From 034329d96ddb1a9af69e3f298d33fcc5abad37ff Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Thu, 10 Feb 2022 16:09:53 +0100 Subject: [PATCH] Fix issue with filters in SQL query --- pandora_console/include/functions_events.php | 80 ++++++++++---------- 1 file changed, 42 insertions(+), 38 deletions(-) diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index 9b097d4a93..5794077d30 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -779,19 +779,19 @@ function events_get_all( ); } - if (isset($filter['date_to']) - && !empty($filter['date_to']) - && $filter['date_to'] != '0000-00-00' + if (isset($filter['date_to']) === true + && empty($filter['date_to']) === false + && $filter['date_to'] !== '0000-00-00' ) { $date_to = $filter['date_to']; } - if (isset($filter['time_to'])) { + if (isset($filter['time_to']) === true) { $time_to = (empty($filter['time_to']) === true) ? '23:59:59' : $filter['time_to']; } - if (isset($date_to)) { - if (!isset($time_to)) { + if (isset($date_to) === true) { + if (isset($time_to) === false) { $time_to = '23:59:59'; } @@ -802,8 +802,8 @@ function events_get_all( ); } - if (!isset($from)) { - if (isset($filter['event_view_hr']) && ($filter['event_view_hr'] > 0)) { + if (isset($from) === false) { + if (isset($filter['event_view_hr']) === true && ($filter['event_view_hr'] > 0)) { $sql_filters[] = sprintf( ' AND utimestamp > UNIX_TIMESTAMP(now() - INTERVAL %d HOUR) ', $filter['event_view_hr'] @@ -811,20 +811,20 @@ function events_get_all( } } - if (isset($filter['id_agent']) && $filter['id_agent'] > 0) { + if (isset($filter['id_agent']) === true && $filter['id_agent'] > 0) { $sql_filters[] = sprintf( ' AND te.id_agente = %d ', $filter['id_agent'] ); } - if (!empty($filter['event_type']) && $filter['event_type'] != 'all') { - if ($filter['event_type'] == 'warning' - || $filter['event_type'] == 'critical' - || $filter['event_type'] == 'normal' + if (empty($filter['event_type']) === false && $filter['event_type'] !== 'all') { + if ($filter['event_type'] === 'warning' + || $filter['event_type'] === 'critical' + || $filter['event_type'] === 'normal' ) { $sql_filters[] = ' AND event_type LIKE "%'.$filter['event_type'].'%"'; - } else if ($filter['event_type'] == 'not_normal') { + } else if ($filter['event_type'] === 'not_normal') { $sql_filters[] = ' AND (event_type LIKE "%warning%" OR event_type LIKE "%critical%" OR event_type LIKE "%unknown%")'; @@ -833,9 +833,9 @@ function events_get_all( } } - if (isset($filter['severity']) && $filter['severity'] > 0) { - if (is_array($filter['severity'])) { - if (!in_array(-1, $filter['severity'])) { + if (isset($filter['severity']) === true && $filter['severity'] > 0) { + if (is_array($filter['severity']) === true) { + if (in_array(-1, $filter['severity']) === false) { $not_normal = array_search(EVENT_CRIT_NOT_NORMAL, $filter['severity']); if ($not_normal !== false) { unset($filter['severity'][$not_normal]); @@ -858,7 +858,7 @@ function events_get_all( $filter['severity'][] = EVENT_CRIT_CRITICAL; } - if (!empty($filter['severity'])) { + if (empty($filter['severity']) === false) { $filter['severity'] = implode(',', $filter['severity']); $sql_filters[] = sprintf( ' AND criticity IN (%s)', @@ -1015,7 +1015,7 @@ function events_get_all( $EW_groups = users_get_groups($config['id_user'], 'EW', true, true); } - if (!$user_is_admin && !users_can_manage_group_all('ER')) { + if (!