Skip to content

C
centreon
Commit 641bf146 authored by Guillaume28's avatar Guillaume28 Committed by GitHub
Browse files
Options

First 100 commits and refacto of DB-Func.php (#6104) 

* doc(release note) : Add empty release note for the 2.8.19

* Security Fix : SQL injections on Ldap Parameters page

* update Centreon web 2.8.6 release notes

* improve documentations

* fix(style):Using if instead of ternary

* fix(doc): Remove header

* fix(error): Missing }

* fix(query): Wrong utilisation of query

* fix(space):Missing space
parent 7ef7bfc0
Hide whitespace changes
Inline Side-by-side
Showing with 1896 additions and 899 deletions
doc/en/release_notes/centreon-2.8/centreon-2.8.1.rst
View file @ 641bf146
##############
Centreon 2.8.1
##############
##################
Centreon Web 2.8.1
##################
Released November 14th, 2016
......
doc/en/release_notes/centreon-2.8/centreon-2.8.2.rst
View file @ 641bf146
##############
Centreon 2.8.2
##############
##################
Centreon Web 2.8.2
##################
Released December 8th, 2016.
......
doc/en/release_notes/centreon-2.8/centreon-2.8.3.rst
View file @ 641bf146
##############
Centreon 2.8.3
##############
##################
Centreon Web 2.8.3
##################
Released January 11th, 2017.
......
doc/en/release_notes/centreon-2.8/centreon-2.8.4.rst
View file @ 641bf146
##############
Centreon 2.8.4
##############
##################
Centreon Web 2.8.4
##################
Released February 8th, 2017.
......
doc/en/release_notes/centreon-2.8/centreon-2.8.5.rst
View file @ 641bf146
##############
Centreon 2.8.5
##############
##################
Centreon Web 2.8.5
##################
Released March 29th, 2017.
......
doc/en/release_notes/centreon-2.8/centreon-2.8.6.rst
View file @ 641bf146
##############
Centreon 2.8.6
##############
##################
Centreon Web 2.8.6
##################
Bug Fixes
=========
......@@ -8,7 +8,34 @@ Bug Fixes
KB
--
* Fix wiki links of objects with spaces in their name
* Downtimes - Display real BA name instead of _Module_ - #5014, PR #5094
* InfluxDB broker output config: metric columns not stored properly - #5058, PR #5089
* Poller status still working when the poller is disabled - #5126
* Filter on the status host/service on the motiroring isn't working #5131, #5140
* Fix acl on host categories for inheritance
* Avoid infinite loop in acl category
* Fix error message in install process
* Fix path to centengine and cbd init scripts
* Fix topcounter must count all meta services - #5071, PR #5100
* Fix access downtime page for users with ACL - #4952, #5025, PR #5093
* Centreon > Services - Services listed twice - #5158, PR #5010
* Custom views - problem with multiselect users when sharing View - #5029, PR #5074
* Massive change - impossible to add servive group - #5132
* Fix URL decode probelm with character '+' in object's name - #5128, PR #4883
* Fix CLAPI import
* Poller status still working when the poller is disabled - #5126, PR #5133
Enhancements
============
* Display inherited categories in host details page
* Do not check modification of configuration on disabled poller for better performance - PR #4928
* Improve access to services configuration page - PR #5077, PR #5076
* Improve global performance - PR #4900
* Improve Knowledge Base configuration
* Fix wiki links of objects with spaces in their name - #4306
* Improve documentation
* Set geo_coords parameter with clapi
If you already used a knowledge base, please execute following script :
::
......
doc/en/release_notes/centreon-2.8/centreon-2.8.7.rst
View file @ 641bf146
##############
Centreon 2.8.7
##############
##################
Centreon Web 2.8.7
##################
Bug Fixes
=========
......
doc/en/release_notes/centreon-2.8/index.rst
View file @ 641bf146
......@@ -24,3 +24,5 @@ Please find here the release notes dedicated to the last 2.8.x version of Centre
centreon-2.8.15
centreon-2.8.16
centreon-2.8.17
centreon-2.8.18
centreon-2.8.19
doc/fr/release_notes/centreon-2.8/centreon-2.8.1.rst
View file @ 641bf146
##############
Centreon 2.8.1
##############
