $alreadyProcessed = array())
         } else {
             $alreadyProcessed[] = $svcId;
 
-            $res = $this->db->query(
-                "SELECT service_template_model_stm_id FROM service WHERE service_id = " . $this->db->escape($svcId)
+            $statement = $this->db->prepare(
+                "SELECT service_template_model_stm_id FROM service WHERE service_id = :service_id"
             );
+            $statement->bindValue(':service_id', (int) $svcId, \PDO::PARAM_INT);
+            $statement->execute();
 
-            if ($res->rowCount()) {
-                $row = $res->fetchRow();
+            if ($statement->rowCount()) {
+                $row = $statement->fetch(\PDO::FETCH_ASSOC);
                 if (!empty($row['service_template_model_stm_id']) && $row['service_template_model_stm_id'] !== null) {
                     $svcTmpl = array_merge(
                         $svcTmpl,