From 17cb90ee82c2dd6b747c585ff390c5efa347a009 Mon Sep 17 00:00:00 2001 From: Maximilien Bersoult <mbersoult@centreon.com> Date: Mon, 30 Apr 2018 14:31:28 +0200 Subject: [PATCH] fix(sec): Fix SQL Injection in Virtual Metrics * Fix SQL Injection in Virtual Metrics in get information --- .../views/graphs/common/makeXML_ListMetrics.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/www/include/views/graphs/common/makeXML_ListMetrics.php b/www/include/views/graphs/common/makeXML_ListMetrics.php index a4f3967f9e..fe3332add8 100644 --- a/www/include/views/graphs/common/makeXML_ListMetrics.php +++ b/www/include/views/graphs/common/makeXML_ListMetrics.php @@ -68,9 +68,9 @@ if (isset($_SESSION['centreon'])) { } else { exit; } - + /* - * Get language + * Get language */ $locale = $oreon->user->get_lang(); putenv("LANG=$locale"); @@ -79,7 +79,7 @@ if (isset($_SESSION['centreon'])) { ; bind_textdomain_codeset("messages", "UTF-8"); textdomain("messages"); - + # # Existing Real Metric List comes from DBO -> Store in $rmetrics Array # @@ -89,11 +89,17 @@ if (isset($_SESSION['centreon'])) { $where = ""; $def_type = array(0=>"CDEF",1=>"VDEF"); -if (isset($_GET["vdef"]) && $_GET["vdef"] == 0) { +if (isset($_GET['vdef']) && is_numeric($_GET['vdef']) && $_GET['vdef'] == 0) { $where = " AND def_type='".$_GET["vdef"]."'"; } if (isset($_GET["host_id"]) && $_GET["service_id"]) { + if (!is_numeric($_GET['host_id']) || !is_numeric($_GET['service_id'])) { + $buffer = new CentreonXML(); + $buffer->writeElement('error', 'Bad id format'); + $buffer->output(); + exit; + } $host_id = $_GET["host_id"]; $service_id = $_GET["service_id"]; -- GitLab