diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-08 13:30:35 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-08 14:33:32 +0000 |
commit | b358b0c58416588e1bea619dfdb5d1aa81012f51 (patch) | |
tree | af96a2015bfbfa230757904a41f6d811281c4c4f | |
parent | 139f76070d10890b6bee04f6e4706c7daa858036 (diff) | |
download | alpine_aports-b358b0c58416588e1bea619dfdb5d1aa81012f51.tar.bz2 alpine_aports-b358b0c58416588e1bea619dfdb5d1aa81012f51.tar.xz alpine_aports-b358b0c58416588e1bea619dfdb5d1aa81012f51.zip |
main/zabbix: security fix (CVE-2013-5743)
https://support.zabbix.com/browse/ZBX-7091
fixes #2272
-rw-r--r-- | main/zabbix/APKBUILD | 14 | ||||
-rw-r--r-- | main/zabbix/ZBX-7091-2.0.8.patch | 2021 |
2 files changed, 2030 insertions, 5 deletions
diff --git a/main/zabbix/APKBUILD b/main/zabbix/APKBUILD index e871678912..0ff2d574ad 100644 --- a/main/zabbix/APKBUILD +++ b/main/zabbix/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | pkgname=zabbix | 3 | pkgname=zabbix |
4 | pkgver=2.0.8 | 4 | pkgver=2.0.8 |
5 | pkgrel=0 | 5 | pkgrel=1 |
6 | pkgdesc="Enterprise-class open source distributed monitoring" | 6 | pkgdesc="Enterprise-class open source distributed monitoring" |
7 | url="http://www.zabbix.com" | 7 | url="http://www.zabbix.com" |
8 | arch="all" | 8 | arch="all" |
@@ -27,6 +27,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz | |||
27 | zabbix-server.initd | 27 | zabbix-server.initd |
28 | zabbix-agentd.initd | 28 | zabbix-agentd.initd |
29 | zabbix-proxy.initd | 29 | zabbix-proxy.initd |
30 | ZBX-7091-2.0.8.patch | ||
30 | " | 31 | " |
31 | 32 | ||
32 | _builddir="$srcdir"/$pkgname-$pkgver | 33 | _builddir="$srcdir"/$pkgname-$pkgver |
@@ -49,7 +50,7 @@ build() { | |||
49 | # set default configure flags | 50 | # set default configure flags |
50 | _configure="--prefix=/usr \ | 51 | _configure="--prefix=/usr \ |
51 | --sysconfdir=/etc/zabbix \ | 52 | --sysconfdir=/etc/zabbix \ |
52 | --mandir=/usr/share/man \ | 53 | --mandir=/usr/share/man \ |
53 | --infodir=/usr/share/info \ | 54 | --infodir=/usr/share/info \ |
54 | --enable-server \ | 55 | --enable-server \ |
55 | --enable-agent \ | 56 | --enable-agent \ |
@@ -170,7 +171,8 @@ b80eca2e260cc9e563f4b7a1b30bb158 res_send.patch | |||
170 | 5f7b1815a309d8dade4a1d15d5048742 automake.patch | 171 | 5f7b1815a309d8dade4a1d15d5048742 automake.patch |
171 | d823c2ab6c2bbdd0ebd3511fac4a83b4 zabbix-server.initd | 172 | d823c2ab6c2bbdd0ebd3511fac4a83b4 zabbix-server.initd |
172 | 1a5c718bcf815fcf659e14fb0b576a1a zabbix-agentd.initd | 173 | 1a5c718bcf815fcf659e14fb0b576a1a zabbix-agentd.initd |
173 | a99978139481e69434f78fc3e8c53441 zabbix-proxy.initd" | 174 | a99978139481e69434f78fc3e8c53441 zabbix-proxy.initd |
175 | 69f7a0d3b7747bcad5f4928a0e9c4786 ZBX-7091-2.0.8.patch" | ||
174 | sha256sums="c4b94960de0a1d0b20604a08503e9715c15845409368162c1e321040b8e4519a zabbix-2.0.8.tar.gz | 176 | sha256sums="c4b94960de0a1d0b20604a08503e9715c15845409368162c1e321040b8e4519a zabbix-2.0.8.tar.gz |
175 | 3b09a8fdc38216d859022c5966c36f0bcb6984974208cf4c69c17129649efdf5 zabbix_server.conf | 177 | 3b09a8fdc38216d859022c5966c36f0bcb6984974208cf4c69c17129649efdf5 zabbix_server.conf |
176 | 3ae307895c9a7189e29c4ebf7479ce08d4c3bbe1a7f0a3554828170dac417bab zabbix_trapper.conf | 178 | 3ae307895c9a7189e29c4ebf7479ce08d4c3bbe1a7f0a3554828170dac417bab zabbix_trapper.conf |
@@ -181,7 +183,8 @@ sha256sums="c4b94960de0a1d0b20604a08503e9715c15845409368162c1e321040b8e4519a za | |||
181 | 4cd7ab9c6fa95aacab0c1f7b77bad18e9b500feca70b16c866a581775b4ad611 automake.patch | 183 | 4cd7ab9c6fa95aacab0c1f7b77bad18e9b500feca70b16c866a581775b4ad611 automake.patch |
182 | f4e18cca40cd7299140aec3077cf39429487860094d7f5d88d76d8e040dca9b8 zabbix-server.initd | 184 | f4e18cca40cd7299140aec3077cf39429487860094d7f5d88d76d8e040dca9b8 zabbix-server.initd |
183 | 4f93c4868726a3e8fed12a030cfce8911f105217a59187d6b3e1565d8d3e76b5 zabbix-agentd.initd | 185 | 4f93c4868726a3e8fed12a030cfce8911f105217a59187d6b3e1565d8d3e76b5 zabbix-agentd.initd |
184 | 60a01c08df054a0c1bcfb71e378544b4c4e489e6a6779d96383387ed34ddc0b0 zabbix-proxy.initd" | 186 | 60a01c08df054a0c1bcfb71e378544b4c4e489e6a6779d96383387ed34ddc0b0 zabbix-proxy.initd |
187 | ae8f91f846f8a84d926c0bfe81ad6c4f8203a28efeb0b040b6fef32cfc0022fa ZBX-7091-2.0.8.patch" | ||
185 | sha512sums="5a65c7fcce33d98a0f441798ca83f16bb6ed31b8a1b025f39c4003a0906c148ed5ff9db41aec591f053083b6bacd3ea1a1c8b96c007c44da092bfa179693e403 zabbix-2.0.8.tar.gz | 188 | sha512sums="5a65c7fcce33d98a0f441798ca83f16bb6ed31b8a1b025f39c4003a0906c148ed5ff9db41aec591f053083b6bacd3ea1a1c8b96c007c44da092bfa179693e403 zabbix-2.0.8.tar.gz |
186 | 3170d56a61871e6efadf705c19f864fdecf9420c4263f2a1129245b3b55bd730d1ba5a6a26ea866fc7842c86f7745e51ea28878bb9e9267ed9176499cb75e8bb zabbix_server.conf | 189 | 3170d56a61871e6efadf705c19f864fdecf9420c4263f2a1129245b3b55bd730d1ba5a6a26ea866fc7842c86f7745e51ea28878bb9e9267ed9176499cb75e8bb zabbix_server.conf |
187 | cd08d907838de646f65316950e8c71deae25be1701e0cc22e5fd2f636c21ef2365a537d247277bafb694cae8c5dbd22eb725c1647797ad3e4ac4b3df2084ef07 zabbix_trapper.conf | 190 | cd08d907838de646f65316950e8c71deae25be1701e0cc22e5fd2f636c21ef2365a537d247277bafb694cae8c5dbd22eb725c1647797ad3e4ac4b3df2084ef07 zabbix_trapper.conf |
@@ -192,4 +195,5 @@ a2d8d52bacd353363c22f89ca26deffdec722144dab4899987ef4b8479d0b0722007bf3e97f75403 | |||
192 | 7aa59336e92d83eddff4bc18038820cfc25dc50f45327a2c0a6aa0e360fa742c9724d25e84152e3a14193c88ea5d6e66fdb99f2900c0bf8199cb2adf9e143415 automake.patch | 195 | 7aa59336e92d83eddff4bc18038820cfc25dc50f45327a2c0a6aa0e360fa742c9724d25e84152e3a14193c88ea5d6e66fdb99f2900c0bf8199cb2adf9e143415 automake.patch |
193 | af0853d8c5a8b33399b87e7958a7ffd692fe18005dcc43af5f58e0fdf6bbee3dd66ec77a3840ae5e526a4c445b04425071f6796d726ff923aba9d3a78ca3c022 zabbix-server.initd | 196 | af0853d8c5a8b33399b87e7958a7ffd692fe18005dcc43af5f58e0fdf6bbee3dd66ec77a3840ae5e526a4c445b04425071f6796d726ff923aba9d3a78ca3c022 zabbix-server.initd |
194 | 3ef0fe0c1c94f2f01a0c335a45ee0f3c0cd4b125d96b5eefa869a17efb352087a5dd18ef8e87c35e6816b6fb705b829f0a25452e7285637d3595ff4c103b7c21 zabbix-agentd.initd | 197 | 3ef0fe0c1c94f2f01a0c335a45ee0f3c0cd4b125d96b5eefa869a17efb352087a5dd18ef8e87c35e6816b6fb705b829f0a25452e7285637d3595ff4c103b7c21 zabbix-agentd.initd |
195 | b305ea06641c6a331273f065a4a85fac92c45e107a30e85cb41be4ea36e2efbf5442c69cc6605ea3734a851808f7abba20042058d4b07832d858cdb63e98d405 zabbix-proxy.initd" | 198 | b305ea06641c6a331273f065a4a85fac92c45e107a30e85cb41be4ea36e2efbf5442c69cc6605ea3734a851808f7abba20042058d4b07832d858cdb63e98d405 zabbix-proxy.initd |
199 | cd960187bf234b14fd612ff3b4357ce5b1b094a9498e58a735309136b04a7f5076a8ff251edf47ede7d663d3d0fbd1e36c9c99e647dab598f4bedc634e17e24a ZBX-7091-2.0.8.patch" | ||
diff --git a/main/zabbix/ZBX-7091-2.0.8.patch b/main/zabbix/ZBX-7091-2.0.8.patch new file mode 100644 index 0000000000..b4a2c63cd2 --- /dev/null +++ b/main/zabbix/ZBX-7091-2.0.8.patch | |||
@@ -0,0 +1,2021 @@ | |||
1 | Index: frontends/php/api/classes/CGraphItem.php | ||
2 | =================================================================== | ||
3 | --- ./frontends/php/api/classes/CGraphItem.php (revision 38884) | ||
4 | +++ ./frontends/php/api/classes/CGraphItem.php (working copy) | ||
5 | @@ -119,7 +119,7 @@ | ||
6 | |||
7 | // type | ||
8 | if (!is_null($options['type'] )) { | ||
9 | - $sqlParts['where'][] = 'gi.type='.$options['type']; | ||
10 | + $sqlParts['where'][] = 'gi.type='.zbx_dbstr($options['type']); | ||
11 | } | ||
12 | |||
13 | // output | ||
14 | @@ -254,8 +254,8 @@ | ||
15 | $dbRes = DBselect( | ||
16 | 'SELECT gi.gitemid'. | ||
17 | ' FROM graphs_items gi'. | ||
18 | - ' WHERE gi.itemid='.$gitemData['itemid']. | ||
19 | - ' AND gi.graphid='.$gitemData['graphid'] | ||
20 | + ' WHERE gi.itemid='.zbx_dbstr($gitemData['itemid']). | ||
21 | + ' AND gi.graphid='.zbx_dbstr($gitemData['graphid']) | ||
22 | ); | ||
23 | while ($gitem = DBfetch($dbRes)) { | ||
24 | $gitemids[$gitem['gitemid']] = $gitem['gitemid']; | ||
25 | Index: frontends/php/api/classes/CEvent.php | ||
26 | =================================================================== | ||
27 | --- ./frontends/php/api/classes/CEvent.php (revision 38884) | ||
28 | +++ ./frontends/php/api/classes/CEvent.php (working copy) | ||
29 | @@ -232,12 +232,12 @@ | ||
30 | |||
31 | // object | ||
32 | if (!is_null($options['object'])) { | ||
33 | - $sqlParts['where']['o'] = 'e.object='.$options['object']; | ||
34 | + $sqlParts['where']['o'] = 'e.object='.zbx_dbstr($options['object']); | ||
35 | } | ||
36 | |||
37 | // source | ||
38 | if (!is_null($options['source'])) { | ||
39 | - $sqlParts['where'][] = 'e.source='.$options['source']; | ||
40 | + $sqlParts['where'][] = 'e.source='.zbx_dbstr($options['source']); | ||
41 | } | ||
42 | |||
43 | // acknowledged | ||
44 | @@ -255,22 +255,22 @@ | ||
45 | |||
46 | // time_from | ||
47 | if (!is_null($options['time_from'])) { | ||
48 | - $sqlParts['where'][] = 'e.clock>='.$options['time_from']; | ||
49 | + $sqlParts['where'][] = 'e.clock>='.zbx_dbstr($options['time_from']); | ||
50 | } | ||
51 | |||
52 | // time_till | ||
53 | if (!is_null($options['time_till'])) { | ||
54 | - $sqlParts['where'][] = 'e.clock<='.$options['time_till']; | ||
55 | + $sqlParts['where'][] = 'e.clock<='.zbx_dbstr($options['time_till']); | ||
56 | } | ||
57 | |||
58 | // eventid_from | ||
59 | if (!is_null($options['eventid_from'])) { | ||
60 | - $sqlParts['where'][] = 'e.eventid>='.$options['eventid_from']; | ||
61 | + $sqlParts['where'][] = 'e.eventid>='.zbx_dbstr($options['eventid_from']); | ||
62 | } | ||
63 | |||
64 | // eventid_till | ||
65 | if (!is_null($options['eventid_till'])) { | ||
66 | - $sqlParts['where'][] = 'e.eventid<='.$options['eventid_till']; | ||
67 | + $sqlParts['where'][] = 'e.eventid<='.zbx_dbstr($options['eventid_till']); | ||
68 | } | ||
69 | |||
70 | // value | ||
71 | Index: frontends/php/api/classes/CGraphPrototype.php | ||
72 | =================================================================== | ||
73 | --- ./frontends/php/api/classes/CGraphPrototype.php (revision 38884) | ||
74 | +++ ./frontends/php/api/classes/CGraphPrototype.php (working copy) | ||
75 | @@ -227,7 +227,7 @@ | ||
76 | |||
77 | // type | ||
78 | if (!is_null($options['type'] )) { | ||
79 | - $sqlParts['where'][] = 'g.type='.$options['type']; | ||
80 | + $sqlParts['where'][] = 'g.type='.zbx_dbstr($options['type']); | ||
81 | } | ||
82 | |||
83 | // templated | ||
84 | Index: frontends/php/api/classes/CItemGeneral.php | ||
85 | =================================================================== | ||
86 | --- ./frontends/php/api/classes/CItemGeneral.php (revision 38884) | ||
87 | +++ ./frontends/php/api/classes/CItemGeneral.php (working copy) | ||
88 | @@ -707,7 +707,7 @@ | ||
89 | |||
90 | $sqlWhere = array(); | ||
91 | foreach ($itemKeysByHostId as $hostId => $keys) { | ||
92 | - $sqlWhere[] = '(i.hostid='.$hostId.' AND '.dbConditionString('i.key_', $keys).')'; | ||
93 | + $sqlWhere[] = '(i.hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('i.key_', $keys).')'; | ||
94 | } | ||
95 | |||
96 | if ($sqlWhere) { | ||
97 | Index: frontends/php/api/classes/CHistory.php | ||
98 | =================================================================== | ||
99 | --- ./frontends/php/api/classes/CHistory.php (revision 38884) | ||
100 | +++ ./frontends/php/api/classes/CHistory.php (working copy) | ||
101 | @@ -169,13 +169,13 @@ | ||
102 | // time_from | ||
103 | if (!is_null($options['time_from'])) { | ||
104 | $sqlParts['select']['clock'] = 'h.clock'; | ||
105 | - $sqlParts['where']['clock_from'] = 'h.clock>='.$options['time_from']; | ||
106 | + $sqlParts['where']['clock_from'] = 'h.clock>='.zbx_dbstr($options['time_from']); | ||
107 | } | ||
108 | |||
109 | // time_till | ||
110 | if (!is_null($options['time_till'])) { | ||
111 | $sqlParts['select']['clock'] = 'h.clock'; | ||
112 | - $sqlParts['where']['clock_till'] = 'h.clock<='.$options['time_till']; | ||
113 | + $sqlParts['where']['clock_till'] = 'h.clock<='.zbx_dbstr($options['time_till']); | ||
114 | } | ||
115 | |||
116 | // filter | ||
117 | Index: frontends/php/api/classes/CTrigger.php | ||
118 | =================================================================== | ||
119 | --- ./frontends/php/api/classes/CTrigger.php (revision 38884) | ||
120 | +++ ./frontends/php/api/classes/CTrigger.php (working copy) | ||
121 | @@ -321,12 +321,12 @@ | ||
122 | |||
123 | // lastChangeSince | ||
124 | if (!is_null($options['lastChangeSince'])) { | ||
125 | - $sqlParts['where']['lastchangesince'] = 't.lastchange>'.$options['lastChangeSince']; | ||
126 | + $sqlParts['where']['lastchangesince'] = 't.lastchange>'.zbx_dbstr($options['lastChangeSince']); | ||
127 | } | ||
128 | |||
129 | // lastChangeTill | ||
130 | if (!is_null($options['lastChangeTill'])) { | ||
131 | - $sqlParts['where']['lastchangetill'] = 't.lastchange<'.$options['lastChangeTill']; | ||
132 | + $sqlParts['where']['lastchangetill'] = 't.lastchange<'.zbx_dbstr($options['lastChangeTill']); | ||
133 | } | ||
134 | |||
135 | // withUnacknowledgedEvents | ||
136 | @@ -466,7 +466,7 @@ | ||
137 | |||
138 | // min_severity | ||
139 | if (!is_null($options['min_severity'])) { | ||
140 | - $sqlParts['where'][] = 't.priority>='.$options['min_severity']; | ||
141 | + $sqlParts['where'][] = 't.priority>='.zbx_dbstr($options['min_severity']); | ||
142 | } | ||
143 | |||
144 | // output | ||
