diff --git a/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php b/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php
index b6e43409ee5658562f59accfc55e1665ede394bb..1bdc4218a49782522580d07c942e280812fd0fb1 100644
--- a/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php
+++ b/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php
@@ -3,34 +3,34 @@
* Copyright 2005-2016 Centreon
* Centreon is developped by : Julien Mathis and Romain Le Merlus under
* GPL Licence 2.0.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
* Foundation ; either version 2 of the License.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
+ *
+ * You should have received a copy of the GNU General Public License along with
* this program; if not, see <http://www.gnu.org/licenses>.
- *
- * Linking this program statically or dynamically with other modules is making a
- * combined work based on this program. Thus, the terms and conditions of the GNU
+ *
+ * Linking this program statically or dynamically with other modules is making a
+ * combined work based on this program. Thus, the terms and conditions of the GNU
* General Public License cover the whole combination.
- *
- * As a special exception, the copyright holders of this program give Centreon
- * permission to link this program with independent modules to produce an executable,
- * regardless of the license terms of these independent modules, and to copy and
- * distribute the resulting executable under terms of Centreon choice, provided that
- * Centreon also meet, for each linked independent module, the terms and conditions
- * of the license of that module. An independent module is a module which is not
- * derived from this program. If you modify this program, you may extend this
+ *
+ * As a special exception, the copyright holders of this program give Centreon
+ * permission to link this program with independent modules to produce an executable,
+ * regardless of the license terms of these independent modules, and to copy and
+ * distribute the resulting executable under terms of Centreon choice, provided that
+ * Centreon also meet, for each linked independent module, the terms and conditions
+ * of the license of that module. An independent module is a module which is not
+ * derived from this program. If you modify this program, you may extend this
* exception to your version of the program, but you are not obliged to do so. If you
* do not wish to do so, delete this exception statement from your version.
- *
+ *
* For more information : contact@centreon.com
- *
+ *
*/
$stateType = 'host';
@@ -43,6 +43,15 @@ if (isset($_SESSION['centreon'])) {
}
if (isset($_GET["id"]) && isset($_GET["color"])) {
+ /* Validate the type of request arguments for security */
+ if (!is_numeric($_GET['id'])) {
+ $buffer->writeElement('error', 'Bad id format');
+ $buffer->endElement();
+ header('Content-Type: text/xml');
+ $buffer->output();
+ exit;
+ }
+
$color = array();
foreach ($_GET["color"] as $key => $value) {
$color[$key] = htmlentities($value, ENT_QUOTES, "UTF-8");
@@ -61,9 +70,9 @@ if (isset($_GET["id"]) && isset($_GET["color"])) {
if ($accessHost) {
$DBRESULT = $pearDBO->query(
- "SELECT * FROM `log_archive_host` WHERE host_id = "
+ "SELECT * FROM `log_archive_host` WHERE host_id = '"
. $pearDBO->escape($_GET["id"])
- . " order by date_start desc"
+ . "' order by date_start desc"
);
while ($row = $DBRESULT->fetchRow()) {
fillBuffer($statesTab, $row, $color);
diff --git a/www/include/reporting/dashboard/xmlInformations/GetXmlHostGroup.php b/www/include/reporting/dashboard/xmlInformations/GetXmlHostGroup.php
index c774f5a36ab5156cc255e4d5733944c4faed1e64..d791c470af5b91af6def412f602f32d9b6f463ec 100644
--- a/www/include/reporting/dashboard/xmlInformations/GetXmlHostGroup.php
+++ b/www/include/reporting/dashboard/xmlInformations/GetXmlHostGroup.php
@@ -3,44 +3,53 @@
* Copyright 2005-2016 Centreon
* Centreon is developped by : Julien Mathis and Romain Le Merlus under
* GPL Licence 2.0.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
* Foundation ; either version 2 of the License.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
+ *
+ * You should have received a copy of the GNU General Public License along with
* this program; if not, see <http://www.gnu.org/licenses>.
- *
- * Linking this program statically or dynamically with other modules is making a
- * combined work based on this program. Thus, the terms and conditions of the GNU
+ *
+ * Linking this program statically or dynamically with other modules is making a
+ * combined work based on this program. Thus, the terms and conditions of the GNU
* General Public License cover the whole combination.
