aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2013-11-29 07:45:00 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2013-11-29 07:45:16 +0000
commit96f7798275bad99d53e1302aca9bb5605a449f07 (patch)
tree72b13338a3d767dd7a7c2670494fd4e17da0abc4
parent980619b8a9e5ad7a7684b07c8db1974fb38dcfe6 (diff)
downloadaports-96f7798275bad99d53e1302aca9bb5605a449f07.tar.bz2
aports-96f7798275bad99d53e1302aca9bb5605a449f07.tar.xz
main/zabbix: upgrade to 2.0.9
-rw-r--r--main/zabbix/APKBUILD20
-rw-r--r--main/zabbix/ZBX-7091-2.0.8.patch2021
2 files changed, 8 insertions, 2033 deletions
diff --git a/main/zabbix/APKBUILD b/main/zabbix/APKBUILD
index 0ff2d574ad..ce16993b6e 100644
--- a/main/zabbix/APKBUILD
+++ b/main/zabbix/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Jeff Bilyk <jbilyk at gmail>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=zabbix
-pkgver=2.0.8
-pkgrel=1
+pkgver=2.0.9
+pkgrel=0
pkgdesc="Enterprise-class open source distributed monitoring"
url="http://www.zabbix.com"
arch="all"
@@ -27,7 +27,6 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
zabbix-server.initd
zabbix-agentd.initd
zabbix-proxy.initd
- ZBX-7091-2.0.8.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -161,7 +160,7 @@ agent() {
}
-md5sums="8fef9e6f499295211dd9b2a9db96464b zabbix-2.0.8.tar.gz
+md5sums="edf00241cce2302e0b65f620e83c7e41 zabbix-2.0.9.tar.gz
26b0401a83bdb1dce29338e5b2786620 zabbix_server.conf
9832a81e134c8e2c11e2a06b7adbf88f zabbix_trapper.conf
0310b92afb3f35c1075fff53db737212 zabbix_proxy.conf
@@ -171,9 +170,8 @@ b80eca2e260cc9e563f4b7a1b30bb158 res_send.patch
5f7b1815a309d8dade4a1d15d5048742 automake.patch
d823c2ab6c2bbdd0ebd3511fac4a83b4 zabbix-server.initd
1a5c718bcf815fcf659e14fb0b576a1a zabbix-agentd.initd
-a99978139481e69434f78fc3e8c53441 zabbix-proxy.initd
-69f7a0d3b7747bcad5f4928a0e9c4786 ZBX-7091-2.0.8.patch"
-sha256sums="c4b94960de0a1d0b20604a08503e9715c15845409368162c1e321040b8e4519a zabbix-2.0.8.tar.gz
+a99978139481e69434f78fc3e8c53441 zabbix-proxy.initd"
+sha256sums="d5ef1ea94f6f09992a7f1f6fb9b58f99c3bca6196c5454ad29fa63c03996ee14 zabbix-2.0.9.tar.gz
3b09a8fdc38216d859022c5966c36f0bcb6984974208cf4c69c17129649efdf5 zabbix_server.conf
3ae307895c9a7189e29c4ebf7479ce08d4c3bbe1a7f0a3554828170dac417bab zabbix_trapper.conf
0cd9cab17d1a2f791262b683aeedc5115722478a4847cb438aadb51198f67287 zabbix_proxy.conf
@@ -183,9 +181,8 @@ sha256sums="c4b94960de0a1d0b20604a08503e9715c15845409368162c1e321040b8e4519a za
4cd7ab9c6fa95aacab0c1f7b77bad18e9b500feca70b16c866a581775b4ad611 automake.patch
f4e18cca40cd7299140aec3077cf39429487860094d7f5d88d76d8e040dca9b8 zabbix-server.initd
4f93c4868726a3e8fed12a030cfce8911f105217a59187d6b3e1565d8d3e76b5 zabbix-agentd.initd
-60a01c08df054a0c1bcfb71e378544b4c4e489e6a6779d96383387ed34ddc0b0 zabbix-proxy.initd
-ae8f91f846f8a84d926c0bfe81ad6c4f8203a28efeb0b040b6fef32cfc0022fa ZBX-7091-2.0.8.patch"
-sha512sums="5a65c7fcce33d98a0f441798ca83f16bb6ed31b8a1b025f39c4003a0906c148ed5ff9db41aec591f053083b6bacd3ea1a1c8b96c007c44da092bfa179693e403 zabbix-2.0.8.tar.gz
+60a01c08df054a0c1bcfb71e378544b4c4e489e6a6779d96383387ed34ddc0b0 zabbix-proxy.initd"
+sha512sums="60ed4ea76aa60032a70a5870f7db78c0675eab1108043049cc3c2788b21c521f3cf4f87801a905270201120a44af95bf3b653b02b11abafac360553c6a8d6070 zabbix-2.0.9.tar.gz
3170d56a61871e6efadf705c19f864fdecf9420c4263f2a1129245b3b55bd730d1ba5a6a26ea866fc7842c86f7745e51ea28878bb9e9267ed9176499cb75e8bb zabbix_server.conf
cd08d907838de646f65316950e8c71deae25be1701e0cc22e5fd2f636c21ef2365a537d247277bafb694cae8c5dbd22eb725c1647797ad3e4ac4b3df2084ef07 zabbix_trapper.conf
a3703641125dda8c13d658ad4e1cf2cde94af01ed953480a37006e354ff58ade4a99b3575e3f095d8639ac9c481be52e25120353d9a4cd2104a68aff4a5596e5 zabbix_proxy.conf
@@ -195,5 +192,4 @@ a2d8d52bacd353363c22f89ca26deffdec722144dab4899987ef4b8479d0b0722007bf3e97f75403
7aa59336e92d83eddff4bc18038820cfc25dc50f45327a2c0a6aa0e360fa742c9724d25e84152e3a14193c88ea5d6e66fdb99f2900c0bf8199cb2adf9e143415 automake.patch
af0853d8c5a8b33399b87e7958a7ffd692fe18005dcc43af5f58e0fdf6bbee3dd66ec77a3840ae5e526a4c445b04425071f6796d726ff923aba9d3a78ca3c022 zabbix-server.initd
3ef0fe0c1c94f2f01a0c335a45ee0f3c0cd4b125d96b5eefa869a17efb352087a5dd18ef8e87c35e6816b6fb705b829f0a25452e7285637d3595ff4c103b7c21 zabbix-agentd.initd
-b305ea06641c6a331273f065a4a85fac92c45e107a30e85cb41be4ea36e2efbf5442c69cc6605ea3734a851808f7abba20042058d4b07832d858cdb63e98d405 zabbix-proxy.initd
-cd960187bf234b14fd612ff3b4357ce5b1b094a9498e58a735309136b04a7f5076a8ff251edf47ede7d663d3d0fbd1e36c9c99e647dab598f4bedc634e17e24a ZBX-7091-2.0.8.patch"
+b305ea06641c6a331273f065a4a85fac92c45e107a30e85cb41be4ea36e2efbf5442c69cc6605ea3734a851808f7abba20042058d4b07832d858cdb63e98d405 zabbix-proxy.initd"
diff --git a/main/zabbix/ZBX-7091-2.0.8.patch b/main/zabbix/ZBX-7091-2.0.8.patch
deleted file mode 100644
index b4a2c63cd2..0000000000
--- a/main/zabbix/ZBX-7091-2.0.8.patch
+++ /dev/null
@@ -1,2021 +0,0 @@
-Index: frontends/php/api/classes/CGraphItem.php
-===================================================================
---- ./frontends/php/api/classes/CGraphItem.php (revision 38884)
-+++ ./frontends/php/api/classes/CGraphItem.php (working copy)
-@@ -119,7 +119,7 @@
-
- // type
- if (!is_null($options['type'] )) {
-- $sqlParts['where'][] = 'gi.type='.$options['type'];
-+ $sqlParts['where'][] = 'gi.type='.zbx_dbstr($options['type']);
- }
-
- // output
-@@ -254,8 +254,8 @@
- $dbRes = DBselect(
- 'SELECT gi.gitemid'.
- ' FROM graphs_items gi'.
-- ' WHERE gi.itemid='.$gitemData['itemid'].
-- ' AND gi.graphid='.$gitemData['graphid']
-+ ' WHERE gi.itemid='.zbx_dbstr($gitemData['itemid']).
-+ ' AND gi.graphid='.zbx_dbstr($gitemData['graphid'])
- );
- while ($gitem = DBfetch($dbRes)) {
- $gitemids[$gitem['gitemid']] = $gitem['gitemid'];
-Index: frontends/php/api/classes/CEvent.php
-===================================================================
---- ./frontends/php/api/classes/CEvent.php (revision 38884)
-+++ ./frontends/php/api/classes/CEvent.php (working copy)
-@@ -232,12 +232,12 @@
-
- // object
- if (!is_null($options['object'])) {
-- $sqlParts['where']['o'] = 'e.object='.$options['object'];
-+ $sqlParts['where']['o'] = 'e.object='.zbx_dbstr($options['object']);
- }
-
- // source
- if (!is_null($options['source'])) {
-- $sqlParts['where'][] = 'e.source='.$options['source'];
-+ $sqlParts['where'][] = 'e.source='.zbx_dbstr($options['source']);
- }
-
- // acknowledged
-@@ -255,22 +255,22 @@
-
- // time_from
- if (!is_null($options['time_from'])) {
-- $sqlParts['where'][] = 'e.clock>='.$options['time_from'];
-+ $sqlParts['where'][] = 'e.clock>='.zbx_dbstr($options['time_from']);
- }
-
- // time_till
- if (!is_null($options['time_till'])) {
-- $sqlParts['where'][] = 'e.clock<='.$options['time_till'];
-+ $sqlParts['where'][] = 'e.clock<='.zbx_dbstr($options['time_till']);
- }
-
- // eventid_from
- if (!is_null($options['eventid_from'])) {
-- $sqlParts['where'][] = 'e.eventid>='.$options['eventid_from'];
-+ $sqlParts['where'][] = 'e.eventid>='.zbx_dbstr($options['eventid_from']);
- }
-
- // eventid_till
- if (!is_null($options['eventid_till'])) {
-- $sqlParts['where'][] = 'e.eventid<='.$options['eventid_till'];
-+ $sqlParts['where'][] = 'e.eventid<='.zbx_dbstr($options['eventid_till']);
- }
-
- // value
-Index: frontends/php/api/classes/CGraphPrototype.php
-===================================================================
---- ./frontends/php/api/classes/CGraphPrototype.php (revision 38884)
-+++ ./frontends/php/api/classes/CGraphPrototype.php (working copy)
-@@ -227,7 +227,7 @@
-
- // type
- if (!is_null($options['type'] )) {
-- $sqlParts['where'][] = 'g.type='.$options['type'];
-+ $sqlParts['where'][] = 'g.type='.zbx_dbstr($options['type']);
- }
-
- // templated
-Index: frontends/php/api/classes/CItemGeneral.php
-===================================================================
---- ./frontends/php/api/classes/CItemGeneral.php (revision 38884)
-+++ ./frontends/php/api/classes/CItemGeneral.php (working copy)
-@@ -707,7 +707,7 @@
-
- $sqlWhere = array();
- foreach ($itemKeysByHostId as $hostId => $keys) {
-- $sqlWhere[] = '(i.hostid='.$hostId.' AND '.dbConditionString('i.key_', $keys).')';
-+ $sqlWhere[] = '(i.hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('i.key_', $keys).')';
- }
-
- if ($sqlWhere) {
-Index: frontends/php/api/classes/CHistory.php
-===================================================================
---- ./frontends/php/api/classes/CHistory.php (revision 38884)
-+++ ./frontends/php/api/classes/CHistory.php (working copy)
-@@ -169,13 +169,13 @@
- // time_from
- if (!is_null($options['time_from'])) {
- $sqlParts['select']['clock'] = 'h.clock';
-- $sqlParts['where']['clock_from'] = 'h.clock>='.$options['time_from'];
-+ $sqlParts['where']['clock_from'] = 'h.clock>='.zbx_dbstr($options['time_from']);
- }
-
- // time_till
- if (!is_null($options['time_till'])) {
- $sqlParts['select']['clock'] = 'h.clock';
-- $sqlParts['where']['clock_till'] = 'h.clock<='.$options['time_till'];
-+ $sqlParts['where']['clock_till'] = 'h.clock<='.zbx_dbstr($options['time_till']);
- }
-
- // filter
-Index: frontends/php/api/classes/CTrigger.php
-===================================================================
---- ./frontends/php/api/classes/CTrigger.php (revision 38884)
-+++ ./frontends/php/api/classes/CTrigger.php (working copy)
-@@ -321,12 +321,12 @@
-
- // lastChangeSince
- if (!is_null($options['lastChangeSince'])) {
-- $sqlParts['where']['lastchangesince'] = 't.lastchange>'.$options['lastChangeSince'];
-+ $sqlParts['where']['lastchangesince'] = 't.lastchange>'.zbx_dbstr($options['lastChangeSince']);
- }
-
- // lastChangeTill
- if (!is_null($options['lastChangeTill'])) {
-- $sqlParts['where']['lastchangetill'] = 't.lastchange<'.$options['lastChangeTill'];
-+ $sqlParts['where']['lastchangetill'] = 't.lastchange<'.zbx_dbstr($options['lastChangeTill']);
- }
-
- // withUnacknowledgedEvents
-@@ -466,7 +466,7 @@
-
- // min_severity
- if (!is_null($options['min_severity'])) {
-- $sqlParts['where'][] = 't.priority>='.$options['min_severity'];
-+ $sqlParts['where'][] = 't.priority>='.zbx_dbstr($options['min_severity']);
- }
-
- // output
-Index: frontends/php/api/classes/CScript.php
-===================================================================
---- ./frontends/php/api/classes/CScript.php (revision 38884)
-+++ ./frontends/php/api/classes/CScript.php (working copy)
-@@ -114,7 +114,7 @@
- $sqlParts['from']['hosts_groups'] = 'hosts_groups hg';
- $sqlParts['where'][] = 'hg.groupid=r.id';
- $sqlParts['where'][] = 'r.groupid=ug.usrgrpid';
-- $sqlParts['where'][] = 'ug.userid='.$userid;
-+ $sqlParts['where'][] = 'ug.userid='.zbx_dbstr($userid);
- $sqlParts['where'][] = '(hg.groupid=s.groupid OR s.groupid IS NULL)';
- $sqlParts['where'][] = '(ug.usrgrpid=s.usrgrpid OR s.usrgrpid IS NULL)';
- }
-@@ -265,7 +265,7 @@
- 'SELECT s.scriptid'.
