centreon
diff --git a/‎src/Centreon/Domain/Contact/Interfaces/ContactInterface.php
+5 b/‎src/Centreon/Domain/Contact/Interfaces/ContactInterface.php
+5
diff --git a/‎src/Centreon/Domain/Repository/TopologyRepository.php
+9-8 b/‎src/Centreon/Domain/Repository/TopologyRepository.php
+9-8
diff --git a/‎src/Centreon/Domain/Service/AppKeyGeneratorService.php
-15 b/‎src/Centreon/Domain/Service/AppKeyGeneratorService.php
-15
diff --git a/‎src/Centreon/Infrastructure/HostConfiguration/Repository/HostConfigurationRepositoryRDB.php
+1-1 b/‎src/Centreon/Infrastructure/HostConfiguration/Repository/HostConfigurationRepositoryRDB.php
+1-1
diff --git a/‎src/Centreon/ServiceProvider.php
-7 b/‎src/Centreon/ServiceProvider.php
-7
diff --git a/‎src/Centreon/Tests/AppKeyGeneratorServiceTest.php
-63 b/‎src/Centreon/Tests/AppKeyGeneratorServiceTest.php
-63
diff --git a/‎src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php
+1-1 b/‎src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php
+1-1
diff --git a/‎src/Centreon/Tests/ServiceProviderTest.php
-1 b/‎src/Centreon/Tests/ServiceProviderTest.php
-1
diff --git a/‎src/CentreonRemote/Domain/Service/TaskService.php
-8 b/‎src/CentreonRemote/Domain/Service/TaskService.php
-8
diff --git a/‎src/CentreonRemote/ServiceProvider.php
-2 b/‎src/CentreonRemote/ServiceProvider.php
-2
diff --git a/‎src/Core/Security/Application/ProviderConfiguration/OpenId/UseCase/UpdateOpenIdConfiguration/UpdateOpenIdConfiguration.php
+9-6 b/‎src/Core/Security/Application/ProviderConfiguration/OpenId/UseCase/UpdateOpenIdConfiguration/UpdateOpenIdConfiguration.php
+9-6
diff --git a/‎src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php
+2-1 b/‎src/Core/Security/Application/UseCase/LoginOpenIdSession/LoginOpenIdSession.php
+2-1
diff --git a/‎src/EventSubscriber/WebSSOEventSubscriber.php
+3-2 b/‎src/EventSubscriber/WebSSOEventSubscriber.php
+3-2
diff --git a/‎www/class/centreon-clapi/centreon.Config.Poller.class.php
-1 b/‎www/class/centreon-clapi/centreon.Config.Poller.class.php
-1
diff --git a/‎www/class/centreon-clapi/centreonAPI.class.php
+1-1 b/‎www/class/centreon-clapi/centreonAPI.class.php
+1-1
diff --git a/‎www/class/centreon-clapi/centreonHostGroup.class.php
+15-10 b/‎www/class/centreon-clapi/centreonHostGroup.class.php
+15-10
diff --git a/‎www/class/centreon-clapi/centreonLDAP.class.php
+5-3 b/‎www/class/centreon-clapi/centreonLDAP.class.php
+5-3
diff --git a/‎www/class/centreon-clapi/centreonService.class.php
+6-6 b/‎www/class/centreon-clapi/centreonService.class.php
+6-6
diff --git a/‎www/class/centreon-knowledge/procedures.class.php
+8-6 b/‎www/class/centreon-knowledge/procedures.class.php
+8-6
@@ -207,4 +207,9 @@ public function hasAccessToApiRealTime(): bool;
      * @return static
      */
     public function setAccessToApiRealTime(bool $hasAccessToApiRealTime): static;
+
+    /**
+     * @return string|null
+     */
+    public function getTheme(): ?string;
 }
@@ -105,14 +105,15 @@ public function getReactTopologiesPerUserWithAcl($user)
                 if ($DBRESULT->rowCount()) {
                     $topology = array();
                     $tmp_topo_page = array();
+                    $statement = $this->db->prepare("SELECT topology_topology_id, acl_topology_relations.access_right "
+                        . "FROM acl_topology_relations, acl_topology "
+                        . "WHERE acl_topology.acl_topo_activate = '1' "
+                        . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
+                        . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ");
                     while ($topo_group = $DBRESULT->fetchRow()) {
-                        $query2 = "SELECT topology_topology_id, acl_topology_relations.access_right "
-                            . "FROM acl_topology_relations, acl_topology "
-                            . "WHERE acl_topology.acl_topo_activate = '1' "
-                            . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
-                            . "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' ";
-                        $DBRESULT2 = $this->db->query($query2);
-                        while ($topo_page = $DBRESULT2->fetchRow()) {
+                        $statement->bindValue(':acl_topo_id', $topo_group["acl_topology_id"], \PDO::PARAM_INT);
+                        $statement->execute();
+                        while ($topo_page = $statement->fetch(\PDO::FETCH_ASSOC)) {
                             $topology[] = (int)$topo_page["topology_topology_id"];
                             if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) {
                                 $tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"];
@@ -127,7 +128,7 @@ public function getReactTopologiesPerUserWithAcl($user)
                                 }
                             }
                         }
-                        $DBRESULT2->closeCursor();
+                        $statement->closeCursor();
                     }
                     $DBRESULT->closeCursor();
 
