Unverified Commit c1959643 authored by Cédric Anne's avatar Cédric Anne Committed by GitHub
Browse files

Move sanitize logic into a dedicated class

parent 94710084
...@@ -51,10 +51,13 @@ The present file will list all changes made to the project; according to the ...@@ -51,10 +51,13 @@ The present file will list all changes made to the project; according to the
- `Html::weblink_extract()` - `Html::weblink_extract()`
- `RuleImportComputer` class - `RuleImportComputer` class
- `RuleImportComputerCollection` class - `RuleImportComputerCollection` class
- `Toolbox::clean_cross_side_scripting_deep()`
- `Toolbox::doubleEncodeEmails()` - `Toolbox::doubleEncodeEmails()`
- `Toolbox::getHtmlToDisplay()` - `Toolbox::getHtmlToDisplay()`
- `Toolbox::useCache()` - `Toolbox::useCache()`
- `Toolbox::unclean_cross_side_scripting_deep()`
- `Toolbox::unclean_html_cross_side_scripting_deep()` - `Toolbox::unclean_html_cross_side_scripting_deep()`
- `Toolbox::sanitize()`
#### Removed #### Removed
- `Update::declareOldItems()` - `Update::declareOldItems()`
......
...@@ -30,6 +30,8 @@ ...@@ -30,6 +30,8 @@
* --------------------------------------------------------------------- * ---------------------------------------------------------------------
*/ */
use Glpi\Toolbox\Sanitizer;
$AJAX_INCLUDE = 1; $AJAX_INCLUDE = 1;
include ('../inc/includes.php'); include ('../inc/includes.php');
...@@ -43,6 +45,6 @@ if (isset($_POST['name'])) { ...@@ -43,6 +45,6 @@ if (isset($_POST['name'])) {
echo "<input type='text' ".(isset($_POST["size"])?" size='".$_POST["size"]."' ":"")." ". echo "<input type='text' ".(isset($_POST["size"])?" size='".$_POST["size"]."' ":"")." ".
(isset($_POST["maxlength"])?"maxlength='".$_POST["maxlength"]."' ":"")." name='". (isset($_POST["maxlength"])?"maxlength='".$_POST["maxlength"]."' ":"")." name='".
$_POST['name']."' value=\"". $_POST['name']."' value=\"".
Html::cleanInputText(Toolbox::clean_cross_side_scripting_deep(rawurldecode(stripslashes($_POST["data"])))). Html::cleanInputText(Sanitizer::sanitize(rawurldecode(stripslashes($_POST["data"])))).
"\">"; "\">";
} }
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
*/ */
use Glpi\Features\Kanban; use Glpi\Features\Kanban;
use Glpi\Toolbox\Sanitizer;
$AJAX_INCLUDE = 1; $AJAX_INCLUDE = 1;
...@@ -122,7 +123,7 @@ if ($_REQUEST['action'] === 'update') { ...@@ -122,7 +123,7 @@ if ($_REQUEST['action'] === 'update') {
$inputs = []; $inputs = [];
parse_str($_REQUEST['inputs'], $inputs); parse_str($_REQUEST['inputs'], $inputs);
$item->add(Toolbox::clean_cross_side_scripting_deep($inputs)); $item->add(Sanitizer::sanitize($inputs));
} else if ($_REQUEST['action'] === 'bulk_add_item') { } else if ($_REQUEST['action'] === 'bulk_add_item') {
$checkParams(['inputs']); $checkParams(['inputs']);
$item = new $itemtype(); $item = new $itemtype();
...@@ -135,7 +136,7 @@ if ($_REQUEST['action'] === 'update') { ...@@ -135,7 +136,7 @@ if ($_REQUEST['action'] === 'update') {
foreach ($bulk_item_list as $item_entry) { foreach ($bulk_item_list as $item_entry) {
$item_entry = trim($item_entry); $item_entry = trim($item_entry);
if (!empty($item_entry)) { if (!empty($item_entry)) {
$item->add(Toolbox::clean_cross_side_scripting_deep($inputs + ['name' => $item_entry])); $item->add(Sanitizer::sanitize($inputs + ['name' => $item_entry]));
} }
} }
} }
......