145 | Index: frontends/php/api/classes/CScript.php | ||
146 | =================================================================== | ||
147 | --- ./frontends/php/api/classes/CScript.php (revision 38884) | ||
148 | +++ ./frontends/php/api/classes/CScript.php (working copy) | ||
149 | @@ -114,7 +114,7 @@ | ||
150 | $sqlParts['from']['hosts_groups'] = 'hosts_groups hg'; | ||
151 | $sqlParts['where'][] = 'hg.groupid=r.id'; | ||
152 | $sqlParts['where'][] = 'r.groupid=ug.usrgrpid'; | ||
153 | - $sqlParts['where'][] = 'ug.userid='.$userid; | ||
154 | + $sqlParts['where'][] = 'ug.userid='.zbx_dbstr($userid); | ||
155 | $sqlParts['where'][] = '(hg.groupid=s.groupid OR s.groupid IS NULL)'; | ||
156 | $sqlParts['where'][] = '(ug.usrgrpid=s.usrgrpid OR s.usrgrpid IS NULL)'; | ||
157 | } | ||
158 | @@ -265,7 +265,7 @@ | ||
159 | 'SELECT s.scriptid'. | ||
160 | ' FROM scripts s'. | ||
161 | ' WHERE '.DBin_node('s.scriptid'). | ||
162 | - ' AND s.name='.$script['name'] | ||
163 | + ' AND s.name='.zbx_dbstr($script['name']) | ||
164 | ); | ||
165 | while ($script = DBfetch($dbScripts)) { | ||
166 | $scriptids[$script['scriptid']] = $script['scriptid']; | ||
167 | Index: frontends/php/api/classes/CTemplate.php | ||
168 | =================================================================== | ||
169 | --- ./frontends/php/api/classes/CTemplate.php (revision 38884) | ||
170 | +++ ./frontends/php/api/classes/CTemplate.php (working copy) | ||
171 | @@ -1021,7 +1021,7 @@ | ||
172 | |||
173 | foreach ($template['groups'] as $group) { | ||
174 | $hostgroupid = get_dbid('hosts_groups', 'hostgroupid'); | ||
175 | - $result = DBexecute("INSERT INTO hosts_groups (hostgroupid, hostid, groupid) VALUES ($hostgroupid, $templateid, {$group['groupid']})"); | ||
176 | + $result = DBexecute('INSERT INTO hosts_groups (hostgroupid,hostid,groupid) VALUES ('.zbx_dbstr($hostgroupid).','.zbx_dbstr($templateid).','.zbx_dbstr($group['groupid']).')'); | ||
177 | if (!$result) { | ||
178 | self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror'); | ||
179 | } | ||
180 | Index: frontends/php/api/classes/CHostGeneral.php | ||
181 | =================================================================== | ||
182 | --- ./frontends/php/api/classes/CHostGeneral.php (revision 38884) | ||
183 | +++ ./frontends/php/api/classes/CHostGeneral.php (working copy) | ||
184 | @@ -261,7 +261,7 @@ | ||
185 | continue; | ||
186 | } | ||
187 | |||
188 | - $values = array(get_dbid('hosts_templates', 'hosttemplateid'), $targetid, $templateid); | ||
189 | + $values = array(get_dbid('hosts_templates', 'hosttemplateid'), zbx_dbstr($targetid), zbx_dbstr($templateid)); | ||
190 | $sql = 'INSERT INTO hosts_templates VALUES ('.implode(', ', $values).')'; | ||
191 | $result = DBexecute($sql); | ||
192 | |||
193 | Index: frontends/php/api/classes/CUser.php | ||
194 | =================================================================== | ||
195 | --- ./frontends/php/api/classes/CUser.php (revision 38884) | ||
196 | +++ ./frontends/php/api/classes/CUser.php (working copy) | ||
197 | @@ -507,7 +507,8 @@ | ||
198 | $usrgrps = zbx_objectValues($user['usrgrps'], 'usrgrpid'); | ||
199 | foreach ($usrgrps as $groupid) { | ||
200 | $usersGroupdId = get_dbid('users_groups', 'id'); | ||
201 | - $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$usersGroupdId.','.$groupid.','.$userid.')'; | ||
202 | + $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.zbx_dbstr($usersGroupdId).','.zbx_dbstr($groupid).','.zbx_dbstr($userid).')'; | ||
203 | + | ||
204 | if (!DBexecute($sql)) { | ||
205 | self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror'); | ||
206 | } | ||
207 | @@ -516,8 +517,8 @@ | ||
208 | foreach ($user['user_medias'] as $mediaData) { | ||
209 | $mediaid = get_dbid('media', 'mediaid'); | ||
210 | $sql = 'INSERT INTO media (mediaid,userid,mediatypeid,sendto,active,severity,period)'. | ||
211 | - ' VALUES ('.$mediaid.','.$userid.','.$mediaData['mediatypeid'].','. | ||
212 | - zbx_dbstr($mediaData['sendto']).','.$mediaData['active'].','.$mediaData['severity'].','. | ||
213 | + ' VALUES ('.zbx_dbstr($mediaid).','.zbx_dbstr($userid).','.zbx_dbstr($mediaData['mediatypeid']).','. | ||
214 | + zbx_dbstr($mediaData['sendto']).','.zbx_dbstr($mediaData['active']).','.zbx_dbstr($mediaData['severity']).','. | ||
215 | zbx_dbstr($mediaData['period']).')'; | ||
216 | if (!DBexecute($sql)) { | ||
217 | self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror'); | ||
218 | @@ -577,10 +578,10 @@ | ||
219 | $newUsrgrpids = zbx_objectValues($user['usrgrps'], 'usrgrpid'); | ||
220 | |||
221 | // deleting all relations with groups, but not touching those, where user still must be after update | ||
222 | - DBexecute('DELETE FROM users_groups WHERE userid='.$user['userid'].' AND '.dbConditionInt('usrgrpid', $newUsrgrpids, true)); | ||
223 | + DBexecute('DELETE FROM users_groups WHERE userid='.zbx_dbstr($user['userid']).' AND '.dbConditionInt('usrgrpid', $newUsrgrpids, true)); | ||
224 | |||
225 | // getting the list of groups user is currently in | ||
226 | - $dbGroupsUserIn = DBSelect('SELECT usrgrpid FROM users_groups WHERE userid='.$user['userid']); | ||
227 | + $dbGroupsUserIn = DBSelect('SELECT usrgrpid FROM users_groups WHERE userid='.zbx_dbstr($user['userid'])); | ||
228 | $groupsUserIn = array(); | ||
229 | while ($grp = DBfetch($dbGroupsUserIn)) { | ||
230 | $groupsUserIn[$grp['usrgrpid']] = $grp['usrgrpid']; | ||
231 | @@ -598,7 +599,7 @@ | ||
232 | } | ||
233 | |||
234 | $usersGroupdId = get_dbid('users_groups', 'id'); | ||
235 | - $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$usersGroupdId.','.$groupid.','.$user['userid'].')'; | ||
236 | + $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.zbx_dbstr($usersGroupdId).','.zbx_dbstr($groupid).','.zbx_dbstr($user['userid']).')'; | ||
237 | |||
238 | if (!DBexecute($sql)) { | ||
239 | self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror'); | ||
240 | @@ -696,8 +697,8 @@ | ||
241 | $mediaid = get_dbid('media', 'mediaid'); | ||
242 | |||
243 | $sql = 'INSERT INTO media (mediaid,userid,mediatypeid,sendto,active,severity,period)'. | ||
244 | - ' VALUES ('.$mediaid.','.$user['userid'].','.$media['mediatypeid'].','. | ||
245 | - zbx_dbstr($media['sendto']).','.$media['active'].','.$media['severity'].','. | ||
246 | + ' VALUES ('.zbx_dbstr($mediaid).','.zbx_dbstr($user['userid']).','.zbx_dbstr($media['mediatypeid']).','. | ||
247 | + zbx_dbstr($media['sendto']).','.zbx_dbstr($media['active']).','.zbx_dbstr($media['severity']).','. | ||
248 | zbx_dbstr($media['period']).')'; | ||
249 | if (!DBexecute($sql)) { | ||
250 | self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror'); | ||
251 | @@ -796,12 +797,12 @@ | ||
252 | |||
253 | $result = DBexecute( | ||
254 | 'UPDATE media'. | ||
255 | - ' SET mediatypeid='.$media['mediatypeid'].','. | ||
256 | + ' SET mediatypeid='.zbx_dbstr($media['mediatypeid']).','. | ||
257 | ' sendto='.zbx_dbstr($media['sendto']).','. | ||
258 | - ' active='.$media['active'].','. | ||
259 | - ' severity='.$media['severity'].','. | ||
260 | + ' active='.zbx_dbstr($media['active']).','. | ||
261 | + ' severity='.zbx_dbstr($media['severity']).','. | ||
262 | ' period='.zbx_dbstr($media['period']). | ||
263 | - ' WHERE mediaid='.$media['mediaid'] | ||
264 | + ' WHERE mediaid='.zbx_dbstr($media['mediaid']) | ||
265 | ); | ||
266 | if (!$result) { | ||
267 | self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot update user media.')); | ||
268 | @@ -927,7 +928,7 @@ | ||
269 | $dbAccess = DBfetch(DBselect( | ||
270 | 'SELECT MAX(g.gui_access) AS gui_access'. | ||
271 | ' FROM usrgrp g,users_groups ug'. | ||
272 | - ' WHERE ug.userid='.$userInfo['userid']. | ||
273 | + ' WHERE ug.userid='.zbx_dbstr($userInfo['userid']). | ||
274 | ' AND g.usrgrpid=ug.usrgrpid' | ||
275 | )); | ||
276 | if (!zbx_empty($dbAccess['gui_access'])) { | ||
277 | @@ -968,7 +969,7 @@ | ||
278 | |||
279 | DBexecute( | ||
280 | 'UPDATE users'. | ||
281 | - ' SET attempt_failed='.$userInfo['attempt_failed'].','. | ||
282 | + ' SET attempt_failed='.zbx_dbstr($userInfo['attempt_failed']).','. | ||
283 | ' attempt_clock='.time().','. | ||
284 | ' attempt_ip='.zbx_dbstr($ip). | ||
285 | ' WHERE userid='.$userInfo['userid'] | ||
286 | @@ -980,7 +981,7 @@ | ||
287 | |||
288 | // start session | ||
289 | $sessionid = md5(time().$password.$name.rand(0, 10000000)); | ||
290 | - DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status) VALUES ('.zbx_dbstr($sessionid).','.$userInfo['userid'].','.time().','.ZBX_SESSION_ACTIVE.')'); | ||
291 | + DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status) VALUES ('.zbx_dbstr($sessionid).','.zbx_dbstr($userInfo['userid']).','.time().','.ZBX_SESSION_ACTIVE.')'); | ||
292 | |||
293 | add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, _s('Correct login "%s".', $name)); | ||
294 | |||
295 | @@ -990,7 +991,7 @@ | ||
296 | $userData['userid'] = $userInfo['userid']; | ||
297 | |||
298 | if ($userInfo['attempt_failed']) { | ||
299 | - DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.$userInfo['userid']); | ||
300 | + DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($userInfo['userid'])); | ||
301 | } | ||
302 | |||
303 | CWebUser::$data = self::$userData = $userData; | ||
304 | @@ -1035,16 +1036,16 @@ | ||
305 | } | ||
306 | |||
307 | if ($userInfo['autologout'] > 0) { | ||
308 | - DBexecute('DELETE FROM sessions WHERE userid='.$userInfo['userid'].' AND lastaccess<'.(time() - $userInfo['autologout'])); | ||
309 | + DBexecute('DELETE FROM sessions WHERE userid='.zbx_dbstr($userInfo['userid']).' AND lastaccess<'.(time() - $userInfo['autologout'])); | ||
310 | } | ||
311 | |||
312 | - DBexecute('UPDATE sessions SET lastaccess='.time().' WHERE userid='.$userInfo['userid'].' AND sessionid='.zbx_dbstr($sessionid)); | ||
313 | + DBexecute('UPDATE sessions SET lastaccess='.time().' WHERE userid='.zbx_dbstr($userInfo['userid']).' AND sessionid='.zbx_dbstr($sessionid)); | ||
314 | } | ||
315 | |||
316 | $dbAccess = DBfetch(DBselect( | ||
317 | 'SELECT MAX(g.gui_access) AS gui_access'. | ||
318 | ' FROM usrgrp g,users_groups ug'. | ||
319 | - ' WHERE ug.userid='.$userInfo['userid']. | ||
320 | + ' WHERE ug.userid='.zbx_dbstr($userInfo['userid']). | ||
321 | ' AND g.usrgrpid=ug.usrgrpid' | ||
322 | )); | ||
323 | if (!zbx_empty($dbAccess['gui_access'])) { | ||
324 | @@ -1070,13 +1071,13 @@ | ||
325 | 'SELECT u.userid,u.alias,u.name,u.surname,u.url,u.autologin,u.autologout,u.lang,u.refresh,u.type,'. | ||
326 | ' u.theme,u.attempt_failed,u.attempt_ip,u.attempt_clock,u.rows_per_page'. | ||
327 | ' FROM users u'. | ||
328 | - ' WHERE u.userid='.$userid | ||
329 | + ' WHERE u.userid='.zbx_dbstr($userid) | ||
330 | )); | ||
331 | |||
332 | $userData['debug_mode'] = (bool) DBfetch(DBselect( | ||
333 | 'SELECT ug.userid'. | ||
334 | ' FROM usrgrp g,users_groups ug'. | ||
335 | - ' WHERE ug.userid='.$userid. | ||
336 | + ' WHERE ug.userid='.zbx_dbstr($userid). | ||
337 | ' AND g.usrgrpid=ug.usrgrpid'. | ||
338 | ' AND g.debug_mode='.GROUP_DEBUG_MODE_ENABLED | ||
339 | )); | ||
340 | Index: frontends/php/api/classes/CImage.php | ||
341 | =================================================================== | ||
342 | --- ./frontends/php/api/classes/CImage.php (revision 38884) | ||
343 | +++ ./frontends/php/api/classes/CImage.php (working copy) | ||
344 | @@ -314,9 +314,9 @@ | ||
345 | |||
346 | $imageid = get_dbid('images', 'imageid'); | ||
347 | $values = array( | ||
348 | - 'imageid' => $imageid, | ||
349 | + 'imageid' => zbx_dbstr($imageid), | ||
350 | 'name' => zbx_dbstr($image['name']), | ||
351 | - 'imagetype' => $image['imagetype'], | ||
352 | + 'imagetype' => zbx_dbstr($image['imagetype']) | ||
353 | ); | ||
354 | |||
355 | switch ($DB['TYPE']) { | ||
356 | @@ -423,7 +423,7 @@ | ||
357 | |||
358 | $values = array(); | ||
359 | if (isset($image['name'])) $values['name'] = zbx_dbstr($image['name']); | ||
360 | - if (isset($image['imagetype'])) $values['imagetype'] = $image['imagetype']; | ||
361 | + if (isset($image['imagetype'])) $values['imagetype'] = zbx_dbstr($image['imagetype']); | ||
362 | |||
363 | if (isset($image['image'])) { | ||
364 | // decode BASE64 | ||
365 | @@ -443,7 +443,7 @@ | ||
366 | $values['image'] = zbx_dbstr($image['image']); | ||
367 | break; | ||
368 | case ZBX_DB_ORACLE: | ||
369 | - $sql = 'SELECT image FROM images WHERE imageid = '.$image['imageid'].' FOR UPDATE'; | ||
370 | + $sql = 'SELECT image FROM images WHERE imageid = '.zbx_dbstr($image['imageid']).' FOR UPDATE'; | ||
371 | |||
372 | if (!$stmt = oci_parse($DB['DB'], $sql)) { | ||
373 | $e = oci_error($DB['DB']); | ||
374 | @@ -464,7 +464,7 @@ | ||
375 | $row['IMAGE']->free(); | ||
376 | break; | ||
377 | case ZBX_DB_DB2: | ||
378 | - $stmt = db2_prepare($DB['DB'], 'UPDATE images SET image=? WHERE imageid='.$image['imageid']); | ||
379 | + $stmt = db2_prepare($DB['DB'], 'UPDATE images SET image=? WHERE imageid='.zbx_dbstr($image['imageid'])); | ||
380 | |||
381 | if (!$stmt) { | ||
382 | self::exception(ZBX_API_ERROR_PARAMETERS, db2_conn_errormsg($DB['DB'])); | ||
383 | @@ -486,7 +486,7 @@ | ||
384 | foreach ($values as $field => $value) { | ||
385 | $sqlUpd[] = $field.'='.$value; | ||
386 | } | ||
387 | - $sql = 'UPDATE images SET '.implode(', ', $sqlUpd).' WHERE imageid='.$image['imageid']; | ||
388 | + $sql = 'UPDATE images SET '.implode(', ', $sqlUpd).' WHERE imageid='.zbx_dbstr($image['imageid']); | ||
