mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed IN db queries (#9077)

Browse Source 
Most were fine as they hardcoded the in into the query.
Change them all to use PDO properly.
Did not fix IRCBot, they are are all hardcoded.

DO NOT DELETE THIS TEXT

#### Please note

> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.

- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)

#### Testers

If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
This commit is contained in:
Tony Murray
2018-08-26 07:42:21 -05:00
committed by Neil Lathwood
parent a60dda8217
commit e9ff8c48b6
13 changed files with 67 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
daily.php
View File

@@ -238,8 +238,8 @@ if ($options['f'] === 'purgeusers') {
foreach (dbFetchRows("SELECT DISTINCT(`user`) FROM `authlog` WHERE `datetime` >= DATE_SUB(NOW(), INTERVAL ? DAY)", array($purge)) as $user) {
$users[] = $user['user'];
}
$del_users = '"'.implode('","', $users).'"';
if (dbDelete('users', "username NOT IN ($del_users)", array($del_users))) {
if (dbDelete('users', "username NOT IN " . dbGenPlaceholders(count($users)), $users)) {
echo "Removed users that haven't logged in for $purge days";
}
}

15
html/includes/api_functions.inc.php
View File

@@ -1029,20 +1029,21 @@ function list_alerts()
check_is_read();
$app = \Slim\Slim::getInstance();
$router = $app->router()->getCurrentRoute()->getParams();
$sql = "SELECT `D`.`hostname`, `A`.*, `R`.`severity` FROM `alerts` AS `A`, `devices` AS `D`, `alert_rules` AS `R` WHERE `D`.`device_id` = `A`.`device_id` AND `A`.`rule_id` = `R`.`id` AND `A`.`state` IN ";
if (isset($_GET['state'])) {
$param = array(mres($_GET['state']));
$param = explode(',', $_GET['state']);
} else {
$param = array('1');
$param = [1];
}
$sql .= dbGenPlaceholders(count($param));
$sql = '';
if (isset($router['id']) && $router['id'] > 0) {
$alert_id = mres($router['id']);
$sql = 'AND `A`.id=?';
array_push($param, $alert_id);
$param[] = $router['id'];
$sql .= 'AND `A`.id=?';
}
$alerts = dbFetchRows("SELECT `D`.`hostname`, `A`.*, `R`.`severity` FROM `alerts` AS `A`, `devices` AS `D`, `alert_rules` AS `R` WHERE `D`.`device_id` = `A`.`device_id` AND `A`.`rule_id` = `R`.`id` AND `A`.`state` IN (?) $sql", $param);
$alerts = dbFetchRows($sql, $param);
api_success($alerts, 'alerts');
}

17
html/includes/common/availability-map.inc.php
View File

@@ -168,23 +168,17 @@ if (defined('SHOW_SETTINGS')) {
// Only show devices if mode is 0 or 2 (Only Devices or both)
if ($config['webui']['availability_map_use_device_groups'] != 0) {
$device_group = 'SELECT `D`.`device_id` FROM `device_group_device` AS `D` WHERE `device_group_id` = ?';
$param = array($_SESSION['group_view']);
$devices = dbFetchRows($device_group, $param);
foreach ($devices as $in_dev) {
$in_devices[] = $in_dev['device_id'];
}
$in_devices = implode(',', $in_devices);
$in_devices = dbFetchColumn($device_group, [$_SESSION['group_view']]);
}
$sql = 'SELECT `D`.`hostname`, `D`.`sysName`, `D`.`device_id`, `D`.`status`, `D`.`uptime`, `D`.`os`, `D`.`icon`, `D`.`ignore`, `D`.`disabled` FROM `devices` AS `D`';
if (!Auth::user()->hasGlobalRead()) {
$sql .= ' , `devices_perms` AS P WHERE D.`device_id` = P.`device_id` AND P.`user_id` = ? AND ';
$param = array(
Auth::id()
);
$param = [Auth::id()];
} else {
$sql .= ' WHERE ';
$param = [];
}
if ($show_disabled_ignored != 1) {
@@ -193,8 +187,9 @@ if (defined('SHOW_SETTINGS')) {
$sql .= '(`D`.`status` IN (0,1,2) OR `D`.`ignore` = 1 OR `D`.`disabled` = 1)';
}
if ($config['webui']['availability_map_use_device_groups'] != 0 && isset($in_devices)) {
$sql .= " AND `D`.`device_id` IN ($in_devices)";
if ($config['webui']['availability_map_use_device_groups'] != 0 && !empty($in_devices)) {
$sql .= " AND `D`.`device_id` IN " . dbGenPlaceholders(count($in_devices));
$param = array_merge($param, $in_devices);
}
$sql .= " ORDER BY `".$deviceOrderBy."`";

