diff --git a/src/Centreon/Domain/Contact/Interfaces/ContactInterface.php b/src/Centreon/Domain/Contact/Interfaces/ContactInterface.php index 525b6f3c2cc..aef328a4bcb 100644 --- a/src/Centreon/Domain/Contact/Interfaces/ContactInterface.php +++ b/src/Centreon/Domain/Contact/Interfaces/ContactInterface.php @@ -207,4 +207,9 @@ public function hasAccessToApiRealTime(): bool; * @return static */ public function setAccessToApiRealTime(bool $hasAccessToApiRealTime): static; + + /** + * @return string|null + */ + public function getTheme(): ?string; } diff --git a/src/Centreon/Domain/Repository/TopologyRepository.php b/src/Centreon/Domain/Repository/TopologyRepository.php index dc682d3acb3..64506d925f7 100644 --- a/src/Centreon/Domain/Repository/TopologyRepository.php +++ b/src/Centreon/Domain/Repository/TopologyRepository.php @@ -105,14 +105,15 @@ public function getReactTopologiesPerUserWithAcl($user) if ($DBRESULT->rowCount()) { $topology = array(); $tmp_topo_page = array(); + $statement = $this->db->prepare("SELECT topology_topology_id, acl_topology_relations.access_right " + . "FROM acl_topology_relations, acl_topology " + . "WHERE acl_topology.acl_topo_activate = '1' " + . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " + . "AND acl_topology_relations.acl_topo_id = :acl_topo_id "); while ($topo_group = $DBRESULT->fetchRow()) { - $query2 = "SELECT topology_topology_id, acl_topology_relations.access_right " - . "FROM acl_topology_relations, acl_topology " - . "WHERE acl_topology.acl_topo_activate = '1' " - . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " - . "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' "; - $DBRESULT2 = $this->db->query($query2); - while ($topo_page = $DBRESULT2->fetchRow()) { + $statement->bindValue(':acl_topo_id', $topo_group["acl_topology_id"], \PDO::PARAM_INT); + $statement->execute(); + while ($topo_page = $statement->fetch(\PDO::FETCH_ASSOC)) { $topology[] = (int)$topo_page["topology_topology_id"]; if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) { $tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"]; @@ -127,7 +128,7 @@ public function getReactTopologiesPerUserWithAcl($user) } } } - $DBRESULT2->closeCursor(); + $statement->closeCursor(); } $DBRESULT->closeCursor(); diff --git a/src/Centreon/Domain/Service/AppKeyGeneratorService.php b/src/Centreon/Domain/Service/AppKeyGeneratorService.php deleted file mode 100644 index 913ca66b18a..00000000000 --- a/src/Centreon/Domain/Service/AppKeyGeneratorService.php +++ /dev/null @@ -1,15 +0,0 @@ -bindValue(':ip_address', $host->getIpAddress(), \PDO::PARAM_STR); $statement->bindValue(':comment', $host->getComment(), \PDO::PARAM_STR); $statement->bindValue(':geo_coords', $host->getGeoCoords(), \PDO::PARAM_STR); - $statement->bindValue(':is_activate', $host->isActivated(), \PDO::PARAM_STR); + $statement->bindValue(':is_activate', $host->isActivated() ? '1' : '0', \PDO::PARAM_STR); $statement->bindValue(':host_register', '1', \PDO::PARAM_STR); $statement->bindValue(':active_check_status', Host::OPTION_DEFAULT, \PDO::PARAM_STR); $statement->bindValue(':passive_check_status', Host::OPTION_DEFAULT, \PDO::PARAM_STR); diff --git a/src/Centreon/ServiceProvider.php b/src/Centreon/ServiceProvider.php index 123d857c006..a330e16e4bf 100644 --- a/src/Centreon/ServiceProvider.php +++ b/src/Centreon/ServiceProvider.php @@ -34,7 +34,6 @@ use Centreon\Infrastructure\Service\CentreonDBManagerService; use Centreon\Domain\Service\I18nService; use Centreon\Domain\Service\FrontendComponentService; -use Centreon\Domain\Service\AppKeyGeneratorService; use Centreon\Domain\Service\BrokerConfigurationService; use Centreon\Domain\Repository\CfgCentreonBrokerRepository; use Centreon\Domain\Repository\CfgCentreonBrokerInfoRepository; @@ -171,12 +170,6 @@ public function register(Container $pimple): void return $_SESSION['centreon']->user; // @codeCoverageIgnoreEnd }; - $pimple['centreon.keygen'] = function (): AppKeyGeneratorService { - $service = new AppKeyGeneratorService(); - - return $service; - }; - $pimple[static::CENTREON_ACL] = function (Container $container): CentreonACL { $service = new CentreonACL($container); diff --git a/src/Centreon/Tests/AppKeyGeneratorServiceTest.php b/src/Centreon/Tests/AppKeyGeneratorServiceTest.php deleted file mode 100644 index a59df976afe..00000000000 --- a/src/Centreon/Tests/AppKeyGeneratorServiceTest.php +++ /dev/null @@ -1,63 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - * - */ - -namespace Centreon\Tests; - -use PHPUnit\Framework\TestCase; -use Centreon\Domain\Service\AppKeyGeneratorService; - -class AppKeyGeneratorServiceTest extends TestCase -{ - const MD5_REGEX = '/^[a-f0-9]{32}$/i'; - - public function testGenerateKey() - { - $service = new AppKeyGeneratorService; - $key = $service->generateKey(); - - /** - * string generated is an md5 - */ - $this->assertMatchesRegularExpression(self::MD5_REGEX, $key); - - /** - * second string different and matches format - */ - $key2 = $service->generateKey(); - $this->assertMatchesRegularExpression(self::MD5_REGEX, $key2); - $this->assertNotSame($key, $key2); - } -} diff --git a/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php b/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php index 9a13235a202..1c986ef6f0f 100644 --- a/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php +++ b/src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php @@ -52,7 +52,7 @@ protected function setUp(): void . "FROM acl_topology_relations, acl_topology " . "WHERE acl_topology.acl_topo_activate = '1' " . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id " - . "AND acl_topology_relations.acl_topo_id = '1' ", + . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ", 'data' => [ [ 'topology_topology_id' => 1, diff --git a/src/Centreon/Tests/ServiceProviderTest.php b/src/Centreon/Tests/ServiceProviderTest.php index c299d0c64b7..6193ce456a8 100644 --- a/src/Centreon/Tests/ServiceProviderTest.php +++ b/src/Centreon/Tests/ServiceProviderTest.php @@ -83,7 +83,6 @@ public function testCheckServicesByList() ServiceProvider::CENTREON_DB_MANAGER => Service\CentreonDBManagerService::class, ServiceProvider::UPLOAD_MANGER => Service\UploadFileService::class, ServiceProvider::CENTREON_PAGINATION => Service\CentreonPaginationService::class, - 'centreon.keygen' => Domain\Service\AppKeyGeneratorService::class, 'centreon.acl' => CentreonACL::class, 'centreon.config' => Service\CentcoreConfigService::class, ServiceProvider::CENTREON_BROKER_CONFIGURATION_SERVICE => Domain\Service\BrokerConfigurationService::class, diff --git a/src/CentreonRemote/Domain/Service/TaskService.php b/src/CentreonRemote/Domain/Service/TaskService.php index cf38eb2d642..709aaa934fd 100644 --- a/src/CentreonRemote/Domain/Service/TaskService.php +++ b/src/CentreonRemote/Domain/Service/TaskService.php @@ -31,11 +31,6 @@ class TaskService { - /** - * @var KeyGeneratorInterface - */ - private $gen; - /** * @var CentreonDBManagerService */ @@ -101,15 +96,12 @@ public function getCentreonRestHttp(): \CentreonRestHttp /** * TaskService constructor - * @param KeyGeneratorInterface $generator * @param CentreonDBManagerService $dbManager */ public function __construct( - KeyGeneratorInterface $generator, CentreonDBManagerService $dbManager, CentcoreCommandService $cmdService ) { - $this->gen = $generator; $this->dbManager = $dbManager; $this->cmdService = $cmdService; } diff --git a/src/CentreonRemote/ServiceProvider.php b/src/CentreonRemote/ServiceProvider.php index f20bd285994..824c83edbf9 100644 --- a/src/CentreonRemote/ServiceProvider.php +++ b/src/CentreonRemote/ServiceProvider.php @@ -23,7 +23,6 @@ use Pimple\Container; use Pimple\Psr11\ServiceLocator; -use Centreon\Domain\Service\AppKeyGeneratorService; use Centreon\Infrastructure\Provider\AutoloadServiceProviderInterface; use Centreon\Infrastructure\Service\CentcoreCommandService; use CentreonRemote\Application\Webservice; @@ -85,7 +84,6 @@ function (array $cc, Container $pimple) { $pimple[static::CENTREON_TASKSERVICE] = function (Container $pimple): TaskService { $service = new TaskService( - new AppKeyGeneratorService(), $pimple[\Centreon\ServiceProvider::CENTREON_DB_MANAGER], new CentcoreCommandService() ); diff --git a/src/Core/Security/Application/ProviderConfiguration/OpenId/UseCase/UpdateOpenIdConfiguration/UpdateOpenIdConfiguration.php b/src/Core/Security/Application/ProviderConfiguration/OpenId/UseCase/UpdateOpenIdConfiguration/UpdateOpenIdConfiguration.php index f7ad538172f..14ad35d5953 100644 --- a/src/Core/Security/Application/ProviderConfiguration/OpenId/UseCase/UpdateOpenIdConfiguration/UpdateOpenIdConfiguration.php +++ b/src/Core/Security/Application/ProviderConfiguration/OpenId/UseCase/UpdateOpenIdConfiguration/UpdateOpenIdConfiguration.php @@ -154,6 +154,11 @@ private function createAuthorizationRules(array $authorizationRulesFromRequest): { $this->info('Creating Authorization Rules'); $accessGroupIds = $this->getAccessGroupIds($authorizationRulesFromRequest); + + if (empty($accessGroupIds)) { + return []; + } + $foundAccessGroups = $this->accessGroupRepository->findByIds($accessGroupIds); $this->logNonExistentAccessGroupsIds($accessGroupIds, $foundAccessGroups); @@ -241,12 +246,10 @@ private function updateConfiguration(Configuration $configuration): void } $this->info('Updating OpenID Configuration'); $this->repository->updateConfiguration($configuration); - if (! empty($configuration->getAuthorizationRules())) { - $this->info('Removing existent Authorization Rules'); - $this->repository->deleteAuthorizationRules(); - $this->info('Inserting new Authorization Rules'); - $this->repository->insertAuthorizationRules($configuration->getAuthorizationRules()); - } + $this->info('Removing existent Authorization Rules'); + $this->repository->deleteAuthorizationRules(); + $this->info('Inserting new Authorization Rules'); + $this->repository->insertAuthorizationRules($configuration->getAuthorizationRules()); if (! $isAlreadyInTransaction) { $this->dataStorageEngine->commitTransaction(); } diff --git a/src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php b/src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php index 8a70c1513b9..a7f203aae26 100644 --- a/src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php +++ b/src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php @@ -109,7 +109,8 @@ public function __invoke(LoginOpenIdSessionRequest $request, LoginOpenIdSessionP 'contact_location' => (string) $user->getTimezoneId(), 'show_deprecated_pages' => $user->isUsingDeprecatedPages(), 'reach_api' => $user->hasAccessToApiConfiguration() ? 1 : 0, - 'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0 + 'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0, + 'contact_theme' => $user->getTheme() ?? 'light' ]; $this->provider->setLegacySession(new \Centreon($sessionUserInfos)); $this->startLegacySession($this->provider->getLegacySession()); diff --git a/src/EventSubscriber/WebSSOEventSubscriber.php b/src/EventSubscriber/WebSSOEventSubscriber.php index b3d75f391c0..e47b7355844 100644 --- a/src/EventSubscriber/WebSSOEventSubscriber.php +++ b/src/EventSubscriber/WebSSOEventSubscriber.php @@ -252,10 +252,11 @@ private function createSession(Contact $user, Request $request): void 'contact_autologin_key' => '', 'contact_admin' => $user->isAdmin() ? '1' : '0', 'default_page' => $user->getDefaultPage(), - 'contact_location' => $user->getLocale(), + 'contact_location' => (string) $user->getTimezoneId(), 'show_deprecated_pages' => $user->isUsingDeprecatedPages(), 'reach_api' => $user->hasAccessToApiConfiguration() ? 1 : 0, - 'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0 + 'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0, + 'contact_theme' => $user->getTheme() ?? 'light' ]; $centreonSession = new \Centreon($sessionUserInfos); $request->getSession()->start(); diff --git a/www/class/centreon-clapi/centreon.Config.Poller.class.php b/www/class/centreon-clapi/centreon.Config.Poller.class.php index 216e29b9eef..5270c5efdbd 100644 --- a/www/class/centreon-clapi/centreon.Config.Poller.class.php +++ b/www/class/centreon-clapi/centreon.Config.Poller.class.php @@ -40,7 +40,6 @@ use Centreon\Domain\Entity\Task; use CentreonRemote\ServiceProvider; use CentreonRemote\Domain\Service\TaskService; -use Centreon\Domain\Service\AppKeyGeneratorService; use Centreon\Infrastructure\Service\CentcoreCommandService; use Centreon\Infrastructure\Service\CentreonDBManagerService; use Core\Domain\Engine\Model\EngineCommandGenerator; diff --git a/www/class/centreon-clapi/centreonAPI.class.php b/www/class/centreon-clapi/centreonAPI.class.php index dd4cbadda48..2b7332d2bf4 100644 --- a/www/class/centreon-clapi/centreonAPI.class.php +++ b/www/class/centreon-clapi/centreonAPI.class.php @@ -107,7 +107,7 @@ public function __construct( $this->login = htmlentities($user, ENT_QUOTES); } if (isset($password)) { - $this->password = htmlentities($password, ENT_QUOTES); + $this->password = filter_var($password, FILTER_SANITIZE_STRING); } if (isset($action)) { $this->action = htmlentities(strtoupper($action), ENT_QUOTES); diff --git a/www/class/centreon-clapi/centreonHostGroup.class.php b/www/class/centreon-clapi/centreonHostGroup.class.php index 56d254c49c1..fa722541278 100644 --- a/www/class/centreon-clapi/centreonHostGroup.class.php +++ b/www/class/centreon-clapi/centreonHostGroup.class.php @@ -174,6 +174,7 @@ public function getparam($parameters = null) $listParam = explode('|', $params[1]); $exportedFields = []; $resultString = ""; + $paramString = ""; foreach ($listParam as $paramSearch) { if (!$paramString) { $paramString = $paramSearch; @@ -257,20 +258,24 @@ public function initUpdateParameters($parameters = null) public function getIdIcon($path) { $iconData = explode('/', $path); - $query = 'SELECT dir_id FROM view_img_dir WHERE dir_name = "' . $iconData[0] . '"'; - $res = $this->db->query($query); - $row = $res->fetch(); + $dirStatement = $this->db->prepare("SELECT dir_id FROM view_img_dir WHERE dir_name = :IconData"); + $dirStatement->bindValue(':IconData', $iconData[0], \PDO::PARAM_STR); + $dirStatement->execute(); + $row = $dirStatement->fetch(); $dirId = $row['dir_id']; - $query = 'SELECT img_id FROM view_img WHERE img_path = "' . $iconData[1] . '"'; - $res = $this->db->query($query); - $row = $res->fetch(); + $imgStatement = $this->db->prepare("SELECT img_id FROM view_img WHERE img_path = :iconData"); + $imgStatement->bindValue(':iconData', $iconData[1], \PDO::PARAM_STR); + $imgStatement->execute(); + $row = $imgStatement->fetch(); $iconId = $row['img_id']; - $query = 'SELECT vidr_id FROM view_img_dir_relation ' . - 'WHERE dir_dir_parent_id = ' . $dirId . ' AND img_img_id = ' . $iconId; - $res = $this->db->query($query); - $row = $res->fetch(); + $vidrStatement = $this->db->prepare("SELECT vidr_id FROM view_img_dir_relation " . + "WHERE dir_dir_parent_id = :dirId AND img_img_id = :iconId"); + $vidrStatement->bindValue(':dirId', (int) $dirId, \PDO::PARAM_INT); + $vidrStatement->bindValue(':iconId', (int) $iconId, \PDO::PARAM_INT); + $vidrStatement->execute(); + $row = $vidrStatement->fetch(); return $row['vidr_id']; } diff --git a/www/class/centreon-clapi/centreonLDAP.class.php b/www/class/centreon-clapi/centreonLDAP.class.php index 67b6a702ba5..4aacbc33a45 100644 --- a/www/class/centreon-clapi/centreonLDAP.class.php +++ b/www/class/centreon-clapi/centreonLDAP.class.php @@ -184,10 +184,12 @@ public function showserver($arName = null) } $sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order FROM auth_ressource_host - WHERE auth_ressource_id = " . $arId . " + WHERE auth_ressource_id = :auth_ressource_id ORDER BY host_order"; - $res = $this->db->query($sql); - $row = $res->fetchAll(); + $statement = $this->db->prepare($sql); + $statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT); + $statement->execute(); + $row = $statement->fetchAll(\PDO::FETCH_ASSOC); echo "id;address;port;ssl;tls;order\n"; foreach ($row as $srv) { echo $srv['ldap_host_id'] . $this->delim . diff --git a/www/class/centreon-clapi/centreonService.class.php b/www/class/centreon-clapi/centreonService.class.php index e02b0e76d0e..d3f8ec84b6f 100644 --- a/www/class/centreon-clapi/centreonService.class.php +++ b/www/class/centreon-clapi/centreonService.class.php @@ -1584,12 +1584,12 @@ public function getCustomMacroInDb($serviceId = null, $template = null) $arr = array(); $i = 0; if ($serviceId) { - $res = $this->db->query("SELECT svc_macro_name, svc_macro_value, is_password, description - FROM on_demand_macro_service - WHERE svc_svc_id = " . - $serviceId . " - ORDER BY macro_order ASC"); - while ($row = $res->fetch()) { + $statement = $this->db->prepare("SELECT svc_macro_name, svc_macro_value, is_password, description " . + "FROM on_demand_macro_service " . + "WHERE svc_svc_id = :serviceId ORDER BY macro_order ASC"); + $statement->bindValue(':serviceId', (int) $serviceId, \PDO::PARAM_INT); + $statement->execute(); + while ($row = $statement->fetch()) { if (preg_match('/\$_SERVICE(.*)\$$/', $row['svc_macro_name'], $matches)) { $arr[$i]['svc_macro_name'] = $matches[1]; $arr[$i]['svc_macro_value'] = $row['svc_macro_value']; diff --git a/www/class/centreon-knowledge/procedures.class.php b/www/class/centreon-knowledge/procedures.class.php index c20a0a99f7e..cc4feac9351 100644 --- a/www/class/centreon-knowledge/procedures.class.php +++ b/www/class/centreon-knowledge/procedures.class.php @@ -139,13 +139,15 @@ public function getMyHostMultipleTemplateModels($host_id = null) "WHERE host_host_id = '" . $host_id . "' " . "ORDER BY `order`" ); + $statement = $this->centreon_DB->prepare( + "SELECT host_name " . + "FROM host " . + "WHERE host_id = :host_id LIMIT 1" + ); while ($row = $dbResult->fetch()) { - $dbResult2 = $this->centreon_DB->query( - "SELECT host_name " . - "FROM host " . - "WHERE host_id = '" . $row['host_tpl_id'] . "' LIMIT 1" - ); - $hTpl = $dbResult2->fetch(); + $statement->bindValue(':host_id', $row['host_tpl_id'], \PDO::PARAM_INT); + $statement->execute(); + $hTpl = $statement->fetch(\PDO::FETCH_ASSOC); $tplArr[$row['host_tpl_id']] = html_entity_decode($hTpl["host_name"], ENT_QUOTES); } unset($row); diff --git a/www/class/centreon-partition/partEngine.class.php b/www/class/centreon-partition/partEngine.class.php index a7bd5b3c788..52c2e824ec6 100644 --- a/www/class/centreon-partition/partEngine.class.php +++ b/www/class/centreon-partition/partEngine.class.php @@ -426,44 +426,6 @@ public function updateParts($table, $db) } } - /** - * optimize all partitions for a table - * - * @param MysqlTable $table - */ - public function optimizeTablePartitions($table, $db) - { - $tableName = "`" . $table->getSchema() . "`." . $table->getName(); - if (!$table->exists()) { - throw new Exception("Optimize error: Table " . $tableName . " does not exists\n"); - } - - $request = "SELECT PARTITION_NAME FROM information_schema.`PARTITIONS` "; - $request .= "WHERE `TABLE_NAME`='" . $table->getName() . "' "; - $request .= "AND TABLE_SCHEMA='" . $table->getSchema() . "' "; - try { - $dbResult = $db->query($request); - } catch (\PDOException $e) { - throw new Exception( - "Error : Cannot get table schema information for " - . $tableName . ", " . $e->getMessage() . "\n" - ); - } - - while ($row = $dbResult->fetch()) { - $request = "ALTER TABLE " . $tableName . " OPTIMIZE PARTITION `" . $row["PARTITION_NAME"] . "`;"; - try { - $dbResult2 = $db->query($request); - } catch (\PDOException $e) { - throw new Exception( - "Optimize error : Cannot optimize partition " . $row["PARTITION_NAME"] - . " of table " . $tableName . ", " . $e->getMessage() . "\n" - ); - } - } - - $dbResult->closeCursor(); - } /** * list all partitions for a table diff --git a/www/class/centreon.class.php b/www/class/centreon.class.php index c2c09831cbc..07d440217bb 100644 --- a/www/class/centreon.class.php +++ b/www/class/centreon.class.php @@ -162,22 +162,12 @@ public function creatModuleList() $this->modules[$result["name"]] = array( "name" => $result["name"], "gen" => false, - "restart" => false, "license" => false ); if (is_dir("./modules/" . $result["name"] . "/generate_files/")) { $this->modules[$result["name"]]["gen"] = true; } - if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) { - $this->modules[$result["name"]]["restart"] = true; - } - if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) { - $this->modules[$result["name"]]["restart"] = true; - } - if (file_exists("./modules/" . $result["name"] . "/license/merethis_lic.zl")) { - $this->modules[$result["name"]]["license"] = true; - } } $dbResult = null; } diff --git a/www/class/centreonConfigCentreonBroker.php b/www/class/centreonConfigCentreonBroker.php index 78619cc3062..60ca6a87fae 100644 --- a/www/class/centreonConfigCentreonBroker.php +++ b/www/class/centreonConfigCentreonBroker.php @@ -790,13 +790,15 @@ public function insertConfig(array $values): bool /* * Get the ID */ - $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = '" . $values['name'] . "'"; + $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = :config_name"; try { - $res = $this->db->query($query); + $statement = $this->db->prepare($query); + $statement->bindValue(':config_name', $values['name'], \PDO::PARAM_STR); + $statement->execute(); } catch (\PDOException $e) { return false; } - $row = $res->fetch(); + $row = $statement->fetch(\PDO::FETCH_ASSOC); $id = $row['config_id']; /* diff --git a/www/class/centreonCriticality.class.php b/www/class/centreonCriticality.class.php index a64f673422f..4c45040b485 100644 --- a/www/class/centreonCriticality.class.php +++ b/www/class/centreonCriticality.class.php @@ -358,29 +358,4 @@ protected function getServiceCriticality($service_id) } return 0; } - - public function getHostTplCriticities($host_id, $cache) - { - global $pearDB; - - if (!$host_id) { - return null; - } - - $rq = "SELECT host_tpl_id " . - "FROM host_template_relation " . - "WHERE host_host_id = '".