389 | $result = DBexecute($sql); | ||
390 | |||
391 | if (!$result) { | ||
392 | Index: frontends/php/api/classes/CMapElement.php | ||
393 | =================================================================== | ||
394 | --- ./frontends/php/api/classes/CMapElement.php (revision 38884) | ||
395 | +++ ./frontends/php/api/classes/CMapElement.php (working copy) | ||
396 | @@ -586,7 +586,7 @@ | ||
397 | |||
398 | $sql = 'SELECT elementid, elementtype '. | ||
399 | ' FROM sysmaps_elements '. | ||
400 | - ' WHERE sysmapid='.$elementid . | ||
401 | + ' WHERE sysmapid='.zbx_dbstr($elementid) . | ||
402 | ' AND elementtype='.SYSMAP_ELEMENT_TYPE_MAP; | ||
403 | $dbElements = DBselect($sql); | ||
404 | |||
405 | Index: frontends/php/api/classes/CTriggerPrototype.php | ||
406 | =================================================================== | ||
407 | --- ./frontends/php/api/classes/CTriggerPrototype.php (revision 38884) | ||
408 | +++ ./frontends/php/api/classes/CTriggerPrototype.php (working copy) | ||
409 | @@ -423,7 +423,7 @@ | ||
410 | |||
411 | // min_severity | ||
412 | if (!is_null($options['min_severity'])) { | ||
413 | - $sqlParts['where'][] = 't.priority>='.$options['min_severity']; | ||
414 | + $sqlParts['where'][] = 't.priority>='.zbx_dbstr($options['min_severity']); | ||
415 | } | ||
416 | |||
417 | // output | ||
418 | Index: frontends/php/api/classes/CUserGroup.php | ||
419 | =================================================================== | ||
420 | --- ./frontends/php/api/classes/CUserGroup.php (revision 38884) | ||
421 | +++ ./frontends/php/api/classes/CUserGroup.php (working copy) | ||
422 | @@ -144,7 +144,7 @@ | ||
423 | |||
424 | // status | ||
425 | if (!is_null($options['status'])) { | ||
426 | - $sqlParts['where'][] = 'g.users_status='.$options['status']; | ||
427 | + $sqlParts['where'][] = 'g.users_status='.zbx_dbstr($options['status']); | ||
428 | } | ||
429 | |||
430 | // with_gui_access | ||
431 | Index: frontends/php/api/classes/CGraph.php | ||
432 | =================================================================== | ||
433 | --- ./frontends/php/api/classes/CGraph.php (revision 38884) | ||
434 | +++ ./frontends/php/api/classes/CGraph.php (working copy) | ||
435 | @@ -209,7 +209,7 @@ | ||
436 | |||
437 | // type | ||
438 | if (!is_null($options['type'])) { | ||
439 | - $sqlParts['where'][] = 'g.type='.$options['type']; | ||
440 | + $sqlParts['where'][] = 'g.type='.zbx_dbstr($options['type']); | ||
441 | } | ||
442 | |||
443 | // templated | ||
444 | Index: frontends/php/api/classes/CApplication.php | ||
445 | =================================================================== | ||
446 | --- ./frontends/php/api/classes/CApplication.php (revision 38884) | ||
447 | +++ ./frontends/php/api/classes/CApplication.php (working copy) | ||
448 | @@ -719,7 +719,7 @@ | ||
449 | DB::insert('items_applications', $appsInsert); | ||
450 | |||
451 | foreach ($itemids as $inum => $itemid) { | ||
452 | - $dbChilds = DBselect('SELECT i.itemid,i.hostid FROM items i WHERE i.templateid='.$itemid); | ||
453 | + $dbChilds = DBselect('SELECT i.itemid,i.hostid FROM items i WHERE i.templateid='.zbx_dbstr($itemid)); | ||
454 | while ($child = DBfetch($dbChilds)) { | ||
455 | $dbApps = DBselect( | ||
456 | 'SELECT a1.applicationid'. | ||
457 | Index: frontends/php/api/classes/CAlert.php | ||
458 | =================================================================== | ||
459 | --- ./frontends/php/api/classes/CAlert.php (revision 38884) | ||
460 | +++ ./frontends/php/api/classes/CAlert.php (working copy) | ||
461 | @@ -237,12 +237,12 @@ | ||
462 | |||
463 | // time_from | ||
464 | if (!is_null($options['time_from'])) { | ||
465 | - $sqlParts['where'][] = 'a.clock>'.$options['time_from']; | ||
466 | + $sqlParts['where'][] = 'a.clock>'.zbx_dbstr($options['time_from']); | ||
467 | } | ||
468 | |||
469 | // time_till | ||
470 | if (!is_null($options['time_till'])) { | ||
471 | - $sqlParts['where'][] = 'a.clock<'.$options['time_till']; | ||
472 | + $sqlParts['where'][] = 'a.clock<'.zbx_dbstr($options['time_till']); | ||
473 | } | ||
474 | |||
475 | // output | ||
476 | Index: frontends/php/api/classes/CWebCheck.php | ||
477 | =================================================================== | ||
478 | --- ./frontends/php/api/classes/CWebCheck.php (revision 38884) | ||
479 | +++ ./frontends/php/api/classes/CWebCheck.php (working copy) | ||
480 | @@ -347,7 +347,7 @@ | ||
481 | $dbCheckItems = DBselect( | ||
482 | 'SELECT i.itemid,hi.type'. | ||
483 | ' FROM items i,httptestitem hi'. | ||
484 | - ' WHERE hi.httptestid='.$httpTest['httptestid']. | ||
485 | + ' WHERE hi.httptestid='.zbx_dbstr($httpTest['httptestid']). | ||
486 | ' AND hi.itemid=i.itemid' | ||
487 | ); | ||
488 | while ($checkitem = DBfetch($dbCheckItems)) { | ||
489 | @@ -696,7 +696,7 @@ | ||
490 | |||
491 | $sql = 'SELECT h.httpstepid,h.name'. | ||
492 | ' FROM httpstep h'. | ||
493 | - ' WHERE h.httptestid='.$httpTest['httptestid']. | ||
494 | + ' WHERE h.httptestid='.zbx_dbstr($httpTest['httptestid']). | ||
495 | ' AND '.dbConditionString('h.name', $webstepsNames); | ||
496 | if ($httpstepData = DBfetch(DBselect($sql))) { | ||
497 | self::exception(ZBX_API_ERROR_PARAMETERS, _s('Step "%s" already exists.', $httpstepData['name'])); | ||
498 | @@ -820,7 +820,7 @@ | ||
499 | $dbStepItems = DBselect( | ||
500 | 'SELECT i.itemid,hi.type'. | ||
501 | ' FROM items i,httpstepitem hi'. | ||
502 | - ' WHERE hi.httpstepid='.$webstep['webstepid']. | ||
503 | + ' WHERE hi.httpstepid='.zbx_dbstr($webstep['webstepid']). | ||
504 | ' AND hi.itemid=i.itemid' | ||
505 | ); | ||
506 | while ($stepitem = DBfetch($dbStepItems)) { | ||
507 | Index: frontends/php/api/classes/CTemplateScreen.php | ||
508 | =================================================================== | ||
509 | --- ./frontends/php/api/classes/CTemplateScreen.php (revision 38884) | ||
510 | +++ ./frontends/php/api/classes/CTemplateScreen.php (working copy) | ||
511 | @@ -618,7 +618,7 @@ | ||
512 | 'SELECT src.itemid as srcid,dest.itemid as destid'. | ||
513 | ' FROM items dest,items src'. | ||
514 | ' WHERE dest.key_=src.key_'. | ||
515 | - ' AND dest.hostid='.$templateId. | ||
516 | + ' AND dest.hostid='.zbx_dbstr($templateId). | ||
517 | ' AND '.dbConditionInt('src.itemid', $resourceItemIds) | ||
518 | ); | ||
519 | while ($dbItem = DBfetch($dbItems)) { | ||
520 | @@ -633,7 +633,7 @@ | ||
521 | ' WHERE dest.name=src.name'. | ||
522 | ' AND destgi.graphid=dest.graphid'. | ||
523 | ' AND destgi.itemid=desti.itemid'. | ||
524 | - ' AND desti.hostid='.$templateId. | ||
525 | + ' AND desti.hostid='.zbx_dbstr($templateId). | ||
526 | ' AND '.dbConditionInt('src.graphid', $resourceGraphIds) | ||
527 | ); | ||
528 | while ($dbItem = DBfetch($dbItems)) { | ||
529 | Index: frontends/php/include/items.inc.php | ||
530 | =================================================================== | ||
531 | --- ./frontends/php/include/items.inc.php (revision 38884) | ||
532 | +++ ./frontends/php/include/items.inc.php (working copy) | ||
533 | @@ -224,7 +224,7 @@ | ||
534 | while ($item = DBfetch($db_items)) { | ||
535 | $old_status = $item['status']; | ||
536 | if ($status != $old_status) { | ||
537 | - $result &= DBexecute('UPDATE items SET status='.$status. | ||
538 | + $result &= DBexecute('UPDATE items SET status='.zbx_dbstr($status). | ||
539 | ($status != ITEM_STATUS_NOTSUPPORTED ? ",error=''" : ''). | ||
540 | ' WHERE itemid='.$item['itemid']); | ||
541 | if ($result) { | ||
542 | @@ -420,7 +420,7 @@ | ||
543 | } | ||
544 | |||
545 | function get_item_by_itemid($itemid) { | ||
546 | - $db_items = DBfetch(DBselect('SELECT i.* FROM items i WHERE i.itemid='.$itemid)); | ||
547 | + $db_items = DBfetch(DBselect('SELECT i.* FROM items i WHERE i.itemid='.zbx_dbstr($itemid))); | ||
548 | if ($db_items) { | ||
549 | return $db_items; | ||
550 | } | ||
551 | @@ -436,7 +436,7 @@ | ||
552 | 'i.formula,i.trends,i.logtimefmt,i.valuemapid,i.delay_flex,i.params,i.ipmi_sensor,i.templateid,'. | ||
553 | 'i.authtype,i.username,i.password,i.publickey,i.privatekey,i.flags,i.filter,i.description,i.inventory_link'. | ||
554 | ' FROM items i'. | ||
555 | - ' WHERE i.itemid='.$itemid)); | ||
556 | + ' WHERE i.itemid='.zbx_dbstr($itemid))); | ||
557 | if ($row) { | ||
558 | return $row; | ||
559 | } | ||
560 | @@ -469,7 +469,7 @@ | ||
561 | $db_items = DBselect( | ||
562 | 'SELECT src.*'. | ||
563 | ' FROM items src,items dest'. | ||
564 | - ' WHERE dest.itemid='.$itemid. | ||
565 | + ' WHERE dest.itemid='.zbx_dbstr($itemid). | ||
566 | ' AND src.key_=dest.key_'. | ||
567 | ' AND '.dbConditionInt('src.hostid', $dest_hostids) | ||
568 | ); | ||
569 | @@ -838,7 +838,7 @@ | ||
570 | 'SELECT a1.applicationid'. | ||
571 | ' FROM applications a1,applications a2'. | ||
572 | ' WHERE a1.name=a2.name'. | ||
573 | - ' AND a1.hostid='.$hostid. | ||
574 | + ' AND a1.hostid='.zbx_dbstr($hostid). | ||
575 | ' AND '.dbConditionInt('a2.applicationid', $applications) | ||
576 | ); | ||
577 | while ($app = DBfetch($db_apps)) { | ||
578 | @@ -986,9 +986,9 @@ | ||
579 | if ($last == 0) { | ||
580 | $sql = 'SELECT value'. | ||
581 | ' FROM '.$table. | ||
582 | - ' WHERE itemid='.$db_item['itemid']. | ||
583 | - ' AND clock='.$clock. | ||
584 | - ' AND ns='.$ns; | ||
585 | + ' WHERE itemid='.zbx_dbstr($db_item['itemid']). | ||
586 | + ' AND clock='.zbx_dbstr($clock). | ||
587 | + ' AND ns='.zbx_dbstr($ns); | ||
588 | if (null != ($row = DBfetch(DBselect($sql, 1)))) { | ||
589 | $value = $row['value']; | ||
590 | } | ||
591 | @@ -1000,17 +1000,17 @@ | ||
592 | |||
593 | $sql = 'SELECT DISTINCT clock'. | ||
594 | ' FROM '.$table. | ||
595 | - ' WHERE itemid='.$db_item['itemid']. | ||
596 | - ' AND clock='.$clock. | ||
597 | - ' AND ns<'.$ns; | ||
598 | + ' WHERE itemid='.zbx_dbstr($db_item['itemid']). | ||
599 | + ' AND clock='.zbx_dbstr($clock). | ||
600 | + ' AND ns<'.zbx_dbstr($ns); | ||
601 | if (null != ($row = DBfetch(DBselect($sql)))) { | ||
602 | $max_clock = $row['clock']; | ||
603 | } | ||
604 | if ($max_clock == 0) { | ||
605 | $sql = 'SELECT MAX(clock) AS clock'. | ||
606 | ' FROM '.$table. | ||
607 | - ' WHERE itemid='.$db_item['itemid']. | ||
608 | - ' AND clock<'.$clock; | ||
609 | + ' WHERE itemid='.zbx_dbstr($db_item['itemid']). | ||
610 | + ' AND clock<'.zbx_dbstr($clock); | ||
611 | if (null != ($row = DBfetch(DBselect($sql)))) { | ||
612 | $max_clock = $row['clock']; | ||
613 | } | ||
614 | @@ -1022,15 +1022,15 @@ | ||
615 | if ($clock == $max_clock) { | ||
616 | $sql = 'SELECT value'. | ||
617 | ' FROM '.$table. | ||
618 | - ' WHERE itemid='.$db_item['itemid']. | ||
619 | - ' AND clock='.$clock. | ||
620 | - ' AND ns<'.$ns; | ||
621 | + ' WHERE itemid='.zbx_dbstr($db_item['itemid']). | ||
622 | + ' AND clock='.zbx_dbstr($clock). | ||
623 | + ' AND ns<'.zbx_dbstr($ns); | ||
624 | } | ||
625 | else { | ||
626 | $sql = 'SELECT value'. | ||
627 | ' FROM '.$table. | ||
628 | - ' WHERE itemid='.$db_item['itemid']. | ||
629 | - ' AND clock='.$max_clock. | ||
630 | + ' WHERE itemid='.zbx_dbstr($db_item['itemid']). | ||
631 | + ' AND clock='.zbx_dbstr($max_clock). | ||
632 | ' ORDER BY itemid,clock desc,ns desc'; | ||
633 | } | ||
634 | |||
635 | @@ -1039,9 +1039,9 @@ | ||
636 | } | ||
637 | } | ||
638 | else { | ||
639 | - $row = DBfetch(DBselect('SELECT MAX(clock) AS clock FROM '.$table.' WHERE itemid='.$db_item['itemid'])); | ||
640 | + $row = DBfetch(DBselect('SELECT MAX(clock) AS clock FROM '.$table.' WHERE itemid='.zbx_dbstr($db_item['itemid']))); | ||
641 | if (!empty($row['clock'])) { | ||
642 | - $row = DBfetch(DBselect('SELECT value FROM '.$table.' WHERE itemid='.$db_item['itemid'].' AND clock='.$row['clock'].' ORDER BY ns DESC', 1)); | ||
643 | + $row = DBfetch(DBselect('SELECT value FROM '.$table.' WHERE itemid='.zbx_dbstr($db_item['itemid']).' AND clock='.zbx_dbstr($row['clock']).' ORDER BY ns DESC', 1)); | ||
644 | if (!empty($row['value'])) { | ||
645 | $value = $row['value']; | ||
646 | } | ||
647 | Index: frontends/php/include/services.inc.php | ||
648 | =================================================================== | ||
649 | --- ./frontends/php/include/services.inc.php (revision 38884) | ||
650 | +++ ./frontends/php/include/services.inc.php (working copy) | ||
651 | @@ -42,7 +42,7 @@ | ||
652 | $result = DBselect( | ||
653 | 'SELECT s.status'. | ||
654 | ' FROM services s,services_links l'. | ||
655 | - ' WHERE l.serviceupid='.$serviceid. | ||
656 | + ' WHERE l.serviceupid='.zbx_dbstr($serviceid). | ||
657 | ' AND s.serviceid=l.servicedownid'. | ||
658 | ' ORDER BY s.status'.$sort_order | ||
659 | ); | ||
660 | @@ -77,7 +77,7 @@ | ||
661 | $result = DBselect( | ||
662 | 'SELECT sl.servicedownid'. | ||
663 | ' FROM services_links sl'. | ||
664 | - ' WHERE sl.serviceupid='.$serviceid. | ||
665 | + ' WHERE sl.serviceupid='.zbx_dbstr($serviceid). | ||
666 | ($soft ? '' : ' AND sl.soft=0') | ||
667 | ); | ||
668 | while ($row = DBfetch($result)) { | ||
669 | @@ -354,7 +354,7 @@ | ||
670 | 'SELECT l.serviceupid,s.algorithm'. | ||
671 | ' FROM services_links l,services s'. | ||
672 | ' WHERE s.serviceid=l.serviceupid'. | ||
673 | - ' AND l.servicedownid='.$serviceid | ||
674 | + ' AND l.servicedownid='.zbx_dbstr($serviceid) | ||
675 | ); | ||
676 | while ($row = DBfetch($result)) { | ||
677 | $serviceupid = $row['serviceupid']; | ||
678 | @@ -363,7 +363,7 @@ | ||
679 | if ($algorithm == SERVICE_ALGORITHM_MAX || $algorithm == SERVICE_ALGORITHM_MIN) { | ||
