From 4e4d8e6d770d3fd5057fd7fa4c1fbcab7a41c232 Mon Sep 17 00:00:00 2001
From: Maximilien Bersoult <mbersoult@centreon.com>
Date: Fri, 27 Apr 2018 10:21:46 +0200
Subject: [PATCH] fix(sec): Fix SQL injection on graphs

* Fix SQL injection when export metrics to CSV from graphs
---
 .../views/graphs/exportData/ExportCSVServiceData.php     | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/www/include/views/graphs/exportData/ExportCSVServiceData.php b/www/include/views/graphs/exportData/ExportCSVServiceData.php
index 4e7a723901..17777b1713 100644
--- a/www/include/views/graphs/exportData/ExportCSVServiceData.php
+++ b/www/include/views/graphs/exportData/ExportCSVServiceData.php
@@ -66,13 +66,16 @@ if (isset($_GET['chartId'])) {
     if (false === isset($hostId) || false === isset($serviceId)) {
         die('Resource not found');
     }
+    if (!is_numeric($hostId) || !is_numeric($serviceId)) {
+        die('Bad resource id format');
+    }
     $res = $pearDBO->query('SELECT id
         FROM index_data
-        WHERE host_id = ' . $pearDBO->escape($hostId) .
-        ' AND service_id = ' . $pearDBO->escape($serviceId));
+        WHERE host_id = "' . $pearDBO->escape($hostId) .
+        '" AND service_id = "' . $pearDBO->escape($serviceId) . '"');
     if ($res->numRows()) {
         $row = $res->fetchRow();
-        $index = $row['id'];     
+        $index = $row['id'];
     } else {
         die('Resource not found');
     }
-- 
GitLab