...@@ -30,6 +30,8 @@ ...@@ -30,6 +30,8 @@
* --------------------------------------------------------------------- * ---------------------------------------------------------------------
*/ */
use Glpi\Toolbox\Sanitizer;
$AJAX_INCLUDE=1; $AJAX_INCLUDE=1;
include ('../inc/includes.php'); include ('../inc/includes.php');
...@@ -41,6 +43,6 @@ Session::checkLoginUser(); ...@@ -41,6 +43,6 @@ Session::checkLoginUser();
if (isset($_POST['name'])) { if (isset($_POST['name'])) {
echo "<textarea ".(isset($_POST['rows'])?" rows='".$_POST['rows']."' ":"")." ". echo "<textarea ".(isset($_POST['rows'])?" rows='".$_POST['rows']."' ":"")." ".
(isset($_POST['cols'])?" cols='".$_POST['cols']."' ":"")." name='".$_POST['name']."'>"; (isset($_POST['cols'])?" cols='".$_POST['cols']."' ":"")." name='".$_POST['name']."'>";
echo Html::cleanPostForTextArea(Toolbox::clean_cross_side_scripting_deep(rawurldecode(($_POST["data"])))); echo Html::cleanPostForTextArea(Sanitizer::sanitize(rawurldecode(($_POST["data"]))));
echo "</textarea>"; echo "</textarea>";
} }
...@@ -34,6 +34,8 @@ ...@@ -34,6 +34,8 @@
* @since 0.85 * @since 0.85
*/ */
use Glpi\Toolbox\Sanitizer;
include ('../inc/includes.php'); include ('../inc/includes.php');
...@@ -55,7 +57,7 @@ if (isset($_SESSION['namfield']) && isset($_POST[$_SESSION['namfield']])) { ...@@ -55,7 +57,7 @@ if (isset($_SESSION['namfield']) && isset($_POST[$_SESSION['namfield']])) {
$login = ''; $login = '';
} }
if (isset($_SESSION['pwdfield']) && isset($_POST[$_SESSION['pwdfield']])) { if (isset($_SESSION['pwdfield']) && isset($_POST[$_SESSION['pwdfield']])) {
$password = Toolbox::unclean_cross_side_scripting_deep($_POST[$_SESSION['pwdfield']]); $password = Sanitizer::unsanitize($_POST[$_SESSION['pwdfield']]);
} else { } else {
$password = ''; $password = '';
} }
......
...@@ -47,6 +47,7 @@ use Config; ...@@ -47,6 +47,7 @@ use Config;
use Contract; use Contract;
use Document; use Document;
use Dropdown; use Dropdown;
use Glpi\Toolbox\Sanitizer;
use Html; use Html;
use Infocom; use Infocom;
use Item_Devices; use Item_Devices;
...@@ -1726,7 +1727,7 @@ abstract class API { ...@@ -1726,7 +1727,7 @@ abstract class API {
$object["_add"] = true; $object["_add"] = true;
//add current item //add current item
$object = Toolbox::sanitize($object); $object = Sanitizer::sanitize($object, true);
$new_id = $item->add($object); $new_id = $item->add($object);
if ($new_id === false) { if ($new_id === false) {
$failed++; $failed++;
...@@ -1853,7 +1854,7 @@ abstract class API { ...@@ -1853,7 +1854,7 @@ abstract class API {
} }
//update item //update item
$object = Toolbox::sanitize((array)$object); $object = Sanitizer::sanitize((array)$object, true);
$update_return = $item->update($object); $update_return = $item->update($object);
if ($update_return === false) { if ($update_return === false) {
$failed++; $failed++;
......