680 | $status = get_service_status($serviceupid, $algorithm); | ||
681 | add_service_alarm($serviceupid, $status, time()); | ||
682 | - DBexecute('UPDATE services SET status='.$status.' WHERE serviceid='.$serviceupid); | ||
683 | + DBexecute('UPDATE services SET status='.zbx_dbstr($status).' WHERE serviceid='.zbx_dbstr($serviceupid)); | ||
684 | } | ||
685 | elseif ($algorithm != SERVICE_ALGORITHM_NONE) { | ||
686 | error(_('Unknown calculation algorithm of service status').SPACE.'['.$algorithm.']'); | ||
687 | @@ -371,7 +371,7 @@ | ||
688 | } | ||
689 | } | ||
690 | |||
691 | - $result = DBselect('SELECT sl.serviceupid FROM services_links sl WHERE sl.servicedownid='.$serviceid); | ||
692 | + $result = DBselect('SELECT sl.serviceupid FROM services_links sl WHERE sl.servicedownid='.zbx_dbstr($serviceid)); | ||
693 | while ($row = DBfetch($result)) { | ||
694 | $serviceupid = $row['serviceupid']; | ||
695 | update_services_rec($serviceupid); // ATTENTION: recursion!!! | ||
696 | @@ -386,9 +386,9 @@ | ||
697 | * @param $status | ||
698 | */ | ||
699 | function update_services($triggerid, $status) { | ||
700 | - DBexecute('UPDATE services SET status='.$status.' WHERE triggerid='.$triggerid); | ||
701 | + DBexecute('UPDATE services SET status='.zbx_dbstr($status).' WHERE triggerid='.zbx_dbstr($triggerid)); | ||
702 | |||
703 | - $result = DBselect('SELECT s.serviceid FROM services s WHERE s.triggerid='.$triggerid); | ||
704 | + $result = DBselect('SELECT s.serviceid FROM services s WHERE s.triggerid='.zbx_dbstr($triggerid)); | ||
705 | while ($row = DBfetch($result)) { | ||
706 | add_service_alarm($row['serviceid'], $status, time()); | ||
707 | update_services_rec($row['serviceid']); | ||
708 | @@ -415,7 +415,7 @@ | ||
709 | ); | ||
710 | while ($row = DBfetch($result)) { | ||
711 | $status = get_service_status($row['serviceid'], $row['algorithm'], $row['triggerid']); | ||
712 | - DBexecute('UPDATE services SET status='.$status.' WHERE serviceid='.$row['serviceid']); | ||
713 | + DBexecute('UPDATE services SET status='.zbx_dbstr($status).' WHERE serviceid='.$row['serviceid']); | ||
714 | add_service_alarm($row['serviceid'], $status, time()); | ||
715 | } | ||
716 | |||
717 | @@ -441,7 +441,7 @@ | ||
718 | $result = DBselect( | ||
719 | 'SELECT sa.servicealarmid,sa.value'. | ||
720 | ' FROM service_alarms sa'. | ||
721 | - ' WHERE sa.serviceid='.$serviceid. | ||
722 | + ' WHERE sa.serviceid='.zbx_dbstr($serviceid). | ||
723 | ' ORDER BY sa.servicealarmid DESC', 1 | ||
724 | ); | ||
725 | $row = DBfetch($result); | ||
726 | @@ -457,7 +457,7 @@ | ||
727 | if (latest_service_alarm($serviceid, $status)) { | ||
728 | return true; | ||
729 | } | ||
730 | - return DBexecute('INSERT INTO service_alarms (servicealarmid,serviceid,clock,value) VALUES ('.get_dbid('service_alarms', 'servicealarmid').','.$serviceid.','.$clock.','.$status.')'); | ||
731 | + return DBexecute('INSERT INTO service_alarms (servicealarmid,serviceid,clock,value) VALUES ('.get_dbid('service_alarms', 'servicealarmid').','.zbx_dbstr($serviceid).','.zbx_dbstr($clock).','.zbx_dbstr($status).')'); | ||
732 | } | ||
733 | |||
734 | /** | ||
735 | Index: frontends/php/include/profiles.inc.php | ||
736 | =================================================================== | ||
737 | --- ./frontends/php/include/profiles.inc.php (revision 38884) | ||
738 | +++ ./frontends/php/include/profiles.inc.php (working copy) | ||
739 | @@ -148,9 +148,9 @@ | ||
740 | 'profileid' => get_dbid('profiles', 'profileid'), | ||
741 | 'userid' => self::$userDetails['userid'], | ||
742 | 'idx' => zbx_dbstr($idx), | ||
743 | - $value_type => ($value_type == 'value_str') ? zbx_dbstr($value) : $value, | ||
744 | - 'type' => $type, | ||
745 | - 'idx2' => $idx2 | ||
746 | + $value_type => zbx_dbstr($value), | ||
747 | + 'type' => zbx_dbstr($type), | ||
748 | + 'idx2' => zbx_dbstr($idx2) | ||
749 | ); | ||
750 | return DBexecute('INSERT INTO profiles ('.implode(', ', array_keys($values)).') VALUES ('.implode(', ', $values).')'); | ||
751 | } | ||
752 | @@ -163,16 +163,15 @@ | ||
753 | } | ||
754 | |||
755 | if ($idx2 > 0) { | ||
756 | - $sql_cond .= ' AND idx2='.$idx2.' AND '.DBin_node('idx2', false); | ||
757 | + $sql_cond .= ' AND idx2='.zbx_dbstr($idx2).' AND '.DBin_node('idx2', false); | ||
758 | } | ||
759 | |||
760 | $value_type = self::getFieldByType($type); | ||
761 | - $value = ($value_type == 'value_str') ? zbx_dbstr($value) : $value; | ||
762 | |||
763 | return DBexecute( | ||
764 | 'UPDATE profiles SET '. | ||
765 | - $value_type.'='.$value.','. | ||
766 | - ' type='.$type. | ||
767 | + $value_type.'='.zbx_dbstr($value).','. | ||
768 | + ' type='.zbx_dbstr($type). | ||
769 | ' WHERE userid='.self::$userDetails['userid']. | ||
770 | ' AND idx='.zbx_dbstr($idx). | ||
771 | $sql_cond | ||
772 | @@ -242,7 +241,7 @@ | ||
773 | } | ||
774 | } | ||
775 | if (isset($configs['alert_usrgrpid'])) { | ||
776 | - if ($configs['alert_usrgrpid'] != 0 && !DBfetch(DBselect('SELECT u.usrgrpid FROM usrgrp u WHERE u.usrgrpid='.$configs['alert_usrgrpid']))) { | ||
777 | + if ($configs['alert_usrgrpid'] != 0 && !DBfetch(DBselect('SELECT u.usrgrpid FROM usrgrp u WHERE u.usrgrpid='.zbx_dbstr($configs['alert_usrgrpid'])))) { | ||
778 | error(_('Incorrect user group.')); | ||
779 | return false; | ||
780 | } | ||
781 | @@ -393,7 +392,7 @@ | ||
782 | $history5 = DBfetch(DBSelect( | ||
783 | 'SELECT uh.title5,uh.url5'. | ||
784 | ' FROM user_history uh'. | ||
785 | - ' WHERE uh.userid='.$userid | ||
786 | + ' WHERE uh.userid='.zbx_dbstr($userid) | ||
787 | )); | ||
788 | |||
789 | if ($history5 && ($history5['title5'] == $title)) { | ||
790 | @@ -401,7 +400,7 @@ | ||
791 | // title same, url isnt, change only url | ||
792 | $sql = 'UPDATE user_history'. | ||
793 | ' SET url5='.zbx_dbstr($url). | ||
794 | - ' WHERE userid='.$userid; | ||
795 | + ' WHERE userid='.zbx_dbstr($userid); | ||
796 | } | ||
797 | else { | ||
798 | // no need to change anything; | ||
799 | @@ -413,7 +412,7 @@ | ||
800 | if ($history5 === false) { | ||
801 | $userhistoryid = get_dbid('user_history', 'userhistoryid'); | ||
802 | $sql = 'INSERT INTO user_history (userhistoryid, userid, title5, url5)'. | ||
803 | - ' VALUES('.$userhistoryid.', '.$userid.', '.zbx_dbstr($title).', '.zbx_dbstr($url).')'; | ||
804 | + ' VALUES('.$userhistoryid.', '.zbx_dbstr($userid).', '.zbx_dbstr($title).', '.zbx_dbstr($url).')'; | ||
805 | } | ||
806 | else { | ||
807 | $sql = 'UPDATE user_history'. | ||
808 | @@ -427,7 +426,7 @@ | ||
809 | ' url4=url5,'. | ||
810 | ' title5='.zbx_dbstr($title).','. | ||
811 | ' url5='.zbx_dbstr($url). | ||
812 | - ' WHERE userid='.$userid; | ||
813 | + ' WHERE userid='.zbx_dbstr($userid); | ||
814 | } | ||
815 | } | ||
816 | return DBexecute($sql); | ||
817 | @@ -464,7 +463,7 @@ | ||
818 | 'profileid' => get_dbid('profiles', 'profileid'), | ||
819 | 'userid' => CWebUser::$data['userid'], | ||
820 | 'idx' => zbx_dbstr($favobj), | ||
821 | - 'value_id' => $favid, | ||
822 | + 'value_id' => zbx_dbstr($favid), | ||
823 | 'type' => PROFILE_TYPE_ID | ||
824 | ); | ||
825 | if (!is_null($source)) { | ||
826 | @@ -478,7 +477,7 @@ | ||
827 | 'DELETE FROM profiles'. | ||
828 | ' WHERE userid='.CWebUser::$data['userid']. | ||
829 | ' AND idx='.zbx_dbstr($favobj). | ||
830 | - ($favid > 0 ? ' AND value_id='.$favid : ''). | ||
831 | + ($favid > 0 ? ' AND value_id='.zbx_dbstr($favid) : ''). | ||
832 | (is_null($source) ? '' : ' AND source='.zbx_dbstr($source)) | ||
833 | ); | ||
834 | } | ||
835 | Index: frontends/php/include/graphs.inc.php | ||
836 | =================================================================== | ||
837 | --- ./frontends/php/include/graphs.inc.php (revision 38884) | ||
838 | +++ ./frontends/php/include/graphs.inc.php (working copy) | ||
839 | @@ -120,7 +120,7 @@ | ||
840 | $dbGraphs = DBselect( | ||
841 | 'SELECT MAX(g.graphtype) AS graphtype,MIN(gi.yaxisside) AS yaxissidel,MAX(gi.yaxisside) AS yaxissider,MAX(g.height) AS height'. | ||
842 | ' FROM graphs g,graphs_items gi'. | ||
843 | - ' WHERE g.graphid='.$graphid. | ||
844 | + ' WHERE g.graphid='.zbx_dbstr($graphid). | ||
845 | ' AND gi.graphid=g.graphid' | ||
846 | ); | ||
847 | if ($graph = DBfetch($dbGraphs)) { | ||
848 | @@ -154,7 +154,7 @@ | ||
849 | ' FROM graphs g,graphs_items gi,items i'. | ||
850 | ' WHERE g.graphid=gi.graphid'. | ||
851 | ' AND gi.itemid=i.itemid'. | ||
852 | - ' AND i.hostid='.$hostid | ||
853 | + ' AND i.hostid='.zbx_dbstr($hostid) | ||
854 | ); | ||
855 | } | ||
856 | |||
857 | @@ -172,7 +172,7 @@ | ||
858 | ' FROM graphs_items gi,items i,hosts h'. | ||
859 | ' WHERE h.hostid=i.hostid'. | ||
860 | ' AND gi.itemid=i.itemid'. | ||
861 | - ' AND gi.graphid='.$graphid | ||
862 | + ' AND gi.graphid='.zbx_dbstr($graphid) | ||
863 | ); | ||
864 | } | ||
865 | |||
866 | @@ -187,7 +187,7 @@ | ||
867 | $dbItems = DBselect( | ||
868 | 'SELECT DISTINCT gi.itemid'. | ||
869 | ' FROM graphs_items gi'. | ||
870 | - ' WHERE gi.graphid='.$graphid | ||
871 | + ' WHERE gi.graphid='.zbx_dbstr($graphid) | ||
872 | ); | ||
873 | while ($item = DBfetch($dbItems)) { | ||
874 | $itemids[$item['itemid']] = $item['itemid']; | ||
875 | @@ -280,7 +280,7 @@ | ||
876 | } | ||
877 | |||
878 | function get_graph_by_graphid($graphid) { | ||
879 | - $dbGraphs = DBselect('SELECT g.* FROM graphs g WHERE g.graphid='.$graphid); | ||
880 | + $dbGraphs = DBselect('SELECT g.* FROM graphs g WHERE g.graphid='.zbx_dbstr($graphid)); | ||
881 | $dbGraphs = DBfetch($dbGraphs); | ||
882 | if (!empty($dbGraphs)) { | ||
883 | return $dbGraphs; | ||
884 | @@ -307,8 +307,8 @@ | ||
885 | 'SELECT dest.itemid,src.key_'. | ||
886 | ' FROM items dest,items src'. | ||
887 | ' WHERE dest.key_=src.key_'. | ||
888 | - ' AND dest.hostid='.$dest_hostid. | ||
889 | - ' AND src.itemid='.$gitem['itemid'] | ||
890 | + ' AND dest.hostid='.zbx_dbstr($dest_hostid). | ||
891 | + ' AND src.itemid='.zbx_dbstr($gitem['itemid']) | ||
892 | )); | ||
893 | |||
894 | if ($dbItem) { | ||
895 | Index: frontends/php/include/db.inc.php | ||
896 | =================================================================== | ||
897 | --- ./frontends/php/include/db.inc.php (revision 38884) | ||
898 | +++ ./frontends/php/include/db.inc.php (working copy) | ||
899 | @@ -150,7 +150,7 @@ | ||
900 | ); | ||
901 | db2_set_option($DB['DB'], $options, 1); | ||
902 | if (isset($DB['SCHEMA']) && ($DB['SCHEMA'] != '')) { | ||
903 | - DBexecute("SET CURRENT SCHEMA='".$DB['SCHEMA']."'"); | ||
904 | + DBexecute('SET CURRENT SCHEMA='.zbx_dbstr($DB['SCHEMA'])); | ||
905 | } | ||
906 | } | ||
907 | break; | ||
908 | @@ -563,7 +563,7 @@ | ||
909 | |||
910 | $result = false; | ||
911 | |||
912 | - if (!isset($DB['DB']) || empty($DB['DB'])) { | ||
913 | + if (!isset($DB['DB']) || empty($DB['DB']) || is_bool($cursor)) { | ||
914 | return $result; | ||
915 | } | ||
916 | |||
917 | Index: frontends/php/include/views/configuration.screen.constructor.edit.php | ||
918 | =================================================================== | ||
919 | --- ./frontends/php/include/views/configuration.screen.constructor.edit.php (revision 38884) | ||
920 | +++ ./frontends/php/include/views/configuration.screen.constructor.edit.php (working copy) | ||
921 | @@ -419,7 +419,7 @@ | ||
922 | 'SELECT DISTINCT n.name AS node_name,s.screenid,s.name'. | ||
923 | ' FROM screens s'. | ||
924 | ' LEFT JOIN nodes n ON n.nodeid='.DBid2nodeid('s.screenid'). | ||
925 | - ' WHERE s.screenid='.$resourceid | ||
926 | + ' WHERE s.screenid='.zbx_dbstr($resourceid) | ||
927 | ); | ||
928 | while ($row = DBfetch($db_screens)) { | ||
929 | $screen = API::Screen()->get(array( | ||
930 | Index: frontends/php/include/classes/class.chostsinfo.php | ||
931 | =================================================================== | ||
932 | --- ./frontends/php/include/classes/class.chostsinfo.php (revision 38884) | ||
933 | +++ ./frontends/php/include/classes/class.chostsinfo.php (working copy) | ||
934 | @@ -55,7 +55,7 @@ | ||
935 | $cond_from = ''; | ||
936 | if (remove_nodes_from_id($this->groupid) > 0) { | ||
937 | $cond_from = ', hosts_groups hg '; | ||
938 | - $cond_where = 'AND hg.hostid=h.hostid AND hg.groupid='.$this->groupid; | ||
939 | + $cond_where = 'AND hg.hostid=h.hostid AND hg.groupid='.zbx_dbstr($this->groupid); | ||
940 | } | ||
941 | else { | ||
942 | $cond_where = ' AND '.DBin_node('h.hostid', $this->nodeid); | ||
943 | Index: frontends/php/include/classes/import/CImportReferencer.php | ||
944 | =================================================================== | ||
945 | --- ./frontends/php/include/classes/import/CImportReferencer.php (revision 38884) | ||
946 | +++ ./frontends/php/include/classes/import/CImportReferencer.php (working copy) | ||
947 | @@ -595,7 +595,7 @@ | ||
948 | foreach ($this->applications as $host => $applications) { | ||
949 | $hostId = $this->resolveHostOrTemplate($host); | ||
950 | if ($hostId) { | ||
951 | - $sqlWhere[] = '(hostid='.$hostId.' AND '.dbConditionString('name', $applications).')'; | ||
952 | + $sqlWhere[] = '(hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('name', $applications).')'; | ||
953 | } | ||
954 | } | ||
955 | |||
956 | @@ -626,7 +626,7 @@ | ||
957 | foreach ($this->items as $host => $keys) { | ||
958 | $hostId = $this->resolveHostOrTemplate($host); | ||
959 | if ($hostId) { | ||
960 | - $sqlWhere[] = '(i.hostid='.$hostId.' AND '.dbConditionString('i.key_', $keys).')'; | ||