- *
- * As a special exception, the copyright holders of this program give Centreon
- * permission to link this program with independent modules to produce an executable,
- * regardless of the license terms of these independent modules, and to copy and
- * distribute the resulting executable under terms of Centreon choice, provided that
- * Centreon also meet, for each linked independent module, the terms and conditions
- * of the license of that module. An independent module is a module which is not
- * derived from this program. If you modify this program, you may extend this
+ *
+ * As a special exception, the copyright holders of this program give Centreon
+ * permission to link this program with independent modules to produce an executable,
+ * regardless of the license terms of these independent modules, and to copy and
+ * distribute the resulting executable under terms of Centreon choice, provided that
+ * Centreon also meet, for each linked independent module, the terms and conditions
+ * of the license of that module. An independent module is a module which is not
+ * derived from this program. If you modify this program, you may extend this
* exception to your version of the program, but you are not obliged to do so. If you
* do not wish to do so, delete this exception statement from your version.
- *
+ *
* For more information : contact@centreon.com
- *
+ *
*/
$stateType = 'host';
require_once realpath(dirname(__FILE__) . "/initXmlFeed.php");
if (isset($_GET["id"]) && isset($_GET["color"])) {
+ /* Validate the type of request arguments for security */
+ if (!is_numeric($_GET['id'])) {
+ $buffer->writeElement('error', 'Bad id format');
+ $buffer->endElement();
+ header('Content-Type: text/xml');
+ $buffer->output();
+ exit;
+ }
+
$color = array();
foreach ($_GET["color"] as $key => $value) {
$color[$key] = htmlentities($value, ENT_QUOTES, "UTF-8");
}
-
+
$hosts_id = $centreon->user->access->getHostHostGroupAclConf($_GET["id"], "broker");
if (count($hosts_id) > 0) {
$rq = 'SELECT `date_start`, `date_end`, sum(`UPnbEvent`) as UPnbEvent, sum(`DOWNnbEvent`) as DOWNnbEvent, '
diff --git a/www/include/reporting/dashboard/xmlInformations/GetXmlService.php b/www/include/reporting/dashboard/xmlInformations/GetXmlService.php
index 2386b959586d04dce2c12dad984f188731b3371b..43c323bfe9deffd46a0b0de027ade27ce156bf19 100644
--- a/www/include/reporting/dashboard/xmlInformations/GetXmlService.php
+++ b/www/include/reporting/dashboard/xmlInformations/GetXmlService.php
@@ -3,34 +3,34 @@
* Copyright 2005-2016 Centreon
* Centreon is developped by : Julien Mathis and Romain Le Merlus under
* GPL Licence 2.0.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
* Foundation ; either version 2 of the License.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
+ *
+ * You should have received a copy of the GNU General Public License along with
* this program; if not, see <http://www.gnu.org/licenses>.
- *
- * Linking this program statically or dynamically with other modules is making a
- * combined work based on this program. Thus, the terms and conditions of the GNU
+ *
+ * Linking this program statically or dynamically with other modules is making a
+ * combined work based on this program. Thus, the terms and conditions of the GNU
* General Public License cover the whole combination.
- *
- * As a special exception, the copyright holders of this program give Centreon
- * permission to link this program with independent modules to produce an executable,
- * regardless of the license terms of these independent modules, and to copy and
- * distribute the resulting executable under terms of Centreon choice, provided that
- * Centreon also meet, for each linked independent module, the terms and conditions
- * of the license of that module. An independent module is a module which is not
- * derived from this program. If you modify this program, you may extend this
+ *
+ * As a special exception, the copyright holders of this program give Centreon
+ * permission to link this program with independent modules to produce an executable,
+ * regardless of the license terms of these independent modules, and to copy and
+ * distribute the resulting executable under terms of Centreon choice, provided that
+ * Centreon also meet, for each linked independent module, the terms and conditions
+ * of the license of that module. An independent module is a module which is not
+ * derived from this program. If you modify this program, you may extend this
* exception to your version of the program, but you are not obliged to do so. If you
* do not wish to do so, delete this exception statement from your version.
