From 6b17837c4d96802be1a1fd5f58116e3a2fdb7ae8 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Tue, 23 May 2023 18:02:03 +0200 Subject: [PATCH] #11318 added funcion for validate sql --- .../godmode/reporting/reporting_builder.php | 9 ++++--- pandora_console/include/functions_db.php | 25 +++++++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index cd049f1d83..4e6e39fe19 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -2197,9 +2197,12 @@ switch ($action) { 'id_custom' ); if ($values['treport_custom_sql_id'] == 0) { - $values['external_source'] = get_parameter( - 'sql' - ); + $sql = get_parameter('sql', ''); + if ($sql !== '') { + $good_format = db_validate_sql($sql); + } + + $values['external_source'] = get_parameter('sql'); } $values['historical_db'] = get_parameter( diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index 1bd96221e9..aa21543ee6 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -2555,3 +2555,28 @@ function db_get_column_type(string $table, string $column='') return $result; } + + +/** + * Validate sql query. + * + * @param string $sql Query for validate. + * + * @return boolean True if query is valid. + */ +function db_validate_sql(string $sql) +{ + try { + error_reporting(0); + db_process_sql_begin(); + $result = db_process_sql(io_safe_output($sql)); + } catch (Exception $e) { + // Catch all posible errors. + $result = false; + } finally { + db_process_sql_rollback(); + error_reporting(E_ALL); + } + + return ($result !== false) ? true : false; +}