961 | + $sqlWhere[] = '(i.hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('i.key_', $keys).')'; | ||
962 | } | ||
963 | } | ||
964 | |||
965 | @@ -778,7 +778,7 @@ | ||
966 | foreach ($this->macros as $host => $macros) { | ||
967 | $hostId = $this->resolveHostOrTemplate($host); | ||
968 | if ($hostId) { | ||
969 | - $sqlWhere[] = '(hm.hostid='.$hostId.' AND '.dbConditionString('hm.macro', $macros).')'; | ||
970 | + $sqlWhere[] = '(hm.hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('hm.macro', $macros).')'; | ||
971 | } | ||
972 | } | ||
973 | |||
974 | Index: frontends/php/include/classes/class.cpie.php | ||
975 | =================================================================== | ||
976 | --- ./frontends/php/include/classes/class.cpie.php (revision 38884) | ||
977 | +++ ./frontends/php/include/classes/class.cpie.php (working copy) | ||
978 | @@ -170,9 +170,9 @@ | ||
979 | 'MAX(i.lastvalue) AS lst'. | ||
980 | ' FROM history h'. | ||
981 | ' LEFT JOIN items i ON h.itemid=i.itemid'. | ||
982 | - ' WHERE h.itemid='.$this->items[$i]['itemid']. | ||
983 | - ' AND h.clock>='.$from_time. | ||
984 | - ' AND h.clock<='.$to_time. | ||
985 | + ' WHERE h.itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
986 | + ' AND h.clock>='.zbx_dbstr($from_time). | ||
987 | + ' AND h.clock<='.zbx_dbstr($to_time). | ||
988 | ' GROUP BY h.itemid' | ||
989 | , | ||
990 | 'SELECT hu.itemid,'. | ||
991 | @@ -181,9 +181,9 @@ | ||
992 | 'MAX(i.lastvalue) AS lst'. | ||
993 | ' FROM history_uint hu'. | ||
994 | ' LEFT JOIN items i ON hu.itemid=i.itemid'. | ||
995 | - ' WHERE hu.itemid='.$this->items[$i]['itemid']. | ||
996 | - ' AND hu.clock>='.$from_time. | ||
997 | - ' AND hu.clock<='.$to_time. | ||
998 | + ' WHERE hu.itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
999 | + ' AND hu.clock>='.zbx_dbstr($from_time). | ||
1000 | + ' AND hu.clock<='.zbx_dbstr($to_time). | ||
1001 | ' GROUP BY hu.itemid' | ||
1002 | ); | ||
1003 | } | ||
1004 | @@ -196,9 +196,9 @@ | ||
1005 | 'MAX(i.lastvalue) AS lst'. | ||
1006 | ' FROM trends t'. | ||
1007 | ' LEFT JOIN items i ON t.itemid=i.itemid'. | ||
1008 | - ' WHERE t.itemid='.$this->items[$i]['itemid']. | ||
1009 | - ' AND t.clock>='.$from_time. | ||
1010 | - ' AND t.clock<='.$to_time. | ||
1011 | + ' WHERE t.itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
1012 | + ' AND t.clock>='.zbx_dbstr($from_time). | ||
1013 | + ' AND t.clock<='.zbx_dbstr($to_time). | ||
1014 | ' GROUP BY t.itemid' | ||
1015 | , | ||
1016 | 'SELECT t.itemid,'. | ||
1017 | @@ -207,9 +207,9 @@ | ||
1018 | 'MAX(i.lastvalue) AS lst'. | ||
1019 | ' FROM trends_uint t'. | ||
1020 | ' LEFT JOIN items i ON t.itemid=i.itemid'. | ||
1021 | - ' WHERE t.itemid='.$this->items[$i]['itemid']. | ||
1022 | - ' AND t.clock>='.$from_time. | ||
1023 | - ' AND t.clock<='.$to_time. | ||
1024 | + ' WHERE t.itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
1025 | + ' AND t.clock>='.zbx_dbstr($from_time). | ||
1026 | + ' AND t.clock<='.zbx_dbstr($to_time). | ||
1027 | ' GROUP BY t.itemid' | ||
1028 | ); | ||
1029 | } | ||
1030 | Index: frontends/php/include/classes/screens/CScreenDataOverview.php | ||
1031 | =================================================================== | ||
1032 | --- ./frontends/php/include/classes/screens/CScreenDataOverview.php (revision 38884) | ||
1033 | +++ ./frontends/php/include/classes/screens/CScreenDataOverview.php (working copy) | ||
1034 | @@ -28,7 +28,7 @@ | ||
1035 | */ | ||
1036 | public function get() { | ||
1037 | $hostids = array(); | ||
1038 | - $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.$this->screenitem['resourceid']); | ||
1039 | + $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.zbx_dbstr($this->screenitem['resourceid'])); | ||
1040 | while ($dbHostGroup = DBfetch($dbHostGroups)) { | ||
1041 | $hostids[$dbHostGroup['hostid']] = $dbHostGroup['hostid']; | ||
1042 | } | ||
1043 | Index: frontends/php/include/classes/screens/CScreenTriggersOverview.php | ||
1044 | =================================================================== | ||
1045 | --- ./frontends/php/include/classes/screens/CScreenTriggersOverview.php (revision 38884) | ||
1046 | +++ ./frontends/php/include/classes/screens/CScreenTriggersOverview.php (working copy) | ||
1047 | @@ -28,7 +28,7 @@ | ||
1048 | */ | ||
1049 | public function get() { | ||
1050 | $hostids = array(); | ||
1051 | - $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.$this->screenitem['resourceid']); | ||
1052 | + $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.zbx_dbstr($this->screenitem['resourceid'])); | ||
1053 | while ($dbHostGroup = DBfetch($dbHostGroups)) { | ||
1054 | $hostids[$dbHostGroup['hostid']] = $dbHostGroup['hostid']; | ||
1055 | } | ||
1056 | Index: frontends/php/include/classes/class.cchart.php | ||
1057 | =================================================================== | ||
1058 | --- ./frontends/php/include/classes/class.cchart.php (revision 38884) | ||
1059 | +++ ./frontends/php/include/classes/class.cchart.php (working copy) | ||
1060 | @@ -225,18 +225,18 @@ | ||
1061 | 'COUNT(*) AS count,AVG(value) AS avg,MIN(value) as min,'. | ||
1062 | 'MAX(value) AS max,MAX(clock) AS clock'. | ||
1063 | ' FROM history '. | ||
1064 | - ' WHERE itemid='.$this->items[$i]['itemid']. | ||
1065 | - ' AND clock>='.$from_time. | ||
1066 | - ' AND clock<='.$to_time. | ||
1067 | + ' WHERE itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
1068 | + ' AND clock>='.zbx_dbstr($from_time). | ||
1069 | + ' AND clock<='.zbx_dbstr($to_time). | ||
1070 | ' GROUP BY itemid,'.$calc_field | ||
1071 | , | ||
1072 | 'SELECT itemid,'.$calc_field.' AS i,'. | ||
1073 | 'COUNT(*) AS count,AVG(value) AS avg,MIN(value) AS min,'. | ||
1074 | 'MAX(value) AS max,MAX(clock) AS clock'. | ||
1075 | ' FROM history_uint '. | ||
1076 | - ' WHERE itemid='.$this->items[$i]['itemid']. | ||
1077 | - ' AND clock>='.$from_time. | ||
1078 | - ' AND clock<='.$to_time. | ||
1079 | + ' WHERE itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
1080 | + ' AND clock>='.zbx_dbstr($from_time). | ||
1081 | + ' AND clock<='.zbx_dbstr($to_time). | ||
1082 | ' GROUP BY itemid,'.$calc_field | ||
1083 | ); | ||
1084 | } | ||
1085 | @@ -248,17 +248,17 @@ | ||
1086 | 'MAX(value_max) AS max,MAX(clock) AS clock'. | ||
1087 | ' FROM trends'. | ||
1088 | ' WHERE itemid='.$this->items[$i]['itemid']. | ||
1089 | - ' AND clock>='.$from_time. | ||
1090 | - ' AND clock<='.$to_time. | ||
1091 | + ' AND clock>='.zbx_dbstr($from_time). | ||
1092 | + ' AND clock<='.zbx_dbstr($to_time). | ||
1093 | ' GROUP BY itemid,'.$calc_field | ||
1094 | , | ||
1095 | 'SELECT itemid,'.$calc_field.' AS i,'. | ||
1096 | 'SUM(num) AS count,AVG(value_avg) AS avg,MIN(value_min) AS min,'. | ||
1097 | 'MAX(value_max) AS max,MAX(clock) AS clock'. | ||
1098 | ' FROM trends_uint '. | ||
1099 | - ' WHERE itemid='.$this->items[$i]['itemid']. | ||
1100 | - ' AND clock>='.$from_time. | ||
1101 | - ' AND clock<='.$to_time. | ||
1102 | + ' WHERE itemid='.zbx_dbstr($this->items[$i]['itemid']). | ||
1103 | + ' AND clock>='.zbx_dbstr($from_time). | ||
1104 | + ' AND clock<='.zbx_dbstr($to_time). | ||
1105 | ' GROUP BY itemid,'.$calc_field | ||
1106 | ); | ||
1107 | |||
1108 | @@ -438,7 +438,7 @@ | ||
1109 | ' AND tr.status='.TRIGGER_STATUS_ENABLED. | ||
1110 | ' AND i.itemid=f.itemid'. | ||
1111 | ' AND h.hostid=i.hostid'. | ||
1112 | - ' AND f.itemid='.$item['itemid']. | ||
1113 | + ' AND f.itemid='.zbx_dbstr($item['itemid']). | ||
1114 | ' ORDER BY tr.priority' | ||
1115 | ); | ||
1116 | while (($trigger = DBfetch($db_triggers)) && $cnt < $max) { | ||
1117 | Index: frontends/php/include/classes/helpers/trigger/CTriggerDescription.php | ||
1118 | =================================================================== | ||
1119 | --- ./frontends/php/include/classes/helpers/trigger/CTriggerDescription.php (revision 38884) | ||
1120 | +++ ./frontends/php/include/classes/helpers/trigger/CTriggerDescription.php (working copy) | ||
1121 | @@ -59,7 +59,7 @@ | ||
1122 | $trigger = DBfetch(DBselect( | ||
1123 | 'SELECT DISTINCT t.description,t.expression,t.triggerid'. | ||
1124 | ' FROM triggers t'. | ||
1125 | - ' WHERE t.triggerid='.$triggerId | ||
1126 | + ' WHERE t.triggerid='.zbx_dbstr($triggerId) | ||
1127 | )); | ||
1128 | $triggers = $this->expandDescriptions(array($trigger['triggerid'] => $trigger)); | ||
1129 | $trigger = reset($triggers); | ||
1130 | Index: frontends/php/include/maps.inc.php | ||
1131 | =================================================================== | ||
1132 | --- ./frontends/php/include/maps.inc.php (revision 38884) | ||
1133 | +++ ./frontends/php/include/maps.inc.php (working copy) | ||
1134 | @@ -252,7 +252,7 @@ | ||
1135 | $res = DBselect('SELECT hi.ip,hi.dns,hi.useip,h.host,h.name,hi.type AS interfacetype'. | ||
1136 | ' FROM interface hi,hosts h'. | ||
1137 | ' WHERE hi.hostid=h.hostid'. | ||
1138 | - ' AND hi.main=1 AND hi.hostid='.$selement['elementid']); | ||
1139 | + ' AND hi.main=1 AND hi.hostid='.zbx_dbstr($selement['elementid'])); | ||
1140 | |||
1141 | // process interface priorities | ||
1142 | $tmpPriority = 0; | ||
1143 | @@ -272,7 +272,7 @@ | ||
1144 | ' WHERE h.hostid=hi.hostid'. | ||
1145 | ' AND hi.hostid=i.hostid'. | ||
1146 | ' AND i.itemid=f.itemid'. | ||
1147 | - ' AND hi.main=1 AND f.triggerid='.$selement['elementid']. | ||
1148 | + ' AND hi.main=1 AND f.triggerid='.zbx_dbstr($selement['elementid']). | ||
1149 | ' ORDER BY f.functionid'); | ||
1150 | |||
1151 | // process interface priorities, build $hostsByFunctionId array | ||
1152 | @@ -473,7 +473,7 @@ | ||
1153 | 'SELECT '.$function.'(value) AS value'. | ||
1154 | ' FROM '.$history_table[$item['value_type']]. | ||
1155 | ' WHERE clock>'.(time() - $parameter). | ||
1156 | - ' AND itemid='.$item['itemid'] | ||
1157 | + ' AND itemid='.zbx_dbstr($item['itemid']) | ||
1158 | ); | ||
1159 | if (null === ($row = DBfetch($result))) { | ||
1160 | $label = str_replace($expr, '('._('no data').')', $label); | ||
1161 | @@ -502,7 +502,7 @@ | ||
1162 | $db_mapselements = DBselect( | ||
1163 | 'SELECT DISTINCT se.elementtype,se.elementid'. | ||
1164 | ' FROM sysmaps_elements se'. | ||
1165 | - ' WHERE se.sysmapid='.$db_element['elementid'] | ||
1166 | + ' WHERE se.sysmapid='.zbx_dbstr($db_element['elementid']) | ||
1167 | ); | ||
1168 | while ($db_mapelement = DBfetch($db_mapselements)) { | ||
1169 | get_map_elements($db_mapelement, $elements); | ||
1170 | Index: frontends/php/include/hosts.inc.php | ||
1171 | =================================================================== | ||
1172 | --- ./frontends/php/include/hosts.inc.php (revision 38884) | ||
1173 | +++ ./frontends/php/include/hosts.inc.php (working copy) | ||
1174 | @@ -483,7 +483,7 @@ | ||
1175 | } | ||
1176 | |||
1177 | function get_hostgroup_by_groupid($groupid) { | ||
1178 | - $groups = DBfetch(DBselect('SELECT g.* FROM groups g WHERE g.groupid='.$groupid)); | ||
1179 | + $groups = DBfetch(DBselect('SELECT g.* FROM groups g WHERE g.groupid='.zbx_dbstr($groupid))); | ||
1180 | if (!empty($groups)) { | ||
1181 | return $groups; | ||
1182 | } | ||
1183 | @@ -522,7 +522,7 @@ | ||
1184 | } | ||
1185 | |||
1186 | function get_host_by_hostid($hostid, $no_error_message = 0) { | ||
1187 | - $row = DBfetch(DBselect('SELECT h.* FROM hosts h WHERE h.hostid='.$hostid)); | ||
1188 | + $row = DBfetch(DBselect('SELECT h.* FROM hosts h WHERE h.hostid='.zbx_dbstr($hostid))); | ||
1189 | if ($row) { | ||
1190 | return $row; | ||
1191 | } | ||
1192 | @@ -1109,7 +1109,7 @@ | ||
1193 | |||
1194 | if ($_REQUEST['groupid'] > 0) { | ||
1195 | if ($_REQUEST['hostid'] > 0) { | ||
1196 | - if (!DBfetch(DBselect('SELECT hg.groupid FROM hosts_groups hg WHERE hg.hostid='.$_REQUEST['hostid'].' AND hg.groupid='.$_REQUEST['groupid']))) { | ||
1197 | + if (!DBfetch(DBselect('SELECT hg.groupid FROM hosts_groups hg WHERE hg.hostid='.zbx_dbstr($_REQUEST['hostid']).' AND hg.groupid='.zbx_dbstr($_REQUEST['groupid'])))) { | ||
1198 | $_REQUEST['hostid'] = 0; | ||
1199 | } | ||
1200 | } | ||
1201 | @@ -1145,7 +1145,7 @@ | ||
1202 | } | ||
1203 | |||
1204 | function get_application_by_applicationid($applicationid, $no_error_message = 0) { | ||
1205 | - $row = DBfetch(DBselect('SELECT a.* FROM applications a WHERE a.applicationid='.$applicationid)); | ||
1206 | + $row = DBfetch(DBselect('SELECT a.* FROM applications a WHERE a.applicationid='.zbx_dbstr($applicationid))); | ||
1207 | if ($row) { | ||
1208 | return $row; | ||
1209 | } | ||
1210 | @@ -1157,7 +1157,7 @@ | ||
1211 | } | ||
1212 | |||
1213 | function get_applications_by_templateid($applicationid) { | ||
1214 | - return DBselect('SELECT a.* FROM applications a WHERE a.templateid='.$applicationid); | ||
1215 | + return DBselect('SELECT a.* FROM applications a WHERE a.templateid='.zbx_dbstr($applicationid)); | ||
1216 | } | ||
1217 | |||
1218 | function get_realhost_by_applicationid($applicationid) { | ||
1219 | @@ -1169,7 +1169,7 @@ | ||
1220 | } | ||
1221 | |||
1222 | function get_host_by_applicationid($applicationid) { | ||
1223 | - $row = DBfetch(DBselect('SELECT h.* FROM hosts h,applications a WHERE a.hostid=h.hostid AND a.applicationid='.$applicationid)); | ||
1224 | + $row = DBfetch(DBselect('SELECT h.* FROM hosts h,applications a WHERE a.hostid=h.hostid AND a.applicationid='.zbx_dbstr($applicationid))); | ||
1225 | if ($row) { | ||
1226 | return $row; | ||
1227 | } | ||
1228 | @@ -1327,7 +1327,7 @@ | ||
