Private GIT

Skip to content
Snippets Groups Projects
Commit 7080bf93 authored by Maximilien Bersoult's avatar Maximilien Bersoult Committed by Stephane Chapron
Browse files

fix(sec): Fix SQL Injection in Virtual Metrics 

* Fix SQL Injection in Virtual Metrics in get information
parent d60a38dd
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
www/include/views/graphs/common/makeXML_ListMetrics.php
+ 10
4
View file @ 7080bf93
...@@ -89,11 +89,17 @@ if (isset($_SESSION['centreon'])) { ...@@ -89,11 +89,17 @@ if (isset($_SESSION['centreon'])) {
$where = ""; $where = "";
$def_type = array(0=>"CDEF",1=>"VDEF"); $def_type = array(0=>"CDEF",1=>"VDEF");
if (isset($_GET["vdef"]) && $_GET["vdef"] == 0) { if (isset($_GET['vdef']) && is_numeric($_GET['vdef']) && $_GET['vdef'] == 0) {
$where = " AND def_type='".$_GET["vdef"]."'"; $where = " AND def_type='".$_GET["vdef"]."'";
} }
if (isset($_GET["host_id"]) && $_GET["service_id"]) { if (isset($_GET["host_id"]) && $_GET["service_id"]) {
if (!is_numeric($_GET['host_id']) || !is_numeric($_GET['service_id'])) {
$buffer = new CentreonXML();
$buffer->writeElement('error', 'Bad id format');
$buffer->output();
exit;
}
$host_id = $_GET["host_id"]; $host_id = $_GET["host_id"];
$service_id = $_GET["service_id"]; $service_id = $_GET["service_id"];
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)