- ' FROM scripts s'.
- ' WHERE '.DBin_node('s.scriptid').
-- ' AND s.name='.$script['name']
-+ ' AND s.name='.zbx_dbstr($script['name'])
- );
- while ($script = DBfetch($dbScripts)) {
- $scriptids[$script['scriptid']] = $script['scriptid'];
-Index: frontends/php/api/classes/CTemplate.php
-===================================================================
---- ./frontends/php/api/classes/CTemplate.php (revision 38884)
-+++ ./frontends/php/api/classes/CTemplate.php (working copy)
-@@ -1021,7 +1021,7 @@
-
- foreach ($template['groups'] as $group) {
- $hostgroupid = get_dbid('hosts_groups', 'hostgroupid');
-- $result = DBexecute("INSERT INTO hosts_groups (hostgroupid, hostid, groupid) VALUES ($hostgroupid, $templateid, {$group['groupid']})");
-+ $result = DBexecute('INSERT INTO hosts_groups (hostgroupid,hostid,groupid) VALUES ('.zbx_dbstr($hostgroupid).','.zbx_dbstr($templateid).','.zbx_dbstr($group['groupid']).')');
- if (!$result) {
- self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror');
- }
-Index: frontends/php/api/classes/CHostGeneral.php
-===================================================================
---- ./frontends/php/api/classes/CHostGeneral.php (revision 38884)
-+++ ./frontends/php/api/classes/CHostGeneral.php (working copy)
-@@ -261,7 +261,7 @@
- continue;
- }
-
-- $values = array(get_dbid('hosts_templates', 'hosttemplateid'), $targetid, $templateid);
-+ $values = array(get_dbid('hosts_templates', 'hosttemplateid'), zbx_dbstr($targetid), zbx_dbstr($templateid));
- $sql = 'INSERT INTO hosts_templates VALUES ('.implode(', ', $values).')';
- $result = DBexecute($sql);
-
-Index: frontends/php/api/classes/CUser.php
-===================================================================
---- ./frontends/php/api/classes/CUser.php (revision 38884)
-+++ ./frontends/php/api/classes/CUser.php (working copy)
-@@ -507,7 +507,8 @@
- $usrgrps = zbx_objectValues($user['usrgrps'], 'usrgrpid');
- foreach ($usrgrps as $groupid) {
- $usersGroupdId = get_dbid('users_groups', 'id');
-- $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$usersGroupdId.','.$groupid.','.$userid.')';
-+ $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.zbx_dbstr($usersGroupdId).','.zbx_dbstr($groupid).','.zbx_dbstr($userid).')';
-+
- if (!DBexecute($sql)) {
- self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror');
- }
-@@ -516,8 +517,8 @@
- foreach ($user['user_medias'] as $mediaData) {
- $mediaid = get_dbid('media', 'mediaid');
- $sql = 'INSERT INTO media (mediaid,userid,mediatypeid,sendto,active,severity,period)'.
-- ' VALUES ('.$mediaid.','.$userid.','.$mediaData['mediatypeid'].','.
-- zbx_dbstr($mediaData['sendto']).','.$mediaData['active'].','.$mediaData['severity'].','.
-+ ' VALUES ('.zbx_dbstr($mediaid).','.zbx_dbstr($userid).','.zbx_dbstr($mediaData['mediatypeid']).','.
-+ zbx_dbstr($mediaData['sendto']).','.zbx_dbstr($mediaData['active']).','.zbx_dbstr($mediaData['severity']).','.
- zbx_dbstr($mediaData['period']).')';
- if (!DBexecute($sql)) {
- self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror');
-@@ -577,10 +578,10 @@
- $newUsrgrpids = zbx_objectValues($user['usrgrps'], 'usrgrpid');
-
- // deleting all relations with groups, but not touching those, where user still must be after update
-- DBexecute('DELETE FROM users_groups WHERE userid='.$user['userid'].' AND '.dbConditionInt('usrgrpid', $newUsrgrpids, true));
-+ DBexecute('DELETE FROM users_groups WHERE userid='.zbx_dbstr($user['userid']).' AND '.dbConditionInt('usrgrpid', $newUsrgrpids, true));
-
- // getting the list of groups user is currently in
-- $dbGroupsUserIn = DBSelect('SELECT usrgrpid FROM users_groups WHERE userid='.$user['userid']);
-+ $dbGroupsUserIn = DBSelect('SELECT usrgrpid FROM users_groups WHERE userid='.zbx_dbstr($user['userid']));
- $groupsUserIn = array();
- while ($grp = DBfetch($dbGroupsUserIn)) {
- $groupsUserIn[$grp['usrgrpid']] = $grp['usrgrpid'];
-@@ -598,7 +599,7 @@
- }
-
- $usersGroupdId = get_dbid('users_groups', 'id');
-- $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$usersGroupdId.','.$groupid.','.$user['userid'].')';
-+ $sql = 'INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.zbx_dbstr($usersGroupdId).','.zbx_dbstr($groupid).','.zbx_dbstr($user['userid']).')';
-
- if (!DBexecute($sql)) {
- self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror');
-@@ -696,8 +697,8 @@
- $mediaid = get_dbid('media', 'mediaid');
-
- $sql = 'INSERT INTO media (mediaid,userid,mediatypeid,sendto,active,severity,period)'.
-- ' VALUES ('.$mediaid.','.$user['userid'].','.$media['mediatypeid'].','.
-- zbx_dbstr($media['sendto']).','.$media['active'].','.$media['severity'].','.
-+ ' VALUES ('.zbx_dbstr($mediaid).','.zbx_dbstr($user['userid']).','.zbx_dbstr($media['mediatypeid']).','.
-+ zbx_dbstr($media['sendto']).','.zbx_dbstr($media['active']).','.zbx_dbstr($media['severity']).','.
- zbx_dbstr($media['period']).')';
- if (!DBexecute($sql)) {
- self::exception(ZBX_API_ERROR_PARAMETERS, 'DBerror');
-@@ -796,12 +797,12 @@
-
- $result = DBexecute(
- 'UPDATE media'.
-- ' SET mediatypeid='.$media['mediatypeid'].','.
-+ ' SET mediatypeid='.zbx_dbstr($media['mediatypeid']).','.
- ' sendto='.zbx_dbstr($media['sendto']).','.
-- ' active='.$media['active'].','.
-- ' severity='.$media['severity'].','.
-+ ' active='.zbx_dbstr($media['active']).','.
-+ ' severity='.zbx_dbstr($media['severity']).','.
- ' period='.zbx_dbstr($media['period']).
-- ' WHERE mediaid='.$media['mediaid']
-+ ' WHERE mediaid='.zbx_dbstr($media['mediaid'])
- );
- if (!$result) {
- self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot update user media.'));
-@@ -927,7 +928,7 @@
- $dbAccess = DBfetch(DBselect(
- 'SELECT MAX(g.gui_access) AS gui_access'.
- ' FROM usrgrp g,users_groups ug'.
-- ' WHERE ug.userid='.$userInfo['userid'].
-+ ' WHERE ug.userid='.zbx_dbstr($userInfo['userid']).
- ' AND g.usrgrpid=ug.usrgrpid'
- ));
- if (!zbx_empty($dbAccess['gui_access'])) {
-@@ -968,7 +969,7 @@
-
- DBexecute(
- 'UPDATE users'.
-- ' SET attempt_failed='.$userInfo['attempt_failed'].','.
-+ ' SET attempt_failed='.zbx_dbstr($userInfo['attempt_failed']).','.
- ' attempt_clock='.time().','.
- ' attempt_ip='.zbx_dbstr($ip).
- ' WHERE userid='.$userInfo['userid']
-@@ -980,7 +981,7 @@
-
- // start session
- $sessionid = md5(time().$password.$name.rand(0, 10000000));
-- DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status) VALUES ('.zbx_dbstr($sessionid).','.$userInfo['userid'].','.time().','.ZBX_SESSION_ACTIVE.')');
-+ DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status) VALUES ('.zbx_dbstr($sessionid).','.zbx_dbstr($userInfo['userid']).','.time().','.ZBX_SESSION_ACTIVE.')');
-
- add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, _s('Correct login "%s".', $name));
-
-@@ -990,7 +991,7 @@
- $userData['userid'] = $userInfo['userid'];
-
- if ($userInfo['attempt_failed']) {
-- DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.$userInfo['userid']);
-+ DBexecute('UPDATE users SET attempt_failed=0 WHERE userid='.zbx_dbstr($userInfo['userid']));
- }
-
- CWebUser::$data = self::$userData = $userData;
-@@ -1035,16 +1036,16 @@
- }
-
- if ($userInfo['autologout'] > 0) {
-- DBexecute('DELETE FROM sessions WHERE userid='.$userInfo['userid'].' AND lastaccess<'.(time() - $userInfo['autologout']));
-+ DBexecute('DELETE FROM sessions WHERE userid='.zbx_dbstr($userInfo['userid']).' AND lastaccess<'.(time() - $userInfo['autologout']));
- }
-
-- DBexecute('UPDATE sessions SET lastaccess='.time().' WHERE userid='.$userInfo['userid'].' AND sessionid='.zbx_dbstr($sessionid));
-+ DBexecute('UPDATE sessions SET lastaccess='.time().' WHERE userid='.zbx_dbstr($userInfo['userid']).' AND sessionid='.zbx_dbstr($sessionid));
- }
-
- $dbAccess = DBfetch(DBselect(
- 'SELECT MAX(g.gui_access) AS gui_access'.
- ' FROM usrgrp g,users_groups ug'.
-- ' WHERE ug.userid='.$userInfo['userid'].
-+ ' WHERE ug.userid='.zbx_dbstr($userInfo['userid']).
- ' AND g.usrgrpid=ug.usrgrpid'
- ));
- if (!zbx_empty($dbAccess['gui_access'])) {
-@@ -1070,13 +1071,13 @@
- 'SELECT u.userid,u.alias,u.name,u.surname,u.url,u.autologin,u.autologout,u.lang,u.refresh,u.type,'.
- ' u.theme,u.attempt_failed,u.attempt_ip,u.attempt_clock,u.rows_per_page'.
- ' FROM users u'.
-- ' WHERE u.userid='.$userid
-+ ' WHERE u.userid='.zbx_dbstr($userid)
- ));
-
- $userData['debug_mode'] = (bool) DBfetch(DBselect(
- 'SELECT ug.userid'.
- ' FROM usrgrp g,users_groups ug'.
-- ' WHERE ug.userid='.$userid.
-+ ' WHERE ug.userid='.zbx_dbstr($userid).
- ' AND g.usrgrpid=ug.usrgrpid'.
- ' AND g.debug_mode='.GROUP_DEBUG_MODE_ENABLED
- ));
-Index: frontends/php/api/classes/CImage.php
-===================================================================
---- ./frontends/php/api/classes/CImage.php (revision 38884)
-+++ ./frontends/php/api/classes/CImage.php (working copy)
-@@ -314,9 +314,9 @@
-
- $imageid = get_dbid('images', 'imageid');
- $values = array(
-- 'imageid' => $imageid,
-+ 'imageid' => zbx_dbstr($imageid),
- 'name' => zbx_dbstr($image['name']),
-- 'imagetype' => $image['imagetype'],
-+ 'imagetype' => zbx_dbstr($image['imagetype'])
- );
-
- switch ($DB['TYPE']) {
-@@ -423,7 +423,7 @@
-
- $values = array();
- if (isset($image['name'])) $values['name'] = zbx_dbstr($image['name']);
-- if (isset($image['imagetype'])) $values['imagetype'] = $image['imagetype'];
-+ if (isset($image['imagetype'])) $values['imagetype'] = zbx_dbstr($image['imagetype']);
-
- if (isset($image['image'])) {
- // decode BASE64
-@@ -443,7 +443,7 @@
- $values['image'] = zbx_dbstr($image['image']);
- break;
- case ZBX_DB_ORACLE:
-- $sql = 'SELECT image FROM images WHERE imageid = '.$image['imageid'].' FOR UPDATE';
-+ $sql = 'SELECT image FROM images WHERE imageid = '.zbx_dbstr($image['imageid']).' FOR UPDATE';
-
- if (!$stmt = oci_parse($DB['DB'], $sql)) {
- $e = oci_error($DB['DB']);
-@@ -464,7 +464,7 @@
- $row['IMAGE']->free();
- break;
- case ZBX_DB_DB2:
-- $stmt = db2_prepare($DB['DB'], 'UPDATE images SET image=? WHERE imageid='.$image['imageid']);
-+ $stmt = db2_prepare($DB['DB'], 'UPDATE images SET image=? WHERE imageid='.zbx_dbstr($image['imageid']));
-
- if (!$stmt) {
- self::exception(ZBX_API_ERROR_PARAMETERS, db2_conn_errormsg($DB['DB']));
-@@ -486,7 +486,7 @@
- foreach ($values as $field => $value) {
- $sqlUpd[] = $field.'='.$value;
- }
-- $sql = 'UPDATE images SET '.implode(', ', $sqlUpd).' WHERE imageid='.$image['imageid'];
-+ $sql = 'UPDATE images SET '.implode(', ', $sqlUpd).' WHERE imageid='.zbx_dbstr($image['imageid']);
- $result = DBexecute($sql);
-
- if (!$result) {
-Index: frontends/php/api/classes/CMapElement.php
-===================================================================
---- ./frontends/php/api/classes/CMapElement.php (revision 38884)
-+++ ./frontends/php/api/classes/CMapElement.php (working copy)
-@@ -586,7 +586,7 @@
-
- $sql = 'SELECT elementid, elementtype '.