1229 | } | ||
1230 | |||
1231 | function isTemplate($hostid) { | ||
1232 | - $dbHost = DBfetch(DBselect('SELECT h.status FROM hosts h WHERE h.hostid='.$hostid)); | ||
1233 | + $dbHost = DBfetch(DBselect('SELECT h.status FROM hosts h WHERE h.hostid='.zbx_dbstr($hostid))); | ||
1234 | |||
1235 | return !empty($dbHost) && $dbHost['status'] == HOST_STATUS_TEMPLATE; | ||
1236 | } | ||
1237 | Index: frontends/php/include/users.inc.php | ||
1238 | =================================================================== | ||
1239 | --- ./frontends/php/include/users.inc.php (revision 38884) | ||
1240 | +++ ./frontends/php/include/users.inc.php (working copy) | ||
1241 | @@ -90,9 +90,9 @@ | ||
1242 | function add_user_to_group($userid, $usrgrpid) { | ||
1243 | $result = false; | ||
1244 | if (granted2move_user($userid,$usrgrpid)) { | ||
1245 | - DBexecute('DELETE FROM users_groups WHERE userid='.$userid.' AND usrgrpid='.$usrgrpid); | ||
1246 | + DBexecute('DELETE FROM users_groups WHERE userid='.zbx_dbstr($userid).' AND usrgrpid='.zbx_dbstr($usrgrpid)); | ||
1247 | $users_groups_id = get_dbid('users_groups', 'id'); | ||
1248 | - $result = DBexecute('INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$users_groups_id.','.$usrgrpid.','.$userid.')'); | ||
1249 | + $result = DBexecute('INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$users_groups_id.','.zbx_dbstr($usrgrpid).','.zbx_dbstr($userid).')'); | ||
1250 | } | ||
1251 | else{ | ||
1252 | error(_('User cannot change status of himself.')); | ||
1253 | @@ -103,7 +103,7 @@ | ||
1254 | function remove_user_from_group($userid, $usrgrpid) { | ||
1255 | $result = false; | ||
1256 | if (granted2move_user($userid,$usrgrpid)) { | ||
1257 | - $result = DBexecute('DELETE FROM users_groups WHERE userid='.$userid.' AND usrgrpid='.$usrgrpid); | ||
1258 | + $result = DBexecute('DELETE FROM users_groups WHERE userid='.zbx_dbstr($userid).' AND usrgrpid='.zbx_dbstr($usrgrpid)); | ||
1259 | } | ||
1260 | else { | ||
1261 | error(_('User cannot change status of himself.')); | ||
1262 | @@ -138,7 +138,7 @@ | ||
1263 | } | ||
1264 | |||
1265 | if ($grant) { | ||
1266 | - $result = DBexecute('UPDATE usrgrp SET users_status='.$users_status.' WHERE '.dbConditionInt('usrgrpid', $usrgrpids)); | ||
1267 | + $result = DBexecute('UPDATE usrgrp SET users_status='.zbx_dbstr($users_status).' WHERE '.dbConditionInt('usrgrpid', $usrgrpids)); | ||
1268 | } | ||
1269 | else { | ||
1270 | error(_('User cannot change status of himself.')); | ||
1271 | @@ -154,7 +154,7 @@ | ||
1272 | $grant = granted2update_group($usrgrpids); | ||
1273 | } | ||
1274 | if ($grant) { | ||
1275 | - $result = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE '.dbConditionInt('usrgrpid',$usrgrpids)); | ||
1276 | + $result = DBexecute('UPDATE usrgrp SET gui_access='.zbx_dbstr($gui_access).' WHERE '.dbConditionInt('usrgrpid',$usrgrpids)); | ||
1277 | } | ||
1278 | else { | ||
1279 | error(_('User cannot change GUI access for himself.')); | ||
1280 | @@ -164,6 +164,6 @@ | ||
1281 | |||
1282 | function change_group_debug_mode($usrgrpids, $debug_mode){ | ||
1283 | zbx_value2array($usrgrpids); | ||
1284 | - return DBexecute('UPDATE usrgrp SET debug_mode='.$debug_mode.' WHERE '.dbConditionInt('usrgrpid', $usrgrpids)); | ||
1285 | + return DBexecute('UPDATE usrgrp SET debug_mode='.zbx_dbstr($debug_mode).' WHERE '.dbConditionInt('usrgrpid', $usrgrpids)); | ||
1286 | } | ||
1287 | ?> | ||
1288 | Index: frontends/php/include/events.inc.php | ||
1289 | =================================================================== | ||
1290 | --- ./frontends/php/include/events.inc.php (revision 38884) | ||
1291 | +++ ./frontends/php/include/events.inc.php (working copy) | ||
1292 | @@ -33,7 +33,7 @@ | ||
1293 | function get_tr_event_by_eventid($eventid) { | ||
1294 | $sql = 'SELECT e.*,t.triggerid,t.description,t.expression,t.priority,t.status,t.type'. | ||
1295 | ' FROM events e,triggers t'. | ||
1296 | - ' WHERE e.eventid='.$eventid. | ||
1297 | + ' WHERE e.eventid='.zbx_dbstr($eventid). | ||
1298 | ' AND e.object='.EVENT_OBJECT_TRIGGER. | ||
1299 | ' AND t.triggerid=e.objectid'; | ||
1300 | return DBfetch(DBselect($sql)); | ||
1301 | @@ -100,9 +100,9 @@ | ||
1302 | |||
1303 | $sql = 'SELECT e.*'. | ||
1304 | ' FROM events e'. | ||
1305 | - ' WHERE e.objectid='.$currentEvent['objectid']. | ||
1306 | - ' AND e.eventid>'.$currentEvent['eventid']. | ||
1307 | - ' AND e.object='.$currentEvent['object']. | ||
1308 | + ' WHERE e.objectid='.zbx_dbstr($currentEvent['objectid']). | ||
1309 | + ' AND e.eventid>'.zbx_dbstr($currentEvent['eventid']). | ||
1310 | + ' AND e.object='.zbx_dbstr($currentEvent['object']). | ||
1311 | ($showUnknown ? '' : ' AND e.value_changed='.TRIGGER_VALUE_CHANGED_YES). | ||
1312 | ' ORDER BY e.object,e.objectid,e.eventid'; | ||
1313 | return DBfetch(DBselect($sql, 1)); | ||
1314 | Index: frontends/php/include/images.inc.php | ||
1315 | =================================================================== | ||
1316 | --- ./frontends/php/include/images.inc.php (revision 38884) | ||
1317 | +++ ./frontends/php/include/images.inc.php (working copy) | ||
1318 | @@ -36,7 +36,7 @@ | ||
1319 | static $images = array(); | ||
1320 | |||
1321 | if (!isset($images[$imageid])) { | ||
1322 | - $row = DBfetch(DBselect('SELECT i.* FROM images i WHERE i.imageid='.$imageid)); | ||
1323 | + $row = DBfetch(DBselect('SELECT i.* FROM images i WHERE i.imageid='.zbx_dbstr($imageid))); | ||
1324 | $row['image'] = zbx_unescape_image($row['image']); | ||
1325 | $images[$imageid] = $row; | ||
1326 | } | ||
1327 | Index: frontends/php/include/maintenances.inc.php | ||
1328 | =================================================================== | ||
1329 | --- ./frontends/php/include/maintenances.inc.php (revision 38884) | ||
1330 | +++ ./frontends/php/include/maintenances.inc.php (working copy) | ||
1331 | @@ -23,7 +23,7 @@ | ||
1332 | $sql = 'SELECT m.*'. | ||
1333 | ' FROM maintenances m'. | ||
1334 | ' WHERE '.DBin_node('m.maintenanceid'). | ||
1335 | - ' AND maintenanceid='.$maintenanceid; | ||
1336 | + ' AND maintenanceid='.zbx_dbstr($maintenanceid); | ||
1337 | return DBfetch(DBselect($sql)); | ||
1338 | } | ||
1339 | |||
1340 | Index: frontends/php/include/discovery.inc.php | ||
1341 | =================================================================== | ||
1342 | --- ./frontends/php/include/discovery.inc.php (revision 38884) | ||
1343 | +++ ./frontends/php/include/discovery.inc.php (working copy) | ||
1344 | @@ -164,7 +164,7 @@ | ||
1345 | } | ||
1346 | |||
1347 | function get_discovery_rule_by_druleid($druleid) { | ||
1348 | - return DBfetch(DBselect('SELECT d.* FROM drules d WHERE d.druleid='.$druleid)); | ||
1349 | + return DBfetch(DBselect('SELECT d.* FROM drules d WHERE d.druleid='.zbx_dbstr($druleid))); | ||
1350 | } | ||
1351 | |||
1352 | function delete_discovery_rule($druleid) { | ||
1353 | @@ -174,7 +174,7 @@ | ||
1354 | 'SELECT DISTINCT c.actionid'. | ||
1355 | ' FROM conditions c'. | ||
1356 | ' WHERE c.conditiontype='.CONDITION_TYPE_DRULE. | ||
1357 | - ' AND c.value=\''.$druleid.'\'' | ||
1358 | + ' AND c.value='.zbx_dbstr($druleid) | ||
1359 | ); | ||
1360 | while ($action = DBfetch($dbActions)) { | ||
1361 | $actionids[] = $action['actionid']; | ||
1362 | @@ -183,8 +183,8 @@ | ||
1363 | // disabling actions with deleted conditions | ||
1364 | if (!empty($actionids)) { | ||
1365 | DBexecute('UPDATE actions SET status='.ACTION_STATUS_DISABLED.' WHERE '.dbConditionInt('actionid', $actionids)); | ||
1366 | - DBexecute('DELETE FROM conditions WHERE conditiontype='.CONDITION_TYPE_DRULE.' AND value=\''.$druleid.'\''); | ||
1367 | + DBexecute('DELETE FROM conditions WHERE conditiontype='.CONDITION_TYPE_DRULE.' AND value='.zbx_dbstr($druleid)); | ||
1368 | } | ||
1369 | - return DBexecute('DELETE FROM drules WHERE druleid='.$druleid); | ||
1370 | + return DBexecute('DELETE FROM drules WHERE druleid='.zbx_dbstr($druleid)); | ||
1371 | } | ||
1372 | ?> | ||
1373 | Index: frontends/php/include/nodes.inc.php | ||
1374 | =================================================================== | ||
1375 | --- ./frontends/php/include/nodes.inc.php (revision 38884) | ||
1376 | +++ ./frontends/php/include/nodes.inc.php (working copy) | ||
1377 | @@ -281,23 +281,22 @@ | ||
1378 | error(_('Master node already exists.')); | ||
1379 | return false; | ||
1380 | } | ||
1381 | - $masterid = 'NULL'; | ||
1382 | break; | ||
1383 | default: | ||
1384 | error(_('Incorrect node type.')); | ||
1385 | return false; | ||
1386 | } | ||
1387 | |||
1388 | - if (DBfetch(DBselect('SELECT n.nodeid FROM nodes n WHERE n.nodeid='.$nodeid))) { | ||
1389 | + if (DBfetch(DBselect('SELECT n.nodeid FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid)))) { | ||
1390 | error(_('Node with same ID already exists.')); | ||
1391 | return false; | ||
1392 | } | ||
1393 | |||
1394 | $result = DBexecute('INSERT INTO nodes (nodeid,name,ip,port,nodetype,masterid)'. | ||
1395 | - ' VALUES ('.$nodeid.','.zbx_dbstr($name).','.zbx_dbstr($ip).','.$port.','.$nodetype.','.$masterid.')'); | ||
1396 | + ' VALUES ('.$nodeid.','.zbx_dbstr($name).','.zbx_dbstr($ip).','.zbx_dbstr($port).','.zbx_dbstr($nodetype).','.($masterid ? zbx_dbstr($masterid) : 'NULL').')'); | ||
1397 | |||
1398 | if ($result && $nodetype == ZBX_NODE_MASTER) { | ||
1399 | - DBexecute('UPDATE nodes SET masterid='.$nodeid.' WHERE nodeid='.$ZBX_LOCALNODEID); | ||
1400 | + DBexecute('UPDATE nodes SET masterid='.zbx_dbstr($nodeid).' WHERE nodeid='.$ZBX_LOCALNODEID); | ||
1401 | $ZBX_CURMASTERID = $nodeid; // apply master node for this script | ||
1402 | } | ||
1403 | |||
1404 | @@ -309,12 +308,12 @@ | ||
1405 | error(_('Incorrect characters used for Node name.')); | ||
1406 | return false; | ||
1407 | } | ||
1408 | - return DBexecute('UPDATE nodes SET name='.zbx_dbstr($name).',ip='.zbx_dbstr($ip).',port='.$port.' WHERE nodeid='.$nodeid); | ||
1409 | + return DBexecute('UPDATE nodes SET name='.zbx_dbstr($name).',ip='.zbx_dbstr($ip).',port='.zbx_dbstr($port).' WHERE nodeid='.zbx_dbstr($nodeid)); | ||
1410 | } | ||
1411 | |||
1412 | function delete_node($nodeid) { | ||
1413 | $result = false; | ||
1414 | - $node = DBfetch(DBselect('SELECT n.nodeid,n.masterid FROM nodes n WHERE n.nodeid='.$nodeid)); | ||
1415 | + $node = DBfetch(DBselect('SELECT n.nodeid,n.masterid FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid))); | ||
1416 | $nodetype = detect_node_type($node['nodeid'], $node['masterid']); | ||
1417 | |||
1418 | if ($nodetype == ZBX_NODE_LOCAL) { | ||
1419 | @@ -322,8 +321,8 @@ | ||
1420 | } | ||
1421 | else { | ||
1422 | $result = ( | ||
1423 | - DBexecute('UPDATE nodes SET masterid=NULL WHERE masterid='.$nodeid) && | ||
1424 | - DBexecute('DELETE FROM nodes WHERE nodeid='.$nodeid) | ||
1425 | + DBexecute('UPDATE nodes SET masterid=NULL WHERE masterid='.zbx_dbstr($nodeid)) && | ||
1426 | + DBexecute('DELETE FROM nodes WHERE nodeid='.zbx_dbstr($nodeid)) | ||
1427 | ); | ||
1428 | if ($nodetype != ZBX_NODE_MASTER) { | ||
1429 | error(_('Please be aware that database still contains data related to the deleted node.')); | ||
1430 | @@ -333,7 +332,7 @@ | ||
1431 | } | ||
1432 | |||
1433 | function get_node_by_nodeid($nodeid) { | ||
1434 | - return DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.$nodeid)); | ||
1435 | + return DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid))); | ||
1436 | } | ||
1437 | |||
1438 | function get_node_path($nodeid, $result = '') { | ||
1439 | Index: frontends/php/include/valuemap.inc.php | ||
1440 | =================================================================== | ||
1441 | --- ./frontends/php/include/valuemap.inc.php (revision 38884) | ||
1442 | +++ ./frontends/php/include/valuemap.inc.php (working copy) | ||
1443 | @@ -59,7 +59,7 @@ | ||
1444 | unset($valueMap['valuemapid']); | ||
1445 | |||
1446 | // check existence | ||
1447 | - if (!DBfetch(DBselect('SELECT v.valuemapid FROM valuemaps v WHERE v.valuemapid='.$valueMapId))) { | ||
1448 | + if (!DBfetch(DBselect('SELECT v.valuemapid FROM valuemaps v WHERE v.valuemapid='.zbx_dbstr($valueMapId)))) { | ||
1449 | throw new Exception(_s('Value map with valuemapid "%1$s" does not exist.', $valueMapId)); | ||
1450 | } | ||
1451 | |||
1452 | @@ -228,7 +228,7 @@ | ||
1453 | $dbMappings = DBselect( | ||
1454 | 'SELECT m.mappingid,m.value,m.newvalue'. | ||
1455 | ' FROM mappings m'. | ||
1456 | - ' WHERE m.valuemapid='.$valueMapId | ||
1457 | + ' WHERE m.valuemapid='.zbx_dbstr($valueMapId) | ||
1458 | ); | ||
1459 | while ($mapping = DBfetch($dbMappings)) { | ||
1460 | $mappings[$mapping['mappingid']] = $mapping; | ||
1461 | @@ -260,7 +260,7 @@ | ||
1462 | $dbMappings = DBselect( | ||
1463 | 'SELECT m.newvalue'. | ||
1464 | ' FROM mappings m'. | ||
1465 | - ' WHERE m.valuemapid='.$valueMapId. | ||
1466 | + ' WHERE m.valuemapid='.zbx_dbstr($valueMapId). | ||
1467 | ' AND m.value='.zbx_dbstr($value) | ||
1468 | ); | ||
1469 | if ($mapping = DBfetch($dbMappings)) { | ||
1470 | Index: frontends/php/include/httptest.inc.php | ||
1471 | =================================================================== | ||
1472 | --- ./frontends/php/include/httptest.inc.php (revision 38884) | ||
1473 | +++ ./frontends/php/include/httptest.inc.php (working copy) | ||
1474 | @@ -72,10 +72,10 @@ | ||
1475 | } | ||
1476 | |||
1477 | function activate_httptest($httptestid) { | ||
1478 | - $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_ACTIVE.' WHERE httptestid='.$httptestid); | ||