##################
Centreon Web 2.8.1
##################
Released November 14th, 2016
......
doc/fr/release_notes/centreon-2.8/centreon-2.8.2.rst
View file @ 641bf146
##############
Centreon 2.8.2
##############
##################
Centreon Web 2.8.2
##################
Released December 8th, 2016.
......
doc/fr/release_notes/centreon-2.8/centreon-2.8.3.rst
View file @ 641bf146
##############
Centreon 2.8.3
##############
##################
Centreon Web 2.8.3
##################
Released January 11th, 2017.
......
doc/fr/release_notes/centreon-2.8/centreon-2.8.4.rst
View file @ 641bf146
##############
Centreon 2.8.4
##############
##################
Centreon Web 2.8.4
##################
Released February 8th, 2017.
......
doc/fr/release_notes/centreon-2.8/centreon-2.8.5.rst
View file @ 641bf146
##############
Centreon 2.8.5
##############
##################
Centreon Web 2.8.5
##################
Released March 29th, 2017.
......
doc/fr/release_notes/centreon-2.8/centreon-2.8.6.rst
View file @ 641bf146
##############
Centreon 2.8.6
##############
##################
Centreon Web 2.8.6
##################
Bug Fixes
=========
......@@ -8,7 +8,34 @@ Bug Fixes
KB
--
* Fix wiki links of objects with spaces in their name
* Downtimes - Display real BA name instead of _Module_ - #5014, PR #5094
* InfluxDB broker output config: metric columns not stored properly - #5058, PR #5089
* Poller status still working when the poller is disabled - #5126
* Filter on the status host/service on the motiroring isn't working #5131, #5140
* Fix acl on host categories for inheritance
* Avoid infinite loop in acl category
* Fix error message in install process
* Fix path to centengine and cbd init scripts
* Fix topcounter must count all meta services - #5071, PR #5100
* Fix access downtime page for users with ACL - #4952, #5025, PR #5093
* Centreon > Services - Services listed twice - #5158, PR #5010
* Custom views - problem with multiselect users when sharing View - #5029, PR #5074
* Massive change - impossible to add servive group - #5132
* Fix URL decode probelm with character '+' in object's name - #5128, PR #4883
* Fix CLAPI import
* Poller status still working when the poller is disabled - #5126, PR #5133
Enhancements
============
* Display inherited categories in host details page
* Do not check modification of configuration on disabled poller for better performance - PR #4928
* Improve access to services configuration page - PR #5077, PR #5076
* Improve global performance - PR #4900
* Improve Knowledge Base configuration
* Fix wiki links of objects with spaces in their name - #4306
* Improve documentation
* Set geo_coords parameter with clapi
If you already used a knowledge base, please execute following script :
::
......
doc/fr/release_notes/centreon-2.8/centreon-2.8.7.rst
View file @ 641bf146
##############
Centreon 2.8.7
##############
##################
Centreon Web 2.8.7
##################
Bug Fixes
=========
......
doc/fr/release_notes/centreon-2.8/index.rst
View file @ 641bf146
......@@ -24,3 +24,5 @@ Please find here the release notes dedicated to the last 2.8.x version of Centre
centreon-2.8.15
centreon-2.8.16
centreon-2.8.17
centreon-2.8.18
centreon-2.8.19
www/class/centreonLDAP.class.php
View file @ 641bf146
......@@ -92,7 +92,10 @@ class CentreonLDAP
}
$dbresult = $this->db->query(
"SELECT `key`, `value` FROM `options` WHERE `key` IN ('debug_ldap_import', 'debug_path')"
"SELECT `key`, `value`
FROM `options`
WHERE `key`
IN ('debug_ldap_import', 'debug_path')"
);
while ($row = $dbresult->fetchRow()) {
if ($row['key'] == 'debug_ldap_import') {
......@@ -123,9 +126,9 @@ class CentreonLDAP
$dns_query = '_ldap._tcp';
$dbresult = $this->db->query(
"SELECT `ari_value`
FROM auth_ressource_info
WHERE `ari_name` = 'ldap_dns_use_domain'
AND ar_id = " . $this->db->escape($arId)
FROM auth_ressource_info
WHERE `ari_name` = 'ldap_dns_use_domain'
AND ar_id = " . $this->db->escape($arId)
);
$row = $dbresult->fetchRow();
$dbresult->closeCursor();
......@@ -146,9 +149,9 @@ class CentreonLDAP
} else {
$dbresult = $this->db->query(
