fix: resolve SQL injection and correctness issues

- Fix SQL injection in rfilter RLIKE expression by escaping with db_qstr()
- Add missing JOIN ON clause in GROUP_CONCAT query (syntax error)
- Initialize $host_ids array before loop to prevent undefined variable errors
- Move sort() outside foreach loop for O(n log n) instead of O(n² log n)
- Fix JavaScript comparison: change 'action >= ""' to 'action !== ""'
- Fix tooltip positioning typo: '1eft' -> 'left'
- Fix spelling: 'tropper' -> 'stormtrooper'

Addresses review feedback from PR Cacti#202.

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>

Author: somethingwithproof

db_functions.php

@@ -114,7 +114,7 @@ function renderWhereJoin(string &$sql_where, string &$sql_join): void
     }
 
     if (get_request_var('rfilter') != '') {
-        $awhere .= ($awhere == '' ? '' : ' AND ') . " h.description RLIKE '" . get_request_var('rfilter') . "'";
+        $awhere .= ($awhere == '' ? '' : ' AND ') . " h.description RLIKE '" . db_qstr(get_request_var('rfilter')) . "'";
     }
 
     if (get_request_var('grouping') == 'tree') {
@@ -230,6 +230,7 @@ function getHostsDownOrTriggeredByPermission(bool $prescan): array
                 'SELECT GROUP_CONCAT(DISTINCT host_id) AS hosts
 				FROM graph_tree_items AS gti
 				INNER JOIN host AS h
+				ON h.id = gti.host_id
 				WHERE host_id > 0
 				AND h.deleted = ""
 				AND graph_tree_id = ?',
@@ -263,7 +264,7 @@ function getHostsDownOrTriggeredByPermission(bool $prescan): array
         );
     }
 
-        $sql_where = "h.monitor = 'on'
+    $sql_where = "h.monitor = 'on'
 		AND h.disabled = ''
 		AND h.deleted = ''
 		AND ((h.status < " . $PreScanValue . ' AND (h.availability_method > 0 OR h.snmp_version > 0)) ' .
@@ -275,8 +276,8 @@ function getHostsDownOrTriggeredByPermission(bool $prescan): array
     if (cacti_sizeof($hosts)) {
         foreach ($hosts as $host) {
             $result[] = $host['id'];
-            sort($result);
         }
+        sort($result);
     }
 
     return $result;

js/monitor.js

@@ -59,7 +59,7 @@ function timeStep() {
 	} else {
 		$('#timer').html(value);
 		// What is a second, well if you are an
-		// imperial storm tropper, it's just a little more than a second.
+		// imperial stormtrooper, it's just a little more than a second.
 		myTimer = setTimeout(timeStep, 1284);
 	}
 }
@@ -92,7 +92,7 @@ function applyFilter(action = '') {
 	} else {
 		strURL = 'monitor.php?header=false';
 
-		if (action >= '') {
+		if (action !== '') {
 			strURL += `&action=${action}`;
 		}
 
@@ -341,7 +341,7 @@ $(() => {
 	myTimer = setTimeout(timeStep, 1000);
 
 	$(globalThis).resize(() => {
-		$(document).tooltip('option', 'position', { my: '1eft:15 top', at: 'right center' });
+		$(document).tooltip('option', 'position', { my: 'left:15 top', at: 'right center' });
 	});
 
 	if ($('#mute').val() === 'true') {

monitor_render.php

@@ -185,6 +185,7 @@ function renderSite(): string
             $suppressGroups = true;
         }
 
+        $host_ids = [];
         foreach ($hosts as $index => $host) {
             if (is_device_allowed($host['id'])) {
                 $host_ids[] = $host['id'];
@@ -318,6 +319,7 @@ function renderTemplate(): string
             $suppressGroups = true;
         }
 
+        $host_ids = [];
         foreach ($hosts as $index => $host) {
             if (is_device_allowed($host['id'])) {
                 $host_ids[] = $host['id'];
@@ -915,7 +917,8 @@ function renderHeaderList(int $total_rows = 0, int $rows = 0): string
         'hostname' => [
             'display' => __('Hostname', 'monitor'),
             'sort'    => 'ASC',
-            'align'   => 'left', 'tip' => __('Hostname of device', 'monitor')
+            'align'   => 'left',
+            'tip' => __('Hostname of device', 'monitor')
         ],
         'id' => [
             'display' => __('ID', 'monitor'),
@@ -1112,7 +1115,7 @@ function renderHostList(array $host): string
     }
 
     if ($host['availability_method'] > 0) {
-        $host_avg     =	__('%d ms', $host['cur_time'], 'monitor') . ' / ' . __('%d ms', $host['avg_time'], 'monitor');
+        $host_avg     =    __('%d ms', $host['cur_time'], 'monitor') . ' / ' . __('%d ms', $host['avg_time'], 'monitor');
     } else {
         $host_avg     = __('N/A', 'monitor');
     }