From 75b25bd670ba01251f2745f679010c9e51beae4f Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Tue, 13 Jun 2023 17:04:57 +0200 Subject: [PATCH 1/2] #11559 fixed error validate sql in meta --- .../godmode/reporting/reporting_builder.php | 25 +++++++++++++------ pandora_console/include/functions_db.php | 17 +++++++++++-- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index e346c8f633..97e0123a5c 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -2198,10 +2198,6 @@ switch ($action) { ); if ($values['treport_custom_sql_id'] == 0) { $sql = get_parameter('sql', ''); - if ($sql !== '') { - $good_format = db_validate_sql($sql); - } - $values['external_source'] = $sql; } @@ -2218,6 +2214,10 @@ switch ($action) { } else { $values['server_name'] = get_parameter('combo_server'); } + + if ($sql !== '') { + $good_format = db_validate_sql($sql, (is_metaconsole() === true) ? $values['server_name'] : false); + } } else if ($values['type'] == 'url') { $values['external_source'] = get_parameter('url'); } else if ($values['type'] == 'event_report_group') { @@ -2947,10 +2947,6 @@ switch ($action) { ); if ($values['treport_custom_sql_id'] == 0) { $sql = get_parameter('sql', ''); - if ($sql !== '') { - $good_format = db_validate_sql($sql); - } - $values['external_source'] = $sql; } @@ -2958,6 +2954,19 @@ switch ($action) { 'historical_db_check' ); $values['top_n_value'] = get_parameter('max_items'); + + if ($values['type'] === 'sql_graph_hbar' + || ($values['type'] === 'sql_graph_vbar') + || ($values['type'] === 'sql_graph_pie') + ) { + $values['server_name'] = get_parameter('combo_server_sql'); + } else { + $values['server_name'] = get_parameter('combo_server'); + } + + if ($sql !== '') { + $good_format = db_validate_sql($sql, (is_metaconsole() === true) ? $values['server_name'] : false); + } } else if ($values['type'] == 'url') { $values['external_source'] = get_parameter('url'); } else if ($values['type'] == 'event_report_group') { diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index aa21543ee6..acc7354fb8 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -2560,12 +2560,21 @@ function db_get_column_type(string $table, string $column='') /** * Validate sql query. * - * @param string $sql Query for validate. + * @param string $sql Query for validate. + * @param mixed $server Server name where sql must connect. * * @return boolean True if query is valid. */ -function db_validate_sql(string $sql) +function db_validate_sql(string $sql, $server=false) { + if ($server !== false && is_metaconsole() === true) { + metaconsole_restore_db(); + $setup = metaconsole_get_connection($server); + if (metaconsole_connect($setup) !== NOERR) { + return false; + } + } + try { error_reporting(0); db_process_sql_begin(); @@ -2578,5 +2587,9 @@ function db_validate_sql(string $sql) error_reporting(E_ALL); } + if ($server !== false && is_metaconsole() === true) { + metaconsole_restore_db(); + } + return ($result !== false) ? true : false; } From 4d53f4cbc4ccedc3554d8488e982fecff0a8aa2f Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Tue, 13 Jun 2023 17:27:23 +0200 Subject: [PATCH 2/2] #11559 refactored --- pandora_console/godmode/reporting/reporting_builder.php | 8 ++++---- pandora_console/include/functions_db.php | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/pandora_console/godmode/reporting/reporting_builder.php b/pandora_console/godmode/reporting/reporting_builder.php index 97e0123a5c..f6a67cce8e 100755 --- a/pandora_console/godmode/reporting/reporting_builder.php +++ b/pandora_console/godmode/reporting/reporting_builder.php @@ -2198,6 +2198,10 @@ switch ($action) { ); if ($values['treport_custom_sql_id'] == 0) { $sql = get_parameter('sql', ''); + if ($sql !== '') { + $good_format = db_validate_sql($sql); + } + $values['external_source'] = $sql; } @@ -2214,10 +2218,6 @@ switch ($action) { } else { $values['server_name'] = get_parameter('combo_server'); } - - if ($sql !== '') { - $good_format = db_validate_sql($sql, (is_metaconsole() === true) ? $values['server_name'] : false); - } } else if ($values['type'] == 'url') { $values['external_source'] = get_parameter('url'); } else if ($values['type'] == 'event_report_group') { diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index acc7354fb8..2b3d0d9b25 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -2568,7 +2568,6 @@ function db_get_column_type(string $table, string $column='') function db_validate_sql(string $sql, $server=false) { if ($server !== false && is_metaconsole() === true) { - metaconsole_restore_db(); $setup = metaconsole_get_connection($server); if (metaconsole_connect($setup) !== NOERR) { return false;