"SELECT ldap_host_id, host_address
FROM auth_ressource_host
WHERE auth_ressource_id = " . $this->db->escape($arId) . "
ORDER BY host_order"
FROM auth_ressource_host
WHERE auth_ressource_id = " . $this->db->escape($arId) . "
ORDER BY host_order"
);
while ($row = $dbresult->fetchRow()) {
$ldap = array();
......@@ -698,8 +701,8 @@ class CentreonLDAP
{
$dbresult = $this->db->query(
"SELECT use_ssl, use_tls, host_port as port
FROM auth_ressource_host
WHERE ldap_host_id = " . CentreonDB::escape($id)
FROM auth_ressource_host
WHERE ldap_host_id = " . CentreonDB::escape($id)
);
$row = $dbresult->fetchRow();
return $row;
......@@ -737,9 +740,9 @@ class CentreonLDAP
return $this->constuctCache[$id];
}
$query = "SELECT ari_name, ari_value
FROM auth_ressource_info
WHERE ari_name IN ('bind_dn', 'bind_pass', 'protocol_version')
AND ar_id = " . CentreonDB::escape($id);
FROM auth_ressource_info
WHERE ari_name IN ('bind_dn', 'bind_pass', 'protocol_version')
AND ar_id = " . CentreonDB::escape($id);
$dbresult = $this->db->query($query);
$infos = array();
while ($row = $dbresult->fetchRow()) {
......@@ -883,25 +886,25 @@ class CentreonLdapAdmin
if (!count($gopt) && isset($options['ar_name']) && isset($options['ar_description'])) {
$this->db->query(
"INSERT INTO auth_ressource (ar_name, ar_description, ar_type, ar_enable)
VALUES ('" . $this->db->escape($options['ar_name']) . "',
'" . $this->db->escape($options['ar_description']) . "',
'ldap',
'" . $options['ldap_auth_enable']['ldap_auth_enable'] . "')"
VALUES ('" . $this->db->escape($options['ar_name']) . "',
'" . $this->db->escape($options['ar_description']) . "',
'ldap',
'" . $options['ldap_auth_enable']['ldap_auth_enable'] . "')"
);
$maxArIdSql = "SELECT MAX(ar_id) as last_id
FROM auth_ressource
WHERE ar_name = '" . $this->db->escape($options['ar_name']) . "'";
FROM auth_ressource
WHERE ar_name = '" . $this->db->escape($options['ar_name']) . "'";
$res = $this->db->query($maxArIdSql);
$row = $res->fetchRow();
$arId = $row['last_id'];
unset($res);
} else {
$this->db->query(
"UPDATE auth_ressource SET
ar_name = '" . $this->db->escape($options['ar_name']) . "',
ar_description = '" . $this->db->escape($options['ar_description']) . "',
ar_enable = '" . $options['ldap_auth_enable']['ldap_auth_enable'] . "'
WHERE ar_id = " . $this->db->escape($arId)
"UPDATE auth_ressource
SET ar_name = '" . $this->db->escape($options['ar_name']) . "',
ar_description = '" . $this->db->escape($options['ar_description']) . "',
ar_enable = '" . $options['ldap_auth_enable']['ldap_auth_enable'] . "'
WHERE ar_id = " . $this->db->escape($arId)
);
}
......@@ -915,14 +918,14 @@ class CentreonLdapAdmin
}
if (isset($gopt[$key])) {
$query = "UPDATE `auth_ressource_info`
SET `ari_value` = '" . $this->db->escape($value, false) . "'
WHERE `ari_name` = '" . $this->db->escape($key) . "'
AND ar_id = " . $this->db->escape($arId);
SET `ari_value` = '" . $this->db->escape($value, false) . "'
WHERE `ari_name` = '" . $this->db->escape($key) . "'
AND ar_id = " . $this->db->escape($arId);
} else {
$query = "INSERT INTO `auth_ressource_info`
(`ar_id`, `ari_name`, `ari_value`)
VALUES (" . $this->db->escape($arId) . ", '" . $this->db->escape($key) . "', '" .
$this->db->escape($value, false) . "')";
(`ar_id`, `ari_name`, `ari_value`)
VALUES (" . $this->db->escape($arId) . ", '" . $this->db->escape($key) . "', '" .
$this->db->escape($value, false) . "')";
}
$this->db->query($query);
}
......@@ -940,8 +943,8 @@ class CentreonLdapAdmin
{
$gopt = array();
$query = "SELECT `ari_name`, `ari_value`
FROM `auth_ressource_info`
WHERE ar_id = " . $this->db->escape($arId);
FROM `auth_ressource_info`
WHERE ar_id = " . $this->db->escape($arId);
$res = $this->db->query($query);
while ($row = $res->fetchRow()) {
$gopt[$row['ari_name']] = $row['ari_value'];
......@@ -961,12 +964,12 @@ class CentreonLdapAdmin
$use_ssl = isset($params['use_ssl']) ? 1 : 0;
$use_tls = isset($params['use_tls']) ? 1 : 0;
$sql = "INSERT INTO auth_ressource_host " .
"(auth_ressource_id, host_address, host_port, use_ssl, use_tls, host_order) " .
"VALUES ($arId, '" . $this->db->escape($params['hostname']) . "', '" .
