Merge branch '2.5.x' of http://git.centreon.com/centreon into 2.5.x

dc1555e5 · rwerquin · be669361 · c7ced041 · dc1555e5 · dc1555e5
Commit dc1555e5 authored Nov 27, 2014 by rwerquin
--- a/lib/perl/centreon/script/centcore.pm
+++ b/lib/perl/centreon/script/centcore.pm
@@ -819,7 +819,7 @@ sub testConfig($) {
    my $data = $self->getServerConfig($id);
    my $port = checkSSHPort($data->{ssh_port});
    my $distantconnexion = $data->{ns_ip_address};
-    $cmd = "$self->{ssh} -p ".$port." $distantconnexion $self->{sudo} ".$data->{nagios_bin}." -v $cfg_dir/nagios.cfg";
+    $cmd = "$self->{ssh} -p ".$port." $distantconnexion ".$data->{nagios_bin}." -v $cfg_dir/nagios.cfg";
    ($lerror, $stdout) = centreon::common::misc::backtick(command => $cmd,
                                                          logger => $self->{logger},
                                                          timeout => 60

--- a/libinstall/functions
+++ b/libinstall/functions
@@ -1299,12 +1299,6 @@ function prepare_sudo_config() {
 	# Monitoring engine force-reload
 	CENTREON   ALL = NOPASSWD: $MONITORINGENGINE_INIT_SCRIPT* force-reload
 	CENTREON   ALL = NOPASSWD: $MONITORINGENGINE_INIT_SCRIPT force-reload
-	# Monitoring engine test config
-	CENTREON   ALL = NOPASSWD: $MONITORINGENGINE_BINARY* -v *
-	CENTREON   ALL = NOPASSWD: $MONITORINGENGINE_BINARY -v *
-	# Monitoring engine test for optim config
-	CENTREON   ALL = NOPASSWD: $MONITORINGENGINE_BINARY* -s *
-	CENTREON   ALL = NOPASSWD: $MONITORINGENGINE_BINARY -s *
 	# Snmptrapd Restart
 	CENTREON   ALL = NOPASSWD: $INIT_D/snmptrapd restart
 	# Centreontrapd restart

--- a/www/class/centreonAuth.class.php
+++ b/www/class/centreonAuth.class.php
@@ -223,10 +223,11 @@ class CentreonAuth {
     * @return void
     */
    protected function checkUser($username, $password, $token) {
+        $usernameForQuery = $this->pearDB->escape($username, true);
        if ($this->autologin == 0 || ($this->autologin && $token != "")) {
-            $DBRESULT = $this->pearDB->query("SELECT * FROM `contact` WHERE `contact_alias` = '" . htmlentities($username, ENT_QUOTES, "UTF-8") . "' AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1");
+            $DBRESULT = $this->pearDB->query("SELECT * FROM `contact` WHERE `contact_alias` = '" . $usernameForQuery . "' AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1");
        } else {
-            $DBRESULT = $this->pearDB->query("SELECT * FROM `contact` WHERE MD5(contact_alias) = '" . htmlentities($username, ENT_QUOTES, "UTF-8") . "' AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1");
+            $DBRESULT = $this->pearDB->query("SELECT * FROM `contact` WHERE MD5(contact_alias) = '" . $usernameForQuery . "' AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1");
        }
        if ($DBRESULT->numRows()) {
            $this->userInfos = $DBRESULT->fetchRow();
@@ -264,7 +265,7 @@ class CentreonAuth {
            /*
             * Reset userInfos with imported informations
             */
-            $DBRESULT = $this->pearDB->query("SELECT * FROM `contact` WHERE `contact_alias` = '" . htmlentities($username, ENT_QUOTES, "UTF-8") . "' AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1");
+            $DBRESULT = $this->pearDB->query("SELECT * FROM `contact` WHERE `contact_alias` = '" . $usernameForQuery . "' AND `contact_activate` = '1' AND `contact_register` = '1' LIMIT 1");
            if ($DBRESULT->numRows()) {
                $this->userInfos = $DBRESULT->fetchRow();
            }

--- a/www/class/centreonLog.class.php
+++ b/www/class/centreonLog.class.php
@@ -100,9 +100,9 @@ class CentreonUserLog {
 		$string = str_replace("*", "\*", $string);

 		/*
-		 * print Error in log file.
+		 * Write Error in log file.
 		 */
-		exec("echo \"".$string."\" >> ".$this->errorType[$id]);
+        file_put_contents($this->errorType[$id], $string . "\n", FILE_APPEND);
 	}

 	public function setUID($uid)
@@ -174,9 +174,9 @@ class CentreonLog {


 		/*
-		 * print Error in log file.
+		 * Write Error in log file.
 		 */
-		exec("echo \"".$string."\" >> ".$this->errorType[$id]);
+        file_put_contents($this->errorType[$id], $string . "\n", FILE_APPEND);
 	}

 }

--- a/www/include/configuration/configGenerate/xml/generateFiles.php
+++ b/www/include/configuration/configGenerate/xml/generateFiles.php
@@ -58,7 +58,7 @@ function printDebug($xml, $tabs)
        }
    }
    foreach ($tab_server as $host) {
-        $stdout = shell_exec("sudo ".$nagios_bin["nagios_bin"] . " -v ".$nagiosCFGPath.$host["id"]."/nagiosCFG.DEBUG 2>&1");
+        $stdout = shell_exec($nagios_bin["nagios_bin"] . " -v ".$nagiosCFGPath.$host["id"]."/nagiosCFG.DEBUG 2>&1");
        $stdout = htmlentities($stdout);
        $msg_debug[$host['id']] = str_replace ("\n", "<br />", $stdout);
        $msg_debug[$host['id']] = str_replace ("Warning:", "<font color='orange'>Warning</font>", $msg_debug[$host['id']]);

--- a/www/include/configuration/configOptimize/formOptimizeFiles.php
+++ b/www/include/configuration/configOptimize/formOptimizeFiles.php
@@ -111,7 +111,7 @@
 		$DBRESULT_Servers = $pearDB->query("SELECT `id` FROM `nagios_server` WHERE `ns_activate` = '1' ORDER BY `name`");
 		while ($tab = $DBRESULT_Servers->fetchRow()){
 			if (isset($ret["host"]) && ($ret["host"] == 0 || $ret["host"] == $tab['id'])){
-				$stdout = shell_exec("sudo ".$nagios_bin["nagios_bin"] . " -s ".$nagiosCFGPath.$tab['id']."/nagiosCFG.DEBUG");
+				$stdout = shell_exec($nagios_bin["nagios_bin"] . " -s ".$nagiosCFGPath.$tab['id']."/nagiosCFG.DEBUG");
 				$stdout = htmlentities($stdout, ENT_QUOTES, "UTF-8");
 				$msg_optimize[$tab['id']] = str_replace ("\n", "<br />", $stdout);
 				$cpt++;
@@ -137,4 +137,4 @@
 	$tpl->assign('form', $renderer->toArray());
 	$tpl->assign('o', $o);
 	$tpl->display("formOptimizeFiles.ihtml");
-?>
\ No newline at end of file
+?>