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
*/ */
use Glpi\Event; use Glpi\Event;
use Glpi\Toolbox\Sanitizer;
if (!defined('GLPI_ROOT')) { if (!defined('GLPI_ROOT')) {
die("Sorry. You can't access this file directly"); die("Sorry. You can't access this file directly");
...@@ -938,7 +939,7 @@ class Auth extends CommonGLPI { ...@@ -938,7 +939,7 @@ class Auth extends CommonGLPI {
if (!$DB->isSlave()) { if (!$DB->isSlave()) {
// GET THE IP OF THE CLIENT // GET THE IP OF THE CLIENT
$ip = getenv("HTTP_X_FORWARDED_FOR")? $ip = getenv("HTTP_X_FORWARDED_FOR")?
Toolbox::clean_cross_side_scripting_deep(getenv("HTTP_X_FORWARDED_FOR")): Sanitizer::sanitize(getenv("HTTP_X_FORWARDED_FOR")):
getenv("REMOTE_ADDR"); getenv("REMOTE_ADDR");
if ($this->auth_succeded) { if ($this->auth_succeded) {
......
...@@ -30,6 +30,8 @@ ...@@ -30,6 +30,8 @@
* --------------------------------------------------------------------- * ---------------------------------------------------------------------
*/ */
use Glpi\Toolbox\Sanitizer;
/** /**
* Class used to manage Auth LDAP config * Class used to manage Auth LDAP config
*/ */
...@@ -1701,7 +1703,7 @@ class AuthLDAP extends CommonDBTM { ...@@ -1701,7 +1703,7 @@ class AuthLDAP extends CommonDBTM {
$count = 0; //Store the number of results ldap_search $count = 0; //Store the number of results ldap_search
do { do {
$filter = Toolbox::unclean_cross_side_scripting_deep(Toolbox::stripslashes_deep($filter)); $filter = Sanitizer::unsanitize($filter, true);
if (self::isLdapPageSizeAvailable($config_ldap)) { if (self::isLdapPageSizeAvailable($config_ldap)) {
if (version_compare(PHP_VERSION, '7.3') < 0) { if (version_compare(PHP_VERSION, '7.3') < 0) {
//prior to PHP 7.3, use ldap_control_paged_result //prior to PHP 7.3, use ldap_control_paged_result
...@@ -2284,7 +2286,7 @@ class AuthLDAP extends CommonDBTM { ...@@ -2284,7 +2286,7 @@ class AuthLDAP extends CommonDBTM {
$cookie = ''; $cookie = '';
$count = 0; $count = 0;
do { do {
$filter = Toolbox::unclean_cross_side_scripting_deep(Toolbox::stripslashes_deep($filter)); $filter = Sanitizer::unsanitize($filter, true);
if (self::isLdapPageSizeAvailable($config_ldap)) { if (self::isLdapPageSizeAvailable($config_ldap)) {
if (version_compare(PHP_VERSION, '7.3') < 0) { if (version_compare(PHP_VERSION, '7.3') < 0) {
//prior to PHP 7.3, use ldap_control_paged_result //prior to PHP 7.3, use ldap_control_paged_result
...@@ -3395,7 +3397,7 @@ class AuthLDAP extends CommonDBTM { ...@@ -3395,7 +3397,7 @@ class AuthLDAP extends CommonDBTM {
$field_counter++; $field_counter++;
$field_value = ''; $field_value = '';
if (isset($_SESSION['ldap_import']['criterias'][$field])) { if (isset($_SESSION['ldap_import']['criterias'][$field])) {
$field_value = Html::entities_deep(Toolbox::unclean_cross_side_scripting_deep(Toolbox::stripslashes_deep($_SESSION['ldap_import']['criterias'][$field]))); $field_value = Html::entities_deep(Sanitizer::unsanitize($_SESSION['ldap_import']['criterias'][$field], true));
} }
echo "<input type='text' id='criterias$field' name='criterias[$field]' value='$field_value'>"; echo "<input type='text' id='criterias$field' name='criterias[$field]' value='$field_value'>";
echo "</td>"; echo "</td>";
......