1479 | + $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_ACTIVE.' WHERE httptestid='.zbx_dbstr($httptestid)); | ||
1480 | |||
1481 | $itemids = array(); | ||
1482 | - $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.$httptestid); | ||
1483 | + $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.zbx_dbstr($httptestid)); | ||
1484 | while ($itemid = Dbfetch($items_db)) { | ||
1485 | $itemids[] = $itemid['itemid']; | ||
1486 | } | ||
1487 | @@ -84,7 +84,7 @@ | ||
1488 | 'SELECT hsi.itemid'. | ||
1489 | ' FROM httpstep hs,httpstepitem hsi'. | ||
1490 | ' WHERE hs.httpstepid=hsi.httpstepid'. | ||
1491 | - ' AND hs.httptestid='.$httptestid | ||
1492 | + ' AND hs.httptestid='.zbx_dbstr($httptestid) | ||
1493 | ); | ||
1494 | while ($itemid = Dbfetch($items_db)) { | ||
1495 | $itemids[] = $itemid['itemid']; | ||
1496 | @@ -96,10 +96,10 @@ | ||
1497 | } | ||
1498 | |||
1499 | function disable_httptest($httptestid) { | ||
1500 | - $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_DISABLED.' WHERE httptestid='.$httptestid); | ||
1501 | + $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_DISABLED.' WHERE httptestid='.zbx_dbstr($httptestid)); | ||
1502 | |||
1503 | $itemids = array(); | ||
1504 | - $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.$httptestid); | ||
1505 | + $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.zbx_dbstr($httptestid)); | ||
1506 | while ($itemid = Dbfetch($items_db)) { | ||
1507 | $itemids[] = $itemid['itemid']; | ||
1508 | } | ||
1509 | @@ -108,7 +108,7 @@ | ||
1510 | 'SELECT hsi.itemid'. | ||
1511 | ' FROM httpstep hs,httpstepitem hsi'. | ||
1512 | ' WHERE hs.httpstepid=hsi.httpstepid'. | ||
1513 | - ' AND hs.httptestid='.$httptestid | ||
1514 | + ' AND hs.httptestid='.zbx_dbstr($httptestid) | ||
1515 | ); | ||
1516 | while ($itemid = Dbfetch($items_db)) { | ||
1517 | $itemids[] = $itemid['itemid']; | ||
1518 | @@ -125,7 +125,7 @@ | ||
1519 | ' FROM items i,httpstepitem si,httpstep s'. | ||
1520 | ' WHERE i.itemid=si.itemid'. | ||
1521 | ' AND si.httpstepid=s.httpstepid'. | ||
1522 | - ' AND s.httptestid='.$httptestid | ||
1523 | + ' AND s.httptestid='.zbx_dbstr($httptestid) | ||
1524 | ); | ||
1525 | while ($item_data = DBfetch($db_items)) { | ||
1526 | if (!delete_history_by_itemid($item_data['itemid'])) { | ||
1527 | @@ -137,11 +137,11 @@ | ||
1528 | } | ||
1529 | |||
1530 | function get_httptest_by_httptestid($httptestid) { | ||
1531 | - return DBfetch(DBselect('SELECT ht.* FROM httptest ht WHERE ht.httptestid='.$httptestid)); | ||
1532 | + return DBfetch(DBselect('SELECT ht.* FROM httptest ht WHERE ht.httptestid='.zbx_dbstr($httptestid))); | ||
1533 | } | ||
1534 | |||
1535 | function get_httpstep_by_no($httptestid, $no) { | ||
1536 | - return DBfetch(DBselect('SELECT hs.* FROM httpstep hs WHERE hs.httptestid='.$httptestid.' AND hs.no='.$no)); | ||
1537 | + return DBfetch(DBselect('SELECT hs.* FROM httpstep hs WHERE hs.httptestid='.zbx_dbstr($httptestid).' AND hs.no='.zbx_dbstr($no))); | ||
1538 | } | ||
1539 | |||
1540 | function get_httptests_by_hostid($hostids) { | ||
1541 | Index: frontends/php/include/acknow.inc.php | ||
1542 | =================================================================== | ||
1543 | --- ./frontends/php/include/acknow.inc.php (revision 38884) | ||
1544 | +++ ./frontends/php/include/acknow.inc.php (working copy) | ||
1545 | @@ -23,7 +23,7 @@ | ||
1546 | $dbEvents = DBfetch(DBselect( | ||
1547 | 'SELECT e.*'. | ||
1548 | ' FROM events e'. | ||
1549 | - ' WHERE e.objectid='.$triggerid. | ||
1550 | + ' WHERE e.objectid='.zbx_dbstr($triggerid). | ||
1551 | ' AND e.object='.EVENT_OBJECT_TRIGGER. | ||
1552 | ' AND e.value<>'.TRIGGER_VALUE_UNKNOWN. | ||
1553 | ' AND e.value_changed='.TRIGGER_VALUE_CHANGED_YES. | ||
1554 | @@ -35,7 +35,7 @@ | ||
1555 | } | ||
1556 | |||
1557 | function get_acknowledges_by_eventid($eventid) { | ||
1558 | - return DBselect('SELECT a.*,u.alias FROM acknowledges a LEFT JOIN users u ON u.userid=a.userid WHERE a.eventid='.$eventid); | ||
1559 | + return DBselect('SELECT a.*,u.alias FROM acknowledges a LEFT JOIN users u ON u.userid=a.userid WHERE a.eventid='.zbx_dbstr($eventid)); | ||
1560 | } | ||
1561 | |||
1562 | /** | ||
1563 | Index: frontends/php/include/triggers.inc.php | ||
1564 | =================================================================== | ||
1565 | --- ./frontends/php/include/triggers.inc.php (revision 38884) | ||
1566 | +++ ./frontends/php/include/triggers.inc.php (working copy) | ||
1567 | @@ -107,7 +107,7 @@ | ||
1568 | function get_service_status_of_trigger($triggerid) { | ||
1569 | $sql = 'SELECT t.triggerid,t.priority'. | ||
1570 | ' FROM triggers t'. | ||
1571 | - ' WHERE t.triggerid='.$triggerid. | ||
1572 | + ' WHERE t.triggerid='.zbx_dbstr($triggerid). | ||
1573 | ' AND t.status='.TRIGGER_STATUS_ENABLED. | ||
1574 | ' AND t.value='.TRIGGER_VALUE_TRUE; | ||
1575 | $rows = DBfetch(DBselect($sql, 1)); | ||
1576 | @@ -259,7 +259,7 @@ | ||
1577 | } | ||
1578 | |||
1579 | function get_trigger_by_triggerid($triggerid) { | ||
1580 | - $db_trigger = DBfetch(DBselect('SELECT t.* FROM triggers t WHERE t.triggerid='.$triggerid)); | ||
1581 | + $db_trigger = DBfetch(DBselect('SELECT t.* FROM triggers t WHERE t.triggerid='.zbx_dbstr($triggerid))); | ||
1582 | if (!empty($db_trigger)) { | ||
1583 | return $db_trigger; | ||
1584 | } | ||
1585 | @@ -284,7 +284,7 @@ | ||
1586 | return DBselect( | ||
1587 | 'SELECT DISTINCT t.*'. | ||
1588 | ' FROM triggers t,functions f,items i'. | ||
1589 | - ' WHERE i.hostid='.$hostid. | ||
1590 | + ' WHERE i.hostid='.zbx_dbstr($hostid). | ||
1591 | ' AND f.itemid=i.itemid'. | ||
1592 | ' AND f.triggerid=t.triggerid' | ||
1593 | ); | ||
1594 | @@ -679,7 +679,7 @@ | ||
1595 | $state = ''; | ||
1596 | $sql = 'SELECT h.host,i.itemid,i.key_,f.function,f.triggerid,f.parameter,i.itemid,i.status,i.type,i.flags'. | ||
1597 | ' FROM items i,functions f,hosts h'. | ||
1598 | - ' WHERE f.functionid='.$functionid. | ||
1599 | + ' WHERE f.functionid='.zbx_dbstr($functionid). | ||
1600 | ' AND i.itemid=f.itemid'. | ||
1601 | ' AND h.hostid=i.hostid'; | ||
1602 | |||
1603 | @@ -1068,8 +1068,8 @@ | ||
1604 | ' FROM triggers t,functions f,items i'. | ||
1605 | ' WHERE t.triggerid=f.triggerid'. | ||
1606 | ' AND f.itemid=i.itemid'. | ||
1607 | - ' AND t.templateid='.$val. | ||
1608 | - ' AND i.hostid='.$hostid; | ||
1609 | + ' AND t.templateid='.zbx_dbstr($val). | ||
1610 | + ' AND i.hostid='.zbx_dbstr($hostid); | ||
1611 | if ($db_new_dep = DBfetch(DBselect($sql))) { | ||
1612 | $deps[$id] = $db_new_dep['triggerid']; | ||
1613 | } | ||
1614 | @@ -1395,9 +1395,9 @@ | ||
1615 | if ($period_start > 0 && $period_start <= time()) { | ||
1616 | $sql = 'SELECT e.eventid,e.value'. | ||
1617 | ' FROM events e'. | ||
1618 | - ' WHERE e.objectid='.$triggerid. | ||
1619 | + ' WHERE e.objectid='.zbx_dbstr($triggerid). | ||
1620 | ' AND e.object='.EVENT_OBJECT_TRIGGER. | ||
1621 | - ' AND e.clock<'.$period_start. | ||
1622 | + ' AND e.clock<'.zbx_dbstr($period_start). | ||
1623 | ' ORDER BY e.eventid DESC'; | ||
1624 | if ($row = DBfetch(DBselect($sql, 1))) { | ||
1625 | $start_value = $row['value']; | ||
1626 | @@ -1407,13 +1407,13 @@ | ||
1627 | |||
1628 | $sql = 'SELECT COUNT(e.eventid) AS cnt,MIN(e.clock) AS min_clock,MAX(e.clock) AS max_clock'. | ||
1629 | ' FROM events e'. | ||
1630 | - ' WHERE e.objectid='.$triggerid. | ||
1631 | + ' WHERE e.objectid='.zbx_dbstr($triggerid). | ||
1632 | ' AND e.object='.EVENT_OBJECT_TRIGGER; | ||
1633 | if ($period_start != 0) { | ||
1634 | - $sql .= ' AND clock>='.$period_start; | ||
1635 | + $sql .= ' AND clock>='.zbx_dbstr($period_start); | ||
1636 | } | ||
1637 | if ($period_end != 0) { | ||
1638 | - $sql .= ' AND clock<='.$period_end; | ||
1639 | + $sql .= ' AND clock<='.zbx_dbstr($period_end); | ||
1640 | } | ||
1641 | |||
1642 | $db_events = DBfetch(DBselect($sql)); | ||
1643 | @@ -1455,7 +1455,7 @@ | ||
1644 | $db_events = DBselect( | ||
1645 | 'SELECT e.eventid,e.clock,e.value'. | ||
1646 | ' FROM events e'. | ||
1647 | - ' WHERE e.objectid='.$triggerid. | ||
1648 | + ' WHERE e.objectid='.zbx_dbstr($triggerid). | ||
1649 | ' AND e.object='.EVENT_OBJECT_TRIGGER. | ||
1650 | ' AND e.clock BETWEEN '.$min.' AND '.$max. | ||
1651 | ' ORDER BY e.eventid' | ||
1652 | Index: frontends/php/include/forms.inc.php | ||
1653 | =================================================================== | ||
1654 | --- ./frontends/php/include/forms.inc.php (revision 38884) | ||
1655 | +++ ./frontends/php/include/forms.inc.php (working copy) | ||
1656 | @@ -66,7 +66,7 @@ | ||
1657 | $data['user_medias'] = array(); | ||
1658 | $dbMedia = DBselect('SELECT m.mediaid,m.mediatypeid,m.period,m.sendto,m.severity,m.active'. | ||
1659 | ' FROM media m'. | ||
1660 | - ' WHERE m.userid='.$userid | ||
1661 | + ' WHERE m.userid='.zbx_dbstr($userid) | ||
1662 | ); | ||
1663 | while ($dbMedium = DBfetch($dbMedia)) { | ||
1664 | $data['user_medias'][] = $dbMedium; | ||
1665 | @@ -1104,7 +1104,7 @@ | ||
1666 | $data['db_applications'] = DBfetchArray(DBselect( | ||
1667 | 'SELECT DISTINCT a.applicationid,a.name'. | ||
1668 | ' FROM applications a'. | ||
1669 | - ' WHERE a.hostid='.$data['hostid'] | ||
1670 | + ' WHERE a.hostid='.zbx_dbstr($data['hostid']) | ||
1671 | )); | ||
1672 | order_result($data['db_applications'], 'name'); | ||
1673 | |||
1674 | @@ -1117,7 +1117,7 @@ | ||
1675 | // valuemapid | ||
1676 | if ($data['limited']) { | ||
1677 | if (!empty($data['valuemapid'])) { | ||
1678 | - if ($map_data = DBfetch(DBselect('SELECT v.name FROM valuemaps v WHERE v.valuemapid='.$data['valuemapid']))) { | ||
1679 | + if ($map_data = DBfetch(DBselect('SELECT v.name FROM valuemaps v WHERE v.valuemapid='.zbx_dbstr($data['valuemapid'])))) { | ||
1680 | $data['valuemaps'] = $map_data['name']; | ||
1681 | } | ||
1682 | } | ||
1683 | @@ -1270,7 +1270,7 @@ | ||
1684 | ' LEFT JOIN items i ON f.itemid=i.itemid'. | ||
1685 | ' LEFT JOIN hosts h ON i.hostid=h.hostid'. | ||
1686 | ' LEFT JOIN item_discovery id ON i.itemid=id.itemid'. | ||
1687 | - ' WHERE t.triggerid='.$tmp_triggerid | ||
1688 | + ' WHERE t.triggerid='.zbx_dbstr($tmp_triggerid) | ||
1689 | )); | ||
1690 | if (bccomp($data['triggerid'], $tmp_triggerid) != 0) { | ||
1691 | // parent trigger prototype link | ||
1692 | @@ -1313,7 +1313,7 @@ | ||
1693 | 'SELECT t.triggerid,t.description'. | ||
1694 | ' FROM triggers t,trigger_depends d'. | ||
1695 | ' WHERE t.triggerid=d.triggerid_up'. | ||
1696 | - ' AND d.triggerid_down='.$data['triggerid'] | ||
1697 | + ' AND d.triggerid_down='.zbx_dbstr($data['triggerid']) | ||
1698 | ); | ||
1699 | while ($trigger = DBfetch($db_triggers)) { | ||
1700 | if (uint_in_array($trigger['triggerid'], $data['dependencies'])) { | ||
1701 | @@ -1720,7 +1720,7 @@ | ||
1702 | $table_titles = zbx_toHash($table_titles, 'db_field'); | ||
1703 | $sql_fields = implode(', ', array_keys($table_titles)); | ||
1704 | |||
1705 | - $sql = 'SELECT '.$sql_fields.' FROM host_inventory WHERE hostid='.$_REQUEST['hostid']; | ||
1706 | + $sql = 'SELECT '.$sql_fields.' FROM host_inventory WHERE hostid='.zbx_dbstr($_REQUEST['hostid']); | ||
1707 | $result = DBselect($sql); | ||
1708 | |||
1709 | $row = DBfetch($result); | ||
1710 | @@ -1740,7 +1740,7 @@ | ||
1711 | $sql = 'SELECT re.* '. | ||
1712 | ' FROM regexps re '. | ||
1713 | ' WHERE '.DBin_node('re.regexpid'). | ||
1714 | - ' AND re.regexpid='.$_REQUEST['regexpid']; | ||
1715 | + ' AND re.regexpid='.zbx_dbstr($_REQUEST['regexpid']); | ||
1716 | $regexp = DBfetch(DBSelect($sql)); | ||
1717 | |||
1718 | $rename = $regexp['name']; | ||
1719 | @@ -1750,7 +1750,7 @@ | ||
1720 | $sql = 'SELECT e.* '. | ||
1721 | ' FROM expressions e '. | ||
1722 | ' WHERE '.DBin_node('e.expressionid'). | ||
1723 | - ' AND e.regexpid='.$regexp['regexpid']. | ||
1724 | + ' AND e.regexpid='.zbx_dbstr($regexp['regexpid']). | ||
1725 | ' ORDER BY e.expression_type'; | ||
1726 | |||
1727 | $db_exps = DBselect($sql); | ||
1728 | @@ -1888,7 +1888,7 @@ | ||
1729 | $sql = 'SELECT e.* '. | ||
1730 | ' FROM expressions e '. | ||
1731 | ' WHERE '.DBin_node('e.expressionid'). | ||
1732 | - ' AND e.regexpid='.$_REQUEST['regexpid']. | ||
1733 | + ' AND e.regexpid='.zbx_dbstr($_REQUEST['regexpid']). | ||
1734 | ' ORDER BY e.expression_type'; | ||
1735 | |||
1736 | $db_exps = DBselect($sql); | ||
1737 | Index: frontends/php/include/regexp.inc.php | ||
1738 | =================================================================== | ||
1739 | --- ./frontends/php/include/regexp.inc.php (revision 38884) | ||
1740 | +++ ./frontends/php/include/regexp.inc.php (working copy) | ||
1741 | @@ -24,7 +24,7 @@ | ||
1742 | 'SELECT re.*'. | ||
1743 | ' FROM regexps re'. | ||
1744 | ' WHERE '.DBin_node('re.regexpid'). | ||
1745 | - ' AND regexpid='.$regexpId | ||
1746 | + ' AND regexpid='.zbx_dbstr($regexpId) | ||
1747 | )); | ||
1748 | } | ||
1749 | |||
1750 | @@ -35,7 +35,7 @@ | ||
1751 | 'SELECT e.expressionid,e.expression,e.expression_type,e.exp_delimiter,e.case_sensitive'. | ||
1752 | ' FROM expressions e'. | ||
1753 | ' WHERE '.DBin_node('e.expressionid'). | ||
1754 | - ' AND regexpid='.$regexpId | ||
1755 | + ' AND regexpid='.zbx_dbstr($regexpId) | ||
1756 | ); | ||
1757 | while ($expression = DBfetch($dbExpressions)) { | ||
1758 | $expressions[$expression['expressionid']] = $expression; | ||
1759 | Index: frontends/php/include/actions.inc.php | ||