$host_id."' " . - "ORDER BY `order`"; - $DBRESULT = $pearDB->query($rq); - while ($row = $DBRESULT->fetchRow()) { - if (isset($cache[$row['host_tpl_id']])) { - return $this->getData($cache[$row['host_tpl_id']], false); - } else { - if ($result_field = $this->getHostTplCriticities($row['host_tpl_id'], $cache)) { - return $result_field; - } - } - } - return null; - } } diff --git a/www/class/centreonDB.class.php b/www/class/centreonDB.class.php index fd77f40a91f..d8195b79703 100644 --- a/www/class/centreonDB.class.php +++ b/www/class/centreonDB.class.php @@ -289,7 +289,7 @@ public static function escape($str, $htmlSpecialChars = false) /** * Query * - * @return PDOStatement|null + * @return CentreonDBStatement|false * @param string $queryString * @param mixed $parameters * @param mixed $parametersArgs @@ -501,4 +501,36 @@ private function logSqlError(string $query, string $message): void { $this->log->insertLog(2, $message . " QUERY : " . $query); } + + /** + * This method returns a column type from a given table and column. + * + * @param string $tableName + * @param string $columnName + * @return string + */ + public function getColumnType(string $tableName, string $columnName): string + { + $query = 'SELECT COLUMN_TYPE + FROM INFORMATION_SCHEMA.COLUMNS + WHERE TABLE_SCHEMA = :dbName + AND TABLE_NAME = :tableName + AND COLUMN_NAME = :columnName'; + + $stmt = $this->prepare($query); + + try { + $stmt->bindValue(':dbName', $this->dsn['database'], \PDO::PARAM_STR); + $stmt->bindValue(':tableName', $tableName, \PDO::PARAM_STR); + $stmt->bindValue(':columnName', $columnName, \PDO::PARAM_STR); + $stmt->execute(); + $result = $stmt->fetch(\PDO::FETCH_ASSOC); + if (! empty($result)) { + return $result['COLUMN_TYPE']; + } + throw new \PDOException("Unable to get column type"); + } catch (\PDOException $e) { + $this->logSqlError($query, $e->getMessage()); + } + } } diff --git a/www/class/centreonHostgroups.class.php b/www/class/centreonHostgroups.class.php index 34dd68d6947..81ff496279a 100644 --- a/www/class/centreonHostgroups.class.php +++ b/www/class/centreonHostgroups.class.php @@ -100,18 +100,19 @@ public function getHostGroupHosts($hg_id = null) } $hosts = array(); - $DBRESULT = $this->DB->query( - "SELECT hgr.host_host_id " . + $statement = $this->DB->prepare("SELECT hgr.host_host_id " . "FROM hostgroup_relation hgr, host h " . - "WHERE hgr.hostgroup_hg_id = '" . $this->DB->escape($hg_id) . "' " . + "WHERE hgr.hostgroup_hg_id = :hgId " . "AND h.host_id = hgr.host_host_id " . - "ORDER by h.host_name" - ); - while ($elem = $DBRESULT->fetchRow()) { + "ORDER by h.host_name"); + $statement->bindValue(':hgId', (int) $hg_id, \PDO::PARAM_INT); + $statement->execute(); + + while ($elem = $statement->fetchRow()) { $ref[$elem["host_host_id"]] = $elem["host_host_id"]; $hosts[] = $elem["host_host_id"]; } - $DBRESULT->closeCursor(); + $statement->closeCursor(); unset($elem); if (isset($hostgroups) && count($hostgroups)) { diff --git a/www/class/centreonMedia.class.php b/www/class/centreonMedia.class.php index afdbec5e3c2..a602b4a6752 100644 --- a/www/class/centreonMedia.class.php +++ b/www/class/centreonMedia.class.php @@ -413,14 +413,12 @@ public function addImage($parameters, $binary = null) $imageId = $row['img_id']; // Insert relation between directory and image - $query = 'INSERT INTO view_img_dir_relation ' - . '(dir_dir_parent_id, img_img_id) ' - . 'VALUES (' - . $directoryId . ', ' - . $imageId . ' ' - . ') '; + $statement = $this->db->prepare("INSERT INTO view_img_dir_relation (dir_dir_parent_id, img_img_id) " . + "VALUES (:dirId, :imgId) "); + $statement->bindValue(':dirId', (int) $directoryId, \PDO::PARAM_INT); + $statement->bindValue(':imgId', (int) $imageId, \PDO::PARAM_INT); try { - $this->db->query($query); + $statement->execute(); } catch (\PDOException $e) { throw new \Exception('Error while inserting relation between' . $imageName . ' and ' . $directoryName); } diff --git a/www/class/centreonNotification.class.php b/www/class/centreonNotification.class.php index 0875cbcb9b1..57003d925b5 100644 --- a/www/class/centreonNotification.class.php +++ b/www/class/centreonNotification.class.php @@ -35,6 +35,9 @@ class CentreonNotification { + /** + * @var CentreonDB $db + */ protected $db; protected $svcTpl; protected $svcNotifType; @@ -342,10 +345,12 @@ protected function getHostTemplateNotifications($hostId, $templates) FROM host_template_relation htr LEFT JOIN contact_host_relation ctr ON htr.host_host_id = ctr.host_host_id LEFT JOIN contactgroup_host_relation ctr2 ON htr.host_host_id = ctr2.host_host_id - WHERE htr.host_host_id = " . $hostId . " + WHERE htr.host_host_id = :host_id ORDER BY `order`"; - $res = $this->db->query($sql); - while ($row = $res->fetchRow()) { + $statement = $this->db->prepare($sql); + $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT); + $statement->execute(); + while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) { if ($row['contact_id']) { $this->hostBreak[1] = true; } diff --git a/www/class/centreonService.class.php b/www/class/centreonService.class.php index 67149a75a20..19b09c52d96 100644 --- a/www/class/centreonService.class.php +++ b/www/class/centreonService.class.php @@ -1727,12 +1727,14 @@ public function getTemplatesChain($svcId, $alreadyProcessed = array()) } else { $alreadyProcessed[] = $svcId; - $res = $this->db->query( - "SELECT service_template_model_stm_id FROM service WHERE service_id = " . $this->db->escape($svcId) + $statement = $this->db->prepare( + "SELECT service_template_model_stm_id FROM service WHERE service_id = :service_id" ); + $statement->bindValue(':service_id', (int) $svcId, \PDO::PARAM_INT); + $statement->execute(); - if ($res->rowCount()) { - $row = $res->fetchRow(); + if ($statement->rowCount()) { + $row = $statement->fetch(\PDO::FETCH_ASSOC); if (!empty($row['service_template_model_stm_id']) && $row['service_template_model_stm_id'] !== null) { $svcTmpl = array_merge( $svcTmpl, diff --git a/www/class/config-generate/broker.class.php b/www/class/config-generate/broker.class.php index 63e0f206510..68493d48a65 100644 --- a/www/class/config-generate/broker.class.php +++ b/www/class/config-generate/broker.class.php @@ -217,7 +217,8 @@ private function generate($poller_id, $localhost) } $subValuesToCastInArray = []; - $rrdCacheOption = 'disable'; + $rrdCacheOption = null; + $rrdCached = null; foreach ($value as $subvalue) { if ( !isset($subvalue['fieldIndex']) @@ -236,21 +237,20 @@ private function generate($poller_id, $localhost) } elseif ($subvalue['config_key'] === 'category') { $object[$key][$subvalue['config_group_id']]['filters'][$subvalue['config_key']][] = $subvalue['config_value']; - } else { + } elseif (in_array($subvalue['config_key'], ['rrd_cached_option', 'rrd_cached'])) { if ($subvalue['config_key'] === 'rrd_cached_option') { $rrdCacheOption = $subvalue['config_value']; - continue; + } elseif ($subvalue['config_key'] === 'rrd_cached') { + $rrdCached = $subvalue['config_value']; } - - if ($subvalue['config_key'] === 'rrd_cached') { + if ($rrdCached && $rrdCacheOption) { if ($rrdCacheOption === 'tcp') { - $object[$key][$subvalue['config_group_id']]['port'] = $subvalue['config_value']; + $object[$key][$subvalue['config_group_id']]['port'] = $rrdCached; } elseif ($rrdCacheOption === 'unix') { - $object[$key][$subvalue['config_group_id']]['path'] = $subvalue['config_value']; + $object[$key][$subvalue['config_group_id']]['path'] = $rrdCached; } - continue; } - + } else { $object[$key][$subvalue['config_group_id']][$subvalue['config_key']] = $subvalue['config_value']; diff --git a/www/include/configuration/configCentreonBroker/DB-Func.php b/www/include/configuration/configCentreonBroker/DB-Func.php index 5c8566ca17b..d522e6487e8 100644 --- a/www/include/configuration/configCentreonBroker/DB-Func.php +++ b/www/include/configuration/configCentreonBroker/DB-Func.php @@ -74,8 +74,10 @@ function enableCentreonBrokerInDB($id) return; } - $query = "UPDATE cfg_centreonbroker SET config_activate = '1' WHERE config_id = " . $id; - $pearDB->query($query); + $query = "UPDATE cfg_centreonbroker SET config_activate = '1' WHERE config_id = :config_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', (int) $id, \PDO::PARAM_INT); + $statement->execute(); } /** @@ -91,8 +93,10 @@ function disablCentreonBrokerInDB($id) return; } - $query = "UPDATE cfg_centreonbroker SET config_activate = '0' WHERE config_id = " . $id; - $pearDB->query($query); + $query = "UPDATE cfg_centreonbroker SET config_activate = '0' WHERE config_id = :config_id"; + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', (int) $id, \PDO::PARAM_INT); + $statement->execute(); } /** @@ -104,8 +108,10 @@ function deleteCentreonBrokerInDB($ids = array()) { global $pearDB; + $statement = $pearDB->prepare("DELETE FROM cfg_centreonbroker WHERE config_id = :config_id"); foreach ($ids as $key => $value) { - $pearDB->query("DELETE FROM cfg_centreonbroker WHERE config_id = " . $key); + $statement->bindValue(':config_id', (int) $key, \PDO::PARAM_INT); + $statement->execute(); } } @@ -195,13 +201,7 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) foreach ($ids as $id => $value) { $cbObj = new CentreonConfigCentreonBroker($pearDB); - $query = "SELECT config_name, config_filename, config_activate, ns_nagios_server, - event_queue_max_size, cache_directory, daemon " - . "FROM cfg_centreonbroker " - . "WHERE config_id = " . $id . " "; - $dbResult = $pearDB->query($query); - $row = $dbResult->fetch(); - $dbResult->closeCursor(); + $row = getCfgBrokerData((int) $id); # Prepare values $values = array(); @@ -211,13 +211,10 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) $values['event_queue_max_size'] = $row['event_queue_max_size']; $values['cache_directory'] = $row['cache_directory']; $values['activate_watchdog']['activate_watchdog'] = $row['daemon']; - $query = "SELECT config_key, config_value, config_group, config_group_id " - . "FROM cfg_centreonbroker_info " - . "WHERE config_id = " . $id . " "; - $dbResult = $pearDB->query($query); $values['output'] = array(); $values['input'] = array(); - while ($rowOpt = $dbResult->fetch()) { + $brokerCfgInfoData = getCfgBrokerInfoData((int) $id); + foreach ($brokerCfgInfoData as $rowOpt) { if ($rowOpt['config_key'] == 'filters') { continue; } elseif ($rowOpt['config_key'] == 'category') { @@ -228,7 +225,6 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) $rowOpt['config_value']; } } - $dbResult->closeCursor(); # Convert values radio button foreach ($values as $group => $groups) { @@ -254,6 +250,8 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) # Copy the configuration $j = 1; + $query = "SELECT COUNT(*) as nb FROM cfg_centreonbroker WHERE config_name = :config_name"; + $statement = $pearDB->prepare($query); for ($i = 1; $i <= $nbrDup[$id]; $i++) { $nameNOk = true; @@ -261,9 +259,9 @@ function multipleCentreonBrokerInDB($ids, $nbrDup) while ($nameNOk) { $newname = $row['config_name'] . '_' . $j; $newfilename = $j . '_' . $row['config_filename']; - $query = "SELECT COUNT(*) as nb FROM cfg_centreonbroker WHERE config_name = '" . $newname . "'"; - $res = $pearDB->query($query); - $rowNb = $res->fetch(); + $statement->bindValue(':config_name', $newname, \PDO::PARAM_STR); + $statement->execute(); + $rowNb = $statement->fetch(\PDO::FETCH_ASSOC); if ($rowNb['nb'] == 0) { $nameNOk = false; } @@ -293,3 +291,54 @@ function isPositiveNumeric($size): bool } return $isPositive; } + +/** + * Getting Centreon CFG broker data + * + * @param int $configId + * @return array + */ +function getCfgBrokerData(int $configId): array +{ + global $pearDB; + + $query = "SELECT config_name, config_filename, config_activate, ns_nagios_server, + event_queue_max_size, cache_directory, daemon " + . "FROM cfg_centreonbroker " + . "WHERE config_id = :config_id "; + try { + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', $configId, \PDO::PARAM_INT); + $statement->execute(); + $cfgBrokerData = $statement->fetch(\PDO::FETCH_ASSOC); + } catch (PDOException $exception) { + throw new \Exception("Cannot fetch Broker config data"); + } + $statement->closeCursor(); + return $cfgBrokerData; +} + +/** + * Getting Centreon CFG broker Info data + * + * @param int $configId + * @return array + */ +function getCfgBrokerInfoData(int $configId): array +{ + global $pearDB; + + $query = "SELECT config_key, config_value, config_group, config_group_id " + . "FROM cfg_centreonbroker_info " + . "WHERE config_id = :config_id"; + try { + $statement = $pearDB->prepare($query); + $statement->bindValue(':config_id', $configId, \PDO::PARAM_INT); + $statement->execute(); + $cfgBrokerInfoData = $statement->fetchAll(\PDO::FETCH_ASSOC); + } catch (\PDOException $exception) { + throw new \Exception("Cannot fetch Broker info config data"); + } + $statement->closeCursor(); + return $cfgBrokerInfoData; +} diff --git a/www/include/configuration/configGenerate/xml/restartPollers.php b/www/include/configuration/configGenerate/xml/restartPollers.php index 9ac4415e907..f0f765eefa8 100644 --- a/www/include/configuration/configGenerate/xml/restartPollers.php +++ b/www/include/configuration/configGenerate/xml/restartPollers.php @@ -259,18 +259,6 @@ $msg_restart[$key] = str_replace("\n", "
", $str); } - /* Find restart / reload action from modules */ - foreach ($centreon->modules as $key => $value) { - if ( - $value["restart"] - && $files = glob(_CENTREON_PATH_ . "www/modules/" . $key . "/restart_pollers/*.php") - ) { - foreach ($files as $filename) { - include $filename; - } - } - } - $xml->startElement("response"); $xml->writeElement("status", $okMsg); $xml->writeElement("statuscode", STATUS_OK); diff --git a/www/include/configuration/configKnowledge/display-hostTemplates.php b/www/include/configuration/configKnowledge/display-hostTemplates.php index 9595a6560a4..c64be5baf06 100644 --- a/www/include/configuration/configKnowledge/display-hostTemplates.php +++ b/www/include/configuration/configKnowledge/display-hostTemplates.php @@ -167,11 +167,11 @@ foreach ($tplArr as $key1 => $value1) { if ($firstTpl) { $tplStr .= " " . $value1 . " "; + "/index.php?title=Host-Template_:_" . $value1 . "' target = '_blank' > " . $value1 . " "; $firstTpl = 0; } else { $tplStr .= " |  " . $value1 . " "; + "/index.php?title=Host-Template_:_" . $value1 . "' target = '_blank' > " . $value1 . " "; } } } diff --git a/www/include/configuration/configKnowledge/display-hosts.php b/www/include/configuration/configKnowledge/display-hosts.php index 0bc0e4d525a..bfa2e97dab6 100644 --- a/www/include/configuration/configKnowledge/display-hosts.php +++ b/www/include/configuration/configKnowledge/display-hosts.php @@ -192,11 +192,11 @@ foreach ($tplArr as $key1 => $value1) { if ($firstTpl) { $tplStr .= "" . $value1 . ""; + "/index.php?title=Host-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; $firstTpl = 0; } else { $tplStr .= " | " . $value1 . ""; + "/index.php?title=Host-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; } } } diff --git a/www/include/configuration/configKnowledge/display-serviceTemplates.php b/www/include/configuration/configKnowledge/display-serviceTemplates.php index a609fc22e54..fab6889c54b 100644 --- a/www/include/configuration/configKnowledge/display-serviceTemplates.php +++ b/www/include/configuration/configKnowledge/display-serviceTemplates.php @@ -170,11 +170,11 @@ foreach ($tplArr as $key1 => $value1) { if ($firstTpl) { $tplStr .= "" . $value1 . ""; + "/index.php?title=Service-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; $firstTpl = 0; } else { $tplStr .= " | " . $value1 . ""; + "/index.php?title=Service-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; } } } diff --git a/www/include/configuration/configKnowledge/display-services.php b/www/include/configuration/configKnowledge/display-services.php index d59f4ad69bf..87028122654 100644 --- a/www/include/configuration/configKnowledge/display-services.php +++ b/www/include/configuration/configKnowledge/display-services.php @@ -274,7 +274,7 @@ $tplStr .