...@@ -39,6 +39,7 @@ if (!defined('GLPI_ROOT')) { ...@@ -39,6 +39,7 @@ if (!defined('GLPI_ROOT')) {
use Glpi\CalDAV\Contracts\CalDAVCompatibleItemInterface; use Glpi\CalDAV\Contracts\CalDAVCompatibleItemInterface;
use Glpi\CalDAV\Node\Property; use Glpi\CalDAV\Node\Property;
use Glpi\CalDAV\Traits\CalDAVUriUtilTrait; use Glpi\CalDAV\Traits\CalDAVUriUtilTrait;
use Glpi\Toolbox\Sanitizer;
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
use Sabre\CalDAV\Backend\AbstractBackend; use Sabre\CalDAV\Backend\AbstractBackend;
use Sabre\CalDAV\Xml\Property\SupportedCalendarComponentSet; use Sabre\CalDAV\Xml\Property\SupportedCalendarComponentSet;
...@@ -323,7 +324,7 @@ class Calendar extends AbstractBackend { ...@@ -323,7 +324,7 @@ class Calendar extends AbstractBackend {
$input['uuid'] = Uuid::uuid4(); $input['uuid'] = Uuid::uuid4();
} }
$input = \Toolbox::sanitize($input); $input = Sanitizer::sanitize($input, true);
if ($item->isNewItem()) { if ($item->isNewItem()) {
// Auto set entities_id if exists and not set // Auto set entities_id if exists and not set
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
namespace Glpi\CalDAV\Traits; namespace Glpi\CalDAV\Traits;
use Glpi\Toolbox\RichText; use Glpi\Toolbox\RichText;
use Glpi\Toolbox\Sanitizer;
use RRule\RRule; use RRule\RRule;
use Sabre\VObject\Component; use Sabre\VObject\Component;
use Sabre\VObject\Component\VCalendar; use Sabre\VObject\Component\VCalendar;
...@@ -96,7 +97,7 @@ trait VobjectConverterTrait { ...@@ -96,7 +97,7 @@ trait VobjectConverterTrait {
$vcomp = $vcalendar->add($component_type); $vcomp = $vcalendar->add($component_type);
} }
$fields = \Toolbox::unclean_cross_side_scripting_deep($item->fields); $fields = Sanitizer::unsanitize($item->fields);
$utc_tz = new \DateTimeZone('UTC'); $utc_tz = new \DateTimeZone('UTC');
if (array_key_exists('uuid', $fields)) { if (array_key_exists('uuid', $fields)) {
......
...@@ -35,6 +35,7 @@ if (!defined('GLPI_ROOT')) { ...@@ -35,6 +35,7 @@ if (!defined('GLPI_ROOT')) {
} }
use Glpi\Toolbox\RichText; use Glpi\Toolbox\RichText;
use Glpi\Toolbox\Sanitizer;
/** /**
* CommonITILObject Class * CommonITILObject Class
...@@ -1633,11 +1634,7 @@ abstract class CommonITILObject extends CommonDBTM { ...@@ -1633,11 +1634,7 @@ abstract class CommonITILObject extends CommonDBTM {
// Build name based on content // Build name based on content
// Unsanitize // Unsanitize
// $content = Sanitizer::unsanitize($input['content'], true);
// Using `Toolbox::stripslashes_deep()` on sanitized content will produce "r" and "n" instead of "\r" and \n",
// so newlines have to be removed before calling it.