 
@@ -779,7 +779,7 @@ public function updateHost(Host $host): void
             $statement->bindValue(':ip_address', $host->getIpAddress(), \PDO::PARAM_STR);
             $statement->bindValue(':comment', $host->getComment(), \PDO::PARAM_STR);
             $statement->bindValue(':geo_coords', $host->getGeoCoords(), \PDO::PARAM_STR);
-            $statement->bindValue(':is_activate', $host->isActivated(), \PDO::PARAM_STR);
+            $statement->bindValue(':is_activate', $host->isActivated() ? '1' : '0', \PDO::PARAM_STR);
             $statement->bindValue(':host_register', '1', \PDO::PARAM_STR);
             $statement->bindValue(':active_check_status', Host::OPTION_DEFAULT, \PDO::PARAM_STR);
             $statement->bindValue(':passive_check_status', Host::OPTION_DEFAULT, \PDO::PARAM_STR);
 
@@ -34,7 +34,6 @@
 use Centreon\Infrastructure\Service\CentreonDBManagerService;
 use Centreon\Domain\Service\I18nService;
 use Centreon\Domain\Service\FrontendComponentService;
-use Centreon\Domain\Service\AppKeyGeneratorService;
 use Centreon\Domain\Service\BrokerConfigurationService;
 use Centreon\Domain\Repository\CfgCentreonBrokerRepository;
 use Centreon\Domain\Repository\CfgCentreonBrokerInfoRepository;
@@ -171,12 +170,6 @@ public function register(Container $pimple): void
             return $_SESSION['centreon']->user; // @codeCoverageIgnoreEnd
         };
 
-        $pimple['centreon.keygen'] = function (): AppKeyGeneratorService {
-            $service = new AppKeyGeneratorService();
-
-            return $service;
-        };
-
         $pimple[static::CENTREON_ACL] = function (Container $container): CentreonACL {
             $service = new CentreonACL($container);
 
 
@@ -52,7 +52,7 @@ protected function setUp(): void
                 . "FROM acl_topology_relations, acl_topology "
                 . "WHERE acl_topology.acl_topo_activate = '1' "
                 . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
-                . "AND acl_topology_relations.acl_topo_id = '1' ",
+                . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ",
                 'data' => [
                     [
                         'topology_topology_id' => 1,
 
