diff --git a/www/include/views/graphs/exportData/ExportCSVServiceData.php b/www/include/views/graphs/exportData/ExportCSVServiceData.php index 4e7a723901d3599feead2ea277854cc6bdb8a51f..17777b171324e16fe708ca0cfece71038e751a87 100644 --- a/www/include/views/graphs/exportData/ExportCSVServiceData.php +++ b/www/include/views/graphs/exportData/ExportCSVServiceData.php @@ -66,13 +66,16 @@ if (isset($_GET['chartId'])) { if (false === isset($hostId) || false === isset($serviceId)) { die('Resource not found'); } + if (!is_numeric($hostId) || !is_numeric($serviceId)) { + die('Bad resource id format'); + } $res = $pearDBO->query('SELECT id FROM index_data - WHERE host_id = ' . $pearDBO->escape($hostId) . - ' AND service_id = ' . $pearDBO->escape($serviceId)); + WHERE host_id = "' . $pearDBO->escape($hostId) . + '" AND service_id = "' . $pearDBO->escape($serviceId) . '"'); if ($res->numRows()) { $row = $res->fetchRow(); - $index = $row['id']; + $index = $row['id']; } else { die('Resource not found'); }