$this->db->escape($params['port']) . "', " .
$use_ssl . ", " .
$use_tls . ", '" .
$this->db->escape($params['order']) . "')";
"(auth_ressource_id, host_address, host_port, use_ssl, use_tls, host_order) " .
"VALUES ($arId, '" . $this->db->escape($params['hostname']) . "', '" .
$this->db->escape($params['port']) . "', " .
$use_ssl . ", " .
$use_tls . ", '" .
$this->db->escape($params['order']) . "')";
$this->db->query($sql);
}
......@@ -984,14 +987,14 @@ class CentreonLdapAdmin
}
$use_ssl = isset($params['use_ssl']) ? 1 : 0;
$use_tls = isset($params['use_tls']) ? 1 : 0;
$sql = "UPDATE auth_ressource_host SET
host_address = '" . $this->db->escape($params['hostname']) . "',
host_port = '" . $this->db->escape($params['port']) . "',
host_order = '" . $this->db->escape($params['order']) . "',
use_ssl = " . $use_ssl . ",
use_tls = " . $use_tls . "
WHERE ldap_host_id = " . $this->db->escape($params['id']) . "
AND auth_ressource_id = " . $arId;
$sql = "UPDATE auth_ressource_host
SET host_address = '" . $this->db->escape($params['hostname']) . "',
host_port = '" . $this->db->escape($params['port']) . "',
host_order = '" . $this->db->escape($params['order']) . "',
use_ssl = " . $use_ssl . ",
use_tls = " . $use_tls . "
WHERE ldap_host_id = " . $this->db->escape($params['id']) . "
AND auth_ressource_id = " . $arId;
$this->db->query($sql);
}
......@@ -1050,7 +1053,7 @@ class CentreonLdapAdmin
if (isset($config[$key])) {
$sth = $this->db->query(
"UPDATE auth_ressource_info SET ari_value = '" . $this->db->escape($value) . "'
WHERE ar_id = " . CentreonDB::escape($id) . " AND ari_name = '" . $this->db->escape($key) . "'"
WHERE ar_id = " . CentreonDB::escape($id) . " AND ari_name = '" . $this->db->escape($key) . "'"
);
} else {
$sth = $this->db->query(
......@@ -1075,7 +1078,9 @@ class CentreonLdapAdmin
public function getTemplate($id = 0)
{
if ($id == 0) {
$queryTemplate = "SELECT ar_id FROM auth_ressource WHERE ar_type = 'ldap_tmpl'";
$queryTemplate = "SELECT ar_id
FROM auth_ressource
WHERE ar_type = 'ldap_tmpl'";
$res = $this->db->query($queryTemplate);
if ($res->rowCount() == 0) {
return array();
......@@ -1084,8 +1089,8 @@ class CentreonLdapAdmin
$id = $row['ar_id'];
}
$query = "SELECT ari_name, ari_value
FROM auth_ressource_info
WHERE ar_id = " . CentreonDB::escape($id);
FROM auth_ressource_info
WHERE ar_id = " . CentreonDB::escape($id);
$res = $this->db->query($query);
$list = array();
while ($row = $res->fetchRow()) {
......@@ -1184,7 +1189,8 @@ class CentreonLdapAdmin
if (count($configList)) {
$this->db->query(
"DELETE FROM auth_ressource
WHERE ar_id IN (" . implode(',', $configList) . ")"
WHERE ar_id
IN (" . implode(',', $configList) . ")"
);
}
}
......@@ -1201,8 +1207,8 @@ class CentreonLdapAdmin
if (count($configList)) {
$this->db->query(
"UPDATE auth_ressource
SET ar_enable = '" . $this->db->escape($status) . "'
WHERE ar_id IN (" . implode(',', $configList) . ")"
SET ar_enable = '" . $this->db->escape($status) . "'
WHERE ar_id IN (" . implode(',', $configList) . ")"
);
}
}
......@@ -1217,8 +1223,8 @@ class CentreonLdapAdmin
{
$res = $this->db->query(
"SELECT host_address, host_port, use_ssl, use_tls
FROM auth_ressource_host
WHERE auth_ressource_id = " . $this->db->escape($arId) .
FROM auth_ressource_host
WHERE auth_ressource_id = " . $this->db->escape($arId) .
" ORDER BY host_order"
);
$arr = array();
......
www/include/Administration/parameters/ldap/form.php
View file @ 641bf146
......@@ -177,7 +177,7 @@ if ($arId) {
$gopt = $ldapAdmin->getGeneralOptions($arId);
$res = $pearDB->query("SELECT `ar_name`, `ar_description`, `ar_enable`
FROM `auth_ressource`
WHERE ar_id = " .$pearDB->escape($arId));
WHERE ar_id = " . $pearDB->escape($arId));
while ($row = $res->fetchRow()) {
$gopt['ar_name'] = $row['ar_name'];
$gopt['ar_description'] = $row['ar_description'];
......
www/include/configuration/configNagios/DB-Func.php
View file @ 641bf146
This source diff could not be displayed because it is too large. You can view the blob instead.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment