Fixed in r48587 and r48593, branch svn://svn.zabbix.com/branches/dev/ZBX-8671.

(1) String changes?

kristsk No string changes. RESOLVED.

iivs Added strings:
'No trigger prototypes found.'

kristsk CLOSED.

(2) now &hostid=0 got broken

kristsk RESOLVED in r48670.

iivs CLOSED.

(3) Other similar places were ignored.

• Places that need fixing for "groupid":
  • Configuration > Triggers > group selection
  • Configuration > Graphs > group selection

• Places where host selection redundant:
  • Configuration > Item prototypes > host selection
  • Configuration > Trigger prototypes > host selection
  • Configuration > Graph prototypes > host selection

• Places where "filter_hostid" and "filter_groupid" is not validated:
  • Configuration > Item list > Filter > group selection
  • Configuration > Item list > Filter > host selection

Please see if there any other incosintencies, missing validation or redundant parameters regarding "hostid" and "groupid" in URL.

kristsk RESOLVED in r48670.

iivs

1. In configuration pages, permissions should be checked for writing, not simple API get requests.
2. code pieces like

    $discoveryRuleId = getRequest('parent_discoveryid', false);
   if (!$discoveryRuleId) {
   	access_deny();
   } 

   will not execute due to check_fields O_MAND option.

3. do not access directly $_REQUEST and set values to it
4. avoid using API_OUTPUT_EXTEND
5. if you do not need field in return, but simply check if execution was success, you can use empty array() for output and don't forget to put output as first option as well.
6. change the order so that first group permissions are checked and then host permissions.

REOPENED.

kristsk RESOLVED in r48861.

iivs There were still many more issues with this.
What I did:

• Changed several API calls to return only boolean values to check permissions since no fields are requested in output.

• item prototype edit form:
  • changed item prototype permission check from itemprototype.get to itemprototype.iswritable

• graphs:
  • moved group permission to be validated first and then other parameters;
  • added missing parameter for getting graph discovery rule.

• separated display logic for trigger prototype list.

• fixes several coding style issues.

Please, review r48968

kristsk Looks good. Did some minor adjustments in r49090. Please review.

iivs REVIEWED.
Thanks!
CLOSED.

TESTED

Fixed and merged to 2.5.0 (trunk) in r49160.

(4) It's now impossible to create a trigger when a host is selected.

kristsk RESOLVED in r49207.

iivs CLOSED.

subissues stil open: 1, 4

iivs According to history, issue was closed after sub-issues were reviewed and closed and there was no reason to re-open the issue again.

TESTED

Merged to 2.5.0 (trunk) in r49221.

(5) Host/Template information is not shown in the trigger prototype form

Configuration -> Hosts -> Discovery -> Trigger prototypes -> [Create trigger prototype]

iivs Same problem found in graph prototype create form.
RESOLVED in svn://svn.zabbix.com/branches/dev/ZBX-8671 r51934

sasha unsafe code in graphs.php:

if (CUser::$userData['type'] !== USER_TYPE_SUPER_ADMIN) {

because CUser::$userData['type'] has string type and USER_TYPE_SUPER_ADMIN has integer type. It is always true!

REOPENED

iivs RESOLVED in r52081

sasha Possible SQL error:

    pg_query(): Query failed: ERROR: invalid input syntax for integer: "" LINE 1: SELECT h.status FROM hosts h WHERE h.hostid='' ^ [graphs.php:602 → isTemplate() → DBselect() → pg_query() in include/db.inc.php:395]
    Error in query [SELECT h.status FROM hosts h WHERE h.hostid=''] [ERROR: invalid input syntax for integer: "" LINE 1: SELECT h.status FROM hosts h WHERE h.hostid='' ^]

REOPENED

iivs RESOLVED in r52156

Note that there is still a problem when "Dropdown first entry" is set to "none". As discussed, I made a separate issue for it ZBX-9298

sasha CLOSED

Fixed in pre-2.5.0 (trunk) r52226