Skip to content
Permalink
Browse files Browse the repository at this point in the history
* Better SQL escape
  • Loading branch information
Maximilien Bersoult committed Dec 16, 2014
1 parent 97b290a commit 434e291
Show file tree
Hide file tree
Showing 8 changed files with 19 additions and 19 deletions.
4 changes: 2 additions & 2 deletions www/include/common/javascript/autologoutXMLresponse.php
Expand Up @@ -53,7 +53,7 @@
if (isset($_SESSION['centreon'])) {
$oreon = $_SESSION['centreon'];
$currentTime = $oreon->CentreonGMT->getDate(_("Y/m/d G:i"), time(), $oreon->user->getMyGMT());
$DBRESULT = $pearDB->query("SELECT user_id FROM session WHERE session_id = '" . htmlentities($_GET['sid'], ENT_QUOTES, "UTF-8") . "'");
$DBRESULT = $pearDB->query("SELECT user_id FROM session WHERE session_id = '" . $pearDB->escape($_GET['sid']) . "'");
if ($DBRESULT->numRows()) {
$buffer->writeElement("state", "ok");
} else {
Expand All @@ -70,4 +70,4 @@
header('Expires: 0');
header('Cache-Control: no-cache, must-revalidate');
$buffer->output();
?>
?>
Expand Up @@ -55,11 +55,11 @@ function myDecodeService($arg) {
$pearDB = new CentreonDB();

if (isset($_POST["index"])){
$DBRESULT = $pearDB->query("SELECT `command_example` FROM `command` WHERE `command_id` = '". $_POST["index"] ."'");
$DBRESULT = $pearDB->query("SELECT `command_example` FROM `command` WHERE `command_id` = '". $pearDB->escape($_POST["index"]) ."'");
while ($arg = $DBRESULT->fetchRow())
echo myDecodeService($arg["command_example"]);
unset($arg);
unset($DBRESULT);
$pearDB->disconnect();
}
?>
?>
Expand Up @@ -50,7 +50,7 @@
$pearDB = new CentreonDB();
$pearDBO = new CentreonDB("centstorage");

$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . htmlentities($_GET['session'], ENT_QUOTES, "UTF-8") . "'");
$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . $pearDB->escape($_GET['session']) . "'");
if (!$DBRESULT->numRows())
exit();

Expand All @@ -67,7 +67,7 @@
$color[$key] = htmlentities($value, ENT_QUOTES, "UTF-8");
}

$DBRESULT = $pearDBO->query("SELECT * FROM `log_archive_host` WHERE host_id = " . $_GET["id"] . " order by date_start desc");
$DBRESULT = $pearDBO->query("SELECT * FROM `log_archive_host` WHERE host_id = " . $pearDBO->escape($_GET["id"]) . " order by date_start desc");
while ($row = $DBRESULT->fetchRow()) {
fillBuffer($statesTab, $row, $color);
}
Expand All @@ -78,4 +78,4 @@
$buffer->endElement();
header('Content-Type: text/xml');
$buffer->output();
?>
?>
Expand Up @@ -51,7 +51,7 @@
$pearDB = new CentreonDB();
$pearDBO = new CentreonDB("centstorage");

$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . htmlentities($_GET['session'], ENT_QUOTES, "UTF-8") . "'");
$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . $pearDB->escape($_GET['session']) . "'");
if (!$DBRESULT->numRows())
exit();

Expand Down Expand Up @@ -93,4 +93,4 @@

header('Content-Type: text/xml');
$buffer->output();
?>
?>
Expand Up @@ -50,7 +50,7 @@
$pearDB = new CentreonDB();
$pearDBO = new CentreonDB("centstorage");

$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . htmlentities($_GET['session'], ENT_QUOTES, "UTF-8") . "'");
$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . $pearDB->escape($_GET['session']) . "'");
if (!$DBRESULT->numRows())
exit();

Expand All @@ -68,7 +68,7 @@
$color[$key] = htmlentities($value, ENT_QUOTES, "UTF-8");
}

$DBRESULT = $pearDBO->query("SELECT * FROM `log_archive_service` WHERE host_id = '".$_GET["host_id"]."' AND service_id = ".$_GET["id"]." ORDER BY `date_start` DESC");
$DBRESULT = $pearDBO->query("SELECT * FROM `log_archive_service` WHERE host_id = '".$pearDBO->escape($_GET["host_id"])."' AND service_id = ".$pearDBO->escape($_GET["id"])." ORDER BY `date_start` DESC");
while ($row = $DBRESULT->fetchRow()) {
fillBuffer($statesTab, $row, $color);
}
Expand All @@ -81,4 +81,4 @@

header('Content-Type: text/xml');
$buffer->output();
?>
?>
Expand Up @@ -51,7 +51,7 @@
$pearDB = new CentreonDB();
$pearDBO = new CentreonDB("centstorage");

$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . htmlentities($_GET['session'], ENT_QUOTES, "UTF-8") . "'");
$DBRESULT = $pearDB->query("SELECT * FROM session WHERE session_id = '" . $pearDB->escape($_GET['session']) . "'");
if (!$DBRESULT->numRows())
exit();

Expand Down Expand Up @@ -99,4 +99,4 @@

header('Content-Type: text/xml');
$buffer->output();
?>
?>
4 changes: 2 additions & 2 deletions www/menu/userMenuPreferences.php
Expand Up @@ -51,7 +51,7 @@
/*
* Check session id
*/
$session = $pearDB->query("SELECT user_id FROM `session` WHERE session_id = '".htmlentities(session_id(), ENT_QUOTES, "UTF-8")."' AND user_id = '".htmlentities($_GET['uid'], ENT_QUOTES, "UTF-8")."'");
$session = $pearDB->query("SELECT user_id FROM `session` WHERE session_id = '".$pearDB->escape(session_id())."' AND user_id = '".$pearDB->escape($_GET['uid'])."'");
if (!$session->numRows()){
exit;
}
Expand All @@ -67,4 +67,4 @@
$_SESSION['_Div_' . $my_div] = 1;
}
}
?>
?>
6 changes: 3 additions & 3 deletions www/menu/xml/menuXML.php
Expand Up @@ -60,7 +60,7 @@
/*
* Check Session existence
*/
$session = $pearDB->query("SELECT user_id FROM `session` WHERE session_id = '".htmlentities($_GET["sid"], ENT_QUOTES, "UTF-8")."'");
$session = $pearDB->query("SELECT user_id FROM `session` WHERE session_id = '".$pearDB->escape($_GET["sid"])."'");
if (!$session->numRows()){
$buffer = new CentreonXML();
$buffer->startElement("root");
Expand Down Expand Up @@ -95,7 +95,7 @@
/*
* Get CSS
*/
$DBRESULT2 = $pearDB->query("SELECT css_name FROM `css_color_menu` WHERE menu_nb = '".htmlentities($_GET["menu"], ENT_QUOTES, "UTF-8")."' LIMIT 1");
$DBRESULT2 = $pearDB->query("SELECT css_name FROM `css_color_menu` WHERE menu_nb = '".$pearDB->escape($_GET["menu"])."' LIMIT 1");
$menu_style = $DBRESULT2->fetchRow();

ob_start();
Expand Down Expand Up @@ -154,4 +154,4 @@
header('Content-Type: text/xml');
header('Cache-Control: no-cache');
$buffer->output();
?>
?>

0 comments on commit 434e291

Please sign in to comment.