N°9238 - Sanitize data_source_id query parameter in synchro_import script

Fix unit test testPhpMinVersionConsistency
N°9234 - Sanitize query expression parameter in suggested OQL on run query page (#829 )
2026-03-07 10:04:14 +01:00 · 2026-03-06 15:04:52 +01:00 · 2026-03-05 16:15:18 +01:00 · 2026-03-05 16:02:30 +01:00 · 2026-03-05 15:55:28 +01:00
4 changed files with 4 additions and 4 deletions
--- a/pages/ajax.render.php
+++ b/pages/ajax.render.php
@@ -998,7 +998,7 @@ JS
 				break;

 			case 'revert_dashboard':
-				$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
+				$sDashboardId = utils::ReadParam('dashboard_id', '', false, utils::ENUM_SANITIZATION_FILTER_CONTEXT_PARAM);
 				$sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
 				appUserPreferences::UnsetPref('display_original_dashboard_'.$sDashboardId);
 				$oDashboard = new RuntimeDashboard($sDashboardId);
--- a/pages/run_query.php
+++ b/pages/run_query.php
@@ -306,7 +306,7 @@ JS
 					$sBefore = substr($sExpression, 0, $e->GetColumn());
 					$sAfter = substr($sExpression, $e->GetColumn() + strlen($sWrongWord));
 					$sFixedExpression = $sBefore.$sSuggestedWord.$sAfter;
-					$sFixedExpressionHtml = $sBefore.'<span class="ibo-run-query--highlight">'.$sSuggestedWord.'</span>'.$sAfter;
+					$sFixedExpressionHtml = $sBefore.'<span class="ibo-run-query--highlight">'.$sSuggestedWord.'</span>'.utils::EscapeHtml($sAfter);
 					$sSyntaxErrorText .= "<p>Suggesting: $sFixedExpressionHtml</p>";
 					$oSyntaxErrorPanel->AddSubBlock(new Html($sSyntaxErrorText));

--- a/setup/setuputils.class.inc.php
+++ b/setup/setuputils.class.inc.php
@@ -112,7 +112,7 @@ class SetupUtils
 	public const PHP_NEXT_MIN_VERSION   = ''; // No new PHP requirement for next iTop version yet
 	public const MYSQL_NEXT_MIN_VERSION = ''; // No new MySQL requirement for next iTop version yet
 	// -- First recent version that is not yet validated by Combodo (warning)
-	public const PHP_NOT_VALIDATED_VERSION = '8.4.0';
+	public const PHP_NOT_VALIDATED_VERSION = '8.5.0';

 	public const MIN_MEMORY_LIMIT             = '32M';
 	public const SUHOSIN_GET_MAX_VALUE_LENGTH = 2048;
--- a/synchro/synchro_import.php
+++ b/synchro/synchro_import.php
@@ -301,7 +301,7 @@ try {
 	//
 	// Read parameters
 	//
-	$iDataSourceId = ReadMandatoryParam($oP, 'data_source_id', 'raw_data');
+	$iDataSourceId = ReadMandatoryParam($oP, 'data_source_id', utils::ENUM_SANITIZATION_FILTER_INTEGER);
 	$sSynchronize = ReadParam($oP, 'synchronize');
 	$sSep = ReadParam($oP, 'separator', 'raw_data');
 	$sQualifier = ReadParam($oP, 'qualifier', 'raw_data');
Author	SHA1	Message	Date
lenaick.moreira	1162a7029d	N°9238 - Sanitize data_source_id query parameter in synchro_import script	2026-03-06 15:04:52 +01:00
lenaick.moreira	307c308eb0	Fix unit test testPhpMinVersionConsistency	2026-03-05 16:15:18 +01:00
Lenaick	61e5536b50	N°9234 - Sanitize query expression parameter in suggested OQL on run query page (#829 )	2026-03-05 16:02:30 +01:00
Lenaick	104dd1970f	N°9230 - Sanitize dashboard_id parameter in "revert_dashboard" operation of AJAX render function (#828 )	2026-03-05 15:55:28 +01:00