@@ -83,7 +83,6 @@ public function testCheckServicesByList()
             ServiceProvider::CENTREON_DB_MANAGER => Service\CentreonDBManagerService::class,
             ServiceProvider::UPLOAD_MANGER => Service\UploadFileService::class,
             ServiceProvider::CENTREON_PAGINATION => Service\CentreonPaginationService::class,
-            'centreon.keygen' => Domain\Service\AppKeyGeneratorService::class,
             'centreon.acl' => CentreonACL::class,
             'centreon.config' => Service\CentcoreConfigService::class,
             ServiceProvider::CENTREON_BROKER_CONFIGURATION_SERVICE => Domain\Service\BrokerConfigurationService::class,
 
@@ -31,11 +31,6 @@
 
 class TaskService
 {
-    /**
-     * @var KeyGeneratorInterface
-     */
-    private $gen;
-
     /**
      * @var CentreonDBManagerService
      */
@@ -101,15 +96,12 @@ public function getCentreonRestHttp(): \CentreonRestHttp
 
     /**
      * TaskService constructor
-     * @param KeyGeneratorInterface $generator
      * @param CentreonDBManagerService $dbManager
      */
     public function __construct(
-        KeyGeneratorInterface $generator,
         CentreonDBManagerService $dbManager,
         CentcoreCommandService $cmdService
     ) {
-        $this->gen = $generator;
         $this->dbManager = $dbManager;
         $this->cmdService = $cmdService;
     }
 
@@ -23,7 +23,6 @@
 
 use Pimple\Container;
 use Pimple\Psr11\ServiceLocator;
-use Centreon\Domain\Service\AppKeyGeneratorService;
 use Centreon\Infrastructure\Provider\AutoloadServiceProviderInterface;
 use Centreon\Infrastructure\Service\CentcoreCommandService;
 use CentreonRemote\Application\Webservice;
@@ -85,7 +84,6 @@ function (array $cc, Container $pimple) {
 
         $pimple[static::CENTREON_TASKSERVICE] = function (Container $pimple): TaskService {
             $service = new TaskService(
-                new AppKeyGeneratorService(),
                 $pimple[\Centreon\ServiceProvider::CENTREON_DB_MANAGER],
                 new CentcoreCommandService()
             );
 
@@ -154,6 +154,11 @@ private function createAuthorizationRules(array $authorizationRulesFromRequest):
     {
         $this->info('Creating Authorization Rules');
         $accessGroupIds = $this->getAccessGroupIds($authorizationRulesFromRequest);
+
+        if (empty($accessGroupIds)) {
+            return [];
+        }
+
         $foundAccessGroups = $this->accessGroupRepository->findByIds($accessGroupIds);
 
         $this->logNonExistentAccessGroupsIds($accessGroupIds, $foundAccessGroups);
@@ -241,12 +246,10 @@ private function updateConfiguration(Configuration $configuration): void
             }
             $this->info('Updating OpenID Configuration');
             $this->repository->updateConfiguration($configuration);
-            if (! empty($configuration->getAuthorizationRules())) {
-                $this->info('Removing existent Authorization Rules');
-                $this->repository->deleteAuthorizationRules();
-                $this->info('Inserting new Authorization Rules');
-                $this->repository->insertAuthorizationRules($configuration->getAuthorizationRules());
-            }
+            $this->info('Removing existent Authorization Rules');
+            $this->repository->deleteAuthorizationRules();
+            $this->info('Inserting new Authorization Rules');
+            $this->repository->insertAuthorizationRules($configuration->getAuthorizationRules());
             if (! $isAlreadyInTransaction) {
                 $this->dataStorageEngine->commitTransaction();
             }
 
@@ -109,7 +109,8 @@ public function __invoke(LoginOpenIdSessionRequest $request, LoginOpenIdSessionP
                 'contact_location' => (string) $user->getTimezoneId(),
                 'show_deprecated_pages' => $user->isUsingDeprecatedPages(),
                 'reach_api' => $user->hasAccessToApiConfiguration() ? 1 : 0,
-                'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0
+                'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0,
+                'contact_theme' => $user->getTheme() ?? 'light'
             ];
             $this->provider->setLegacySession(new \Centreon($sessionUserInfos));
             $this->startLegacySession($this->provider->getLegacySession());
 
