search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
4.24k stars 1.29k forks source link

iframe into rich text not working #10747

Closed tguichard25 closed 2 years ago

tguichard25 commented 2 years ago

Code of Conduct

Is there an existing issue for this?

Version

9.5.7

Bug description

GLPI_ALLOW_IFRAME_IN_RICH_TEXT set to 1 but still not working.

Relevant log output

No response

Page URL

No response

Steps To reproduce

1 create local_define.php into config directory 2 define('GLPI_ALLOW_IFRAME_IN_RICH_TEXT', '1'); 3 insert into rich text iframe

Your GLPI setup information

GLPI 9.5.7 ( => /var/www/html/glpi) Installation mode: TARBALL Current language:fr_FR

Operating system: Linux srv-glpi-01 5.4.0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 x86_64 PHP 7.4.3 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apc, apcu, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="300" memory_limit="256M" post_max_size="32M" safe_mode="" session.save_handler="files" upload_max_filesize="20M" Software: Apache/2.4.41 (Ubuntu) (Apache/2.4.41 (Ubuntu) Server at glpi.mut25.fr Port 443) Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Server Software: (Ubuntu) Server Version: 8.0.28-0ubuntu0.20.04.3 Server SQL Mode: Parameters: glpi@localhost/glpi Host info: Localhost via UNIX socket PHP version is at least 7.2.0 - Perfect! Sessions support is available - Perfect! Allocated memory > 64 Mio - Perfect! mysqli extension is installed ctype extension is installed fileinfo extension is installed json extension is installed mbstring extension is installed iconv extension is installed zlib extension is installed curl extension is installed gd extension is installed simplexml extension is installed intl extension is installed ldap extension is installed apcu extension is installed Zend OPcache extension is installed xmlrpc extension is installed exif extension is installed zip extension is installed bz2 extension is installed sodium extension is installed Database version seems correct (8.0.28) - Perfect! Timezones seems loaded in database The log file has been created successfully. Write access to /var/www/html/glpi/files/_cache has been validated. Write access to /var/www/html/glpi/config has been validated. Write access to /var/www/html/glpi/files/_cron has been validated. Write access to /var/www/html/glpi/files has been validated. Write access to /var/www/html/glpi/files/_dumps has been validated. Write access to /var/www/html/glpi/files/_graphs has been validated. Write access to /var/www/html/glpi/files/_lock has been validated. Write access to /var/www/html/glpi/files/_pictures has been validated. Write access to /var/www/html/glpi/files/_plugins has been validated. Write access to /var/www/html/glpi/files/_rss has been validated. Write access to /var/www/html/glpi/files/_sessions has been validated. Write access to /var/www/html/glpi/files/_tmp has been validated. Write access to /var/www/html/glpi/files/_uploads has been validated. Write access to /var/www/html/glpi/marketplace has been validated. Web access to the files directory should not be allowed but this cannot be checked automatically on this instance. Make sure access to error log file (/files/_log/php-errors.log) is forbidden; otherwise review .htaccess file and web server configuration.

GLPI_ROOT: /var/www/html/glpi GLPI_ALLOW_IFRAME_IN_RICH_TEXT: 1 GLPI_CONFIG_DIR: /var/www/html/glpi/config GLPI_VAR_DIR: /var/www/html/glpi/files GLPI_MARKETPLACE_DIR: /var/www/html/glpi/marketplace GLPI_USE_CSRF_CHECK: 1 GLPI_CSRF_EXPIRES: 7200 GLPI_CSRF_MAX_TOKENS: 100 GLPI_USE_IDOR_CHECK: 1 GLPI_IDOR_EXPIRES: 7200 GLPI_TELEMETRY_URI: https://telemetry.glpi-project.org GLPI_INSTALL_MODE: TARBALL GLPI_NETWORK_MAIL: glpi@teclib.com GLPI_NETWORK_SERVICES: https://services.glpi-network.com GLPI_MARKETPLACE_PRERELEASES: GLPI_MARKETPLACE_ALLOW_OVERRIDE: 1 GLPI_MARKETPLACE_MANUAL_DOWNLOADS: 1 GLPI_USER_AGENT_EXTRA_COMMENTS: GLPI_AJAX_DASHBOARD: 1 GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: 0 GLPI_FORCE_EMPTY_SQL_MODE: 1 GLPI_DOC_DIR: /var/www/html/glpi/files GLPI_CACHE_DIR: /var/www/html/glpi/files/_cache GLPI_CRON_DIR: /var/www/html/glpi/files/_cron GLPI_DUMP_DIR: /var/www/html/glpi/files/_dumps GLPI_GRAPH_DIR: /var/www/html/glpi/files/_graphs GLPI_LOCAL_I18N_DIR: /var/www/html/glpi/files/_locales GLPI_LOCK_DIR: /var/www/html/glpi/files/_lock GLPI_LOG_DIR: /var/www/html/glpi/files/_log GLPI_PICTURE_DIR: /var/www/html/glpi/files/_pictures GLPI_PLUGIN_DOC_DIR: /var/www/html/glpi/files/_plugins GLPI_RSS_DIR: /var/www/html/glpi/files/_rss GLPI_SESSION_DIR: /var/www/html/glpi/files/_sessions GLPI_TMP_DIR: /var/www/html/glpi/files/_tmp GLPI_UPLOAD_DIR: /var/www/html/glpi/files/_uploads GLPI_NETWORK_REGISTRATION_API_URL: https://services.glpi-network.com/api/registration/ GLPI_MARKETPLACE_PLUGINS_API_URI: https://services.glpi-network.com/api/glpi-plugins/ GLPI_I18N_DIR: /var/www/html/glpi/locales GLPI_VERSION: 9.5.7 GLPI_SCHEMA_VERSION: 9.5.7 GLPI_MIN_PHP: 7.2.0 GLPI_YEAR: 2022

htmlawed/htmlawed version 1.2.5 in (/var/www/html/glpi/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.1.6 in (/var/www/html/glpi/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.6 in (/var/www/html/glpi/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.3.5 in (/var/www/html/glpi/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/var/www/html/glpi/vendor/michelf/php-markdown/Michelf) true/punycode in (/var/www/html/glpi/vendor/true/punycode/src) iamcal/lib_autolink in (/var/www/html/glpi/vendor/iamcal/lib_autolink) sabre/dav in (/var/www/html/glpi/vendor/sabre/dav/lib/DAV) sabre/http in (/var/www/html/glpi/vendor/sabre/http/lib) sabre/uri in (/var/www/html/glpi/vendor/sabre/uri/lib) sabre/vobject in (/var/www/html/glpi/vendor/sabre/vobject/lib) laminas/laminas-cache in (/var/www/html/glpi/vendor/laminas/laminas-cache/src) laminas/laminas-i18n in (/var/www/html/glpi/vendor/laminas/laminas-i18n/src) laminas/laminas-serializer in (/var/www/html/glpi/vendor/laminas/laminas-serializer/src) monolog/monolog in (/var/www/html/glpi/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/var/www/html/glpi/vendor/sebastian/diff/src) elvanto/litemoji in (/var/www/html/glpi/vendor/elvanto/litemoji/src) symfony/console in (/var/www/html/glpi/vendor/symfony/console) scssphp/scssphp in (/var/www/html/glpi/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/var/www/html/glpi/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/var/www/html/glpi/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/var/www/html/glpi/vendor/rlanvin/php-rrule/src) blueimp/jquery-file-upload in (/var/www/html/glpi/vendor/blueimp/jquery-file-upload/server/php) ramsey/uuid in (/var/www/html/glpi/vendor/ramsey/uuid/src) psr/log in (/var/www/html/glpi/vendor/psr/log/Psr/Log) psr/simple-cache in (/var/www/html/glpi/vendor/psr/simple-cache/src) mexitek/phpcolors in (/var/www/html/glpi/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/var/www/html/glpi/vendor/guzzlehttp/guzzle/src) guzzlehttp/psr7 in (/var/www/html/glpi/vendor/guzzlehttp/psr7/src) wapmorgan/unified-archive in (/var/www/html/glpi/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/var/www/html/glpi/vendor/paragonie/sodium_compat/src) phpCas version 1.3.8 in (/usr/share/php/CAS/source)

Server: 'ldap://172.28.10.1', Port: '389', BaseDN: 'DC=MUT25,DC=FR', Connection filter: '(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 'CN=glpi,OU=services,OU=users,OU=DSI,DC=mut25,DC=fr', Use TLS: none

Not active

Way of sending emails: SMTP+TLS (anonymous@smtp.fc-net.fr)

Name: 't.guichard@mut25.fr' Active: No Server: '{outlook.office365.com:993/imap/ssl/novalidate-cert/notls}INBOX' Login: 't.guichard@mut25.fr' Password: Yes

news Name: Alertes Version: 1.9.1 State: Enabled servicecatalog Name: Catalogue de service Version: 1.7.12 State: Enabled fields Name: Champs supplémentaires Version: 1.12.9 State: Enabled behaviors Name: Comportements Version: 2.5.0 State: Enabled mydashboard Name: Dashboard Version: 1.8.2 State: Enabled datainjection Name: Data Injection Version: 2.9.0 State: Enabled formcreator Name: Form Creator Version: 2.12.4 State: Enabled fusioninventory Name: FusionInventory Version: 9.5+3.0 State: Enabled pdf Name: Impression pdf Version: 2.0.0 State: Enabled metademands Name: Meta-Demandes Version: 2.7.9 State: Enabled mreporting Name: Plus de rapports Version: 1.7.3 State: Enabled reservation Name: Reservation Version: 2.3.5 State: Enabled dashboard Name: Tableau de bord Version: 0.9.9 State: Enabled

Anything else?

No response

cedric-anne commented 2 years ago

Hi,

Indeed iframe are never allowed on editor side. I guess following editor config have to be updated to handle GLPI_ALLOW_IFRAME_IN_RICH_TEXT value. https://github.com/glpi-project/glpi/blob/be0c24bfb75d081a688db4eaff053175542bba5e/inc/html.class.php#L3891

Regards

tguichard25 commented 2 years ago

on my test platform with glpi 10 no problem

cedric-anne commented 2 years ago

In GLPI 9.5, there is indeed a bug.

This has been fixed in GLPI 10.0.