14
html/includes/common/worldmap.inc.php
View File

@@ -168,15 +168,17 @@ var greenMarker = L.AwesomeMarkers.icon({
markerColor: \'green\', prefix: \'fa\', iconColor: \'white\'
});
';
$status_select = explode(',', $widget_settings['status']);
// Checking user permissions
if (Auth::user()->hasGlobalRead()) {
// Admin or global read-only - show all devices
$sql = "SELECT DISTINCT(`device_id`),`devices`.`location`,`sysName`,`hostname`,`os`,`status`,`lat`,`lng` FROM `devices`
LEFT JOIN `locations` ON `devices`.`location`=`locations`.`location`
WHERE `disabled`=0 AND `ignore`=0 AND ((`lat` != '' AND `lng` != '') OR (`devices`.`location` REGEXP '\[[0-9\.\, ]+\]'))
AND `status` IN (".$widget_settings['status'].")
ORDER BY `status` ASC, `hostname`";
$param = [];
AND `status` IN " . dbGenPlaceholders(count($status_select)) .
" ORDER BY `status` ASC, `hostname`";
$param = $status_select;
} else {
// Normal user - grab devices that user has permissions to
$sql = "SELECT DISTINCT(`devices`.`device_id`) as `device_id`,`devices`.`location`,`sysName`,`hostname`,`os`,`status`,`lat`,`lng`
@@ -184,9 +186,9 @@ var greenMarker = L.AwesomeMarkers.icon({
LEFT JOIN `locations` ON `devices`.`location`=`locations`.`location`
WHERE `disabled`=0 AND `ignore`=0 AND ((`lat` != '' AND `lng` != '') OR (`devices`.`location` REGEXP '\[[0-9\.\, ]+\]'))
AND `devices`.`device_id` = `devices_perms`.`device_id`
AND `devices_perms`.`user_id` = ? AND `status` IN (".$widget_settings['status'].")
ORDER BY `status` ASC, `hostname`";
$param[] = Auth::id();
AND `devices_perms`.`user_id` = ? AND `status` IN " . dbGenPlaceholders(count($status_select)) .
" ORDER BY `status` ASC, `hostname`";
$param = array_merge([Auth::id()], $status_select);
}
foreach (dbFetchRows($sql, $param) as $map_devices) {

4
html/includes/forms/alert-rules.inc.php
View File

@@ -194,10 +194,10 @@ if (is_numeric($rule_id) && $rule_id > 0) {
// Remove old mappings
if (!empty($t_del)) {
dbDelete('alert_transport_map', 'target_type="single" AND transport_or_group_id IN (?)', array(array(implode(',', $t_del))));
dbDelete('alert_transport_map', 'target_type="single" AND transport_or_group_id IN ' . dbGenPlaceholders(count($t_del)), $t_del);
}
if (!empty($g_del)) {
dbDelete('alert_transport_map', 'target_type="group" AND transport_or_group_id IN (?)', array(array(implode(',', $g_del))));
dbDelete('alert_transport_map', 'target_type="group" AND transport_or_group_id IN ' . dbGenPlaceholders(count($g_del)), $g_del);
}
}

9
html/includes/forms/attach-alert-template.inc.php
View File

@@ -25,11 +25,10 @@ if (!is_numeric($_POST['template_id'])) {
exit;
} else {
$rules = preg_split('/,/', mres($_POST['rule_id']));
$success = false;
$ids = [];
foreach ($rules as $rule_id) {
$db_id = dbInsert(array('alert_rule_id' => $rule_id, 'alert_templates_id' => mres($_POST['template_id'])), 'alert_template_map');
if ($db_id > 0) {
$success = true;
$ids[] = $db_id;
} else {
echo 'ERROR: Alert rules have not been attached to this template.';
@@ -37,9 +36,9 @@ if (!is_numeric($_POST['template_id'])) {
}
}
if ($success === true) {
dbDelete('alert_template_map', 'id NOT IN ('.implode(',', $ids).') AND alert_templates_id =?', array($_POST['template_id']));
echo "Alert rules have been attached to this template. $template_map_ids";
if (!empty($ids)) {
dbDelete('alert_template_map', 'id NOT IN ' . dbGenPlaceholders(count($ids)) . ' AND alert_templates_id =?', array_merge([$_POST['template_id']], $ids));
echo "Alert rules have been attached to this template.";
exit;
}
}//end if

2
html/includes/forms/transport-groups.inc.php
View File

@@ -86,7 +86,7 @@ if (empty($name)) {
// Remove old transport group members
if (!empty($remove)) {
dbDelete('transport_group_transport', 'transport_group_id=? AND `transport_id` IN (?)', array($group_id, array(implode(',', $remove))));
dbDelete('transport_group_transport', 'transport_group_id=? AND `transport_id` IN ' . dbGenPlaceholders(count($remove)), array_merge([$group_id], $remove));
}
$message = 'Updated alert transport group';
} else {

