Zabbix

<?php declare(strict_types = 0);

/*

** Copyright (C) 2001-2025 Zabbix SIA

**

** This program is free software: you can redistribute it and/or modify it under the terms of

** the GNU Affero General Public License as published by the Free Software Foundation, version 3.

**

** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;

** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

** See the GNU Affero General Public License for more details.

**

** You should have received a copy of the GNU Affero General Public License along with this program.

** If not, see <https://www.gnu.org/licenses/>.

**/

​

​

class CControllerActionOperationCheck extends CController {

​

    protected function init(): void {

        $this->setPostContentType(self::POST_CONTENT_TYPE_JSON);

        $this->disableCsrfValidation();

    }

​

    protected function checkInput(): bool {

        $fields = [

            'operation' =>  'array',

            'actionid' =>   'db actions.actionid',

            'row_index' =>  'int32'

        ];

​

        $ret = $this->validateInput($fields) && $this->validateOperation();

​

        if (!$ret) {

            $this->setResponse(

                new CControllerResponseData(['main_block' => json_encode([

                    'error' => [

                        'messages' => array_column(get_and_clear_messages(), 'message')

                    ]

                ])])

            );

        }

​

        return $ret;

    }

​

    protected function validateOperation(): bool {

        $operation = $this->getInput('operation', []);

        $required_fields = ['eventsource', 'recovery', 'operationtype'];

​

        foreach ($required_fields as $field) {

            if (!array_key_exists($field, $operation)) {

                error(_s('Field "%1$s" is mandatory.', $field));

​

                return false;

            }

        }

​

        $eventsource = $operation['eventsource'];

        $recovery = $operation['recovery'];

        $operationtype = preg_replace('[\D]', '', $operation['operationtype']);

        $allowed_operations = getAllowedOperations($eventsource);

​

        if (preg_match('/\bscriptid\b/', $operation['operationtype'])) {

            $operationtype = OPERATION_TYPE_COMMAND;

        }

​

        if (!array_key_exists($recovery, $allowed_operations)

                || !in_array($operationtype, $allowed_operations[$recovery])) {

            error(_s('Incorrect action operation type "%1$s" for event source "%2$s".', $operationtype, $eventsource));

​

            return false;

        }

​

        $default_msg_validator = new CLimitedSetValidator(['values' => [0, 1]]);

​

        if ($recovery == ACTION_OPERATION) {

            if ((array_key_exists('esc_step_from', $operation) || array_key_exists('esc_step_to', $operation))

                    && (!array_key_exists('esc_step_from', $operation)

                    || !array_key_exists('esc_step_to', $operation))) {

                error(_('Parameters "esc_step_from" and "esc_step_to" must be set together.'));

​

                return false;

            }

​

            if (array_key_exists('esc_step_from', $operation) && array_key_exists('esc_step_to', $operation)) {

                if ($operation['esc_step_from'] < 1 || $operation['esc_step_to'] < 0) {

                    error(_('Incorrect action operation escalation step values.'));

​

                    return false;

                }

​