$content = str_replace(['\r', '\n'], ' ', $input['content']);
$content = Toolbox::stripslashes_deep(Toolbox::unclean_cross_side_scripting_deep($content));
// Get unformatted text // Get unformatted text
$name = RichText::getTextFromHtml($content, false); $name = RichText::getTextFromHtml($content, false);
...@@ -1646,7 +1643,7 @@ abstract class CommonITILObject extends CommonDBTM { ...@@ -1646,7 +1643,7 @@ abstract class CommonITILObject extends CommonDBTM {
$name = Toolbox::substr(preg_replace('/\s{2,}/', ' ', $name), 0, 70); $name = Toolbox::substr(preg_replace('/\s{2,}/', ' ', $name), 0, 70);
// Sanitize result // Sanitize result
$input['name'] = Toolbox::clean_cross_side_scripting_deep(Toolbox::addslashes_deep($name)); $input['name'] = Sanitizer::sanitize($name, true);
} }
// Set default dropdown // Set default dropdown
...@@ -8478,9 +8475,7 @@ abstract class CommonITILObject extends CommonDBTM { ...@@ -8478,9 +8475,7 @@ abstract class CommonITILObject extends CommonDBTM {
$tasktemplate_content = $tasktemplate->getRenderedContent($this); $tasktemplate_content = $tasktemplate->getRenderedContent($this);
// Sanitize generated HTML before adding it in DB // Sanitize generated HTML before adding it in DB
$tasktemplate_content = Toolbox::clean_cross_side_scripting_deep( $tasktemplate_content = Sanitizer::sanitize($tasktemplate_content, true);
Toolbox::addslashes_deep($tasktemplate_content)
);
$itiltask->add([ $itiltask->add([
'tasktemplates_id' => $tasktemplates_id, 'tasktemplates_id' => $tasktemplates_id,
...@@ -8522,9 +8517,7 @@ abstract class CommonITILObject extends CommonDBTM { ...@@ -8522,9 +8517,7 @@ abstract class CommonITILObject extends CommonDBTM {
$new_fup_content = $fup_template->getRenderedContent($this); $new_fup_content = $fup_template->getRenderedContent($this);
// Sanitize generated HTML before adding it in DB // Sanitize generated HTML before adding it in DB
$new_fup_content = Toolbox::clean_cross_side_scripting_deep( $new_fup_content = Sanitizer::sanitize($new_fup_content, true);
Toolbox::addslashes_deep($new_fup_content)
);
// Insert new followup from template // Insert new followup from template
$fup = new ITILFollowup(); $fup = new ITILFollowup();
......
...@@ -37,6 +37,7 @@ if (!defined('GLPI_ROOT')) { ...@@ -37,6 +37,7 @@ if (!defined('GLPI_ROOT')) {
use Glpi\CalDAV\Contracts\CalDAVCompatibleItemInterface; use Glpi\CalDAV\Contracts\CalDAVCompatibleItemInterface;
use Glpi\CalDAV\Traits\VobjectConverterTrait; use Glpi\CalDAV\Traits\VobjectConverterTrait;
use Glpi\Toolbox\RichText; use Glpi\Toolbox\RichText;
use Glpi\Toolbox\Sanitizer;
use Sabre\VObject\Component\VCalendar; use Sabre\VObject\Component\VCalendar;
/// TODO extends it from CommonDBChild /// TODO extends it from CommonDBChild
...@@ -1177,7 +1178,7 @@ abstract class CommonITILTask extends CommonDBTM implements CalDAVCompatibleItem ...@@ -1177,7 +1178,7 @@ abstract class CommonITILTask extends CommonDBTM implements CalDAVCompatibleItem
$interv[$key]["end"] = $data["end"]; $interv[$key]["end"] = $data["end"];
} }
$interv[$key]["name"] = Toolbox::unclean_cross_side_scripting_deep($parentitem->fields['name']); // name is re-encoded on JS side $interv[$key]["name"] = Sanitizer::unsanitize($parentitem->fields['name']); // name is re-encoded on JS side
$interv[$key]["content"] = RichText::getSafeHtml($item->fields['content'], true); $interv[$key]["content"] = RichText::getSafeHtml($item->fields['content'], true);
$interv[$key]["status"] = $parentitem->fields["status"]; $interv[$key]["status"] = $parentitem->fields["status"];
$interv[$key]["priority"] = $parentitem->fields["priority"]; $interv[$key]["priority"] = $parentitem->fields["priority"];
......
