From 17cb90ee82c2dd6b747c585ff390c5efa347a009 Mon Sep 17 00:00:00 2001
From: Maximilien Bersoult <mbersoult@centreon.com>
Date: Mon, 30 Apr 2018 14:31:28 +0200
Subject: [PATCH] fix(sec): Fix SQL Injection in Virtual Metrics

* Fix SQL Injection in Virtual Metrics in get information
---
 .../views/graphs/common/makeXML_ListMetrics.php    | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/www/include/views/graphs/common/makeXML_ListMetrics.php b/www/include/views/graphs/common/makeXML_ListMetrics.php
index a4f3967f9e..fe3332add8 100644
--- a/www/include/views/graphs/common/makeXML_ListMetrics.php
+++ b/www/include/views/graphs/common/makeXML_ListMetrics.php
@@ -68,9 +68,9 @@ if (isset($_SESSION['centreon'])) {
 } else {
     exit;
 }
-        
+
     /*
-	 * Get language 
+	 * Get language
 	 */
     $locale = $oreon->user->get_lang();
     putenv("LANG=$locale");
@@ -79,7 +79,7 @@ if (isset($_SESSION['centreon'])) {
 ;
     bind_textdomain_codeset("messages", "UTF-8");
     textdomain("messages");
-        
+
     #
     # Existing Real Metric List comes from DBO -> Store in $rmetrics Array
     #
@@ -89,11 +89,17 @@ if (isset($_SESSION['centreon'])) {
     $where = "";
     $def_type = array(0=>"CDEF",1=>"VDEF");
 
-if (isset($_GET["vdef"]) && $_GET["vdef"] == 0) {
+if (isset($_GET['vdef']) && is_numeric($_GET['vdef']) && $_GET['vdef'] == 0) {
     $where = " AND def_type='".$_GET["vdef"]."'";
 }
 
 if (isset($_GET["host_id"]) && $_GET["service_id"]) {
+    if (!is_numeric($_GET['host_id']) || !is_numeric($_GET['service_id'])) {
+        $buffer = new CentreonXML();
+        $buffer->writeElement('error', 'Bad id format');
+        $buffer->output();
+        exit;
+    }
     $host_id = $_GET["host_id"];
     $service_id = $_GET["service_id"];
 
-- 
GitLab