23
html/includes/forms/update-config-item.inc.php
View File

@@ -30,6 +30,7 @@ if (!is_numeric($config_id)) {
} elseif ($action == 'update-textarea') {
$extras = explode(PHP_EOL, $_POST['config_value']);
$x=0;
$db_id = [];
foreach ($extras as $option) {
list($k,$v) = explode('=', $option, 2);
if (!empty($k) || !empty($v)) {
@@ -56,28 +57,28 @@ if (!is_numeric($config_id)) {
}
}
$db_inserts = implode(',', $db_id);
if (!empty($db_inserts) || empty($_POST['config_value'])) {
if (!empty($db_id) || empty($_POST['config_value'])) {
if (empty($_POST['config_value'])) {
$db_inserts = 0;
$db_id = [0];
}
$placeholders = dbGenPlaceholders(count($db_id));
if ($config_type == 'slack') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.slack.$config_id.%' AND `config_name` != 'alert.transports.slack.$config_id.url' AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.slack.$config_id.%' AND `config_name` != 'alert.transports.slack.$config_id.url' AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'rocket') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.rocket.$config_id.%' AND `config_name` != 'alert.transports.rocket.$config_id.url' AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.rocket.$config_id.%' AND `config_name` != 'alert.transports.rocket.$config_id.url' AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'hipchat') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.hipchat.$config_id.%' AND (`config_name` != 'alert.transports.hipchat.$config_id.url' AND `config_name` != 'alert.transports.hipchat.$config_id.room_id' AND `config_name` != 'alert.transports.hipchat.$config_id.from') AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.hipchat.$config_id.%' AND (`config_name` != 'alert.transports.hipchat.$config_id.url' AND `config_name` != 'alert.transports.hipchat.$config_id.room_id' AND `config_name` != 'alert.transports.hipchat.$config_id.from') AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'pushover') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.pushover.$config_id.%' AND (`config_name` != 'alert.transports.pushover.$config_id.appkey' AND `config_name` != 'alert.transports.pushover.$config_id.userkey') AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.pushover.$config_id.%' AND (`config_name` != 'alert.transports.pushover.$config_id.appkey' AND `config_name` != 'alert.transports.pushover.$config_id.userkey') AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'boxcar') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.boxcar.$config_id.%' AND (`config_name` != 'alert.transports.boxcar.$config_id.access_token' AND `config_name` != 'alert.transports.boxcar.$config_id.userkey') AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.boxcar.$config_id.%' AND (`config_name` != 'alert.transports.boxcar.$config_id.access_token' AND `config_name` != 'alert.transports.boxcar.$config_id.userkey') AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'clickatell') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.clickatell.to.%' AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.clickatell.to.%' AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'playsms') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.playsms.to.%' AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.playsms.to.%' AND `config_id` NOT IN $placeholders)", $db_id);
} elseif ($config_type == 'smseagle') {
dbDelete('config', "(`config_name` LIKE 'alert.transports.smseagle.to.%' AND `config_id` NOT IN ($db_inserts))");
dbDelete('config', "(`config_name` LIKE 'alert.transports.smseagle.to.%' AND `config_id` NOT IN $placeholders)", $db_id);
}
}

4
includes/device-groups.inc.php
View File

@@ -312,7 +312,7 @@ function UpdateGroupsForDevice($device_id)
// remove old groups
if (!empty($removed_groups)) {
dbDelete('device_group_device', '`device_id`=? AND `device_group_id` IN (?)', array($device_id, array(implode(',', $removed_groups))));
dbDelete('device_group_device', '`device_id`=? AND `device_group_id` IN ' . dbGenPlaceholders(count($removed_groups)), array_merge([$device_id], $removed_groups));
}
d_echo("### End Device Groups ###\n");
}
@@ -341,7 +341,7 @@ function UpdateDeviceGroup($group_id)
// remove old devices
if (!empty($removed_devices)) {
dbDelete('device_group_device', '`device_group_id`=? AND `device_id` IN (?)', array($group_id, array(implode(',', $removed_devices))));
dbDelete('device_group_device', '`device_group_id`=? AND `device_id` IN ' . dbGenPlaceholders(count($removed_devices)), array_merge([$group_id], $removed_devices));
}
}