= " | "; } $tplStr .= "" . $value1 . ""; + "/index.php?title=Service-Template_:_" . $value1 . "' target='_blank'>" . $value1 . ""; } } $templateHostArray[$key] = $tplStr; diff --git a/www/include/configuration/configObject/contactgroup/formContactGroup.php b/www/include/configuration/configObject/contactgroup/formContactGroup.php index 4112ceb27b7..fa2bfb9215a 100644 --- a/www/include/configuration/configObject/contactgroup/formContactGroup.php +++ b/www/include/configuration/configObject/contactgroup/formContactGroup.php @@ -64,12 +64,14 @@ /* * Get host Group information */ - $DBRESULT = $pearDB->query("SELECT * FROM `contactgroup` WHERE `cg_id` = '" . $cg_id . "' LIMIT 1"); + $statement = $pearDB->prepare("SELECT * FROM `contactgroup` WHERE `cg_id` = :cg_id LIMIT 1"); + $statement->bindValue(':cg_id', (int) $cg_id, \PDO::PARAM_INT); + $statement->execute(); /* * Set base value */ - $cg = array_map("myDecode", $DBRESULT->fetchRow()); + $cg = array_map("myDecode", $statement->fetch(\PDO::FETCH_ASSOC)); } $attrsText = array("size" => "30"); diff --git a/www/include/configuration/configObject/host_categories/listHostCategories.php b/www/include/configuration/configObject/host_categories/listHostCategories.php index bc454267abe..81a3ae8c25a 100644 --- a/www/include/configuration/configObject/host_categories/listHostCategories.php +++ b/www/include/configuration/configObject/host_categories/listHostCategories.php @@ -141,16 +141,16 @@ $aclFrom = ", $aclDbName.centreon_acl acl "; $aclCond = " AND h.host_id = acl.host_id AND acl.group_id IN (" . $acl->getAccessGroupsString() . ") "; } - $DBRESULT2 = $pearDB->query( - "SELECT h.host_id, h.host_activate " . + $hcStatement = $pearDB->prepare("SELECT h.host_id, h.host_activate " . "FROM hostcategories_relation hcr, host h " . $aclFrom . - " WHERE hostcategories_hc_id = '" . $hc['hc_id'] . "'" . + " WHERE hostcategories_hc_id = :hcId" . " AND h.host_id = hcr.host_host_id " . $aclCond . - " AND h.host_register = '1' " - ); + " AND h.host_register = '1' "); + $hcStatement->bindValue(':hcId', (int) $hc['hc_id'], \PDO::PARAM_INT); + $hcStatement->execute(); $nbrhostActArr = array(); $nbrhostDeactArr = array(); - while ($row = $DBRESULT2->fetch()) { + while ($row = $hcStatement->fetch()) { if ($row['host_activate']) { $nbrhostActArr[$row['host_id']] = true; } else { diff --git a/www/include/configuration/configObject/service/listServiceByHost.php b/www/include/configuration/configObject/service/listServiceByHost.php index e1c9858a9b3..cb1eb092951 100644 --- a/www/include/configuration/configObject/service/listServiceByHost.php +++ b/www/include/configuration/configObject/service/listServiceByHost.php @@ -245,14 +245,16 @@ $centreonToken = createCSRFToken(); +$statement = $pearDB->prepare( + "SELECT COUNT(*) FROM host_service_relation WHERE service_service_id = :service_id" +); for ($i = 0; $service = $dbResult->fetch(); $i++) { //Get Number of Hosts linked to this one. - $dbResult2 = $pearDB->query( - "SELECT COUNT(*) FROM host_service_relation WHERE service_service_id = '" . $service["service_id"] . "'" - ); - $data = $dbResult2->fetch(); + $statement->bindValue(':service_id', $service["service_id"], \PDO::PARAM_INT); + $statement->execute(); + $data = $statement->fetch(\PDO::FETCH_ASSOC); $service["nbr"] = $data["COUNT(*)"]; - $dbResult2->closeCursor(); + $statement->closeCursor(); unset($data); /** diff --git a/www/include/configuration/configObject/service/listServiceByHostGroup.php b/www/include/configuration/configObject/service/listServiceByHostGroup.php index 2a41e12699d..a076bd80711 100644 --- a/www/include/configuration/configObject/service/listServiceByHostGroup.php +++ b/www/include/configuration/configObject/service/listServiceByHostGroup.php @@ -202,27 +202,56 @@ * HostGroup/service list */ if ($searchS || $searchHG) { + //preparing tmp binds + $tmpIds = explode(',', $tmp); + $tmpQueryBinds = []; + foreach ($tmpIds as $key => $value) { + $tmpQueryBinds[':tmp_id_' . $key] = $value; + } + $tmpBinds = implode(',', array_keys($tmpQueryBinds)); + //preparing tmp2 binds + $tmp2Ids = explode(',', $tmp2); + $tmp2QueryBinds = []; + foreach ($tmp2Ids as $key => $value) { + $tmp2QueryBinds[':tmp2_id_' . $key] = $value; + } + $tmp2Binds = implode(',', array_keys($tmp2QueryBinds)); + $query = "SELECT $distinct @nbr:=(SELECT COUNT(*) FROM host_service_relation " . "WHERE service_service_id = sv.service_id GROUP BY sv.service_id ) AS nbr, sv.service_id, " . "sv.service_description, sv.service_activate, sv.service_template_model_stm_id, hg.hg_id, hg.hg_name " . "FROM service sv, hostgroup hg, host_service_relation hsr $aclFrom " . - "WHERE sv.service_register = '1' $sqlFilterCase AND sv.service_id IN (" . ($tmp ? $tmp : 'NULL') . - ") AND hsr.hostgroup_hg_id IN (" . ($tmp2 ? $tmp2 : 'NULL') . ") " . - ((isset($template) && $template) ? " AND service_template_model_stm_id = '$template' " : "") . + "WHERE sv.service_register = '1' $sqlFilterCase AND sv.service_id " . + "IN ($tmpBinds) AND hsr.hostgroup_hg_id IN ($tmp2Binds) " . + ((isset($template) && $template) ? " AND service_template_model_stm_id = :template " : "") . " AND hsr.service_service_id = sv.service_id AND hg.hg_id = hsr.hostgroup_hg_id " . $aclCond . - "ORDER BY hg.hg_name, sv.service_description LIMIT " . $num * $limit . ", " . $limit; + "ORDER BY hg.hg_name, sv.service_description LIMIT :offset_, :limit"; + $statement = $pearDB->prepare($query); + //tmp bind values + foreach ($tmpQueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, PDO::PARAM_INT); + } + //tmp bind values + foreach ($tmp2QueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, PDO::PARAM_INT); + } } else { $query = "SELECT $distinct @nbr:=(SELECT COUNT(*) FROM host_service_relation " . "WHERE service_service_id = sv.service_id GROUP BY sv.service_id ) AS nbr, sv.service_id, " . "sv.service_description, sv.service_activate, sv.service_template_model_stm_id, hg.hg_id, hg.hg_name " . "FROM service sv, hostgroup hg, host_service_relation hsr $aclFrom " . "WHERE sv.service_register = '1' $sqlFilterCase " . - ((isset($template) && $template) ? " AND service_template_model_stm_id = '$template' " : "") . + ((isset($template) && $template) ? " AND service_template_model_stm_id = :template " : "") . " AND hsr.service_service_id = sv.service_id AND hg.hg_id = hsr.hostgroup_hg_id " . $aclCond . - "ORDER BY hg.hg_name, sv.service_description LIMIT " . $num * $limit . ", " . $limit; + "ORDER BY hg.hg_name, sv.service_description LIMIT :offset_, :limit"; + $statement = $pearDB->prepare($query); } -$dbResult = $pearDB->query($query); - +$statement->bindValue(':offset_', (int) $num * (int) $limit, \PDO::PARAM_INT); +$statement->bindValue(':limit', (int) $limit, \PDO::PARAM_INT); +if ((isset($template) && $template)) { + $statement->bindValue(':template', (int) $template, \PDO::PARAM_INT); +} +$statement->execute(); $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p); // Different style between each lines @@ -263,7 +292,7 @@ $centreonToken = createCSRFToken(); -for ($i = 0; $service = $dbResult->fetch(); $i++) { +for ($i = 0; $service = $statement->fetch(); $i++) { $moptions = ""; $fgHostgroup["value"] != $service["hg_name"] ? ($fgHostgroup["print"] = true && $fgHostgroup["value"] = $service["hg_name"]) diff --git a/www/include/configuration/configObject/traps-groups/DB-Func.php b/www/include/configuration/configObject/traps-groups/DB-Func.php index b36febd1d22..fe45b6abc19 100644 --- a/www/include/configuration/configObject/traps-groups/DB-Func.php +++ b/www/include/configuration/configObject/traps-groups/DB-Func.php @@ -172,10 +172,12 @@ function insertTrapGroup($ret = array()) $fields = array(); if (isset($ret['traps'])) { + $query = "INSERT INTO traps_group_relation (traps_group_id, traps_id) VALUES (:traps_group_id, :traps_id)"; + $statement = $pearDB->prepare($query); foreach ($ret['traps'] as $trap_id) { - $query = "INSERT INTO traps_group_relation (traps_group_id, traps_id) VALUES (" . - $pearDB->escape($trap_group_id['max_id']) . ",'" . $pearDB->escape($trap_id) . "')"; - $pearDB->query($query); + $statement->bindValue(':traps_group_id', $trap_group_id['max_id'], \PDO::PARAM_INT); + $statement->bindValue(':traps_id', (int) $trap_id, \PDO::PARAM_INT); + $statement->execute(); } } diff --git a/www/include/configuration/configObject/traps/listTraps.php b/www/include/configuration/configObject/traps/listTraps.php index 9c96c83ced7..1dfafef18a1 100644 --- a/www/include/configuration/configObject/traps/listTraps.php +++ b/www/include/configuration/configObject/traps/listTraps.php @@ -200,9 +200,11 @@ "event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;" . "\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[" . $trap['traps_id'] . "]' />"; - $dbResult2 = $pearDB->query("select alias from traps_vendor where id='" . $trap['manufacturer_id'] . "' LIMIT 1"); - $mnftr = $dbResult2->fetch(); - $dbResult2->closeCursor(); + $statement = $pearDB->prepare("select alias from traps_vendor where id= :trap LIMIT 1"); + $statement->bindValue(':trap', (int) $trap['manufacturer_id'], \PDO::PARAM_INT); + $statement->execute(); + $mnftr = $statement->fetch(); + $statement->closeCursor(); $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), diff --git a/www/include/monitoring/common-Func.php b/www/include/monitoring/common-Func.php index cb8fb71330c..f940fcbf379 100644 --- a/www/include/monitoring/common-Func.php +++ b/www/include/monitoring/common-Func.php @@ -41,26 +41,6 @@ exit(); } -function getMyHostRow($host_id = null, $rowdata) -{ - global $pearDB; - if (!$host_id) { - exit(); - } - while (1) { - $DBRESULT = $pearDB->query("SELECT host_" . $rowdata . - ", host_template_model_htm_id FROM host WHERE host_id = '" . CentreonDB::escape($host_id) . "' LIMIT 1"); - $row = $DBRESULT->fetchRow(); - if ($row["host_" . $rowdata]) { - return $row["host_$rowdata"]; - } elseif ($row["host_template_model_htm_id"]) { - $host_id = $row["host_template_model_htm_id"]; - } else { - break; - } - } -} - function get_user_param($user_id, $pearDB) { $list_param = array( diff --git a/www/include/monitoring/objectDetails/serviceDetails.php b/www/include/monitoring/objectDetails/serviceDetails.php index cf71401d922..e0ac888e93c 100644 --- a/www/include/monitoring/objectDetails/serviceDetails.php +++ b/www/include/monitoring/objectDetails/serviceDetails.php @@ -621,18 +621,17 @@ $status .= "&value[" . $key . "]=" . $value; } - $optionsURL = "host_name=" . urlencode($host_name) . "&service_description=" . urlencode($svc_description); - - $query = "SELECT id FROM `index_data`, `metrics` WHERE host_name = '" . $pearDBO->escape($host_name) . - "' AND service_description = '" . $pearDBO->escape($svc_description) . "' AND id = index_id LIMIT 1"; - $DBRES = $pearDBO->query($query); + $query = "SELECT id FROM `index_data`, `metrics` WHERE host_name = :host_name" . + " AND service_description = :svc_description AND id = index_id LIMIT 1"; + $statement = $pearDBO->prepare($query); + $statement->bindValue(':host_name', $host_name, \PDO::PARAM_STR); + $statement->bindValue(':svc_description', $svc_description, \PDO::PARAM_STR); + $statement->execute(); $index_data = 0; - if ($DBRES->rowCount()) { - $row = $DBRES->fetchRow(); + if ($statement->rowCount()) { + $row = $statement->fetchRow(); $index_data = $row['id']; } - $optionsURL2 = "index=" . $index_data; - /* * Assign translations */ @@ -875,9 +874,7 @@ $tpl->assign("sv_ext_action_url_lang", _("Action URL")); $tpl->assign("sv_ext_action_url", CentreonUtils::escapeSecure($actionurl)); $tpl->assign("sv_ext_icon_image_alt", getMyServiceExtendedInfoField($service_id, "esi_icon_image_alt")); - $tpl->assign("options", $optionsURL); $tpl->assign("index_data", $index_data); - $tpl->assign("options2", CentreonUtils::escapeSecure($optionsURL2)); /** * Build the service detail URI that will be used in the diff --git a/www/include/options/accessLists/actionsACL/listsActionsAccess.php b/www/include/options/accessLists/actionsACL/listsActionsAccess.php index 156bee063e1..8427c6ade46 100644 --- a/www/include/options/accessLists/actionsACL/listsActionsAccess.php +++ b/www/include/options/accessLists/actionsACL/listsActionsAccess.php @@ -118,11 +118,6 @@ "return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[" . $topo['acl_action_id'] . "]' />"; /* Contacts */ - $ctNbr = array(); - $rq = "SELECT COUNT(*) AS nbr FROM acl_group_actions_relations " . - "WHERE acl_action_id = '" . $topo['acl_action_id'] . "'"; - $DBRESULT2 = $pearDB->query($rq); - $ctNbr = $DBRESULT2->fetchRow(); $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), diff --git a/www/include/options/accessLists/menusACL/listsMenusAccess.php b/www/include/options/accessLists/menusACL/listsMenusAccess.php index b577522220e..f263f150c27 100644 --- a/www/include/options/accessLists/menusACL/listsMenusAccess.php +++ b/www/include/options/accessLists/menusACL/listsMenusAccess.php @@ -116,10 +116,6 @@ "return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[" . $topo['acl_topo_id'] . "]' />"; /* Contacts */ - $ctNbr = array(); - $rq2 = "SELECT COUNT(*) AS nbr FROM acl_topology_relations WHERE acl_topo_id = '" . $topo['acl_topo_id'] . "'"; - $dbResult2 = $pearDB->query($rq2); - $ctNbr = $dbResult2->fetchRow(); $elemArr[$i] = array( "MenuClass" => "list_" . $style, "RowMenu_select" => $selectedElements->toHtml(), diff --git a/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php b/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php index ccf7b110d9c..9a32d81e659 100644 --- a/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php +++ b/www/include/options/accessLists/resourcesACL/listsResourcesAccess.php @@ -130,13 +130,6 @@ . $resources['acl_res_id'] . "]'>"; /* Contacts */ - $ctNbr = array(); - $rq = "SELECT COUNT(*) AS nbr - FROM acl_resources_host_relations - WHERE acl_res_id = '" . $resources['acl_res_id'] . "'"; - $DBRESULT2 = $pearDB->query($rq); - $ctNbr = $DBRESULT2->fetchRow(); - $allHostgroups = (isset($resources["all_hostgroups"]) && $resources["all_hostgroups"] == 1 ? _("Yes") : _("No")); $allServicegroups = (isset($resources["all_servicegroups"]) && $resources["all_servicegroups"] == 1 ? _("Yes") : diff --git a/www/include/views/graphs/exportData/ExportCSVMetricData.php b/www/include/views/graphs/exportData/ExportCSVMetricData.php deleted file mode 100644 index ebb1f49a513..00000000000 --- a/www/include/views/graphs/exportData/ExportCSVMetricData.php +++ /dev/null @@ -1,79 +0,0 @@ -. - * - * Linking this program statically or dynamically with other modules is making a - * combined work based on this program. Thus, the terms and conditions of the GNU - * General Public License cover the whole combination. - * - * As a special exception, the copyright holders of this program give Centreon - * permission to link this program with independent modules to produce an executable, - * regardless of the license terms of these independent modules, and to copy and - * distribute the resulting executable under terms of Centreon choice, provided that - * Centreon also meet, for each linked independent module, the terms and conditions - * of the license of that module. An independent module is a module which is not - * derived from this program. If you modify this program, you may extend this - * exception to your version of the program, but you are not obliged to do so. If you - * do not wish to do so, delete this exception statement from your version. - * - * For more information : contact@centreon.com - * - */ - -function get_error($str) -{ - echo $str."