- ' FROM sysmaps_elements '.
-- ' WHERE sysmapid='.$elementid .
-+ ' WHERE sysmapid='.zbx_dbstr($elementid) .
- ' AND elementtype='.SYSMAP_ELEMENT_TYPE_MAP;
- $dbElements = DBselect($sql);
-
-Index: frontends/php/api/classes/CTriggerPrototype.php
-===================================================================
---- ./frontends/php/api/classes/CTriggerPrototype.php (revision 38884)
-+++ ./frontends/php/api/classes/CTriggerPrototype.php (working copy)
-@@ -423,7 +423,7 @@
-
- // min_severity
- if (!is_null($options['min_severity'])) {
-- $sqlParts['where'][] = 't.priority>='.$options['min_severity'];
-+ $sqlParts['where'][] = 't.priority>='.zbx_dbstr($options['min_severity']);
- }
-
- // output
-Index: frontends/php/api/classes/CUserGroup.php
-===================================================================
---- ./frontends/php/api/classes/CUserGroup.php (revision 38884)
-+++ ./frontends/php/api/classes/CUserGroup.php (working copy)
-@@ -144,7 +144,7 @@
-
- // status
- if (!is_null($options['status'])) {
-- $sqlParts['where'][] = 'g.users_status='.$options['status'];
-+ $sqlParts['where'][] = 'g.users_status='.zbx_dbstr($options['status']);
- }
-
- // with_gui_access
-Index: frontends/php/api/classes/CGraph.php
-===================================================================
---- ./frontends/php/api/classes/CGraph.php (revision 38884)
-+++ ./frontends/php/api/classes/CGraph.php (working copy)
-@@ -209,7 +209,7 @@
-
- // type
- if (!is_null($options['type'])) {
-- $sqlParts['where'][] = 'g.type='.$options['type'];
-+ $sqlParts['where'][] = 'g.type='.zbx_dbstr($options['type']);
- }
-
- // templated
-Index: frontends/php/api/classes/CApplication.php
-===================================================================
---- ./frontends/php/api/classes/CApplication.php (revision 38884)
-+++ ./frontends/php/api/classes/CApplication.php (working copy)
-@@ -719,7 +719,7 @@
- DB::insert('items_applications', $appsInsert);
-
- foreach ($itemids as $inum => $itemid) {
-- $dbChilds = DBselect('SELECT i.itemid,i.hostid FROM items i WHERE i.templateid='.$itemid);
-+ $dbChilds = DBselect('SELECT i.itemid,i.hostid FROM items i WHERE i.templateid='.zbx_dbstr($itemid));
- while ($child = DBfetch($dbChilds)) {
- $dbApps = DBselect(
- 'SELECT a1.applicationid'.
-Index: frontends/php/api/classes/CAlert.php
-===================================================================
---- ./frontends/php/api/classes/CAlert.php (revision 38884)
-+++ ./frontends/php/api/classes/CAlert.php (working copy)
-@@ -237,12 +237,12 @@
-
- // time_from
- if (!is_null($options['time_from'])) {
-- $sqlParts['where'][] = 'a.clock>'.$options['time_from'];
-+ $sqlParts['where'][] = 'a.clock>'.zbx_dbstr($options['time_from']);
- }
-
- // time_till
- if (!is_null($options['time_till'])) {
-- $sqlParts['where'][] = 'a.clock<'.$options['time_till'];
-+ $sqlParts['where'][] = 'a.clock<'.zbx_dbstr($options['time_till']);
- }
-
- // output
-Index: frontends/php/api/classes/CWebCheck.php
-===================================================================
---- ./frontends/php/api/classes/CWebCheck.php (revision 38884)
-+++ ./frontends/php/api/classes/CWebCheck.php (working copy)
-@@ -347,7 +347,7 @@
- $dbCheckItems = DBselect(
- 'SELECT i.itemid,hi.type'.
- ' FROM items i,httptestitem hi'.
-- ' WHERE hi.httptestid='.$httpTest['httptestid'].
-+ ' WHERE hi.httptestid='.zbx_dbstr($httpTest['httptestid']).
- ' AND hi.itemid=i.itemid'
- );
- while ($checkitem = DBfetch($dbCheckItems)) {
-@@ -696,7 +696,7 @@
-
- $sql = 'SELECT h.httpstepid,h.name'.
- ' FROM httpstep h'.
-- ' WHERE h.httptestid='.$httpTest['httptestid'].
-+ ' WHERE h.httptestid='.zbx_dbstr($httpTest['httptestid']).
- ' AND '.dbConditionString('h.name', $webstepsNames);
- if ($httpstepData = DBfetch(DBselect($sql))) {
- self::exception(ZBX_API_ERROR_PARAMETERS, _s('Step "%s" already exists.', $httpstepData['name']));
-@@ -820,7 +820,7 @@
- $dbStepItems = DBselect(
- 'SELECT i.itemid,hi.type'.
- ' FROM items i,httpstepitem hi'.
-- ' WHERE hi.httpstepid='.$webstep['webstepid'].
-+ ' WHERE hi.httpstepid='.zbx_dbstr($webstep['webstepid']).
- ' AND hi.itemid=i.itemid'
- );
- while ($stepitem = DBfetch($dbStepItems)) {
-Index: frontends/php/api/classes/CTemplateScreen.php
-===================================================================
---- ./frontends/php/api/classes/CTemplateScreen.php (revision 38884)
-+++ ./frontends/php/api/classes/CTemplateScreen.php (working copy)
-@@ -618,7 +618,7 @@
- 'SELECT src.itemid as srcid,dest.itemid as destid'.
- ' FROM items dest,items src'.
- ' WHERE dest.key_=src.key_'.
-- ' AND dest.hostid='.$templateId.
-+ ' AND dest.hostid='.zbx_dbstr($templateId).
- ' AND '.dbConditionInt('src.itemid', $resourceItemIds)
- );
- while ($dbItem = DBfetch($dbItems)) {
-@@ -633,7 +633,7 @@
- ' WHERE dest.name=src.name'.
- ' AND destgi.graphid=dest.graphid'.
- ' AND destgi.itemid=desti.itemid'.
-- ' AND desti.hostid='.$templateId.
-+ ' AND desti.hostid='.zbx_dbstr($templateId).
- ' AND '.dbConditionInt('src.graphid', $resourceGraphIds)
- );
- while ($dbItem = DBfetch($dbItems)) {
-Index: frontends/php/include/items.inc.php
-===================================================================
---- ./frontends/php/include/items.inc.php (revision 38884)
-+++ ./frontends/php/include/items.inc.php (working copy)
-@@ -224,7 +224,7 @@
- while ($item = DBfetch($db_items)) {
- $old_status = $item['status'];
- if ($status != $old_status) {
-- $result &= DBexecute('UPDATE items SET status='.$status.
-+ $result &= DBexecute('UPDATE items SET status='.zbx_dbstr($status).
- ($status != ITEM_STATUS_NOTSUPPORTED ? ",error=''" : '').
- ' WHERE itemid='.$item['itemid']);
- if ($result) {
-@@ -420,7 +420,7 @@
- }
-
- function get_item_by_itemid($itemid) {
-- $db_items = DBfetch(DBselect('SELECT i.* FROM items i WHERE i.itemid='.$itemid));
-+ $db_items = DBfetch(DBselect('SELECT i.* FROM items i WHERE i.itemid='.zbx_dbstr($itemid)));
- if ($db_items) {
- return $db_items;
- }
-@@ -436,7 +436,7 @@
- 'i.formula,i.trends,i.logtimefmt,i.valuemapid,i.delay_flex,i.params,i.ipmi_sensor,i.templateid,'.
- 'i.authtype,i.username,i.password,i.publickey,i.privatekey,i.flags,i.filter,i.description,i.inventory_link'.
- ' FROM items i'.
-- ' WHERE i.itemid='.$itemid));
-+ ' WHERE i.itemid='.zbx_dbstr($itemid)));
- if ($row) {
- return $row;
- }
-@@ -469,7 +469,7 @@
- $db_items = DBselect(
- 'SELECT src.*'.
- ' FROM items src,items dest'.
-- ' WHERE dest.itemid='.$itemid.
-+ ' WHERE dest.itemid='.zbx_dbstr($itemid).
- ' AND src.key_=dest.key_'.
- ' AND '.dbConditionInt('src.hostid', $dest_hostids)
- );
-@@ -838,7 +838,7 @@
- 'SELECT a1.applicationid'.
- ' FROM applications a1,applications a2'.
- ' WHERE a1.name=a2.name'.
-- ' AND a1.hostid='.$hostid.
-+ ' AND a1.hostid='.zbx_dbstr($hostid).
- ' AND '.dbConditionInt('a2.applicationid', $applications)
- );
- while ($app = DBfetch($db_apps)) {
-@@ -986,9 +986,9 @@
- if ($last == 0) {
- $sql = 'SELECT value'.
- ' FROM '.$table.
-- ' WHERE itemid='.$db_item['itemid'].
-- ' AND clock='.$clock.
-- ' AND ns='.$ns;
-+ ' WHERE itemid='.zbx_dbstr($db_item['itemid']).
-+ ' AND clock='.zbx_dbstr($clock).
-+ ' AND ns='.zbx_dbstr($ns);
- if (null != ($row = DBfetch(DBselect($sql, 1)))) {
- $value = $row['value'];
- }
-@@ -1000,17 +1000,17 @@
-
- $sql = 'SELECT DISTINCT clock'.
- ' FROM '.$table.
-- ' WHERE itemid='.$db_item['itemid'].
-- ' AND clock='.$clock.
-- ' AND ns<'.$ns;
-+ ' WHERE itemid='.zbx_dbstr($db_item['itemid']).
-+ ' AND clock='.zbx_dbstr($clock).
-+ ' AND ns<'.zbx_dbstr($ns);
- if (null != ($row = DBfetch(DBselect($sql)))) {
- $max_clock = $row['clock'];
- }
- if ($max_clock == 0) {
- $sql = 'SELECT MAX(clock) AS clock'.
- ' FROM '.$table.
-- ' WHERE itemid='.$db_item['itemid'].
-- ' AND clock<'.$clock;
-+ ' WHERE itemid='.zbx_dbstr($db_item['itemid']).
-+ ' AND clock<'.zbx_dbstr($clock);
- if (null != ($row = DBfetch(DBselect($sql)))) {
- $max_clock = $row['clock'];
- }
-@@ -1022,15 +1022,15 @@
- if ($clock == $max_clock) {
- $sql = 'SELECT value'.
- ' FROM '.$table.
-- ' WHERE itemid='.$db_item['itemid'].
-- ' AND clock='.$clock.
-- ' AND ns<'.$ns;
-+ ' WHERE itemid='.zbx_dbstr($db_item['itemid']).
-+ ' AND clock='.zbx_dbstr($clock).
-+ ' AND ns<'.zbx_dbstr($ns);
- }
- else {
- $sql = 'SELECT value'.
- ' FROM '.$table.
-- ' WHERE itemid='.$db_item['itemid'].
-- ' AND clock='.$max_clock.
-+ ' WHERE itemid='.zbx_dbstr($db_item['itemid']).
-+ ' AND clock='.zbx_dbstr($max_clock).
- ' ORDER BY itemid,clock desc,ns desc';
- }
-
-@@ -1039,9 +1039,9 @@
- }
- }
- else {
-- $row = DBfetch(DBselect('SELECT MAX(clock) AS clock FROM '.$table.' WHERE itemid='.$db_item['itemid']));
-+ $row = DBfetch(DBselect('SELECT MAX(clock) AS clock FROM '.$table.' WHERE itemid='.zbx_dbstr($db_item['itemid'])));
- if (!empty($row['clock'])) {
-- $row = DBfetch(DBselect('SELECT value FROM '.$table.' WHERE itemid='.$db_item['itemid'].' AND clock='.$row['clock'].' ORDER BY ns DESC', 1));
-+ $row = DBfetch(DBselect('SELECT value FROM '.$table.' WHERE itemid='.zbx_dbstr($db_item['itemid']).' AND clock='.zbx_dbstr($row['clock']).' ORDER BY ns DESC', 1));
- if (!empty($row['value'])) {
- $value = $row['value'];
- }
-Index: frontends/php/include/services.inc.php
-===================================================================
---- ./frontends/php/include/services.inc.php (revision 38884)
-+++ ./frontends/php/include/services.inc.php (working copy)
-@@ -42,7 +42,7 @@
- $result = DBselect(
- 'SELECT s.status'.
- ' FROM services s,services_links l'.
-- ' WHERE l.serviceupid='.$serviceid.
-+ ' WHERE l.serviceupid='.zbx_dbstr($serviceid).
- ' AND s.serviceid=l.servicedownid'.
- ' ORDER BY s.status'.$sort_order
- );
-@@ -77,7 +77,7 @@
- $result = DBselect(
- 'SELECT sl.servicedownid'.
- ' FROM services_links sl'.
-- ' WHERE sl.serviceupid='.$serviceid.
-+ ' WHERE sl.serviceupid='.zbx_dbstr($serviceid).
- ($soft ? '' : ' AND sl.soft=0')
- );
- while ($row = DBfetch($result)) {
-@@ -354,7 +354,7 @@
- 'SELECT l.serviceupid,s.algorithm'.
- ' FROM services_links l,services s'.
- ' WHERE s.serviceid=l.serviceupid'.
-- ' AND l.servicedownid='.$serviceid
-+ ' AND l.servicedownid='.zbx_dbstr($serviceid)
- );
- while ($row = DBfetch($result)) {
- $serviceupid = $row['serviceupid'];
-@@ -363,7 +363,7 @@
- if ($algorithm == SERVICE_ALGORITHM_MAX || $algorithm == SERVICE_ALGORITHM_MIN) {
- $status = get_service_status($serviceupid, $algorithm);
- add_service_alarm($serviceupid, $status, time());
-- DBexecute('UPDATE services SET status='.$status.' WHERE serviceid='.$serviceupid);
-+ DBexecute('UPDATE services SET status='.zbx_dbstr($status).' WHERE serviceid='.zbx_dbstr($serviceupid));
- }
- elseif ($algorithm != SERVICE_ALGORITHM_NONE) {
- error(_('Unknown calculation algorithm of service status').SPACE.'['.$algorithm.']');
-@@ -371,7 +371,7 @@
- }
- }
-
-- $result = DBselect('SELECT sl.serviceupid FROM services_links sl WHERE sl.servicedownid='.$serviceid);
-+ $result = DBselect('SELECT sl.serviceupid FROM services_links sl WHERE sl.servicedownid='.zbx_dbstr($serviceid));
- while ($row = DBfetch($result)) {
- $serviceupid = $row['serviceupid'];
- update_services_rec($serviceupid); // ATTENTION: recursion!!!