4
includes/discovery/vlans.inc.php
View File

@@ -90,8 +90,8 @@ foreach ($vlans_db as $domain_id => $vlans) {
}
// remove non-existent port-vlan mappings
if (is_array($valid_vlan_port) && count($valid_vlan_port) > 0) {
$num = dbDelete('ports_vlans', '`device_id`=? AND `port_vlan_id` NOT IN ('.join(',', $valid_vlan_port).')', array($device['device_id']));
if (!empty($valid_vlan_port)) {
$num = dbDelete('ports_vlans', '`device_id`=? AND `port_vlan_id` NOT IN ' . dbGenPlaceholders(count($valid_vlan_port)), array_merge([$device['device_id']], $valid_vlan_port));
d_echo("Deleted $num vlan mappings\n");
}

20
includes/functions.php
View File

@@ -2344,6 +2344,8 @@ function cache_peeringdb()
$rand = rand(3, 30);
echo "No cached PeeringDB data found, sleeping for $rand seconds" . PHP_EOL;
sleep($rand);
$peer_keep = [];
$ix_keep = [];
foreach (dbFetchRows("SELECT `bgpLocalAs` FROM `devices` WHERE `disabled` = 0 AND `ignore` = 0 AND `bgpLocalAs` > 0 AND (`bgpLocalAs` < 64512 OR `bgpLocalAs` > 65535) AND `bgpLocalAs` < 4200000000 GROUP BY `bgpLocalAs`") as $as) {
$asn = $as['bgpLocalAs'];
$get = Requests::get($peeringdb_url . '/net?depth=2&asn=' . $asn, array(), array('proxy' => get_proxy()));
@@ -2366,7 +2368,7 @@ function cache_peeringdb()
);
$pdb_ix_id = dbInsert($insert, 'pdb_ix');
}
$keep = $pdb_ix_id;
$ix_keep[] = $pdb_ix_id;
$get_ix = Requests::get("$peeringdb_url/netixlan?ix_id=$ixid", array(), array('proxy' => get_proxy()));
$ix_json = $get_ix->body;
$ix_data = json_decode($ix_json);
@@ -2396,11 +2398,19 @@ function cache_peeringdb()
$peer_keep[] = dbInsert($peer_insert, 'pdb_ix_peers');
}
}
$pdb_ix_peers_ids = implode(',', $peer_keep);
dbDelete('pdb_ix_peers', "`pdb_ix_peers_id` NOT IN ($pdb_ix_peers_ids)");
}
$pdb_ix_ids = implode(',', $keep);
dbDelete('pdb_ix', "`pdb_ix_id` NOT IN ($pdb_ix_ids)");
}
// cleanup
if (empty($peer_keep)) {
dbDelete('pdb_ix_peers');
} else {
dbDelete('pdb_ix_peers', "`pdb_ix_peers_id` NOT IN " . dbGenPlaceholders(count($peer_keep)), $peer_keep);
}
if (empty($ix_keep)) {
dbDelete('pdb_ix');
} else {
dbDelete('pdb_ix', "`pdb_ix_id` NOT IN " . dbGenPlaceholders(count($ix_keep)), $ix_keep);
}
} else {
echo "Cached PeeringDB data found....." . PHP_EOL;

6
includes/polling/cipsec-tunnels.inc.php
View File

@@ -118,12 +118,12 @@ if ($device['os_group'] == 'cisco') {
}
}//end foreach
if (is_array($valid_tunnels) && count($valid_tunnels) > 0) {
if (!empty($valid_tunnels)) {
d_echo($valid_tunnels);
dbDelete(
'ipsec_tunnels',
"`tunnel_id` NOT IN (" . implode(',', $valid_tunnels) . ") AND `device_id`=?",
array($device['device_id'])
"`tunnel_id` NOT IN " . dbGenPlaceholders(count($valid_tunnels)) . " AND `device_id`=?",
array_merge([$device['device_id']], $valid_tunnels)
);
}

4
includes/polling/functions.inc.php
View File

@@ -203,8 +203,8 @@ function record_sensor_data($device, $all_sensors)
if ($sensor['sensor_class'] == 'state' && $prev_sensor_value != $sensor_value) {
$trans = array_column(
dbFetchRows(
"SELECT `state_translations`.`state_value`, `state_translations`.`state_descr` FROM `sensors_to_state_indexes` LEFT JOIN `state_translations` USING (`state_index_id`) WHERE `sensors_to_state_indexes`.`sensor_id`=? AND `state_translations`.`state_value` IN ($sensor_value,$prev_sensor_value)",
array($sensor['sensor_id'])
"SELECT `state_translations`.`state_value`, `state_translations`.`state_descr` FROM `sensors_to_state_indexes` LEFT JOIN `state_translations` USING (`state_index_id`) WHERE `sensors_to_state_indexes`.`sensor_id`=? AND `state_translations`.`state_value` IN (?,?)",
[$sensor['sensor_id'], $sensor_value, $prev_sensor_value]
),
'state_descr',
'state_value'