diff --git a/www/include/views/graphs/common/makeXML_ListMetrics.php b/www/include/views/graphs/common/makeXML_ListMetrics.php index a4f3967f9e1608d34966dc90b6657f0d39da9eb7..fe3332add8a2830317041fc785ec4c057be17d2e 100644 --- a/www/include/views/graphs/common/makeXML_ListMetrics.php +++ b/www/include/views/graphs/common/makeXML_ListMetrics.php @@ -68,9 +68,9 @@ if (isset($_SESSION['centreon'])) { } else { exit; } - + /* - * Get language + * Get language */ $locale = $oreon->user->get_lang(); putenv("LANG=$locale"); @@ -79,7 +79,7 @@ if (isset($_SESSION['centreon'])) { ; bind_textdomain_codeset("messages", "UTF-8"); textdomain("messages"); - + # # Existing Real Metric List comes from DBO -> Store in $rmetrics Array # @@ -89,11 +89,17 @@ if (isset($_SESSION['centreon'])) { $where = ""; $def_type = array(0=>"CDEF",1=>"VDEF"); -if (isset($_GET["vdef"]) && $_GET["vdef"] == 0) { +if (isset($_GET['vdef']) && is_numeric($_GET['vdef']) && $_GET['vdef'] == 0) { $where = " AND def_type='".$_GET["vdef"]."'"; } if (isset($_GET["host_id"]) && $_GET["service_id"]) { + if (!is_numeric($_GET['host_id']) || !is_numeric($_GET['service_id'])) { + $buffer = new CentreonXML(); + $buffer->writeElement('error', 'Bad id format'); + $buffer->output(); + exit; + } $host_id = $_GET["host_id"]; $service_id = $_GET["service_id"];