This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
fix(pendo): correctly set locale when language is detection by browser #11484
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kduret
reviewed
Aug 3, 2022
kduret
approved these changes
Aug 3, 2022
wtermellil
approved these changes
Aug 3, 2022
|
SonarQube Quality Gate
|
100.0% reviewed)
jeremyjaouen
added a commit
that referenced
this pull request
Aug 5, 2022
jeremyjaouen
added a commit
that referenced
this pull request
Aug 5, 2022
jeremyjaouen
added a commit
that referenced
this pull request
Aug 5, 2022
This was referenced Aug 5, 2022
jeremyjaouen
added a commit
that referenced
this pull request
Aug 5, 2022
jeremyjaouen
added a commit
that referenced
this pull request
Aug 5, 2022
kduret
pushed a commit
that referenced
this pull request
Aug 8, 2022
tuntoja
added a commit
that referenced
this pull request
Aug 23, 2022
* fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.04.17 * fix(sql): fix query to select contact during ldap import (#11580) Refs: MON-14263 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: chgautier <cgautier@centreon.com>
chgautier
added a commit
that referenced
this pull request
Aug 25, 2022
* fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com>
chgautier
added a commit
that referenced
this pull request
Aug 26, 2022
* Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com>
chgautier
added a commit
that referenced
this pull request
Aug 26, 2022
* fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>
4 tasks
chgautier
added a commit
that referenced
this pull request
Aug 26, 2022
* fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com>
TamazC
added a commit
that referenced
this pull request
Aug 31, 2022
* fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com>
chgautier
added a commit
that referenced
this pull request
Sep 5, 2022
* Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com>
tuntoja
added a commit
that referenced
this pull request
Sep 21, 2022
* fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com>
tuntoja
added a commit
that referenced
this pull request
Sep 21, 2022
* fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Sep 21, 2022
* query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Sep 21, 2022
* Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * chore(release): merge release-22.04.next into 22.04.x (#11821) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com>
tuntoja
added a commit
that referenced
this pull request
Sep 21, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Sep 21, 2022
* query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 3, 2022
* fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * Rebase dev2204x on 2204x (#11824) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * chore(release): merge release-22.04.next into 22.04.x (#11821) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on n…
tuntoja
added a commit
that referenced
this pull request
Oct 3, 2022
* fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 3, 2022
* query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 3, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 3, 2022
* Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * chore(release): merge release-22.04.next into 22.04.x (#11821) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * chore(release): merge release-22.04.next in 22.04.x (#11911) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries …
chgautier
added a commit
that referenced
this pull request
Oct 3, 2022
* chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/install/php/Update-21.04.19.php Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 3, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
TamazC
added a commit
that referenced
this pull request
Oct 3, 2022
* fix(conf): fix disabling additive inheritance * Fix: Remove obsolete code in legacy service detail page (#11848) (#11879) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing dev-22.04.x (#11882) * Fix: Sanitize and bind menu topology listing (#11832) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * changes in phpDoc of query method * fix timezone issue websso (#11900) * Rebase dev2204x on 2204x (#11914) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * chore(release): merge release-22.04.next into 22.04.x (#11821) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * chore(release): merge release-22.04.next in 22.04.x (#11911) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234…
TamazC
added a commit
that referenced
this pull request
Oct 3, 2022
#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 7, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 7, 2022