...@@ -34,6 +34,7 @@ use Glpi\Cache\CacheManager; ...@@ -34,6 +34,7 @@ use Glpi\Cache\CacheManager;
use Glpi\Dashboard\Grid; use Glpi\Dashboard\Grid;
use Glpi\Exception\PasswordTooWeakException; use Glpi\Exception\PasswordTooWeakException;
use Glpi\System\RequirementsManager; use Glpi\System\RequirementsManager;
use Glpi\Toolbox\Sanitizer;
use Laminas\Cache\Psr\SimpleCache\SimpleCacheDecorator; use Laminas\Cache\Psr\SimpleCache\SimpleCacheDecorator;
use Laminas\Cache\StorageFactory; use Laminas\Cache\StorageFactory;
use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\PHPMailer;
...@@ -1915,7 +1916,7 @@ class Config extends CommonDBTM { ...@@ -1915,7 +1916,7 @@ class Config extends CommonDBTM {
echo wordwrap($msg."\n", $width, "\n\t"); echo wordwrap($msg."\n", $width, "\n\t");
if (isset($_SERVER["HTTP_USER_AGENT"])) { if (isset($_SERVER["HTTP_USER_AGENT"])) {
echo "\t" . Toolbox::clean_cross_side_scripting_deep($_SERVER["HTTP_USER_AGENT"]) . "\n"; echo "\t" . Sanitizer::sanitize($_SERVER["HTTP_USER_AGENT"]) . "\n";
} }
foreach ($DB->getInfo() as $key => $val) { foreach ($DB->getInfo() as $key => $val) {
......
...@@ -47,6 +47,7 @@ use DB; ...@@ -47,6 +47,7 @@ use DB;
use Document_Item; use Document_Item;
use Domain; use Domain;
use Glpi\Console\AbstractCommand; use Glpi\Console\AbstractCommand;
use Glpi\Toolbox\Sanitizer;
use Infocom; use Infocom;
use Item_Problem; use Item_Problem;
use Item_Project; use Item_Project;
...@@ -63,7 +64,6 @@ use Symfony\Component\Console\Input\InputInterface; ...@@ -63,7 +64,6 @@ use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\ConfirmationQuestion; use Symfony\Component\Console\Question\ConfirmationQuestion;
use Toolbox;
class AppliancesPluginToCoreCommand extends AbstractCommand { class AppliancesPluginToCoreCommand extends AbstractCommand {
...@@ -403,12 +403,12 @@ class AppliancesPluginToCoreCommand extends AbstractCommand { ...@@ -403,12 +403,12 @@ class AppliancesPluginToCoreCommand extends AbstractCommand {
OutputInterface::VERBOSITY_VERY_VERBOSE OutputInterface::VERBOSITY_VERY_VERBOSE
); );
$app_fields = Toolbox::sanitize([ $app_fields = Sanitizer::sanitize([
'id' => $item['id'], 'id' => $item['id'],
'appliances_id' => $item['plugin_appliances_appliances_id'], 'appliances_id' => $item['plugin_appliances_appliances_id'],
'items_id' => $item['items_id'], 'items_id' => $item['items_id'],
'itemtype' => $item['itemtype'] 'itemtype' => $item['itemtype']
]); ], true);
$appi = new Appliance_Item(); $appi = new Appliance_Item();
if (!($appi_id = $appi->getFromDBByCrit($app_fields))) { if (!($appi_id = $appi->getFromDBByCrit($app_fields))) {
...@@ -462,11 +462,11 @@ class AppliancesPluginToCoreCommand extends AbstractCommand { ...@@ -462,11 +462,11 @@ class AppliancesPluginToCoreCommand extends AbstractCommand {
OutputInterface::VERBOSITY_VERY_VERBOSE OutputInterface::VERBOSITY_VERY_VERBOSE
); );
$app_fields = Toolbox::sanitize([ $app_fields = Sanitizer::sanitize([
'id' => $env['id'], 'id' => $env['id'],
'name' => $env['name'], 'name' => $env['name'],
'comment' => $env['comment'] 'comment' => $env['comment']
]); ], true);
$appe = new ApplianceEnvironment(); $appe = new ApplianceEnvironment();