-@@ -386,9 +386,9 @@
- * @param $status
- */
- function update_services($triggerid, $status) {
-- DBexecute('UPDATE services SET status='.$status.' WHERE triggerid='.$triggerid);
-+ DBexecute('UPDATE services SET status='.zbx_dbstr($status).' WHERE triggerid='.zbx_dbstr($triggerid));
-
-- $result = DBselect('SELECT s.serviceid FROM services s WHERE s.triggerid='.$triggerid);
-+ $result = DBselect('SELECT s.serviceid FROM services s WHERE s.triggerid='.zbx_dbstr($triggerid));
- while ($row = DBfetch($result)) {
- add_service_alarm($row['serviceid'], $status, time());
- update_services_rec($row['serviceid']);
-@@ -415,7 +415,7 @@
- );
- while ($row = DBfetch($result)) {
- $status = get_service_status($row['serviceid'], $row['algorithm'], $row['triggerid']);
-- DBexecute('UPDATE services SET status='.$status.' WHERE serviceid='.$row['serviceid']);
-+ DBexecute('UPDATE services SET status='.zbx_dbstr($status).' WHERE serviceid='.$row['serviceid']);
- add_service_alarm($row['serviceid'], $status, time());
- }
-
-@@ -441,7 +441,7 @@
- $result = DBselect(
- 'SELECT sa.servicealarmid,sa.value'.
- ' FROM service_alarms sa'.
-- ' WHERE sa.serviceid='.$serviceid.
-+ ' WHERE sa.serviceid='.zbx_dbstr($serviceid).
- ' ORDER BY sa.servicealarmid DESC', 1
- );
- $row = DBfetch($result);
-@@ -457,7 +457,7 @@
- if (latest_service_alarm($serviceid, $status)) {
- return true;
- }
-- return DBexecute('INSERT INTO service_alarms (servicealarmid,serviceid,clock,value) VALUES ('.get_dbid('service_alarms', 'servicealarmid').','.$serviceid.','.$clock.','.$status.')');
-+ return DBexecute('INSERT INTO service_alarms (servicealarmid,serviceid,clock,value) VALUES ('.get_dbid('service_alarms', 'servicealarmid').','.zbx_dbstr($serviceid).','.zbx_dbstr($clock).','.zbx_dbstr($status).')');
- }
-
- /**
-Index: frontends/php/include/profiles.inc.php
-===================================================================
---- ./frontends/php/include/profiles.inc.php (revision 38884)
-+++ ./frontends/php/include/profiles.inc.php (working copy)
-@@ -148,9 +148,9 @@
- 'profileid' => get_dbid('profiles', 'profileid'),
- 'userid' => self::$userDetails['userid'],
- 'idx' => zbx_dbstr($idx),
-- $value_type => ($value_type == 'value_str') ? zbx_dbstr($value) : $value,
-- 'type' => $type,
-- 'idx2' => $idx2
-+ $value_type => zbx_dbstr($value),
-+ 'type' => zbx_dbstr($type),
-+ 'idx2' => zbx_dbstr($idx2)
- );
- return DBexecute('INSERT INTO profiles ('.implode(', ', array_keys($values)).') VALUES ('.implode(', ', $values).')');
- }
-@@ -163,16 +163,15 @@
- }
-
- if ($idx2 > 0) {
-- $sql_cond .= ' AND idx2='.$idx2.' AND '.DBin_node('idx2', false);
-+ $sql_cond .= ' AND idx2='.zbx_dbstr($idx2).' AND '.DBin_node('idx2', false);
- }
-
- $value_type = self::getFieldByType($type);
-- $value = ($value_type == 'value_str') ? zbx_dbstr($value) : $value;
-
- return DBexecute(
- 'UPDATE profiles SET '.
-- $value_type.'='.$value.','.
-- ' type='.$type.
-+ $value_type.'='.zbx_dbstr($value).','.
-+ ' type='.zbx_dbstr($type).
- ' WHERE userid='.self::$userDetails['userid'].
- ' AND idx='.zbx_dbstr($idx).
- $sql_cond
-@@ -242,7 +241,7 @@
- }
- }
- if (isset($configs['alert_usrgrpid'])) {
-- if ($configs['alert_usrgrpid'] != 0 && !DBfetch(DBselect('SELECT u.usrgrpid FROM usrgrp u WHERE u.usrgrpid='.$configs['alert_usrgrpid']))) {
-+ if ($configs['alert_usrgrpid'] != 0 && !DBfetch(DBselect('SELECT u.usrgrpid FROM usrgrp u WHERE u.usrgrpid='.zbx_dbstr($configs['alert_usrgrpid'])))) {
- error(_('Incorrect user group.'));
- return false;
- }
-@@ -393,7 +392,7 @@
- $history5 = DBfetch(DBSelect(
- 'SELECT uh.title5,uh.url5'.
- ' FROM user_history uh'.
-- ' WHERE uh.userid='.$userid
-+ ' WHERE uh.userid='.zbx_dbstr($userid)
- ));
-
- if ($history5 && ($history5['title5'] == $title)) {
-@@ -401,7 +400,7 @@
- // title same, url isnt, change only url
- $sql = 'UPDATE user_history'.
- ' SET url5='.zbx_dbstr($url).
-- ' WHERE userid='.$userid;
-+ ' WHERE userid='.zbx_dbstr($userid);
- }
- else {
- // no need to change anything;
-@@ -413,7 +412,7 @@
- if ($history5 === false) {
- $userhistoryid = get_dbid('user_history', 'userhistoryid');
- $sql = 'INSERT INTO user_history (userhistoryid, userid, title5, url5)'.
-- ' VALUES('.$userhistoryid.', '.$userid.', '.zbx_dbstr($title).', '.zbx_dbstr($url).')';
-+ ' VALUES('.$userhistoryid.', '.zbx_dbstr($userid).', '.zbx_dbstr($title).', '.zbx_dbstr($url).')';
- }
- else {
- $sql = 'UPDATE user_history'.
-@@ -427,7 +426,7 @@
- ' url4=url5,'.
- ' title5='.zbx_dbstr($title).','.
- ' url5='.zbx_dbstr($url).
-- ' WHERE userid='.$userid;
-+ ' WHERE userid='.zbx_dbstr($userid);
- }
- }
- return DBexecute($sql);
-@@ -464,7 +463,7 @@
- 'profileid' => get_dbid('profiles', 'profileid'),
- 'userid' => CWebUser::$data['userid'],
- 'idx' => zbx_dbstr($favobj),
-- 'value_id' => $favid,
-+ 'value_id' => zbx_dbstr($favid),
- 'type' => PROFILE_TYPE_ID
- );
- if (!is_null($source)) {
-@@ -478,7 +477,7 @@
- 'DELETE FROM profiles'.
- ' WHERE userid='.CWebUser::$data['userid'].
- ' AND idx='.zbx_dbstr($favobj).
-- ($favid > 0 ? ' AND value_id='.$favid : '').
-+ ($favid > 0 ? ' AND value_id='.zbx_dbstr($favid) : '').
- (is_null($source) ? '' : ' AND source='.zbx_dbstr($source))
- );
- }
-Index: frontends/php/include/graphs.inc.php
-===================================================================
---- ./frontends/php/include/graphs.inc.php (revision 38884)
-+++ ./frontends/php/include/graphs.inc.php (working copy)
-@@ -120,7 +120,7 @@
- $dbGraphs = DBselect(
- 'SELECT MAX(g.graphtype) AS graphtype,MIN(gi.yaxisside) AS yaxissidel,MAX(gi.yaxisside) AS yaxissider,MAX(g.height) AS height'.
- ' FROM graphs g,graphs_items gi'.
-- ' WHERE g.graphid='.$graphid.
-+ ' WHERE g.graphid='.zbx_dbstr($graphid).
- ' AND gi.graphid=g.graphid'
- );
- if ($graph = DBfetch($dbGraphs)) {
-@@ -154,7 +154,7 @@
- ' FROM graphs g,graphs_items gi,items i'.
- ' WHERE g.graphid=gi.graphid'.
- ' AND gi.itemid=i.itemid'.
-- ' AND i.hostid='.$hostid
-+ ' AND i.hostid='.zbx_dbstr($hostid)
- );
- }
-
-@@ -172,7 +172,7 @@
- ' FROM graphs_items gi,items i,hosts h'.
- ' WHERE h.hostid=i.hostid'.
- ' AND gi.itemid=i.itemid'.
-- ' AND gi.graphid='.$graphid
-+ ' AND gi.graphid='.zbx_dbstr($graphid)
- );
- }
-
-@@ -187,7 +187,7 @@
- $dbItems = DBselect(
- 'SELECT DISTINCT gi.itemid'.
- ' FROM graphs_items gi'.
-- ' WHERE gi.graphid='.$graphid
-+ ' WHERE gi.graphid='.zbx_dbstr($graphid)
- );
- while ($item = DBfetch($dbItems)) {
- $itemids[$item['itemid']] = $item['itemid'];
-@@ -280,7 +280,7 @@
- }
-
- function get_graph_by_graphid($graphid) {
-- $dbGraphs = DBselect('SELECT g.* FROM graphs g WHERE g.graphid='.$graphid);
-+ $dbGraphs = DBselect('SELECT g.* FROM graphs g WHERE g.graphid='.zbx_dbstr($graphid));
- $dbGraphs = DBfetch($dbGraphs);
- if (!empty($dbGraphs)) {
- return $dbGraphs;
-@@ -307,8 +307,8 @@
- 'SELECT dest.itemid,src.key_'.
- ' FROM items dest,items src'.
- ' WHERE dest.key_=src.key_'.
-- ' AND dest.hostid='.$dest_hostid.
-- ' AND src.itemid='.$gitem['itemid']
-+ ' AND dest.hostid='.zbx_dbstr($dest_hostid).
-+ ' AND src.itemid='.zbx_dbstr($gitem['itemid'])
- ));
-
- if ($dbItem) {
-Index: frontends/php/include/db.inc.php
-===================================================================
---- ./frontends/php/include/db.inc.php (revision 38884)
-+++ ./frontends/php/include/db.inc.php (working copy)
-@@ -150,7 +150,7 @@
- );
- db2_set_option($DB['DB'], $options, 1);
- if (isset($DB['SCHEMA']) && ($DB['SCHEMA'] != '')) {
-- DBexecute("SET CURRENT SCHEMA='".$DB['SCHEMA']."'");
-+ DBexecute('SET CURRENT SCHEMA='.zbx_dbstr($DB['SCHEMA']));
- }
- }
- break;
-@@ -563,7 +563,7 @@
-
- $result = false;
-
-- if (!isset($DB['DB']) || empty($DB['DB'])) {
-+ if (!isset($DB['DB']) || empty($DB['DB']) || is_bool($cursor)) {
- return $result;
- }
-
-Index: frontends/php/include/views/configuration.screen.constructor.edit.php
-===================================================================
---- ./frontends/php/include/views/configuration.screen.constructor.edit.php (revision 38884)
-+++ ./frontends/php/include/views/configuration.screen.constructor.edit.php (working copy)
-@@ -419,7 +419,7 @@
- 'SELECT DISTINCT n.name AS node_name,s.screenid,s.name'.
- ' FROM screens s'.
- ' LEFT JOIN nodes n ON n.nodeid='.DBid2nodeid('s.screenid').
-- ' WHERE s.screenid='.$resourceid
-+ ' WHERE s.screenid='.zbx_dbstr($resourceid)
- );
- while ($row = DBfetch($db_screens)) {
- $screen = API::Screen()->get(array(
-Index: frontends/php/include/classes/class.chostsinfo.php
-===================================================================
---- ./frontends/php/include/classes/class.chostsinfo.php (revision 38884)
-+++ ./frontends/php/include/classes/class.chostsinfo.php (working copy)
-@@ -55,7 +55,7 @@
- $cond_from = '';
- if (remove_nodes_from_id($this->groupid) > 0) {
- $cond_from = ', hosts_groups hg ';
-- $cond_where = 'AND hg.hostid=h.hostid AND hg.groupid='.$this->groupid;
-+ $cond_where = 'AND hg.hostid=h.hostid AND hg.groupid='.zbx_dbstr($this->groupid);
- }
- else {
- $cond_where = ' AND '.DBin_node('h.hostid', $this->nodeid);
-Index: frontends/php/include/classes/import/CImportReferencer.php
-===================================================================
---- ./frontends/php/include/classes/import/CImportReferencer.php (revision 38884)
-+++ ./frontends/php/include/classes/import/CImportReferencer.php (working copy)
-@@ -595,7 +595,7 @@
- foreach ($this->applications as $host => $applications) {
- $hostId = $this->resolveHostOrTemplate($host);
- if ($hostId) {
-- $sqlWhere[] = '(hostid='.$hostId.' AND '.dbConditionString('name', $applications).')';
-+ $sqlWhere[] = '(hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('name', $applications).')';
- }
- }
-
-@@ -626,7 +626,7 @@
- foreach ($this->items as $host => $keys) {
- $hostId = $this->resolveHostOrTemplate($host);
- if ($hostId) {
-- $sqlWhere[] = '(i.hostid='.$hostId.' AND '.dbConditionString('i.key_', $keys).')';
-+ $sqlWhere[] = '(i.hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('i.key_', $keys).')';
- }
- }
-
-@@ -778,7 +778,7 @@
- foreach ($this->macros as $host => $macros) {
- $hostId = $this->resolveHostOrTemplate($host);
- if ($hostId) {
-- $sqlWhere[] = '(hm.hostid='.$hostId.' AND '.dbConditionString('hm.macro', $macros).')';
-+ $sqlWhere[] = '(hm.hostid='.zbx_dbstr($hostId).' AND '.dbConditionString('hm.macro', $macros).')';
- }
- }
-
-Index: frontends/php/include/classes/class.cpie.php
-===================================================================
---- ./frontends/php/include/classes/class.cpie.php (revision 38884)
-+++ ./frontends/php/include/classes/class.cpie.php (working copy)
-@@ -170,9 +170,9 @@
- 'MAX(i.lastvalue) AS lst'.