#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 7, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge hotfix-mon-15318 in 21.10.x (#11948) * update version to 21.10.12 in insertBaseConf * fixed issue where notification number < 0 before update (#11935) Co-authored-by: dmyios <diosypenko@centreon.com> Refs: MON-15318 * add php update file for 21.10.12 Co-authored-by: Kevin Duret <kduret@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * fix(centreontrapd): check if conf file is not empty before to load it (#11708) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(conf): fix disabling additive inheritance (#11813) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(web): display command with status$ in the command definition (#11… (#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service te…
tuntoja
added a commit
that referenced
this pull request
Oct 12, 2022
* chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/install/php/Update-21.04.19.php Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 12, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 12, 2022
#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com>
tuntoja
added a commit
that referenced
this pull request
Oct 12, 2022
* fix(conf): fix disabling additive inheritance * Fix: Remove obsolete code in legacy service detail page (#11848) (#11879) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing dev-22.04.x (#11882) * Fix: Sanitize and bind menu topology listing (#11832) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * changes in phpDoc of query method * fix timezone issue websso (#11900) * Rebase dev2204x on 2204x (#11914) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * chore(release): merge release-22.04.next into 22.04.x (#11821) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * chore(release): merge release-22.04.next in 22.04.x (#11911) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234…
tuntoja
added a commit
that referenced
this pull request
Oct 13, 2022
* Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * chore(release): merge release-22.04.next into 22.04.x (#11821) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(release):rebase dev-22.04.x on 22.04.x (#11627) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 * chore(git): update codeowners (#11594) * chore(release):rebase dev-22.04.x on 22.04.x (#11688) * Merge release-22.04.3 into 22.04.x (#11623) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) * fix export graph image after selecting png Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * Fix(platform): Removing appkey key (#11511) * fix(trap): Removal of the restriction on the uniqueness of the OID of a trap (#11327) Currently, an error appears when we try to save an existing trap because a test is performed on the uniqueness of the OID. This PR aims to remove the restriction on the uniqueness of the OID of a trap. * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11528) * fix(test): fix random fails on virtual metric test (#11523) Refs: MON-14359 * fix(autoload): Add classmap to fix autoload with legacy classes (#11492) (#11532) Refs: MON-14496 * fix(ldap): small refacto of ldap authentication and log failures (#11422) (#11534) Refs: MON-7417 * fix(api): allow api platform updates from installed 22.04.0 (#11495) (#11533) Refs: MON-12296 * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * doc(ack): acknowledge Hakaï security (#11540) * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11556) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11547) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11550) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11564) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11561) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11570) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11567) * sanityze 2 insert queries * spaces removed in a query * chore(install):Update version to 22.04.3 * fix(sql): fix query to select contact during ldap import (#11578) Refs: MON-14263 * fix(UI): Fix layout for Safari and form validation (#11373) (#11604) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> * chore(release): merge hotfix-MON-14893-index-data (#11681) * fix(upgrade): Correctly Parse SQL Comments (#11658) (#11668) Refs: MON-14848 Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix invalid values for index_data.special (#11669) * chore(install):update version to 22.04.4 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * fix(api): fix call to api on fresh install (#11536) (#11537) Refs: MON-12296 * fix(api): do not init db connection in event subscriber (#11543) (#11545) Refs: MON-12296 * fix(partition): adapt control of database version (#11609) (#11610) * fix(openid): correctly set contact_location while creating session (#11613) (#11614) * fix(lang): Fixed FR typo (#11621) * enh(UI): Add a “Parent alias“ column on the monitoring resources sta… (#11542) * enh(UI): Add a “Parent alias“ column on the monitoring resources status page (#11190) * Add column ParentAlias * Add new label ParentAlias * Add column ParentAlias and new column component * Add new card to display Parent Alias * Remove tile in Details Panel, enhancement not expected * FIx eslint issue * Fix naming on label parent alias * Add translation * Add line at the end of files * Add line at the end of file * fix issues * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/pt_PT.