1760 | =================================================================== | ||
1761 | --- ./frontends/php/include/actions.inc.php (revision 38884) | ||
1762 | +++ ./frontends/php/include/actions.inc.php (working copy) | ||
1763 | @@ -203,7 +203,7 @@ | ||
1764 | 'SELECT dr.name,c.dcheckid,c.type,c.key_,c.ports'. | ||
1765 | ' FROM drules dr,dchecks c'. | ||
1766 | ' WHERE dr.druleid=c.druleid'. | ||
1767 | - ' AND c.dcheckid='.$value | ||
1768 | + ' AND c.dcheckid='.zbx_dbstr($value) | ||
1769 | )); | ||
1770 | if ($row) { | ||
1771 | $str_val = $row['name'].': '.discovery_check2str($row['type'], $row['key_'], $row['ports']); | ||
1772 | @@ -409,7 +409,7 @@ | ||
1773 | $sql = 'SELECT a.def_shortdata,a.def_longdata '. | ||
1774 | ' FROM actions a,operations o '. | ||
1775 | ' WHERE a.actionid=o.actionid '. | ||
1776 | - ' AND o.operationid='.$data['operationid']; | ||
1777 | + ' AND o.operationid='.zbx_dbstr($data['operationid']); | ||
1778 | if ($rows = DBfetch(DBselect($sql, 1))) { | ||
1779 | $result[] = array(bold(_('Subject').': '), BR(), zbx_nl2br($rows['def_shortdata'])); | ||
1780 | $result[] = array(bold(_('Message').': '), BR(), zbx_nl2br($rows['def_longdata'])); | ||
1781 | @@ -873,8 +873,8 @@ | ||
1782 | ' FROM events e,alerts a'. | ||
1783 | ' LEFT JOIN users u ON u.userid=a.userid'. | ||
1784 | ' LEFT JOIN media_type mt ON mt.mediatypeid=a.mediatypeid'. | ||
1785 | - ' WHERE a.eventid='.$eventid. | ||
1786 | - (is_null($status)?'':' AND a.status='.$status). | ||
1787 | + ' WHERE a.eventid='.zbx_dbstr($eventid). | ||
1788 | + (is_null($status)?'':' AND a.status='.zbx_dbstr($status)). | ||
1789 | ' AND e.eventid=a.eventid'. | ||
1790 | ' AND a.alerttype IN ('.ALERT_TYPE_MESSAGE.','.ALERT_TYPE_COMMAND.')'. | ||
1791 | ' AND '.DBin_node('a.alertid'). | ||
1792 | Index: frontends/php/include/screens.inc.php | ||
1793 | =================================================================== | ||
1794 | --- ./frontends/php/include/screens.inc.php (revision 38884) | ||
1795 | +++ ./frontends/php/include/screens.inc.php (working copy) | ||
1796 | @@ -57,7 +57,7 @@ | ||
1797 | } | ||
1798 | |||
1799 | function get_screen_by_screenid($screenid) { | ||
1800 | - $dbScreen = DBfetch(DBselect('SELECT s.* FROM screens s WHERE s.screenid='.$screenid)); | ||
1801 | + $dbScreen = DBfetch(DBselect('SELECT s.* FROM screens s WHERE s.screenid='.zbx_dbstr($screenid))); | ||
1802 | return !empty($dbScreen) ? $dbScreen : false; | ||
1803 | } | ||
1804 | |||
1805 | @@ -69,7 +69,7 @@ | ||
1806 | $db_scr_items = DBselect( | ||
1807 | 'SELECT si.resourceid'. | ||
1808 | ' FROM screens_items si'. | ||
1809 | - ' WHERE si.screenid='.$child_screenid. | ||
1810 | + ' WHERE si.screenid='.zbx_dbstr($child_screenid). | ||
1811 | ' AND si.resourcetype='.SCREEN_RESOURCE_SCREEN | ||
1812 | ); | ||
1813 | while ($scr_item = DBfetch($db_scr_items)) { | ||
1814 | @@ -84,7 +84,7 @@ | ||
1815 | $db_slides = DBfetch(DBselect( | ||
1816 | 'SELECT MIN(s.step) AS min_step,MAX(s.step) AS max_step'. | ||
1817 | ' FROM slides s'. | ||
1818 | - ' WHERE s.slideshowid='.$slideshowid | ||
1819 | + ' WHERE s.slideshowid='.zbx_dbstr($slideshowid) | ||
1820 | )); | ||
1821 | if (!$db_slides || is_null($db_slides['min_step'])) { | ||
1822 | return false; | ||
1823 | @@ -101,9 +101,9 @@ | ||
1824 | return DBfetch(DBselect( | ||
1825 | 'SELECT sl.*'. | ||
1826 | ' FROM slides sl,slideshows ss'. | ||
1827 | - ' WHERE ss.slideshowid='.$slideshowid. | ||
1828 | + ' WHERE ss.slideshowid='.zbx_dbstr($slideshowid). | ||
1829 | ' AND sl.slideshowid=ss.slideshowid'. | ||
1830 | - ' AND sl.step='.$curr_step | ||
1831 | + ' AND sl.step='.zbx_dbstr($curr_step) | ||
1832 | )); | ||
1833 | } | ||
1834 | |||
1835 | @@ -112,7 +112,7 @@ | ||
1836 | |||
1837 | $sql = 'SELECT s.slideshowid'. | ||
1838 | ' FROM slideshows s'. | ||
1839 | - ' WHERE s.slideshowid='.$slideshowid. | ||
1840 | + ' WHERE s.slideshowid='.zbx_dbstr($slideshowid). | ||
1841 | ' AND '.DBin_node('s.slideshowid', get_current_nodeid(null, $perm) | ||
1842 | ); | ||
1843 | if (DBselect($sql)) { | ||
1844 | @@ -122,7 +122,7 @@ | ||
1845 | $db_screens = DBselect( | ||
1846 | 'SELECT DISTINCT s.screenid'. | ||
1847 | ' FROM slides s'. | ||
1848 | - ' WHERE s.slideshowid='.$slideshowid | ||
1849 | + ' WHERE s.slideshowid='.zbx_dbstr($slideshowid) | ||
1850 | ); | ||
1851 | while ($slide_data = DBfetch($db_screens)) { | ||
1852 | $screenids[$slide_data['screenid']] = $slide_data['screenid']; | ||
1853 | @@ -147,7 +147,7 @@ | ||
1854 | } | ||
1855 | |||
1856 | function get_slideshow_by_slideshowid($slideshowid) { | ||
1857 | - return DBfetch(DBselect('SELECT s.* FROM slideshows s WHERE s.slideshowid='.$slideshowid)); | ||
1858 | + return DBfetch(DBselect('SELECT s.* FROM slideshows s WHERE s.slideshowid='.zbx_dbstr($slideshowid))); | ||
1859 | } | ||
1860 | |||
1861 | function add_slideshow($name, $delay, $slides) { | ||
1862 | @@ -182,7 +182,7 @@ | ||
1863 | $slideshowid = get_dbid('slideshows', 'slideshowid'); | ||
1864 | $result = DBexecute( | ||
1865 | 'INSERT INTO slideshows (slideshowid,name,delay)'. | ||
1866 | - ' VALUES ('.$slideshowid.','.zbx_dbstr($name).','.$delay.')' | ||
1867 | + ' VALUES ('.zbx_dbstr($slideshowid).','.zbx_dbstr($name).','.zbx_dbstr($delay).')' | ||
1868 | ); | ||
1869 | |||
1870 | // create slides | ||
1871 | @@ -197,7 +197,7 @@ | ||
1872 | |||
1873 | $result = DBexecute( | ||
1874 | 'INSERT INTO slides (slideid,slideshowid,screenid,step,delay)'. | ||
1875 | - ' VALUES ('.$slideid.','.$slideshowid.','.$slide['screenid'].','.($i++).','.$slide['delay'].')' | ||
1876 | + ' VALUES ('.zbx_dbstr($slideid).','.zbx_dbstr($slideshowid).','.zbx_dbstr($slide['screenid']).','.($i++).','.zbx_dbstr($slide['delay']).')' | ||
1877 | ); | ||
1878 | if (!$result) { | ||
1879 | return false; | ||
1880 | @@ -228,14 +228,14 @@ | ||
1881 | } | ||
1882 | |||
1883 | // validate slide name | ||
1884 | - $sql = 'SELECT s.slideshowid FROM slideshows s WHERE s.name='.zbx_dbstr($name).' AND s.slideshowid<>'.$slideshowid; | ||
1885 | + $sql = 'SELECT s.slideshowid FROM slideshows s WHERE s.name='.zbx_dbstr($name).' AND s.slideshowid<>'.zbx_dbstr($slideshowid); | ||
1886 | $db_slideshow = DBfetch(DBselect($sql, 1)); | ||
1887 | if (!empty($db_slideshow)) { | ||
1888 | error(_s('Slide show "%s" already exists.', $name)); | ||
1889 | return false; | ||
1890 | } | ||
1891 | |||
1892 | - $db_slideshow = DBfetchArray(DBselect('SELECT * FROM slideshows WHERE slideshowid='.$slideshowid)); | ||
1893 | + $db_slideshow = DBfetchArray(DBselect('SELECT * FROM slideshows WHERE slideshowid='.zbx_dbstr($slideshowid))); | ||
1894 | $db_slideshow = $db_slideshow[0]; | ||
1895 | $changed = false; | ||
1896 | $slideshow = array('name' => $name, 'delay' => $delay); | ||
1897 | @@ -246,13 +246,13 @@ | ||
1898 | } | ||
1899 | } | ||
1900 | if ($changed) { | ||
1901 | - if (!$result = DBexecute('UPDATE slideshows SET name='.zbx_dbstr($name).',delay='.$delay.' WHERE slideshowid='.$slideshowid)) { | ||
1902 | + if (!$result = DBexecute('UPDATE slideshows SET name='.zbx_dbstr($name).',delay='.zbx_dbstr($delay).' WHERE slideshowid='.zbx_dbstr($slideshowid))) { | ||
1903 | return false; | ||
1904 | } | ||
1905 | } | ||
1906 | |||
1907 | // get slides | ||
1908 | - $db_slides = DBfetchArrayAssoc(DBselect('SELECT s.* FROM slides s WHERE s.slideshowid='.$slideshowid), 'slideid'); | ||
1909 | + $db_slides = DBfetchArrayAssoc(DBselect('SELECT s.* FROM slides s WHERE s.slideshowid='.zbx_dbstr($slideshowid)), 'slideid'); | ||
1910 | |||
1911 | $slidesToDel = zbx_objectValues($db_slides, 'slideid'); | ||
1912 | $slidesToDel = zbx_toHash($slidesToDel); | ||
1913 | @@ -262,7 +262,7 @@ | ||
1914 | if (isset($db_slides[$slide['slideid']])) { | ||
1915 | // update slide | ||
1916 | if ($db_slides[$slide['slideid']]['delay'] != $slide['delay'] || $db_slides[$slide['slideid']]['step'] != $step) { | ||
1917 | - $result = DBexecute('UPDATE slides SET step='.$step.', delay='.$slide['delay'].' WHERE slideid='.$slide['slideid']); | ||
1918 | + $result = DBexecute('UPDATE slides SET step='.zbx_dbstr($step).', delay='.zbx_dbstr($slide['delay']).' WHERE slideid='.zbx_dbstr($slide['slideid'])); | ||
1919 | } | ||
1920 | // do nothing with slide | ||
1921 | else { | ||
1922 | @@ -275,7 +275,7 @@ | ||
1923 | $slideid = get_dbid('slides', 'slideid'); | ||
1924 | $result = DBexecute( | ||
1925 | 'INSERT INTO slides (slideid,slideshowid,screenid,step,delay)'. | ||
1926 | - ' VALUES ('.$slideid.','.$slideshowid.','.$slide['screenid'].','.$step.','.$slide['delay'].')' | ||
1927 | + ' VALUES ('.zbx_dbstr($slideid).','.zbx_dbstr($slideshowid).','.zbx_dbstr($slide['screenid']).','.zbx_dbstr($step).','.zbx_dbstr($slide['delay']).')' | ||
1928 | ); | ||
1929 | } | ||
1930 | $step ++; | ||
1931 | @@ -293,9 +293,9 @@ | ||
1932 | } | ||
1933 | |||
1934 | function delete_slideshow($slideshowid) { | ||
1935 | - $result = DBexecute('DELETE FROM slideshows where slideshowid='.$slideshowid); | ||
1936 | - $result &= DBexecute('DELETE FROM slides where slideshowid='.$slideshowid); | ||
1937 | - $result &= DBexecute('DELETE FROM profiles WHERE idx=\'web.favorite.screenids\' AND source=\'slideshowid\' AND value_id='.$slideshowid); | ||
1938 | + $result = DBexecute('DELETE FROM slideshows where slideshowid='.zbx_dbstr($slideshowid)); | ||
1939 | + $result &= DBexecute('DELETE FROM slides where slideshowid='.zbx_dbstr($slideshowid)); | ||
1940 | + $result &= DBexecute('DELETE FROM profiles WHERE idx=\'web.favorite.screenids\' AND source=\'slideshowid\' AND value_id='.zbx_dbstr($slideshowid)); | ||
1941 | return $result; | ||
1942 | } | ||
1943 | |||
1944 | @@ -304,13 +304,13 @@ | ||
1945 | if ($config == 0) { | ||
1946 | $sql = 'SELECT si.screenitemid'. | ||
1947 | ' FROM screens_items si'. | ||
1948 | - ' WHERE si.screenid='.$elid. | ||
1949 | + ' WHERE si.screenid='.zbx_dbstr($elid). | ||
1950 | ' AND si.dynamic='.SCREEN_DYNAMIC_ITEM; | ||
1951 | } | ||
1952 | else { | ||
1953 | $sql = 'SELECT si.screenitemid'. | ||
1954 | ' FROM slides s,screens_items si'. | ||
1955 | - ' WHERE s.slideshowid='.$elid. | ||
1956 | + ' WHERE s.slideshowid='.zbx_dbstr($elid). | ||
1957 | ' AND si.screenid=s.screenid'. | ||
1958 | ' AND si.dynamic='.SCREEN_DYNAMIC_ITEM; | ||
1959 | } | ||
1960 | Index: frontends/php/include/perm.inc.php | ||
1961 | =================================================================== | ||
1962 | --- ./frontends/php/include/perm.inc.php (revision 38884) | ||
1963 | +++ ./frontends/php/include/perm.inc.php (working copy) | ||
1964 | @@ -46,7 +46,7 @@ | ||
1965 | function check_perm2system($userid) { | ||
1966 | $sql = 'SELECT g.usrgrpid'. | ||
1967 | ' FROM usrgrp g,users_groups ug'. | ||
1968 | - ' WHERE ug.userid='.$userid. | ||
1969 | + ' WHERE ug.userid='.zbx_dbstr($userid). | ||
1970 | ' AND g.usrgrpid=ug.usrgrpid'. | ||
1971 | ' AND g.users_status='.GROUP_STATUS_DISABLED; | ||
1972 | if ($res = DBfetch(DBselect($sql, 1))) { | ||
1973 | @@ -91,7 +91,7 @@ | ||
1974 | |||
1975 | $sql = 'SELECT MAX(g.gui_access) AS gui_access'. | ||
1976 | ' FROM usrgrp g,users_groups ug'. | ||
1977 | - ' WHERE ug.userid='.$userid. | ||
1978 | + ' WHERE ug.userid='.zbx_dbstr($userid). | ||
1979 | ' AND g.usrgrpid=ug.usrgrpid'; | ||
1980 | $db_access = DBfetch(DBselect($sql)); | ||
1981 | if (!zbx_empty($db_access['gui_access'])) { | ||
1982 | @@ -206,7 +206,7 @@ | ||
1983 | ' LEFT JOIN rights r ON r.id=hg.groupid'. | ||
1984 | ' LEFT JOIN users_groups g ON r.groupid=g.usrgrpid'. | ||
1985 | ' LEFT JOIN nodes n ON '.DBid2nodeid('hg.groupid').'=n.nodeid'. | ||
1986 | - ' WHERE g.userid='.$userid. | ||
1987 | + ' WHERE g.userid='.zbx_dbstr($userid). | ||
1988 | ' AND '.DBin_node('hg.groupid', $nodeid). | ||
1989 | ' GROUP BY n.nodeid,n.name,hg.groupid,hg.name,g.userid'. | ||
1990 | ' ORDER BY node_name,hg.name,permission'; | ||
1991 | @@ -306,7 +306,7 @@ | ||
1992 | foreach ($node_data as $nodeid => $node) { | ||
1993 | switch ($perm_res) { | ||
1994 | case PERM_RES_DATA_ARRAY: | ||
1995 | - $db_node = DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.$nodeid.' ORDER BY n.name')); | ||
1996 | + $db_node = DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid).' ORDER BY n.name')); | ||
1997 | |||
1998 | if (!ZBX_DISTRIBUTED) { | ||
1999 | if (!$node) { | ||
2000 | @@ -552,7 +552,7 @@ | ||
2001 | if (!isset($userGroups[$userId])) { | ||
2002 | $userGroups[$userId] = array(); | ||
2003 | |||
2004 | - $result = DBselect('SELECT usrgrpid FROM users_groups WHERE userid='.$userId); | ||
2005 | + $result = DBselect('SELECT usrgrpid FROM users_groups WHERE userid='.zbx_dbstr($userId)); | ||
2006 | while ($row = DBfetch($result)) { | ||
2007 | $userGroups[$userId][] = $row['usrgrpid']; | ||
2008 | } | ||
2009 | Index: frontends/php/include/blocks.inc.php | ||
2010 | =================================================================== | ||
2011 | --- ./frontends/php/include/blocks.inc.php (revision 38884) | ||
2012 | +++ ./frontends/php/include/blocks.inc.php (working copy) | ||
2013 | @@ -1043,7 +1043,7 @@ | ||
2014 | ' AND hti.type='.HTTPSTEP_ITEM_TYPE_LASTSTEP. | ||
2015 | ' AND ht.status='.HTTPTEST_STATUS_ACTIVE. | ||
2016 | ' AND '.dbConditionInt('hg.hostid', $availableHostIds). | ||
2017 | - ' AND hg.groupid='.$group['groupid'] | ||
2018 | + ' AND hg.groupid='.zbx_dbstr($group['groupid']) | ||
2019 | ); | ||
2020 | while ($row = DBfetch($result)) { | ||
2021 | $showGroup = true; | ||