- ' FROM history h'.
- ' LEFT JOIN items i ON h.itemid=i.itemid'.
-- ' WHERE h.itemid='.$this->items[$i]['itemid'].
-- ' AND h.clock>='.$from_time.
-- ' AND h.clock<='.$to_time.
-+ ' WHERE h.itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND h.clock>='.zbx_dbstr($from_time).
-+ ' AND h.clock<='.zbx_dbstr($to_time).
- ' GROUP BY h.itemid'
- ,
- 'SELECT hu.itemid,'.
-@@ -181,9 +181,9 @@
- 'MAX(i.lastvalue) AS lst'.
- ' FROM history_uint hu'.
- ' LEFT JOIN items i ON hu.itemid=i.itemid'.
-- ' WHERE hu.itemid='.$this->items[$i]['itemid'].
-- ' AND hu.clock>='.$from_time.
-- ' AND hu.clock<='.$to_time.
-+ ' WHERE hu.itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND hu.clock>='.zbx_dbstr($from_time).
-+ ' AND hu.clock<='.zbx_dbstr($to_time).
- ' GROUP BY hu.itemid'
- );
- }
-@@ -196,9 +196,9 @@
- 'MAX(i.lastvalue) AS lst'.
- ' FROM trends t'.
- ' LEFT JOIN items i ON t.itemid=i.itemid'.
-- ' WHERE t.itemid='.$this->items[$i]['itemid'].
-- ' AND t.clock>='.$from_time.
-- ' AND t.clock<='.$to_time.
-+ ' WHERE t.itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND t.clock>='.zbx_dbstr($from_time).
-+ ' AND t.clock<='.zbx_dbstr($to_time).
- ' GROUP BY t.itemid'
- ,
- 'SELECT t.itemid,'.
-@@ -207,9 +207,9 @@
- 'MAX(i.lastvalue) AS lst'.
- ' FROM trends_uint t'.
- ' LEFT JOIN items i ON t.itemid=i.itemid'.
-- ' WHERE t.itemid='.$this->items[$i]['itemid'].
-- ' AND t.clock>='.$from_time.
-- ' AND t.clock<='.$to_time.
-+ ' WHERE t.itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND t.clock>='.zbx_dbstr($from_time).
-+ ' AND t.clock<='.zbx_dbstr($to_time).
- ' GROUP BY t.itemid'
- );
- }
-Index: frontends/php/include/classes/screens/CScreenDataOverview.php
-===================================================================
---- ./frontends/php/include/classes/screens/CScreenDataOverview.php (revision 38884)
-+++ ./frontends/php/include/classes/screens/CScreenDataOverview.php (working copy)
-@@ -28,7 +28,7 @@
- */
- public function get() {
- $hostids = array();
-- $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.$this->screenitem['resourceid']);
-+ $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.zbx_dbstr($this->screenitem['resourceid']));
- while ($dbHostGroup = DBfetch($dbHostGroups)) {
- $hostids[$dbHostGroup['hostid']] = $dbHostGroup['hostid'];
- }
-Index: frontends/php/include/classes/screens/CScreenTriggersOverview.php
-===================================================================
---- ./frontends/php/include/classes/screens/CScreenTriggersOverview.php (revision 38884)
-+++ ./frontends/php/include/classes/screens/CScreenTriggersOverview.php (working copy)
-@@ -28,7 +28,7 @@
- */
- public function get() {
- $hostids = array();
-- $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.$this->screenitem['resourceid']);
-+ $dbHostGroups = DBselect('SELECT DISTINCT hg.hostid FROM hosts_groups hg WHERE hg.groupid='.zbx_dbstr($this->screenitem['resourceid']));
- while ($dbHostGroup = DBfetch($dbHostGroups)) {
- $hostids[$dbHostGroup['hostid']] = $dbHostGroup['hostid'];
- }
-Index: frontends/php/include/classes/class.cchart.php
-===================================================================
---- ./frontends/php/include/classes/class.cchart.php (revision 38884)
-+++ ./frontends/php/include/classes/class.cchart.php (working copy)
-@@ -225,18 +225,18 @@
- 'COUNT(*) AS count,AVG(value) AS avg,MIN(value) as min,'.
- 'MAX(value) AS max,MAX(clock) AS clock'.
- ' FROM history '.
-- ' WHERE itemid='.$this->items[$i]['itemid'].
-- ' AND clock>='.$from_time.
-- ' AND clock<='.$to_time.
-+ ' WHERE itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND clock>='.zbx_dbstr($from_time).
-+ ' AND clock<='.zbx_dbstr($to_time).
- ' GROUP BY itemid,'.$calc_field
- ,
- 'SELECT itemid,'.$calc_field.' AS i,'.
- 'COUNT(*) AS count,AVG(value) AS avg,MIN(value) AS min,'.
- 'MAX(value) AS max,MAX(clock) AS clock'.
- ' FROM history_uint '.
-- ' WHERE itemid='.$this->items[$i]['itemid'].
-- ' AND clock>='.$from_time.
-- ' AND clock<='.$to_time.
-+ ' WHERE itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND clock>='.zbx_dbstr($from_time).
-+ ' AND clock<='.zbx_dbstr($to_time).
- ' GROUP BY itemid,'.$calc_field
- );
- }
-@@ -248,17 +248,17 @@
- 'MAX(value_max) AS max,MAX(clock) AS clock'.
- ' FROM trends'.
- ' WHERE itemid='.$this->items[$i]['itemid'].
-- ' AND clock>='.$from_time.
-- ' AND clock<='.$to_time.
-+ ' AND clock>='.zbx_dbstr($from_time).
-+ ' AND clock<='.zbx_dbstr($to_time).
- ' GROUP BY itemid,'.$calc_field
- ,
- 'SELECT itemid,'.$calc_field.' AS i,'.
- 'SUM(num) AS count,AVG(value_avg) AS avg,MIN(value_min) AS min,'.
- 'MAX(value_max) AS max,MAX(clock) AS clock'.
- ' FROM trends_uint '.
-- ' WHERE itemid='.$this->items[$i]['itemid'].
-- ' AND clock>='.$from_time.
-- ' AND clock<='.$to_time.
-+ ' WHERE itemid='.zbx_dbstr($this->items[$i]['itemid']).
-+ ' AND clock>='.zbx_dbstr($from_time).
-+ ' AND clock<='.zbx_dbstr($to_time).
- ' GROUP BY itemid,'.$calc_field
- );
-
-@@ -438,7 +438,7 @@
- ' AND tr.status='.TRIGGER_STATUS_ENABLED.
- ' AND i.itemid=f.itemid'.
- ' AND h.hostid=i.hostid'.
-- ' AND f.itemid='.$item['itemid'].
-+ ' AND f.itemid='.zbx_dbstr($item['itemid']).
- ' ORDER BY tr.priority'
- );
- while (($trigger = DBfetch($db_triggers)) && $cnt < $max) {
-Index: frontends/php/include/classes/helpers/trigger/CTriggerDescription.php
-===================================================================
---- ./frontends/php/include/classes/helpers/trigger/CTriggerDescription.php (revision 38884)
-+++ ./frontends/php/include/classes/helpers/trigger/CTriggerDescription.php (working copy)
-@@ -59,7 +59,7 @@
- $trigger = DBfetch(DBselect(
- 'SELECT DISTINCT t.description,t.expression,t.triggerid'.
- ' FROM triggers t'.
-- ' WHERE t.triggerid='.$triggerId
-+ ' WHERE t.triggerid='.zbx_dbstr($triggerId)
- ));
- $triggers = $this->expandDescriptions(array($trigger['triggerid'] => $trigger));
- $trigger = reset($triggers);
-Index: frontends/php/include/maps.inc.php
-===================================================================
---- ./frontends/php/include/maps.inc.php (revision 38884)
-+++ ./frontends/php/include/maps.inc.php (working copy)
-@@ -252,7 +252,7 @@
- $res = DBselect('SELECT hi.ip,hi.dns,hi.useip,h.host,h.name,hi.type AS interfacetype'.
- ' FROM interface hi,hosts h'.
- ' WHERE hi.hostid=h.hostid'.
-- ' AND hi.main=1 AND hi.hostid='.$selement['elementid']);
-+ ' AND hi.main=1 AND hi.hostid='.zbx_dbstr($selement['elementid']));
-
- // process interface priorities
- $tmpPriority = 0;
-@@ -272,7 +272,7 @@
- ' WHERE h.hostid=hi.hostid'.
- ' AND hi.hostid=i.hostid'.
- ' AND i.itemid=f.itemid'.
-- ' AND hi.main=1 AND f.triggerid='.$selement['elementid'].
-+ ' AND hi.main=1 AND f.triggerid='.zbx_dbstr($selement['elementid']).
- ' ORDER BY f.functionid');
-
- // process interface priorities, build $hostsByFunctionId array
-@@ -473,7 +473,7 @@
- 'SELECT '.$function.'(value) AS value'.
- ' FROM '.$history_table[$item['value_type']].
- ' WHERE clock>'.(time() - $parameter).
-- ' AND itemid='.$item['itemid']
-+ ' AND itemid='.zbx_dbstr($item['itemid'])
- );
- if (null === ($row = DBfetch($result))) {
- $label = str_replace($expr, '('._('no data').')', $label);
-@@ -502,7 +502,7 @@
- $db_mapselements = DBselect(
- 'SELECT DISTINCT se.elementtype,se.elementid'.
- ' FROM sysmaps_elements se'.
-- ' WHERE se.sysmapid='.$db_element['elementid']
-+ ' WHERE se.sysmapid='.zbx_dbstr($db_element['elementid'])
- );
- while ($db_mapelement = DBfetch($db_mapselements)) {
- get_map_elements($db_mapelement, $elements);
-Index: frontends/php/include/hosts.inc.php
-===================================================================
---- ./frontends/php/include/hosts.inc.php (revision 38884)
-+++ ./frontends/php/include/hosts.inc.php (working copy)
-@@ -483,7 +483,7 @@
- }
-
- function get_hostgroup_by_groupid($groupid) {
-- $groups = DBfetch(DBselect('SELECT g.* FROM groups g WHERE g.groupid='.$groupid));
-+ $groups = DBfetch(DBselect('SELECT g.* FROM groups g WHERE g.groupid='.zbx_dbstr($groupid)));
- if (!empty($groups)) {
- return $groups;
- }
-@@ -522,7 +522,7 @@
- }
-
- function get_host_by_hostid($hostid, $no_error_message = 0) {
-- $row = DBfetch(DBselect('SELECT h.* FROM hosts h WHERE h.hostid='.$hostid));
-+ $row = DBfetch(DBselect('SELECT h.* FROM hosts h WHERE h.hostid='.zbx_dbstr($hostid)));
- if ($row) {
- return $row;
- }
-@@ -1109,7 +1109,7 @@
-
- if ($_REQUEST['groupid'] > 0) {
- if ($_REQUEST['hostid'] > 0) {
-- if (!DBfetch(DBselect('SELECT hg.groupid FROM hosts_groups hg WHERE hg.hostid='.$_REQUEST['hostid'].' AND hg.groupid='.$_REQUEST['groupid']))) {
-+ if (!DBfetch(DBselect('SELECT hg.groupid FROM hosts_groups hg WHERE hg.hostid='.zbx_dbstr($_REQUEST['hostid']).' AND hg.groupid='.zbx_dbstr($_REQUEST['groupid'])))) {
- $_REQUEST['hostid'] = 0;
- }
- }
-@@ -1145,7 +1145,7 @@
- }
-
- function get_application_by_applicationid($applicationid, $no_error_message = 0) {
-- $row = DBfetch(DBselect('SELECT a.* FROM applications a WHERE a.applicationid='.$applicationid));
-+ $row = DBfetch(DBselect('SELECT a.* FROM applications a WHERE a.applicationid='.zbx_dbstr($applicationid)));
- if ($row) {
- return $row;
- }
-@@ -1157,7 +1157,7 @@
- }
-
- function get_applications_by_templateid($applicationid) {
-- return DBselect('SELECT a.* FROM applications a WHERE a.templateid='.$applicationid);
-+ return DBselect('SELECT a.* FROM applications a WHERE a.templateid='.zbx_dbstr($applicationid));
- }
-
- function get_realhost_by_applicationid($applicationid) {
-@@ -1169,7 +1169,7 @@
- }
-
- function get_host_by_applicationid($applicationid) {
-- $row = DBfetch(DBselect('SELECT h.* FROM hosts h,applications a WHERE a.hostid=h.hostid AND a.applicationid='.$applicationid));
-+ $row = DBfetch(DBselect('SELECT h.* FROM hosts h,applications a WHERE a.hostid=h.hostid AND a.applicationid='.zbx_dbstr($applicationid)));
- if ($row) {
- return $row;
- }
-@@ -1327,7 +1327,7 @@
- }
-
- function isTemplate($hostid) {
-- $dbHost = DBfetch(DBselect('SELECT h.status FROM hosts h WHERE h.hostid='.$hostid));
-+ $dbHost = DBfetch(DBselect('SELECT h.status FROM hosts h WHERE h.hostid='.zbx_dbstr($hostid)));
-
- return !empty($dbHost) && $dbHost['status'] == HOST_STATUS_TEMPLATE;
- }
-Index: frontends/php/include/users.inc.php
-===================================================================
---- ./frontends/php/include/users.inc.php (revision 38884)
-+++ ./frontends/php/include/users.inc.php (working copy)
-@@ -90,9 +90,9 @@
- function add_user_to_group($userid, $usrgrpid) {
- $result = false;
- if (granted2move_user($userid,$usrgrpid)) {
-- DBexecute('DELETE FROM users_groups WHERE userid='.$userid.' AND usrgrpid='.$usrgrpid);
-+ DBexecute('DELETE FROM users_groups WHERE userid='.zbx_dbstr($userid).' AND usrgrpid='.zbx_dbstr($usrgrpid));
- $users_groups_id = get_dbid('users_groups', 'id');
-- $result = DBexecute('INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$users_groups_id.','.$usrgrpid.','.$userid.')');
-+ $result = DBexecute('INSERT INTO users_groups (id,usrgrpid,userid) VALUES ('.$users_groups_id.','.zbx_dbstr($usrgrpid).','.zbx_dbstr($userid).')');
- }
- else{
- error(_('User cannot change status of himself.'));
-@@ -103,7 +103,7 @@
- function remove_user_from_group($userid, $usrgrpid) {
- $result = false;
- if (granted2move_user($userid,$usrgrpid)) {
-- $result = DBexecute('DELETE FROM users_groups WHERE userid='.$userid.' AND usrgrpid='.$usrgrpid);
-+ $result = DBexecute('DELETE FROM users_groups WHERE userid='.zbx_dbstr($userid).' AND usrgrpid='.zbx_dbstr($usrgrpid));
- }
- else {
- error(_('User cannot change status of himself.'));
-@@ -138,7 +138,7 @@
- }
-
- if ($grant) {
-- $result = DBexecute('UPDATE usrgrp SET users_status='.$users_status.' WHERE '.dbConditionInt('usrgrpid', $usrgrpids));
-+ $result = DBexecute('UPDATE usrgrp SET users_status='.zbx_dbstr($users_status).' WHERE '.dbConditionInt('usrgrpid', $usrgrpids));
- }
- else {
- error(_('User cannot change status of himself.'));
-@@ -154,7 +154,7 @@
- $grant = granted2update_group($usrgrpids);
- }
- if ($grant) {
-- $result = DBexecute('UPDATE usrgrp SET gui_access='.$gui_access.' WHERE '.dbConditionInt('usrgrpid',$usrgrpids));
-+ $result = DBexecute('UPDATE usrgrp SET gui_access='.zbx_dbstr($gui_access).' WHERE '.dbConditionInt('usrgrpid',$usrgrpids));
- }
- else {
- error(_('User cannot change GUI access for himself.'));
-@@ -164,6 +164,6 @@
-
- function change_group_debug_mode($usrgrpids, $debug_mode){
- zbx_value2array($usrgrpids);
-- return DBexecute('UPDATE usrgrp SET debug_mode='.$debug_mode.' WHERE '.dbConditionInt('usrgrpid', $usrgrpids));
-+ return DBexecute('UPDATE usrgrp SET debug_mode='.zbx_dbstr($debug_mode).' WHERE '.dbConditionInt('usrgrpid', $usrgrpids));
- }
- ?>
-Index: frontends/php/include/events.inc.php
-===================================================================
---- ./frontends/php/include/events.inc.php (revision 38884)
-+++ ./frontends/php/include/events.inc.php (working copy)
-@@ -33,7 +33,7 @@
- function get_tr_event_by_eventid($eventid) {
- $sql = 'SELECT e.*,t.triggerid,t.description,t.expression,t.priority,t.status,t.type'.