@@ -252,10 +252,11 @@ private function createSession(Contact $user, Request $request): void
             'contact_autologin_key' => '',
             'contact_admin' => $user->isAdmin() ? '1' : '0',
             'default_page' => $user->getDefaultPage(),
-            'contact_location' => $user->getLocale(),
+            'contact_location' => (string) $user->getTimezoneId(),
             'show_deprecated_pages' => $user->isUsingDeprecatedPages(),
             'reach_api' => $user->hasAccessToApiConfiguration() ? 1 : 0,
-            'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0
+            'reach_api_rt' => $user->hasAccessToApiRealTime() ? 1 : 0,
+            'contact_theme' => $user->getTheme() ?? 'light'
         ];
         $centreonSession = new \Centreon($sessionUserInfos);
         $request->getSession()->start();
 
@@ -40,7 +40,6 @@
 use Centreon\Domain\Entity\Task;
 use CentreonRemote\ServiceProvider;
 use CentreonRemote\Domain\Service\TaskService;
-use Centreon\Domain\Service\AppKeyGeneratorService;
 use Centreon\Infrastructure\Service\CentcoreCommandService;
 use Centreon\Infrastructure\Service\CentreonDBManagerService;
 use Core\Domain\Engine\Model\EngineCommandGenerator;
 
@@ -107,7 +107,7 @@ public function __construct(
             $this->login = htmlentities($user, ENT_QUOTES);
         }
         if (isset($password)) {
-            $this->password = htmlentities($password, ENT_QUOTES);
+            $this->password = filter_var($password, FILTER_SANITIZE_STRING);
         }
         if (isset($action)) {
             $this->action = htmlentities(strtoupper($action), ENT_QUOTES);
 
@@ -174,6 +174,7 @@ public function getparam($parameters = null)
             $listParam = explode('|', $params[1]);
             $exportedFields = [];
             $resultString = "";
+            $paramString = "";
             foreach ($listParam as $paramSearch) {
                 if (!$paramString) {
                     $paramString = $paramSearch;
@@ -257,20 +258,24 @@ public function initUpdateParameters($parameters = null)
     public function getIdIcon($path)
     {
         $iconData = explode('/', $path);
-        $query = 'SELECT dir_id FROM view_img_dir WHERE dir_name = "' . $iconData[0] . '"';
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $dirStatement = $this->db->prepare("SELECT dir_id FROM view_img_dir WHERE dir_name = :IconData");
+        $dirStatement->bindValue(':IconData', $iconData[0], \PDO::PARAM_STR);
+        $dirStatement->execute();
+        $row = $dirStatement->fetch();
         $dirId = $row['dir_id'];
 
-        $query = 'SELECT img_id FROM view_img WHERE img_path = "' . $iconData[1] . '"';
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $imgStatement = $this->db->prepare("SELECT img_id FROM view_img WHERE img_path = :iconData");
+        $imgStatement->bindValue(':iconData', $iconData[1], \PDO::PARAM_STR);
+        $imgStatement->execute();
+        $row = $imgStatement->fetch();
         $iconId = $row['img_id'];
 
-        $query = 'SELECT vidr_id FROM view_img_dir_relation ' .
-            'WHERE dir_dir_parent_id = ' . $dirId . ' AND img_img_id = ' . $iconId;
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $vidrStatement = $this->db->prepare("SELECT vidr_id FROM view_img_dir_relation " .
+            "WHERE dir_dir_parent_id = :dirId AND img_img_id = :iconId");
+        $vidrStatement->bindValue(':dirId', (int) $dirId, \PDO::PARAM_INT);
+        $vidrStatement->bindValue(':iconId', (int) $iconId, \PDO::PARAM_INT);
+        $vidrStatement->execute();
+        $row = $vidrStatement->fetch();
         return $row['vidr_id'];
     }
 