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Tom Darneix <tomdar87@outlook.com> * Update lang/es_ES.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/pt_BR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> * Update lang/fr_FR.UTF-8/LC_MESSAGES/messages.po Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * Fix issue on messages.po file Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> * query sanitized in listServiceCategoriesà (#11597) (#11632) * MON-14797 reorganizes dependencies (#11612) * Fix encoding issue on status serviceXML (#11581) * sanitize and bind in centreon connector query (#11635) * sanitize insrert queries in db-func (#11650) MON-14667 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(details): remove dead code (#11672) (#11686) * fix(conf) fix parent template display in service template listing (#11671) (#11676) * fix(poller): fix remote server duplication (#11552) (#11674) * fix(poller): fix remote server duplication (#11552) Refs: MON-14579 Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> * fix translation for host and service category (#11626) * fix(clapi): Check that user is admin to use clapi (#11631) (#11640) * Sanitized and bound queries in service argumentsXml fil (#11653) MON-14669 * Sanitize and bind listVirtualMetrics queries (#11647) * sanitize and bind host categories queries (#11645) * Ãbind queries an fix array binding(#11656) * fix(ui): fix svg display in legacy monitoring pages (#11659) (#11690) Refs: MON-14869 * Sanitize and bind service group dependecies queries 22.04.x (#11665) * MON-14425 fix centreon.ini and autoconfigure timezone (#11608) * enh(Resources/header): Display the 2 access pictograms logs and report on details panel (#11618) * Display the 2 access pictograms logs and report on details panel * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> * Update www/front_src/src/Resources/Details/Header.tsx Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> * fix(resource-status): add missing alias to Host detail factory (#11642) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11698) Refs: MON-14919 * fix(install): fix source install with quiet mode related to gorgone vars (#11694) (#11701) Refs: MON-14806 Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * Fix: In Acces group the second select not working [ACL] 22.04.x (#11709) * fix second select not working * applying suggested changes * fix(details): second part of code cleanup for "tools" (#11718) (#11721) * fix (#11724) * FIX: Sanitize and bind graph configuration queries 22.04.x (#11729) * [Fix]:Sanitize and bind queries in template of service listing (#11746) * [Fix]:Sanitize and bind queries in template of service listing * work on tamazC suggestion * fix(resource): Fix bad SQL request (#11702) (#11749) * FIX: Sanitize and bind Meta Service configuration 22.04.x (#11733) * sanitize and bind meta service config * applying suggested changes * Fix: Sanitize and bind CLAPI poller configuration 22.04.x (#11731) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind command configuration queries 22.04.x (#11754) * fix(partition): fix condition for database version (#11657) (#11756) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Laurent Pinsivy <lpinsivy@centreon.com> Co-authored-by: jcaro <jcaro@centreon.com> Co-authored-by: Jérémy Delpierre <jdelpierre@users.noreply.github.com> Co-authored-by: Bruno d'Auria <bdauria@centreon.com> Co-authored-by: Luiz Costa <me@luizgustavo.pro.br> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Jérémy Jaouen <jjaouen@centreon.com> Co-authored-by: JKancel <JKancel@users.noreply.github.com> Co-authored-by: Eric Coquard <eric.coquard@gmail.com> * chore(release): merge release-22.04.next in 22.04.x (#11911) * fix(git): resync 22.04.x to dev-22.04.x (#11503) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries * fix issues * removed old variable userCrypted and the use of it (#11334) (#11352) Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> * enh(Header/userMenu):reduce spacing user menu (#11393) * update user menu * fix(hostgroup): fix display of hostgroups in select2 (#11431) (#11443) * fix(ci): fix debian packaging with freshly instanciated jenkins slave (#11398) (#11399) Refs: MON-14377 * Sanitized and bound queries (#11413) (#11445) lines : 130 -142 * Snyk: Sanitize and bind media sync queries 22.04.x (#11418) * sanitizing and binding sync dir file queries * Applying some fixes * Snyk: Sanitize and bind ACL service dependency queries dev-22.04.x (#11395) * Snyk: Sanitize and bind Auth class queries 22.04.x (#11448) * [Backport/need review] fix(UI): Fix layout for Safari and form validation (#11440) * fix(UI): Fix layout for Safari and form validation (#11373) * Fix form validation * Fix padlock layout for safari * Update centreon-frontend * Remove debug variable * Fix test * Fix page respsoniveness * Rename variable * update deps * Fix package-lock * Fix package-lock * Add debug statement for debian * Install nodejs rather npm * Attempt fix * Attempt to fix nodejs installation * add sudo * Fix redoc-cli usage * Try to fix permission on npm * Fix * Fix permission * Fix permission (please work) * Fix source * Stop using npx because..... * Allow legacy-peer-deps * Remove nodejs installation * Fix image to pull for debian 11 * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11421) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11402) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * feat(api): implement endpoint to update centreon web (#11391) (#11401) Refs: MON-12296 * Clean(platform): Clean appKey method and usage 22.04.x (#11452) * Clean(platform): Clean appKey method and usage (#11336) * removing appKey from information table in baseConf and 22.10 update script * removing appKey from NotifyMasterService.php * removing appKey from CentreonRemoteServer.php * applying suggested changes * Applying suggested changes Co-authored-by: Kevin Duret <kduret@centreon.com> * adding 22.04.2 update script file with changes * revert 22.04 beta 1 script to its original Co-authored-by: Kevin Duret <kduret@centreon.com> * enh(platform): Use API to select metrics in virtual metrics configuration form 22.04.x (#11461) * changing select with select2 of metrics * fix alignement * remove unecessary files and replace selec by select2 in formComponentTemplate * fix select id name for acceptance tests * update composer for acceptance tests * fix acceptance test 2 * add allow clear to metrics select2 * applying suggested changes * final changes for merging * remove unecessary select tag * [SNYK] Sanitize and bind ACL class queries (#11392) (#11472) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(conf) fix broker conf name display in listing (#11372) (#11376) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Nouha-ElAbrouki <97687698+Noha-ElAbrouki@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: Tom Darneix <tomdar87@outlook.com> Co-authored-by: alaunois <alaunois@centreon.com> * fix(cron): Escape database name in CentACL 22.04.x (#11510) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11504) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11519) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * fix(Resources/Graph): export graph image after selecting png (#11491) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11394) * Sanitize and bind ACL host dependency queries …
tuntoja
added a commit
that referenced
this pull request
Oct 13, 2022
* chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.10.next into 21.10.x (#11910) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Fix: Remove obsolete code in ACL configuration listing (#11793) * [Fix]: Sanitize and bind service by hostgroups listing (#11795) * sanitize nad bind service by hostgroups listing * fix exceeded linee * Fix : Sanitize and bind centreon hostgroups class (#11800) * Fix: Sanitize and bind CLAPI Centreon Hostgroup class (#11802) * Fix: Sanitize and bind host category listing (#11805) * fix(conf/export) broker RRDcacheD export (#11811) (#11834) * FIX: SQLi in poller's broker configuration 21.10.x (#11778) * sanitize and bind pollers broker config queries * applying suggested changes * FIX: Sanitize and bind default configuration queries 21.10.x (#11787) * FIX: Sanitize and bind Centreon Notification class 21.10.x (#11792) * FIX: Sanitize and bind Centreon Notification class (#11757) * Update www/class/centreonNotification.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * FIX: Sanitize and bind LDAP CLAPI listing 21.10.x (#11797) * sanitize and bind clapi LDAP listing * removing unecessary code * FIX: Sanitize and bind service listing 21.10.x (#11801) * sanitizing and binding service listing queries * removing var casting * FIX: Sanitize and bind SNMP Traps groups configuration 21.10.x (#11807) * Fix: Sanitize and bind Media import (#11788) * Fix: Remove obsolete code in monitoring common functions (#11844) * Fix: Sanitize and bind SNMP Traps listing (#11842) * Fix: Remove obsolete code in Criticality class (#11841) * remove obsolete function getHostTplCriticality in criticality class * Update www/class/centreonCriticality.class.php Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * Fix: Sanitize and bind CALPI Centreon service class (#11836) * sanitize and bine clapi centreon service class * Update www/class/centreon-clapi/centreonService.class.php space added into query Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: Remove unused mechanism for modules to add restart/reload actions after restart of pollers 21.10.x (#11855) * removing