#11318 added funcion for validate sql

2023-05-23 18:02:03 +02:00 · 2023-05-23 18:02:03 +02:00 · 6b17837c4d
parent 303b910527
commit 6b17837c4d
2 changed files with 31 additions and 3 deletions
--- a/pandora_console/godmode/reporting/reporting_builder.php
+++ b/pandora_console/godmode/reporting/reporting_builder.php
@ -2197,9 +2197,12 @@ switch ($action) {
                                'id_custom'
                            );
                            if ($values['treport_custom_sql_id'] == 0) {
-                                $values['external_source'] = get_parameter(
-                                    'sql'
-                                );
+                                $sql = get_parameter('sql', '');
+                                if ($sql !== '') {
+                                    $good_format = db_validate_sql($sql);
+                                }
+
+                                $values['external_source'] = get_parameter('sql');
                            }

                            $values['historical_db'] = get_parameter(
--- a/pandora_console/include/functions_db.php
+++ b/pandora_console/include/functions_db.php
@ -2555,3 +2555,28 @@ function db_get_column_type(string $table, string $column='')

    return $result;
 }
+
+
+/**
+ * Validate sql query.
+ *
+ * @param string $sql Query for validate.
+ *
+ * @return boolean True if query is valid.
+ */
+function db_validate_sql(string $sql)
+{
+    try {
+        error_reporting(0);
+        db_process_sql_begin();
+        $result = db_process_sql(io_safe_output($sql));
+    } catch (Exception $e) {
+        // Catch all posible errors.
+        $result = false;
+    } finally {
+        db_process_sql_rollback();
+        error_reporting(E_ALL);
+    }
+
+    return ($result !== false) ? true : false;
+}