"; - exit(0); -} - -require_once realpath(dirname(__FILE__) . "/../../../../../config/centreon.config.php"); -require_once '../../../class/centreonDB.class.php'; - -$pearDB = new CentreonDB(); -$pearDBO = new CentreonDB("centstorage"); - -session_start(); -session_write_close(); - -$sid = session_id(); -if (isset($sid)) { - $res = $pearDB->query("SELECT * FROM session WHERE session_id = '".$sid."'"); - if (!$session = $res->fetchRow()) { - get_error('bad session id'); - } -} else { - get_error('need session identifiant !'); -} - -isset($_GET["metric_id"]) ? $mtrcs = htmlentities($_GET["metric_id"], ENT_QUOTES, "UTF-8") : $mtrcs = null; -isset($_POST["metric_id"]) ? $mtrcs = htmlentities($_POST["metric_id"], ENT_QUOTES, "UTF-8") : $mtrcs = $mtrcs; - -require_once '../../../class/centreonDuration.class.php'; -require_once '../../common/common-Func.php'; - -$period = (isset($_POST["period"])) ? htmlentities($_POST["period"], ENT_QUOTES, "UTF-8") : "today"; -$period = (isset($_GET["period"])) ? htmlentities($_GET["period"], ENT_QUOTES, "UTF-8") : $period; - -header("Content-Type: application/csv-tab-delimited-table"); -header("Content-disposition: filename=".$mhost.".csv"); - -print "Date;value\n"; -$begin = time() - 26000; - -$res = $pearDB->query("SELECT ctime, value FROM data_bin WHERE id_metric = '".$mtrcs."' AND CTIME >= '".$begin."'"); -while ($data = $res->fetchRow()) { - print $data["ctime"].";".$data["value"].";".date("Y-m-d H:i:s", $data["ctime"])."\n"; -} diff --git a/www/include/views/graphs/graph-periods.html b/www/include/views/graphs/graph-periods.html index b0524ae4700..3d2fdc6a3ee 100644 --- a/www/include/views/graphs/graph-periods.html +++ b/www/include/views/graphs/graph-periods.html @@ -11,7 +11,7 @@
{foreach from=$periods item=period} -
+
{$srv_name} during {$period.long} @@ -54,36 +54,21 @@ /* Add events on click on action download image/CSV */ jQuery('.graphZone').delegate('a.actions', 'click', function (e) { - var $a = jQuery(this); - var baseUrl = $a.data('href'); - var chartId = $a.parents('.graph').data('graphId'); - var start; - var end; - var timezone = localStorage.getItem('realTimezone') + let $a = jQuery(this); + let baseUrl = $a.data('href'); + let chartId = $a.parents('.graph').data('graphId'); + let start; + let end; + let timezone = localStorage.getItem('realTimezone') ? localStorage.getItem('realTimezone') : moment.tz.guess(); - /* Get the period */ - if (jQuery('select[name="period"]').val() === '') { - start = moment.tz( - jQuery('#StartDate').val() + ' ' + jQuery('#StartTime').val(), - timezone - ); - end = moment.tz( - jQuery('#EndDate').val() + ' ' + jQuery('#EndTime').val(), - timezone - ); - duration = moment.duration(end.diff(start)); - } else { - parseInterval = jQuery('select[name="period"]').val().match(/(\d+)([a-z]+)/i); - duration = moment.duration( - parseInt(parseInterval[1], 10), - parseInterval[2] - ); - start = moment().tz(timezone); - end = moment().tz(timezone); - start.subtract(parseInterval[1], parseInterval[2]); - } + //Defining the period + let graphPeriod = $a.parents('.graph').data('graphPeriod'); + let parseInterval = graphPeriod.match(/(\d+)([a-z]+)/i); + start = moment().tz(timezone); + end = moment().tz(timezone); + start.subtract(parseInterval[1], parseInterval[2]); e.preventDefault(); baseUrl += '?chartId=' + chartId + '&start=' + start.unix() + '&end=' + end.unix(); diff --git a/www/install/insertBaseConf.sql b/www/install/insertBaseConf.sql index 02dd52d742e..64c58364d05 100644 --- a/www/install/insertBaseConf.sql +++ b/www/install/insertBaseConf.sql @@ -2,7 +2,7 @@ -- Insert version -- -INSERT INTO `informations` (`key` ,`value`) VALUES ('version', '22.04.5'); +INSERT INTO `informations` (`key` ,`value`) VALUES ('version', '22.04.6'); -- -- Contenu de la table `contact` diff --git a/www/install/installBroker.sql b/www/install/installBroker.sql index 17683ae47d6..5fc59876a46 100644 --- a/www/install/installBroker.sql +++ b/www/install/installBroker.sql @@ -258,7 +258,7 @@ CREATE TABLE `hosts` ( `notes` varchar(512) DEFAULT NULL, `notes_url` varchar(2048) DEFAULT NULL, `notification_interval` double DEFAULT NULL, - `notification_number` smallint(6) DEFAULT NULL, + `notification_number` bigint(20) unsigned DEFAULT NULL, `notification_period` varchar(75) DEFAULT NULL, `notify` tinyint(1) DEFAULT NULL, `notify_on_down` tinyint(1) DEFAULT NULL, @@ -591,7 +591,7 @@ CREATE TABLE `services` ( `notes` varchar(512) DEFAULT NULL, `notes_url` varchar(2048) DEFAULT NULL, `notification_interval` double DEFAULT NULL, - `notification_number` smallint(6) DEFAULT NULL, + `notification_number` bigint(20) unsigned DEFAULT NULL, `notification_period` varchar(75) DEFAULT NULL, `notify` tinyint(1) DEFAULT NULL, `notify_on_critical` tinyint(1) DEFAULT NULL, diff --git a/www/install/php/Update-22.04.6.php b/www/install/php/Update-22.04.6.php new file mode 100644 index 00000000000..932a8d14d06 --- /dev/null +++ b/www/install/php/Update-22.04.6.php @@ -0,0 +1,49 @@ +getColumnType('hosts', 'notification_number')), 'bigint')) { + $pearDBO->query("ALTER TABLE `hosts` MODIFY `notification_number` BIGINT(20) UNSIGNED DEFAULT NULL"); + } + + $errorMessage = "Impossible to update 'services' table"; + if (! str_contains(strtolower($pearDBO->getColumnType('services', 'notification_number')), 'bigint')) { + $pearDBO->query("ALTER TABLE `services` MODIFY `notification_number` BIGINT(20) UNSIGNED DEFAULT NULL"); + } +} catch (\Exception $e) { + $centreonLog->insertLog( + 4, + $versionOfTheUpgrade . $errorMessage . + " - Code : " . (int)$e->getCode() . + " - Error : " . $e->getMessage() . + " - Trace : " . $e->getTraceAsString() + ); + + throw new \Exception($versionOfTheUpgrade . $errorMessage, (int) $e->getCode(), $e); +} diff --git a/www/install/steps/process/insertBaseConf.php b/www/install/steps/process/insertBaseConf.php index 95f3e2bab70..40b7e8b1f7b 100644 --- a/www/install/steps/process/insertBaseConf.php +++ b/www/install/steps/process/insertBaseConf.php @@ -124,18 +124,21 @@ // Manage timezone $timezone = date_default_timezone_get(); -$resTimezone = $link->query("SELECT timezone_id FROM timezone WHERE timezone_name= '" . $timezone . "'"); -if (!$resTimezone) { +$statement = $link->prepare("SELECT timezone_id FROM timezone WHERE timezone_name= :timezone_name"); +$statement->bindValue(':timezone_name', $timezone, \PDO::PARAM_STR); +if (!$statement->execute()) { $return['msg'] = _('Cannot get timezone information'); echo json_encode($return); exit; } -if ($row = $resTimezone->fetch()) { +if ($row = $statement->fetch(\PDO::FETCH_ASSOC)) { $timezoneId = $row['timezone_id']; } else { $timezoneId = '334'; # Europe/London timezone } -$link->exec("INSERT INTO `options` (`key`, `value`) VALUES ('gmt','" . $timezoneId . "')"); +$statement = $link->prepare("INSERT INTO `options` (`key`, `value`) VALUES ('gmt', :value)"); +$statement->bindValue(':value', $timezoneId, \PDO::PARAM_STR); +$statement->execute(); # Generate random key for this instance and set it to be not central and not remote $informationsTableInsert = "INSERT INTO `informations` (`key`,`value`) VALUES