- ' FROM events e,triggers t'.
-- ' WHERE e.eventid='.$eventid.
-+ ' WHERE e.eventid='.zbx_dbstr($eventid).
- ' AND e.object='.EVENT_OBJECT_TRIGGER.
- ' AND t.triggerid=e.objectid';
- return DBfetch(DBselect($sql));
-@@ -100,9 +100,9 @@
-
- $sql = 'SELECT e.*'.
- ' FROM events e'.
-- ' WHERE e.objectid='.$currentEvent['objectid'].
-- ' AND e.eventid>'.$currentEvent['eventid'].
-- ' AND e.object='.$currentEvent['object'].
-+ ' WHERE e.objectid='.zbx_dbstr($currentEvent['objectid']).
-+ ' AND e.eventid>'.zbx_dbstr($currentEvent['eventid']).
-+ ' AND e.object='.zbx_dbstr($currentEvent['object']).
- ($showUnknown ? '' : ' AND e.value_changed='.TRIGGER_VALUE_CHANGED_YES).
- ' ORDER BY e.object,e.objectid,e.eventid';
- return DBfetch(DBselect($sql, 1));
-Index: frontends/php/include/images.inc.php
-===================================================================
---- ./frontends/php/include/images.inc.php (revision 38884)
-+++ ./frontends/php/include/images.inc.php (working copy)
-@@ -36,7 +36,7 @@
- static $images = array();
-
- if (!isset($images[$imageid])) {
-- $row = DBfetch(DBselect('SELECT i.* FROM images i WHERE i.imageid='.$imageid));
-+ $row = DBfetch(DBselect('SELECT i.* FROM images i WHERE i.imageid='.zbx_dbstr($imageid)));
- $row['image'] = zbx_unescape_image($row['image']);
- $images[$imageid] = $row;
- }
-Index: frontends/php/include/maintenances.inc.php
-===================================================================
---- ./frontends/php/include/maintenances.inc.php (revision 38884)
-+++ ./frontends/php/include/maintenances.inc.php (working copy)
-@@ -23,7 +23,7 @@
- $sql = 'SELECT m.*'.
- ' FROM maintenances m'.
- ' WHERE '.DBin_node('m.maintenanceid').
-- ' AND maintenanceid='.$maintenanceid;
-+ ' AND maintenanceid='.zbx_dbstr($maintenanceid);
- return DBfetch(DBselect($sql));
- }
-
-Index: frontends/php/include/discovery.inc.php
-===================================================================
---- ./frontends/php/include/discovery.inc.php (revision 38884)
-+++ ./frontends/php/include/discovery.inc.php (working copy)
-@@ -164,7 +164,7 @@
- }
-
- function get_discovery_rule_by_druleid($druleid) {
-- return DBfetch(DBselect('SELECT d.* FROM drules d WHERE d.druleid='.$druleid));
-+ return DBfetch(DBselect('SELECT d.* FROM drules d WHERE d.druleid='.zbx_dbstr($druleid)));
- }
-
- function delete_discovery_rule($druleid) {
-@@ -174,7 +174,7 @@
- 'SELECT DISTINCT c.actionid'.
- ' FROM conditions c'.
- ' WHERE c.conditiontype='.CONDITION_TYPE_DRULE.
-- ' AND c.value=\''.$druleid.'\''
-+ ' AND c.value='.zbx_dbstr($druleid)
- );
- while ($action = DBfetch($dbActions)) {
- $actionids[] = $action['actionid'];
-@@ -183,8 +183,8 @@
- // disabling actions with deleted conditions
- if (!empty($actionids)) {
- DBexecute('UPDATE actions SET status='.ACTION_STATUS_DISABLED.' WHERE '.dbConditionInt('actionid', $actionids));
-- DBexecute('DELETE FROM conditions WHERE conditiontype='.CONDITION_TYPE_DRULE.' AND value=\''.$druleid.'\'');
-+ DBexecute('DELETE FROM conditions WHERE conditiontype='.CONDITION_TYPE_DRULE.' AND value='.zbx_dbstr($druleid));
- }
-- return DBexecute('DELETE FROM drules WHERE druleid='.$druleid);
-+ return DBexecute('DELETE FROM drules WHERE druleid='.zbx_dbstr($druleid));
- }
- ?>
-Index: frontends/php/include/nodes.inc.php
-===================================================================
---- ./frontends/php/include/nodes.inc.php (revision 38884)
-+++ ./frontends/php/include/nodes.inc.php (working copy)
-@@ -281,23 +281,22 @@
- error(_('Master node already exists.'));
- return false;
- }
-- $masterid = 'NULL';
- break;
- default:
- error(_('Incorrect node type.'));
- return false;
- }
-
-- if (DBfetch(DBselect('SELECT n.nodeid FROM nodes n WHERE n.nodeid='.$nodeid))) {
-+ if (DBfetch(DBselect('SELECT n.nodeid FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid)))) {
- error(_('Node with same ID already exists.'));
- return false;
- }
-
- $result = DBexecute('INSERT INTO nodes (nodeid,name,ip,port,nodetype,masterid)'.
-- ' VALUES ('.$nodeid.','.zbx_dbstr($name).','.zbx_dbstr($ip).','.$port.','.$nodetype.','.$masterid.')');
-+ ' VALUES ('.$nodeid.','.zbx_dbstr($name).','.zbx_dbstr($ip).','.zbx_dbstr($port).','.zbx_dbstr($nodetype).','.($masterid ? zbx_dbstr($masterid) : 'NULL').')');
-
- if ($result && $nodetype == ZBX_NODE_MASTER) {
-- DBexecute('UPDATE nodes SET masterid='.$nodeid.' WHERE nodeid='.$ZBX_LOCALNODEID);
-+ DBexecute('UPDATE nodes SET masterid='.zbx_dbstr($nodeid).' WHERE nodeid='.$ZBX_LOCALNODEID);
- $ZBX_CURMASTERID = $nodeid; // apply master node for this script
- }
-
-@@ -309,12 +308,12 @@
- error(_('Incorrect characters used for Node name.'));
- return false;
- }
-- return DBexecute('UPDATE nodes SET name='.zbx_dbstr($name).',ip='.zbx_dbstr($ip).',port='.$port.' WHERE nodeid='.$nodeid);
-+ return DBexecute('UPDATE nodes SET name='.zbx_dbstr($name).',ip='.zbx_dbstr($ip).',port='.zbx_dbstr($port).' WHERE nodeid='.zbx_dbstr($nodeid));
- }
-
- function delete_node($nodeid) {
- $result = false;
-- $node = DBfetch(DBselect('SELECT n.nodeid,n.masterid FROM nodes n WHERE n.nodeid='.$nodeid));
-+ $node = DBfetch(DBselect('SELECT n.nodeid,n.masterid FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid)));
- $nodetype = detect_node_type($node['nodeid'], $node['masterid']);
-
- if ($nodetype == ZBX_NODE_LOCAL) {
-@@ -322,8 +321,8 @@
- }
- else {
- $result = (
-- DBexecute('UPDATE nodes SET masterid=NULL WHERE masterid='.$nodeid) &&
-- DBexecute('DELETE FROM nodes WHERE nodeid='.$nodeid)
-+ DBexecute('UPDATE nodes SET masterid=NULL WHERE masterid='.zbx_dbstr($nodeid)) &&
-+ DBexecute('DELETE FROM nodes WHERE nodeid='.zbx_dbstr($nodeid))
- );
- if ($nodetype != ZBX_NODE_MASTER) {
- error(_('Please be aware that database still contains data related to the deleted node.'));
-@@ -333,7 +332,7 @@
- }
-
- function get_node_by_nodeid($nodeid) {
-- return DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.$nodeid));
-+ return DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid)));
- }
-
- function get_node_path($nodeid, $result = '') {
-Index: frontends/php/include/valuemap.inc.php
-===================================================================
---- ./frontends/php/include/valuemap.inc.php (revision 38884)
-+++ ./frontends/php/include/valuemap.inc.php (working copy)
-@@ -59,7 +59,7 @@
- unset($valueMap['valuemapid']);
-
- // check existence
-- if (!DBfetch(DBselect('SELECT v.valuemapid FROM valuemaps v WHERE v.valuemapid='.$valueMapId))) {
-+ if (!DBfetch(DBselect('SELECT v.valuemapid FROM valuemaps v WHERE v.valuemapid='.zbx_dbstr($valueMapId)))) {
- throw new Exception(_s('Value map with valuemapid "%1$s" does not exist.', $valueMapId));
- }
-
-@@ -228,7 +228,7 @@
- $dbMappings = DBselect(
- 'SELECT m.mappingid,m.value,m.newvalue'.
- ' FROM mappings m'.
-- ' WHERE m.valuemapid='.$valueMapId
-+ ' WHERE m.valuemapid='.zbx_dbstr($valueMapId)
- );
- while ($mapping = DBfetch($dbMappings)) {
- $mappings[$mapping['mappingid']] = $mapping;
-@@ -260,7 +260,7 @@
- $dbMappings = DBselect(
- 'SELECT m.newvalue'.
- ' FROM mappings m'.
-- ' WHERE m.valuemapid='.$valueMapId.
-+ ' WHERE m.valuemapid='.zbx_dbstr($valueMapId).
- ' AND m.value='.zbx_dbstr($value)
- );
- if ($mapping = DBfetch($dbMappings)) {
-Index: frontends/php/include/httptest.inc.php
-===================================================================
---- ./frontends/php/include/httptest.inc.php (revision 38884)
-+++ ./frontends/php/include/httptest.inc.php (working copy)
-@@ -72,10 +72,10 @@
- }
-
- function activate_httptest($httptestid) {
-- $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_ACTIVE.' WHERE httptestid='.$httptestid);
-+ $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_ACTIVE.' WHERE httptestid='.zbx_dbstr($httptestid));
-
- $itemids = array();
-- $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.$httptestid);
-+ $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.zbx_dbstr($httptestid));
- while ($itemid = Dbfetch($items_db)) {
- $itemids[] = $itemid['itemid'];
- }
-@@ -84,7 +84,7 @@
- 'SELECT hsi.itemid'.
- ' FROM httpstep hs,httpstepitem hsi'.
- ' WHERE hs.httpstepid=hsi.httpstepid'.
-- ' AND hs.httptestid='.$httptestid
-+ ' AND hs.httptestid='.zbx_dbstr($httptestid)
- );
- while ($itemid = Dbfetch($items_db)) {
- $itemids[] = $itemid['itemid'];
-@@ -96,10 +96,10 @@
- }
-
- function disable_httptest($httptestid) {
-- $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_DISABLED.' WHERE httptestid='.$httptestid);
-+ $result = DBexecute('UPDATE httptest SET status='.HTTPTEST_STATUS_DISABLED.' WHERE httptestid='.zbx_dbstr($httptestid));
-
- $itemids = array();
-- $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.$httptestid);
-+ $items_db = DBselect('SELECT hti.itemid FROM httptestitem hti WHERE hti.httptestid='.zbx_dbstr($httptestid));
- while ($itemid = Dbfetch($items_db)) {
- $itemids[] = $itemid['itemid'];
- }
-@@ -108,7 +108,7 @@
- 'SELECT hsi.itemid'.