$user_is_admin && users_can_manage_group_all('ER') === false) { // Get groups where user have ER grants. $sql_filters[] = sprintf( ' AND (te.id_grupo IN ( %s ) OR tasg.id_group IN (%s))', @@ -1038,14 +1038,14 @@ function events_get_all( $tagente_table = 'tagente'; $tagente_field = 'id_agente'; $conditionMetaconsole = ''; - if (is_metaconsole() && $nodeConnected === false) { + if ((is_metaconsole() === true) && ($nodeConnected === false)) { $tagente_table = 'tmetaconsole_agent'; $tagente_field = 'id_tagente'; $conditionMetaconsole = ' AND ta.id_tmetaconsole_setup = te.server_id '; } // Agent alias. - if (!empty($filter['agent_alias'])) { + if (empty($filter['agent_alias']) === false) { $agent_join_filters[] = sprintf( ' AND ta.alias = "%s" ', $filter['agent_alias'] @@ -1053,7 +1053,7 @@ function events_get_all( } // Free search. - if (!empty($filter['search'])) { + if (empty($filter['search']) === false) { if (isset($config['dbconnection']->server_version) && $config['dbconnection']->server_version > 50600 ) { @@ -1071,23 +1071,23 @@ function events_get_all( OR lower(te.evento) like lower("%%%s%%") OR lower(te.user_comment) like lower("%%%s%%") OR lower(te.id_extra) like lower("%%%s%%") - OR lower(te.source) like lower("%%%s%%") + OR lower(te.source) like lower("%%%s%%") OR lower('.$custom_data_search.') like lower("%%%s%%") )', array_fill(0, 7, $filter['search']) ); } // Id extra. - if (!empty($filter['id_extra'])) { + if (empty($filter['id_extra']) === false) { $sql_filters[] = sprintf( ' AND lower(te.id_extra) like lower("%%%s%%") ', $filter['id_extra'] ); } - if (is_metaconsole() && $nodeConnected === false) { + if ((is_metaconsole() === true) && ($nodeConnected === false)) { // Id source event. - if (!empty($filter['id_source_event'])) { + if (empty($filter['id_source_event']) === false) { $sql_filters[] = sprintf( ' AND lower(te.id_source_event) like lower("%%%s%%") ', $filter['id_source_event'] @@ -1096,7 +1096,7 @@ function events_get_all( } // User comment. - if (!empty($filter['user_comment'])) { + if (empty($filter['user_comment']) === false) { // For filter field. $sql_filters[] = sprintf( ' AND lower(te.user_comment) like lower("%%%s%%") ', @@ -1111,7 +1111,7 @@ function events_get_all( } // Source. - if (!empty($filter['source'])) { + if (empty($filter['source']) === false) { $sql_filters[] = sprintf( ' AND lower(te.source) like lower("%%%s%%") ', $filter['source'] @@ -1119,7 +1119,7 @@ function events_get_all( } // Validated or in process by. - if (!empty($filter['id_user_ack'])) { + if (empty($filter['id_user_ack']) === false) { $sql_filters[] = sprintf( ' AND te.id_usuario like lower("%%%s%%") ', $filter['id_user_ack'] @@ -1128,13 +1128,13 @@ function events_get_all( $tag_names = []; // With following tags. - if (!empty($filter['tag_with'])) { + if (empty($filter['tag_with']) === false) { $tag_with = base64_decode($filter['tag_with']); $tags = json_decode($tag_with, true); - if (is_array($tags) && !in_array('0', $tags)) { + if (is_array($tags) === true && in_array('0', $tags) === false) { if (!$user_is_admin) { $getUserTags = tags_get_tags_for_module_search(); - // Prevent false value for array_flip + // Prevent false value for array_flip. if ($getUserTags === false) { $getUserTags = []; } @@ -1152,7 +1152,7 @@ function events_get_all( $_tmp = ''; foreach ($tags as $id_tag) { - if (!isset($tags_names[$id_tag])) { + if (isset($tags_names[$id_tag]) === false) { $tags_names[$id_tag] = tags_get_name($id_tag); } @@ -1182,18 +1182,22 @@ function events_get_all( $tags_names[$id_tag] ); - $_tmp .= ') '; + if ($tags[0] === $id_tag) { + $_tmp .= ')) '; + } else { + $_tmp .= ') '; + } } - $sql_filters[] = $_tmp.')'; + $sql_filters[] = $_tmp; } } // Without following tags. - if (!empty($filter['tag_without'])) { + if (empty($filter['tag_without']) === false) { $tag_without = base64_decode($filter['tag_without']); $tags = json_decode($tag_without, true); - if (is_array($tags) && !in_array('0', $tags)) { + if (is_array($tags) === true && in_array('0', $tags) === false) { if (!$user_is_admin) { $user_tags = array_flip(tags_get_tags_for_module_search()); if ($user_tags != null) { @@ -1208,7 +1212,7 @@ function events_get_all( } foreach ($tags as $id_tag) { - if (!isset($tags_names[$id_tag])) { + if (isset($tags_names[$id_tag]) === false) { $tags_names[$id_tag] = tags_get_name($id_tag); }