- *
+ *
* For more information : contact@centreon.com
- *
+ *
*/
$stateType = 'service';
require_once realpath(dirname(__FILE__) . "/initXmlFeed.php");
@@ -42,6 +42,15 @@ if (isset($_SESSION['centreon'])) {
}
if (isset($_GET["host_id"]) && isset($_GET["id"]) && isset($_GET["color"])) {
+ /* Validate the type of request arguments for security */
+ if (!is_numeric($_GET['id']) || !is_numeric($_GET['host_id'])) {
+ $buffer->writeElement('error', 'Bad id format');
+ $buffer->endElement();
+ header('Content-Type: text/xml');
+ $buffer->output();
+ exit;
+ }
+
$color = array();
foreach ($_GET["color"] as $key => $value) {
$color[$key] = htmlentities($value, ENT_QUOTES, "UTF-8");
@@ -61,8 +70,8 @@ if (isset($_GET["host_id"]) && isset($_GET["id"]) && isset($_GET["color"])) {
if ($accessService) {
$DBRESULT = $pearDBO->query(
"SELECT * FROM `log_archive_service` WHERE host_id = '".
- $pearDBO->escape($_GET["host_id"])."' AND service_id = ".
- $pearDBO->escape($_GET["id"])." ORDER BY `date_start` DESC"
+ $pearDBO->escape($_GET["host_id"])."' AND service_id = '".
+ $pearDBO->escape($_GET["id"])."' ORDER BY `date_start` DESC"
);
while ($row = $DBRESULT->fetchRow()) {
fillBuffer($statesTab, $row, $color);
diff --git a/www/include/reporting/dashboard/xmlInformations/GetXmlServiceGroup.php b/www/include/reporting/dashboard/xmlInformations/GetXmlServiceGroup.php
index 6b1235a9a3d2c6d216dcca4dd4513ec7c03fd810..7687534bdc97d91006ad27aa4c8c660cca51bf61 100644
--- a/www/include/reporting/dashboard/xmlInformations/GetXmlServiceGroup.php
+++ b/www/include/reporting/dashboard/xmlInformations/GetXmlServiceGroup.php
@@ -3,44 +3,53 @@
* Copyright 2005-2016 Centreon
* Centreon is developped by : Julien Mathis and Romain Le Merlus under
* GPL Licence 2.0.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free Software
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
* Foundation ; either version 2 of the License.
- *
+ *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with
+ *
+ * You should have received a copy of the GNU General Public License along with
* this program; if not, see <http://www.gnu.org/licenses>.
- *
- * Linking this program statically or dynamically with other modules is making a
- * combined work based on this program. Thus, the terms and conditions of the GNU
+ *
+ * Linking this program statically or dynamically with other modules is making a
+ * combined work based on this program. Thus, the terms and conditions of the GNU
* General Public License cover the whole combination.
- *
- * As a special exception, the copyright holders of this program give Centreon
- * permission to link this program with independent modules to produce an executable,
- * regardless of the license terms of these independent modules, and to copy and
- * distribute the resulting executable under terms of Centreon choice, provided that
- * Centreon also meet, for each linked independent module, the terms and conditions
- * of the license of that module. An independent module is a module which is not
- * derived from this program. If you modify this program, you may extend this
+ *
+ * As a special exception, the copyright holders of this program give Centreon
+ * permission to link this program with independent modules to produce an executable,
+ * regardless of the license terms of these independent modules, and to copy and
+ * distribute the resulting executable under terms of Centreon choice, provided that
+ * Centreon also meet, for each linked independent module, the terms and conditions
+ * of the license of that module. An independent module is a module which is not
+ * derived from this program. If you modify this program, you may extend this
* exception to your version of the program, but you are not obliged to do so. If you
* do not wish to do so, delete this exception statement from your version.
- *
+ *
* For more information : contact@centreon.com
- *
+ *
*/
$stateType = 'service';
require_once realpath(dirname(__FILE__) . "/initXmlFeed.php");
if (isset($_GET["id"]) && isset($_GET["color"])) {
+ /* Validate the type of request arguments for security */
+ if (!is_numeric($_GET['id'])) {
+ $buffer->writeElement('error', 'Bad id format');
+ $buffer->endElement();
+ header('Content-Type: text/xml');
+ $buffer->output();
+ exit;
+ }
+
$color = array();
foreach ($_GET["color"] as $key => $value) {
$color[$key] = htmlentities($value, ENT_QUOTES, "UTF-8");
}
-
+
$services = getServiceGroupActivateServices($_GET["id"]);
if (count($services) > 0) {
$host_ids = array();