obsolet code * removing more useless code * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * FIX: Sanitize and bind Knowledge Base host listing 21.10.x (#11859) * Fix: Remove obsolete code in database partitioning functions (#11839) * FIX: Sanitize and bind Centreon Service class 21.10.x (#11865) * sanitize and bind service class queries and fix bug mediawiki links * fixing links host templates mediawiki * backport MON-14223 -> dev-21.10.x (#11863) * FIX: SQLi in contact groups form 21.10.x (#11875) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * Fix: Sanitize and bind menu topology listing (#11832) (#11883) * sanitize and bind menu topology listing * fix bug in query closing * editing TopologyRepositoryTest file and change the query * typo * chore(release): update version to 21.10.11 Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge hotfix-mon-15318 in 21.10.x (#11948) * update version to 21.10.12 in insertBaseConf * fixed issue where notification number < 0 before update (#11935) Co-authored-by: dmyios <diosypenko@centreon.com> Refs: MON-15318 * add php update file for 21.10.12 Co-authored-by: Kevin Duret <kduret@centreon.com> * chore(release): merge hotfix-mon-15384 in 21.10.x (Centreon WEB 21.10.13) (#11981) * enh(auth): autologin enhancement (#11957) Refs: MON-15384 * update version to 21.10.13 Co-authored-by: Kevin Duret <kduret@centreon.com> * fix(details): remove dead code (#11672) (#11685) * Rebase dev2110x on 2110x (#11825) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sanitized in listServiceCategoriesà (#11597) (#11633) * Sanitize and bind listVirtualMetrics queries (#11648) * sanitize insrert queries in db-func (#11651) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11654) MON-14669 * sanitize and bind host categories query (#11644) * Fix encoding issue on status serviceXML (#11582) * sanitize and bind in centreon connector query (#11636) * chore(git): update codeowners (#11593) * fix(conf) fix parent template display in service template listing (#11671) (#11677) * fix(poller): fix remote server duplication (#11552) (#11675) Refs: MON-14579 * fix(clapi): Check that user is admin to use clapi (#11631) (#11639) * Fix: Sanitize and bind service group dependecies queries 21.10.x (#11666) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11699) Refs: MON-14919 * Fix: In Acces group the second select not working [ACL] 21.10.x (#11710) * fix second select not working * applying suggested changes * fix(details): remove dead code (#11672) (#11685) * fix(details): second part of code cleanup for "tools" (#11718) (#11722) * FIX: Sanitize and bind graph configuration queries 21.10.x (#11730) * Fix: Sanitize and bind CLAPI poller configuration 21.10.x (#11732) * sanitize and bind CLAPI poller config * remove unecessary comment * revert deleted imports * FIX: Sanitize and bind Meta Service configuration 21.10.x (#11734) * sanitize and bind meta service config * applying suggested changes * [Fix]:Sanitize and bind queries in template of service listing (#11745) * fix(resource): Fix bad SQL request (#11702) (#11750) * FIX: Sanitize and bind command configuration queries 21.10.x (#11755) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: Removing unused code and fixing bug of generating csv in multiple periods graphs 21.10.x (#11857) * Fix: Remove obsolete code in legacy service detail page (#11848) (#11880) * Remove obsolete code in legacy service detail page * restore deleted code * remove obsolete code in legacy service detail page and query sanitizeà * fix(centreontrapd): check if conf file is not empty before to load it (#11708) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(conf): fix disabling additive inheritance (#11813) Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> * fix(web): display command with status$ in the command definition (#11… (#11885) * fix(web): display command with status$ in the command definition (#11286) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> * Rebase dev2110x on 2110x (#11915) * chore(release): merge release 21.10.9 into 21.10.x (#11628) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * chore(release): merge release-21.10.next into 21.10.x (#11820) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(release): merge release 21.10.9 into 21.10.x (#11628) (#11629) * fix(git): resync 21.10.x to dev-21.10.x (#11499) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11505) Refs: MON-14585 * fix(UI): Include host_id when selecting ServiceGroups on dashreports (#11428) (#11520) Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: VHS <listas.vhs@gmail.com> * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11518) 1122 1153 1134 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11515) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * fix(cron): Escape database name in CentACL 21.10.x (#11509) * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11529) * fix(test): fix