if (!($appe_id = $appe->getFromDBByCrit($app_fields))) { if (!($appe_id = $appe->getFromDBByCrit($app_fields))) {
...@@ -519,7 +519,7 @@ class AppliancesPluginToCoreCommand extends AbstractCommand { ...@@ -519,7 +519,7 @@ class AppliancesPluginToCoreCommand extends AbstractCommand {
OutputInterface::VERBOSITY_VERY_VERBOSE OutputInterface::VERBOSITY_VERY_VERBOSE
); );
$app_fields = Toolbox::sanitize([ $app_fields = Sanitizer::sanitize([
'id' => $appliance['id'], 'id' => $appliance['id'],
'entities_id' => $appliance['entities_id'], 'entities_id' => $appliance['entities_id'],
'is_recursive' => $appliance['is_recursive'], 'is_recursive' => $appliance['is_recursive'],
...@@ -540,7 +540,7 @@ class AppliancesPluginToCoreCommand extends AbstractCommand { ...@@ -540,7 +540,7 @@ class AppliancesPluginToCoreCommand extends AbstractCommand {
'externalidentifier' => $appliance['externalid'], 'externalidentifier' => $appliance['externalid'],
'serial' => $appliance['serial'], 'serial' => $appliance['serial'],
'otherserial' => $appliance['otherserial'] 'otherserial' => $appliance['otherserial']
]); ], true);
$app = new Appliance(); $app = new Appliance();
if (!($app_id = $app->getFromDBByCrit($app_fields))) { if (!($app_id = $app->getFromDBByCrit($app_fields))) {
...@@ -594,14 +594,14 @@ class AppliancesPluginToCoreCommand extends AbstractCommand { ...@@ -594,14 +594,14 @@ class AppliancesPluginToCoreCommand extends AbstractCommand {
OutputInterface::VERBOSITY_VERY_VERBOSE OutputInterface::VERBOSITY_VERY_VERBOSE
); );
$appt_fields = Toolbox::sanitize([ $appt_fields = Sanitizer::sanitize([
'id' => $type['id'], 'id' => $type['id'],
'entities_id' => $type['entities_id'], 'entities_id' => $type['entities_id'],
'is_recursive' => $type['is_recursive'], 'is_recursive' => $type['is_recursive'],
'name' => $type['name'], 'name' => $type['name'],
'comment' => $type['comment'], 'comment' => $type['comment'],
'externalidentifier' => $type['externalid'] 'externalidentifier' => $type['externalid']
]); ], true);
$appt = new ApplianceType(); $appt = new ApplianceType();
if (!($appt_id = $appt->getFromDBByCrit($appt_fields))) { if (!($appt_id = $appt->getFromDBByCrit($appt_fields))) {
...@@ -687,12 +687,12 @@ class AppliancesPluginToCoreCommand extends AbstractCommand { ...@@ -687,12 +687,12 @@ class AppliancesPluginToCoreCommand extends AbstractCommand {
} }
} }
$appr_fields = Toolbox::sanitize([ $appr_fields = Sanitizer::sanitize([
'id' => $row['id'], 'id' => $row['id'],
'appliances_items_id' => $row['plugin_appliances_appliances_items_id'], 'appliances_items_id' => $row['plugin_appliances_appliances_items_id'],
'itemtype' => $itemtype, 'itemtype' => $itemtype,
'items_id' => $row['relations_id'] 'items_id' => $row['relations_id']
]); ], true);
$appr = new Appliance_Item_Relation(); $appr = new Appliance_Item_Relation();
if (!($appr_id = $appr->getFromDBByCrit($appr_fields))) { if (!($appr_id = $appr->getFromDBByCrit($appr_fields))) {
......
...@@ -43,6 +43,7 @@ use Datacenter; ...@@ -43,6 +43,7 @@ use Datacenter;
use DB; use DB;
use DCRoom; use DCRoom;
use Glpi\Console\AbstractCommand; use Glpi\Console\AbstractCommand;
use Glpi\Toolbox\Sanitizer;
use Item_Rack; use Item_Rack;
use Monitor; use Monitor;
use MonitorModel;