- ' FROM httpstep hs,httpstepitem hsi'.
- ' WHERE hs.httpstepid=hsi.httpstepid'.
-- ' AND hs.httptestid='.$httptestid
-+ ' AND hs.httptestid='.zbx_dbstr($httptestid)
- );
- while ($itemid = Dbfetch($items_db)) {
- $itemids[] = $itemid['itemid'];
-@@ -125,7 +125,7 @@
- ' FROM items i,httpstepitem si,httpstep s'.
- ' WHERE i.itemid=si.itemid'.
- ' AND si.httpstepid=s.httpstepid'.
-- ' AND s.httptestid='.$httptestid
-+ ' AND s.httptestid='.zbx_dbstr($httptestid)
- );
- while ($item_data = DBfetch($db_items)) {
- if (!delete_history_by_itemid($item_data['itemid'])) {
-@@ -137,11 +137,11 @@
- }
-
- function get_httptest_by_httptestid($httptestid) {
-- return DBfetch(DBselect('SELECT ht.* FROM httptest ht WHERE ht.httptestid='.$httptestid));
-+ return DBfetch(DBselect('SELECT ht.* FROM httptest ht WHERE ht.httptestid='.zbx_dbstr($httptestid)));
- }
-
- function get_httpstep_by_no($httptestid, $no) {
-- return DBfetch(DBselect('SELECT hs.* FROM httpstep hs WHERE hs.httptestid='.$httptestid.' AND hs.no='.$no));
-+ return DBfetch(DBselect('SELECT hs.* FROM httpstep hs WHERE hs.httptestid='.zbx_dbstr($httptestid).' AND hs.no='.zbx_dbstr($no)));
- }
-
- function get_httptests_by_hostid($hostids) {
-Index: frontends/php/include/acknow.inc.php
-===================================================================
---- ./frontends/php/include/acknow.inc.php (revision 38884)
-+++ ./frontends/php/include/acknow.inc.php (working copy)
-@@ -23,7 +23,7 @@
- $dbEvents = DBfetch(DBselect(
- 'SELECT e.*'.
- ' FROM events e'.
-- ' WHERE e.objectid='.$triggerid.
-+ ' WHERE e.objectid='.zbx_dbstr($triggerid).
- ' AND e.object='.EVENT_OBJECT_TRIGGER.
- ' AND e.value<>'.TRIGGER_VALUE_UNKNOWN.
- ' AND e.value_changed='.TRIGGER_VALUE_CHANGED_YES.
-@@ -35,7 +35,7 @@
- }
-
- function get_acknowledges_by_eventid($eventid) {
-- return DBselect('SELECT a.*,u.alias FROM acknowledges a LEFT JOIN users u ON u.userid=a.userid WHERE a.eventid='.$eventid);
-+ return DBselect('SELECT a.*,u.alias FROM acknowledges a LEFT JOIN users u ON u.userid=a.userid WHERE a.eventid='.zbx_dbstr($eventid));
- }
-
- /**
-Index: frontends/php/include/triggers.inc.php
-===================================================================
---- ./frontends/php/include/triggers.inc.php (revision 38884)
-+++ ./frontends/php/include/triggers.inc.php (working copy)
-@@ -107,7 +107,7 @@
- function get_service_status_of_trigger($triggerid) {
- $sql = 'SELECT t.triggerid,t.priority'.
- ' FROM triggers t'.
-- ' WHERE t.triggerid='.$triggerid.
-+ ' WHERE t.triggerid='.zbx_dbstr($triggerid).
- ' AND t.status='.TRIGGER_STATUS_ENABLED.
- ' AND t.value='.TRIGGER_VALUE_TRUE;
- $rows = DBfetch(DBselect($sql, 1));
-@@ -259,7 +259,7 @@
- }
-
- function get_trigger_by_triggerid($triggerid) {
-- $db_trigger = DBfetch(DBselect('SELECT t.* FROM triggers t WHERE t.triggerid='.$triggerid));
-+ $db_trigger = DBfetch(DBselect('SELECT t.* FROM triggers t WHERE t.triggerid='.zbx_dbstr($triggerid)));
- if (!empty($db_trigger)) {
- return $db_trigger;
- }
-@@ -284,7 +284,7 @@
- return DBselect(
- 'SELECT DISTINCT t.*'.
- ' FROM triggers t,functions f,items i'.
-- ' WHERE i.hostid='.$hostid.
-+ ' WHERE i.hostid='.zbx_dbstr($hostid).
- ' AND f.itemid=i.itemid'.
- ' AND f.triggerid=t.triggerid'
- );
-@@ -679,7 +679,7 @@
- $state = '';
- $sql = 'SELECT h.host,i.itemid,i.key_,f.function,f.triggerid,f.parameter,i.itemid,i.status,i.type,i.flags'.
- ' FROM items i,functions f,hosts h'.
-- ' WHERE f.functionid='.$functionid.
-+ ' WHERE f.functionid='.zbx_dbstr($functionid).
- ' AND i.itemid=f.itemid'.
- ' AND h.hostid=i.hostid';
-
-@@ -1068,8 +1068,8 @@
- ' FROM triggers t,functions f,items i'.
- ' WHERE t.triggerid=f.triggerid'.
- ' AND f.itemid=i.itemid'.
-- ' AND t.templateid='.$val.
-- ' AND i.hostid='.$hostid;
-+ ' AND t.templateid='.zbx_dbstr($val).
-+ ' AND i.hostid='.zbx_dbstr($hostid);
- if ($db_new_dep = DBfetch(DBselect($sql))) {
- $deps[$id] = $db_new_dep['triggerid'];
- }
-@@ -1395,9 +1395,9 @@
- if ($period_start > 0 && $period_start <= time()) {
- $sql = 'SELECT e.eventid,e.value'.
- ' FROM events e'.
-- ' WHERE e.objectid='.$triggerid.
-+ ' WHERE e.objectid='.zbx_dbstr($triggerid).
- ' AND e.object='.EVENT_OBJECT_TRIGGER.
-- ' AND e.clock<'.$period_start.
-+ ' AND e.clock<'.zbx_dbstr($period_start).
- ' ORDER BY e.eventid DESC';
- if ($row = DBfetch(DBselect($sql, 1))) {
- $start_value = $row['value'];
-@@ -1407,13 +1407,13 @@
-
- $sql = 'SELECT COUNT(e.eventid) AS cnt,MIN(e.clock) AS min_clock,MAX(e.clock) AS max_clock'.
- ' FROM events e'.
-- ' WHERE e.objectid='.$triggerid.
-+ ' WHERE e.objectid='.zbx_dbstr($triggerid).
- ' AND e.object='.EVENT_OBJECT_TRIGGER;
- if ($period_start != 0) {
-- $sql .= ' AND clock>='.$period_start;
-+ $sql .= ' AND clock>='.zbx_dbstr($period_start);
- }
- if ($period_end != 0) {
-- $sql .= ' AND clock<='.$period_end;
-+ $sql .= ' AND clock<='.zbx_dbstr($period_end);
- }
-
- $db_events = DBfetch(DBselect($sql));
-@@ -1455,7 +1455,7 @@
- $db_events = DBselect(
- 'SELECT e.eventid,e.clock,e.value'.
- ' FROM events e'.
-- ' WHERE e.objectid='.$triggerid.
-+ ' WHERE e.objectid='.zbx_dbstr($triggerid).
- ' AND e.object='.EVENT_OBJECT_TRIGGER.
- ' AND e.clock BETWEEN '.$min.' AND '.$max.
- ' ORDER BY e.eventid'
-Index: frontends/php/include/forms.inc.php
-===================================================================
---- ./frontends/php/include/forms.inc.php (revision 38884)
-+++ ./frontends/php/include/forms.inc.php (working copy)
-@@ -66,7 +66,7 @@
- $data['user_medias'] = array();
- $dbMedia = DBselect('SELECT m.mediaid,m.mediatypeid,m.period,m.sendto,m.severity,m.active'.
- ' FROM media m'.
-- ' WHERE m.userid='.$userid
-+ ' WHERE m.userid='.zbx_dbstr($userid)
- );
- while ($dbMedium = DBfetch($dbMedia)) {
- $data['user_medias'][] = $dbMedium;
-@@ -1104,7 +1104,7 @@
- $data['db_applications'] = DBfetchArray(DBselect(
- 'SELECT DISTINCT a.applicationid,a.name'.
- ' FROM applications a'.
-- ' WHERE a.hostid='.$data['hostid']
-+ ' WHERE a.hostid='.zbx_dbstr($data['hostid'])
- ));
- order_result($data['db_applications'], 'name');
-
-@@ -1117,7 +1117,7 @@
- // valuemapid
- if ($data['limited']) {
- if (!empty($data['valuemapid'])) {
-- if ($map_data = DBfetch(DBselect('SELECT v.name FROM valuemaps v WHERE v.valuemapid='.$data['valuemapid']))) {
-+ if ($map_data = DBfetch(DBselect('SELECT v.name FROM valuemaps v WHERE v.valuemapid='.zbx_dbstr($data['valuemapid'])))) {
- $data['valuemaps'] = $map_data['name'];
- }
- }
-@@ -1270,7 +1270,7 @@
- ' LEFT JOIN items i ON f.itemid=i.itemid'.
- ' LEFT JOIN hosts h ON i.hostid=h.hostid'.
- ' LEFT JOIN item_discovery id ON i.itemid=id.itemid'.
-- ' WHERE t.triggerid='.$tmp_triggerid
-+ ' WHERE t.triggerid='.zbx_dbstr($tmp_triggerid)
- ));
- if (bccomp($data['triggerid'], $tmp_triggerid) != 0) {
- // parent trigger prototype link
-@@ -1313,7 +1313,7 @@
- 'SELECT t.triggerid,t.description'.
- ' FROM triggers t,trigger_depends d'.
- ' WHERE t.triggerid=d.triggerid_up'.
-- ' AND d.triggerid_down='.$data['triggerid']
-+ ' AND d.triggerid_down='.zbx_dbstr($data['triggerid'])
- );
- while ($trigger = DBfetch($db_triggers)) {
- if (uint_in_array($trigger['triggerid'], $data['dependencies'])) {
-@@ -1720,7 +1720,7 @@
- $table_titles = zbx_toHash($table_titles, 'db_field');
- $sql_fields = implode(', ', array_keys($table_titles));
-
-- $sql = 'SELECT '.$sql_fields.' FROM host_inventory WHERE hostid='.$_REQUEST['hostid'];
-+ $sql = 'SELECT '.$sql_fields.' FROM host_inventory WHERE hostid='.zbx_dbstr($_REQUEST['hostid']);
- $result = DBselect($sql);
-
- $row = DBfetch($result);
-@@ -1740,7 +1740,7 @@
- $sql = 'SELECT re.* '.
- ' FROM regexps re '.
- ' WHERE '.DBin_node('re.regexpid').
-- ' AND re.regexpid='.$_REQUEST['regexpid'];
-+ ' AND re.regexpid='.zbx_dbstr($_REQUEST['regexpid']);
- $regexp = DBfetch(DBSelect($sql));
-
- $rename = $regexp['name'];
-@@ -1750,7 +1750,7 @@
- $sql = 'SELECT e.* '.
- ' FROM expressions e '.
- ' WHERE '.DBin_node('e.expressionid').
-- ' AND e.regexpid='.$regexp['regexpid'].
-+ ' AND e.regexpid='.zbx_dbstr($regexp['regexpid']).
- ' ORDER BY e.expression_type';
-
- $db_exps = DBselect($sql);
-@@ -1888,7 +1888,7 @@
- $sql = 'SELECT e.* '.
- ' FROM expressions e '.
- ' WHERE '.DBin_node('e.expressionid').
-- ' AND e.regexpid='.$_REQUEST['regexpid'].
-+ ' AND e.regexpid='.zbx_dbstr($_REQUEST['regexpid']).
- ' ORDER BY e.expression_type';
-
- $db_exps = DBselect($sql);
-Index: frontends/php/include/regexp.inc.php
-===================================================================
---- ./frontends/php/include/regexp.inc.php (revision 38884)
-+++ ./frontends/php/include/regexp.inc.php (working copy)
-@@ -24,7 +24,7 @@
- 'SELECT re.*'.
- ' FROM regexps re'.
- ' WHERE '.DBin_node('re.regexpid').
-- ' AND regexpid='.$regexpId
-+ ' AND regexpid='.zbx_dbstr($regexpId)
- ));
- }
-
-@@ -35,7 +35,7 @@
- 'SELECT e.expressionid,e.expression,e.expression_type,e.exp_delimiter,e.case_sensitive'.
- ' FROM expressions e'.
- ' WHERE '.DBin_node('e.expressionid').
-- ' AND regexpid='.$regexpId
-+ ' AND regexpid='.zbx_dbstr($regexpId)
- );
- while ($expression = DBfetch($dbExpressions)) {
- $expressions[$expression['expressionid']] = $expression;
-Index: frontends/php/include/actions.inc.php
-===================================================================
---- ./frontends/php/include/actions.inc.php (revision 38884)
-+++ ./frontends/php/include/actions.inc.php (working copy)
-@@ -203,7 +203,7 @@
- 'SELECT dr.name,c.dcheckid,c.type,c.key_,c.ports'.
- ' FROM drules dr,dchecks c'.
- ' WHERE dr.druleid=c.druleid'.
-- ' AND c.dcheckid='.$value
-+ ' AND c.dcheckid='.zbx_dbstr($value)
- ));
- if ($row) {
- $str_val = $row['name'].': '.discovery_check2str($row['type'], $row['key_'], $row['ports']);
-@@ -409,7 +409,7 @@
- $sql = 'SELECT a.def_shortdata,a.def_longdata '.