random fails on virtual metric test (#11524) Refs: MON-14359 * enh(platform): Use API to select metrics in virtual metrics configuration form 21.10.x (#11508) Refs: MON-14359 * doc(ack): acknowledge Hakaï security (#11539) * fix(web): fix the comment deletion for host monitored by poller (#11138) (#11557) Refs: MON-12828 Co-authored-by: Stéphane Duret <sduret@centreon.com> * SNYK: Sanitize and bind Broker listing queries (#11551) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11565) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11562) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * SNYK: Sanitize and bind ACL actions queries (#11548) * sanitizing and binding acl actions queries * fix missing bind * MON-14501 - sanitize query in centreonXmlbgRequest class (#11571) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11568) * sanityze 2 insert queries * spaces removed in a query * chore(install): Update version to 21.10.9 * fix(sql): fix query to select contact during ldap import (#11579) Refs: MON-14263 * (fix)MON-14742 Escape database name in CentACL (#11602) * fixed issue of using special chars in db names * fix escape database name * fixed security issue on sql requests * fix(platform) : Issue with cross databases query when the name contains some characters (#11279) (#11619) Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: VHS <listas.vhs@gmail.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Dmytro Iosypenko <108675430+dmyios@users.noreply.github.com> * query sani…
tuntoja
added a commit
that referenced
this pull request
Oct 13, 2022
* chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge hotfix-mon-15384 in 21.04.x (#11980) * enh(auth): autologin enhancement (#11958) Refs: MON-15384 * update version to 21.04.20 Co-authored-by: Kevin Duret <kduret@centreon.com> * chore(release):rebase dev-21.04.x on 21.04.x (#11916) * chore(release): merge release-21.04.next into 21.04.x (#11819) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * chore(release): merge release-21.04.next into 21.04.x (#11909) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(release): merge release-21.04.next into 21.04.x (#11819) (#11826) * query sanitized in listServiceCategoriesà (#11597) (#11634) * sanitize and bind in centreon connector queriy (#11637) * Sanitize and bind listVirtualMetrics queries (#11649) * sanitize and bind host categories queryà (#11591) (#11646) * sanitize insrert queries in db-func (#11652) MON-14667 * Sanitized and bound queries in service argumentsXml file (#11655) MON-14669 * (fix) service status : encoding issue on status page (#11583) * fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> * Sanitize and bind service group dependecies queries (#11667) * fix(conf) fix parent template display in service template listing (#11671) (#11678) * fix(details): remove dead code (#11672) (#11684) * fix(clapi): Check that user is admin to use clapi (#11631) (#11638) * fix(widgets): retrieve possibility to not select poller in pref (#11696) (#11700) Refs: MON-14919 * fix(details): second part of code cleanup for "tools" (#11725) * fix(resource): Fix bad SQL request (#11702) (#11751) * chore(install): update version to 21.04.18 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * FIX: SQLi in poller's broker configuration 21.04.x (#11779) * sanitize and bind pollers broker config queries * applying suggested changes * chore(release): update version to 21.04.19 Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * Update www/install/php/Update-21.04.19.php Co-authored-by: tuntoja <58987095+tuntoja@users.noreply.github.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> * fix(web): display command with status$ in the command definition (#11286) (#11903) * fix(web): display command with status$ in the command definition * Update src/Centreon/Domain/Monitoring/CommandLineTrait.php Co-authored-by: Kevin Duret <kduret@centreon.com> * Update unit test * Fix regex replacement in macros command Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Tamaz Cheishvili <tamazc@yahoo.com> Co-authored-by: Stéphane Duret <sduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * FIX: SQLi in contact groups form 21.04.x (#11890) Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: TamazC <103252125+TamazC@users.noreply.github.com> Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com> Co-authored-by: Adrien Morais-Mestre <31647811+adr-mo@users.noreply.github.com> Co-authored-by: Laurent Calvet <lcalvet@centreon.com> Co-authored-by: Charles Gautier <33026375+chgautier@users.noreply.github.com> Co-authored-by: Stéphane Duret <sduret@centreon.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR Intends to fix a bug in Pendo where locale was set to null when the user language preferences is set to "Detection By Browser"
Fixes # MON-14039
Type of change
Target serie
Checklist
Community contributors & Centreon team