Permalink
Browse files

Fix issue security

  • Loading branch information...
Toufik MECHOUET
Toufik MECHOUET committed Oct 14, 2015
1 parent 0392c2a commit 74642e3285a0b02fc81fa74f29aef52003eb32f7
@@ -338,8 +338,8 @@ public function AddHostDowntime($host, $comment, $start, $end, $persistant, $dur
$centreon = $oreon;
}
if (!isset($persistant) || !in_array($persistant, array(0, 1))) {
$persistant = 0;
if (!isset($persistant) || !in_array($persistant, array('0', '1'))) {
$persistant = '0';
}
$start_time = $this->GMT->getUTCDate($this->getDate($start));
@@ -382,8 +382,8 @@ public function AddSvcDowntime($host, $service, $comment, $start, $end, $persist
}
if (!isset($persistant) || !in_array($persistant, array(0, 1))) {
$persistant = 0;
if (!isset($persistant) || !in_array($persistant, array('0', '1'))) {
$persistant = '0';
}
$start_time = $this->GMT->getUTCDate($this->getDate($start));
@@ -115,8 +115,8 @@
$valid = false;
if ((isset($_POST["submitA"]) && $_POST["submitA"]) && $form->validate()) {
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array(0, 1)))
$_POST["persistant"] = 0;
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array('0', '1')))
$_POST["persistant"] = '0';
if (!isset($_POST["comment"]))
$_POST["comment"] = 0;
AddHostComment($_POST["host_id"], $_POST["comment"], $_POST["persistant"]);
@@ -135,8 +135,8 @@
$valid = false;
if ((isset($_POST["submitA"]) && $_POST["submitA"]) && $form->validate()) {
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array(0, 1)))
$_POST["persistant"] = 0;
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array('0', '1')))
$_POST["persistant"] = '0';
if (!isset($_POST["comment"]))
$_POST["comment"] = 0;
AddSvcComment($_POST["host_id"], $_POST["service_id"], $_POST["comment"], $_POST["persistant"]);
@@ -51,16 +51,16 @@ function DeleteComment($type, $hosts = array()) {
function AddHostComment($host, $comment, $persistant) {
global $oreon, $pearDB;
if (!isset($persistant) || !in_array($persistant, array(0, 1)))
$persistant = 0;
if (!isset($persistant) || !in_array($persistant, array('0', '1')))
$persistant = '0';
write_command(" ADD_HOST_COMMENT;" . getMyHostName($host) . ";" . $persistant . ";" . $oreon->user->get_alias() . ";" . trim($comment), GetMyHostPoller($pearDB, getMyHostName($host)));
}
function AddSvcComment($host, $service, $comment, $persistant) {
global $oreon, $pearDB;
if (!isset($persistant) || !in_array($persistant, array(0, 1)))
$persistant = 0;
if (!isset($persistant) || !in_array($persistant, array('0', '1')))
$persistant = '0';
write_command(" ADD_SVC_COMMENT;" . getMyHostName($host) . ";" . getMyServiceName($service) . ";" . $persistant . ";" . $oreon->user->get_alias() . ";" . trim($comment), GetMyHostPoller($pearDB, getMyHostName($host)));
}
@@ -190,8 +190,8 @@
if ((isset($_POST["submitA"]) && $_POST["submitA"]) && $form->validate()) {
$values = $form->getSubmitValues();
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array(0, 1)))
$_POST["persistant"] = 0;
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array('0', '1')))
$_POST["persistant"] = '0';
if (!isset($_POST["comment"]))
$_POST["comment"] = 0;
$_POST["comment"] = str_replace("'", " ", $_POST['comment']);
@@ -166,8 +166,8 @@
$res = $form->addElement('reset', 'reset', _("Reset"));
if ((isset($_POST["submitA"]) && $_POST["submitA"]) && $form->validate()) {
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array(0, 1)))
$_POST["persistant"] = 0;
if (!isset($_POST["persistant"]) || !in_array($_POST["persistant"], array('0', '1')))
$_POST["persistant"] = '0';
if (!isset($_POST["comment"]))
$_POST["comment"] = 0;
$_POST["comment"] = str_replace("'", " ", $_POST['comment']);
@@ -69,14 +69,14 @@
}
if (isset($param["cmd"]) && $param["cmd"] == 15 && isset($param["author"]) && isset($param["en"]) && $param["en"] == 1) {
if (!isset($param["sticky"]) || !in_array($param["sticky"], array(0, 1))) {
$param["sticky"] = 0;
if (!isset($param["sticky"]) || !in_array($param["sticky"], array('0', '1'))) {
$param["sticky"] = '0';
}
if (!isset($param["notify"]) || !in_array($param["notify"], array(0, 1))) {
$param["notify"] = 0;
if (!isset($param["notify"]) || !in_array($param["notify"], array('0', '1'))) {
$param["notify"] = '0';
}
if (!isset($param["persistent"]) || !in_array($param["persistent"], array(0, 1))) {
$param["persistent"] = 0;
if (!isset($param["persistent"]) || !in_array($param["persistent"], array('0', '1'))) {
$param["persistent"] = '0';
}
acknowledgeService($param);
} else if (isset($param["cmd"]) && $param["cmd"] == 15 && isset($param["author"]) && isset($param["en"]) && $param["en"] == 0) {

0 comments on commit 74642e3

Please sign in to comment.