- ' FROM actions a,operations o '.
- ' WHERE a.actionid=o.actionid '.
-- ' AND o.operationid='.$data['operationid'];
-+ ' AND o.operationid='.zbx_dbstr($data['operationid']);
- if ($rows = DBfetch(DBselect($sql, 1))) {
- $result[] = array(bold(_('Subject').': '), BR(), zbx_nl2br($rows['def_shortdata']));
- $result[] = array(bold(_('Message').': '), BR(), zbx_nl2br($rows['def_longdata']));
-@@ -873,8 +873,8 @@
- ' FROM events e,alerts a'.
- ' LEFT JOIN users u ON u.userid=a.userid'.
- ' LEFT JOIN media_type mt ON mt.mediatypeid=a.mediatypeid'.
-- ' WHERE a.eventid='.$eventid.
-- (is_null($status)?'':' AND a.status='.$status).
-+ ' WHERE a.eventid='.zbx_dbstr($eventid).
-+ (is_null($status)?'':' AND a.status='.zbx_dbstr($status)).
- ' AND e.eventid=a.eventid'.
- ' AND a.alerttype IN ('.ALERT_TYPE_MESSAGE.','.ALERT_TYPE_COMMAND.')'.
- ' AND '.DBin_node('a.alertid').
-Index: frontends/php/include/screens.inc.php
-===================================================================
---- ./frontends/php/include/screens.inc.php (revision 38884)
-+++ ./frontends/php/include/screens.inc.php (working copy)
-@@ -57,7 +57,7 @@
- }
-
- function get_screen_by_screenid($screenid) {
-- $dbScreen = DBfetch(DBselect('SELECT s.* FROM screens s WHERE s.screenid='.$screenid));
-+ $dbScreen = DBfetch(DBselect('SELECT s.* FROM screens s WHERE s.screenid='.zbx_dbstr($screenid)));
- return !empty($dbScreen) ? $dbScreen : false;
- }
-
-@@ -69,7 +69,7 @@
- $db_scr_items = DBselect(
- 'SELECT si.resourceid'.
- ' FROM screens_items si'.
-- ' WHERE si.screenid='.$child_screenid.
-+ ' WHERE si.screenid='.zbx_dbstr($child_screenid).
- ' AND si.resourcetype='.SCREEN_RESOURCE_SCREEN
- );
- while ($scr_item = DBfetch($db_scr_items)) {
-@@ -84,7 +84,7 @@
- $db_slides = DBfetch(DBselect(
- 'SELECT MIN(s.step) AS min_step,MAX(s.step) AS max_step'.
- ' FROM slides s'.
-- ' WHERE s.slideshowid='.$slideshowid
-+ ' WHERE s.slideshowid='.zbx_dbstr($slideshowid)
- ));
- if (!$db_slides || is_null($db_slides['min_step'])) {
- return false;
-@@ -101,9 +101,9 @@
- return DBfetch(DBselect(
- 'SELECT sl.*'.
- ' FROM slides sl,slideshows ss'.
-- ' WHERE ss.slideshowid='.$slideshowid.
-+ ' WHERE ss.slideshowid='.zbx_dbstr($slideshowid).
- ' AND sl.slideshowid=ss.slideshowid'.
-- ' AND sl.step='.$curr_step
-+ ' AND sl.step='.zbx_dbstr($curr_step)
- ));
- }
-
-@@ -112,7 +112,7 @@
-
- $sql = 'SELECT s.slideshowid'.
- ' FROM slideshows s'.
-- ' WHERE s.slideshowid='.$slideshowid.
-+ ' WHERE s.slideshowid='.zbx_dbstr($slideshowid).
- ' AND '.DBin_node('s.slideshowid', get_current_nodeid(null, $perm)
- );
- if (DBselect($sql)) {
-@@ -122,7 +122,7 @@
- $db_screens = DBselect(
- 'SELECT DISTINCT s.screenid'.
- ' FROM slides s'.
-- ' WHERE s.slideshowid='.$slideshowid
-+ ' WHERE s.slideshowid='.zbx_dbstr($slideshowid)
- );
- while ($slide_data = DBfetch($db_screens)) {
- $screenids[$slide_data['screenid']] = $slide_data['screenid'];
-@@ -147,7 +147,7 @@
- }
-
- function get_slideshow_by_slideshowid($slideshowid) {
-- return DBfetch(DBselect('SELECT s.* FROM slideshows s WHERE s.slideshowid='.$slideshowid));
-+ return DBfetch(DBselect('SELECT s.* FROM slideshows s WHERE s.slideshowid='.zbx_dbstr($slideshowid)));
- }
-
- function add_slideshow($name, $delay, $slides) {
-@@ -182,7 +182,7 @@
- $slideshowid = get_dbid('slideshows', 'slideshowid');
- $result = DBexecute(
- 'INSERT INTO slideshows (slideshowid,name,delay)'.
-- ' VALUES ('.$slideshowid.','.zbx_dbstr($name).','.$delay.')'
-+ ' VALUES ('.zbx_dbstr($slideshowid).','.zbx_dbstr($name).','.zbx_dbstr($delay).')'
- );
-
- // create slides
-@@ -197,7 +197,7 @@
-
- $result = DBexecute(
- 'INSERT INTO slides (slideid,slideshowid,screenid,step,delay)'.
-- ' VALUES ('.$slideid.','.$slideshowid.','.$slide['screenid'].','.($i++).','.$slide['delay'].')'
-+ ' VALUES ('.zbx_dbstr($slideid).','.zbx_dbstr($slideshowid).','.zbx_dbstr($slide['screenid']).','.($i++).','.zbx_dbstr($slide['delay']).')'
- );
- if (!$result) {
- return false;
-@@ -228,14 +228,14 @@
- }
-
- // validate slide name
-- $sql = 'SELECT s.slideshowid FROM slideshows s WHERE s.name='.zbx_dbstr($name).' AND s.slideshowid<>'.$slideshowid;
-+ $sql = 'SELECT s.slideshowid FROM slideshows s WHERE s.name='.zbx_dbstr($name).' AND s.slideshowid<>'.zbx_dbstr($slideshowid);
- $db_slideshow = DBfetch(DBselect($sql, 1));
- if (!empty($db_slideshow)) {
- error(_s('Slide show "%s" already exists.', $name));
- return false;
- }
-
-- $db_slideshow = DBfetchArray(DBselect('SELECT * FROM slideshows WHERE slideshowid='.$slideshowid));
-+ $db_slideshow = DBfetchArray(DBselect('SELECT * FROM slideshows WHERE slideshowid='.zbx_dbstr($slideshowid)));
- $db_slideshow = $db_slideshow[0];
- $changed = false;
- $slideshow = array('name' => $name, 'delay' => $delay);
-@@ -246,13 +246,13 @@
- }
- }
- if ($changed) {
-- if (!$result = DBexecute('UPDATE slideshows SET name='.zbx_dbstr($name).',delay='.$delay.' WHERE slideshowid='.$slideshowid)) {
-+ if (!$result = DBexecute('UPDATE slideshows SET name='.zbx_dbstr($name).',delay='.zbx_dbstr($delay).' WHERE slideshowid='.zbx_dbstr($slideshowid))) {
- return false;
- }
- }
-
- // get slides
-- $db_slides = DBfetchArrayAssoc(DBselect('SELECT s.* FROM slides s WHERE s.slideshowid='.$slideshowid), 'slideid');
-+ $db_slides = DBfetchArrayAssoc(DBselect('SELECT s.* FROM slides s WHERE s.slideshowid='.zbx_dbstr($slideshowid)), 'slideid');
-
- $slidesToDel = zbx_objectValues($db_slides, 'slideid');
- $slidesToDel = zbx_toHash($slidesToDel);
-@@ -262,7 +262,7 @@
- if (isset($db_slides[$slide['slideid']])) {
- // update slide
- if ($db_slides[$slide['slideid']]['delay'] != $slide['delay'] || $db_slides[$slide['slideid']]['step'] != $step) {
-- $result = DBexecute('UPDATE slides SET step='.$step.', delay='.$slide['delay'].' WHERE slideid='.$slide['slideid']);
-+ $result = DBexecute('UPDATE slides SET step='.zbx_dbstr($step).', delay='.zbx_dbstr($slide['delay']).' WHERE slideid='.zbx_dbstr($slide['slideid']));
- }
- // do nothing with slide
- else {
-@@ -275,7 +275,7 @@
- $slideid = get_dbid('slides', 'slideid');
- $result = DBexecute(
- 'INSERT INTO slides (slideid,slideshowid,screenid,step,delay)'.
-- ' VALUES ('.$slideid.','.$slideshowid.','.$slide['screenid'].','.$step.','.$slide['delay'].')'
-+ ' VALUES ('.zbx_dbstr($slideid).','.zbx_dbstr($slideshowid).','.zbx_dbstr($slide['screenid']).','.zbx_dbstr($step).','.zbx_dbstr($slide['delay']).')'
- );
- }
- $step ++;
-@@ -293,9 +293,9 @@
- }
-
- function delete_slideshow($slideshowid) {
-- $result = DBexecute('DELETE FROM slideshows where slideshowid='.$slideshowid);
-- $result &= DBexecute('DELETE FROM slides where slideshowid='.$slideshowid);
-- $result &= DBexecute('DELETE FROM profiles WHERE idx=\'web.favorite.screenids\' AND source=\'slideshowid\' AND value_id='.$slideshowid);
-+ $result = DBexecute('DELETE FROM slideshows where slideshowid='.zbx_dbstr($slideshowid));
-+ $result &= DBexecute('DELETE FROM slides where slideshowid='.zbx_dbstr($slideshowid));
-+ $result &= DBexecute('DELETE FROM profiles WHERE idx=\'web.favorite.screenids\' AND source=\'slideshowid\' AND value_id='.zbx_dbstr($slideshowid));
- return $result;
- }
-
-@@ -304,13 +304,13 @@
- if ($config == 0) {
- $sql = 'SELECT si.screenitemid'.
- ' FROM screens_items si'.
-- ' WHERE si.screenid='.$elid.
-+ ' WHERE si.screenid='.zbx_dbstr($elid).
- ' AND si.dynamic='.SCREEN_DYNAMIC_ITEM;
- }
- else {
- $sql = 'SELECT si.screenitemid'.
- ' FROM slides s,screens_items si'.
-- ' WHERE s.slideshowid='.$elid.
-+ ' WHERE s.slideshowid='.zbx_dbstr($elid).
- ' AND si.screenid=s.screenid'.
- ' AND si.dynamic='.SCREEN_DYNAMIC_ITEM;
- }
-Index: frontends/php/include/perm.inc.php
-===================================================================
---- ./frontends/php/include/perm.inc.php (revision 38884)
-+++ ./frontends/php/include/perm.inc.php (working copy)
-@@ -46,7 +46,7 @@
- function check_perm2system($userid) {
- $sql = 'SELECT g.usrgrpid'.
- ' FROM usrgrp g,users_groups ug'.
-- ' WHERE ug.userid='.$userid.
-+ ' WHERE ug.userid='.zbx_dbstr($userid).
- ' AND g.usrgrpid=ug.usrgrpid'.
- ' AND g.users_status='.GROUP_STATUS_DISABLED;
- if ($res = DBfetch(DBselect($sql, 1))) {
-@@ -91,7 +91,7 @@
-
- $sql = 'SELECT MAX(g.gui_access) AS gui_access'.
- ' FROM usrgrp g,users_groups ug'.
-- ' WHERE ug.userid='.$userid.
-+ ' WHERE ug.userid='.zbx_dbstr($userid).
- ' AND g.usrgrpid=ug.usrgrpid';
- $db_access = DBfetch(DBselect($sql));
- if (!zbx_empty($db_access['gui_access'])) {
-@@ -206,7 +206,7 @@
- ' LEFT JOIN rights r ON r.id=hg.groupid'.
- ' LEFT JOIN users_groups g ON r.groupid=g.usrgrpid'.
- ' LEFT JOIN nodes n ON '.DBid2nodeid('hg.groupid').'=n.nodeid'.
-- ' WHERE g.userid='.$userid.
-+ ' WHERE g.userid='.zbx_dbstr($userid).
- ' AND '.DBin_node('hg.groupid', $nodeid).
- ' GROUP BY n.nodeid,n.name,hg.groupid,hg.name,g.userid'.
- ' ORDER BY node_name,hg.name,permission';
-@@ -306,7 +306,7 @@
- foreach ($node_data as $nodeid => $node) {
- switch ($perm_res) {
- case PERM_RES_DATA_ARRAY:
-- $db_node = DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.$nodeid.' ORDER BY n.name'));
-+ $db_node = DBfetch(DBselect('SELECT n.* FROM nodes n WHERE n.nodeid='.zbx_dbstr($nodeid).' ORDER BY n.name'));
-
- if (!ZBX_DISTRIBUTED) {
- if (!$node) {
-@@ -552,7 +552,7 @@
- if (!isset($userGroups[$userId])) {
- $userGroups[$userId] = array();
-
-- $result = DBselect('SELECT usrgrpid FROM users_groups WHERE userid='.$userId);
-+ $result = DBselect('SELECT usrgrpid FROM users_groups WHERE userid='.zbx_dbstr($userId));
- while ($row = DBfetch($result)) {
- $userGroups[$userId][] = $row['usrgrpid'];
- }
-Index: frontends/php/include/blocks.inc.php
-===================================================================
---- ./frontends/php/include/blocks.inc.php (revision 38884)
-+++ ./frontends/php/include/blocks.inc.php (working copy)
-@@ -1043,7 +1043,7 @@
- ' AND hti.type='.HTTPSTEP_ITEM_TYPE_LASTSTEP.
- ' AND ht.status='.HTTPTEST_STATUS_ACTIVE.
- ' AND '.dbConditionInt('hg.hostid', $availableHostIds).
-- ' AND hg.groupid='.$group['groupid']
-+ ' AND hg.groupid='.zbx_dbstr($group['groupid'])
- );
- while ($row = DBfetch($result)) {
- $showGroup = true;