 
@@ -184,10 +184,12 @@ public function showserver($arName = null)
         }
         $sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order
                 FROM auth_ressource_host
-                WHERE auth_ressource_id = " . $arId . "
+                WHERE auth_ressource_id = :auth_ressource_id 
                 ORDER BY host_order";
-        $res = $this->db->query($sql);
-        $row = $res->fetchAll();
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT);
+        $statement->execute();
+        $row = $statement->fetchAll(\PDO::FETCH_ASSOC);
         echo "id;address;port;ssl;tls;order\n";
         foreach ($row as $srv) {
             echo $srv['ldap_host_id'] . $this->delim .
 
@@ -1584,12 +1584,12 @@ public function getCustomMacroInDb($serviceId = null, $template = null)
         $arr = array();
         $i = 0;
         if ($serviceId) {
-            $res = $this->db->query("SELECT svc_macro_name, svc_macro_value, is_password, description
-                                FROM on_demand_macro_service
-                                WHERE svc_svc_id = " .
-                $serviceId . "
-                                ORDER BY macro_order ASC");
-            while ($row = $res->fetch()) {
+            $statement = $this->db->prepare("SELECT svc_macro_name, svc_macro_value, is_password, description " .
+                "FROM on_demand_macro_service " .
+                "WHERE svc_svc_id = :serviceId ORDER BY macro_order ASC");
+            $statement->bindValue(':serviceId', (int) $serviceId, \PDO::PARAM_INT);
+            $statement->execute();
+            while ($row = $statement->fetch()) {
                 if (preg_match('/\$_SERVICE(.*)\$$/', $row['svc_macro_name'], $matches)) {
                     $arr[$i]['svc_macro_name'] = $matches[1];
                     $arr[$i]['svc_macro_value'] = $row['svc_macro_value'];
 
@@ -139,13 +139,15 @@ public function getMyHostMultipleTemplateModels($host_id = null)
             "WHERE host_host_id = '" . $host_id . "' " .
             "ORDER BY `order`"
         );
+        $statement = $this->centreon_DB->prepare(
+            "SELECT host_name " .
+            "FROM host " .
+            "WHERE host_id = :host_id LIMIT 1"
+        );
         while ($row = $dbResult->fetch()) {
-            $dbResult2 = $this->centreon_DB->query(
-                "SELECT host_name " .
-                "FROM host " .
-                "WHERE host_id = '" . $row['host_tpl_id'] . "' LIMIT 1"
-            );
-            $hTpl = $dbResult2->fetch();
+            $statement->bindValue(':host_id', $row['host_tpl_id'], \PDO::PARAM_INT);
+            $statement->execute();
+            $hTpl = $statement->fetch(\PDO::FETCH_ASSOC);
             $tplArr[$row['host_tpl_id']] = html_entity_decode($hTpl["host_name"], ENT_QUOTES);
         }
         unset($row);
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ protected function setUp(): void`
`52`	`52`	`. "FROM acl_topology_relations, acl_topology "`
`53`	`53`	`. "WHERE acl_topology.acl_topo_activate = '1' "`
`54`	`54`	`. "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "`
`55`		`- . "AND acl_topology_relations.acl_topo_id = '1' ",`
	`55`	`+ . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ",`
`56`	`56`	`'data' => [`
`57`	`57`	`[`
`58`	`58`	`'topology_topology_id' => 1,`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public function __construct(`
`107`	`107`	`$this->login = htmlentities($user, ENT_QUOTES);`
`108`	`108`	`}`
`109`	`109`	`if (isset($password)) {`
`110`		`- $this->password = htmlentities($password, ENT_QUOTES);`
	`110`	`+ $this->password = filter_var($password, FILTER_SANITIZE_STRING);`
`111`	`111`	`}`
`112`	`112`	`if (isset($action)) {`
`113`	`113`	`$this->action = htmlentities(strtoupper($action), ENT_QUOTES);`