Closed tguichard25 closed 2 years ago
Hi,
Indeed iframe are never allowed on editor side. I guess following editor config have to be updated to handle GLPI_ALLOW_IFRAME_IN_RICH_TEXT
value.
https://github.com/glpi-project/glpi/blob/be0c24bfb75d081a688db4eaff053175542bba5e/inc/html.class.php#L3891
Regards
on my test platform with glpi 10 no problem
In GLPI 9.5, there is indeed a bug.
This has been fixed in GLPI 10.0.
Code of Conduct
Is there an existing issue for this?
Version
9.5.7
Bug description
GLPI_ALLOW_IFRAME_IN_RICH_TEXT set to 1 but still not working.
Relevant log output
No response
Page URL
No response
Steps To reproduce
1 create local_define.php into config directory 2 define('GLPI_ALLOW_IFRAME_IN_RICH_TEXT', '1'); 3 insert into rich text iframe
Your GLPI setup information
GLPI 9.5.7 ( => /var/www/html/glpi) Installation mode: TARBALL Current language:fr_FR
Operating system: Linux srv-glpi-01 5.4.0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 x86_64 PHP 7.4.3 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apc, apcu, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="300" memory_limit="256M" post_max_size="32M" safe_mode="" session.save_handler="files" upload_max_filesize="20M" Software: Apache/2.4.41 (Ubuntu) (Apache/2.4.41 (Ubuntu) Server at glpi.mut25.fr Port 443) Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Server Software: (Ubuntu) Server Version: 8.0.28-0ubuntu0.20.04.3 Server SQL Mode: Parameters: glpi@localhost/glpi Host info: Localhost via UNIX socket PHP version is at least 7.2.0 - Perfect! Sessions support is available - Perfect! Allocated memory > 64 Mio - Perfect! mysqli extension is installed ctype extension is installed fileinfo extension is installed json extension is installed mbstring extension is installed iconv extension is installed zlib extension is installed curl extension is installed gd extension is installed simplexml extension is installed intl extension is installed ldap extension is installed apcu extension is installed Zend OPcache extension is installed xmlrpc extension is installed exif extension is installed zip extension is installed bz2 extension is installed sodium extension is installed Database version seems correct (8.0.28) - Perfect! Timezones seems loaded in database The log file has been created successfully. Write access to /var/www/html/glpi/files/_cache has been validated. Write access to /var/www/html/glpi/config has been validated. Write access to /var/www/html/glpi/files/_cron has been validated. Write access to /var/www/html/glpi/files has been validated. Write access to /var/www/html/glpi/files/_dumps has been validated. Write access to /var/www/html/glpi/files/_graphs has been validated. Write access to /var/www/html/glpi/files/_lock has been validated. Write access to /var/www/html/glpi/files/_pictures has been validated. Write access to /var/www/html/glpi/files/_plugins has been validated. Write access to /var/www/html/glpi/files/_rss has been validated. Write access to /var/www/html/glpi/files/_sessions has been validated. Write access to /var/www/html/glpi/files/_tmp has been validated. Write access to /var/www/html/glpi/files/_uploads has been validated. Write access to /var/www/html/glpi/marketplace has been validated. Web access to the files directory should not be allowed but this cannot be checked automatically on this instance. Make sure access to error log file (/files/_log/php-errors.log) is forbidden; otherwise review .htaccess file and web server configuration.
GLPI_ROOT: /var/www/html/glpi GLPI_ALLOW_IFRAME_IN_RICH_TEXT: 1 GLPI_CONFIG_DIR: /var/www/html/glpi/config GLPI_VAR_DIR: /var/www/html/glpi/files GLPI_MARKETPLACE_DIR: /var/www/html/glpi/marketplace GLPI_USE_CSRF_CHECK: 1 GLPI_CSRF_EXPIRES: 7200 GLPI_CSRF_MAX_TOKENS: 100 GLPI_USE_IDOR_CHECK: 1 GLPI_IDOR_EXPIRES: 7200 GLPI_TELEMETRY_URI: https://telemetry.glpi-project.org GLPI_INSTALL_MODE: TARBALL GLPI_NETWORK_MAIL: glpi@teclib.com GLPI_NETWORK_SERVICES: https://services.glpi-network.com GLPI_MARKETPLACE_PRERELEASES: GLPI_MARKETPLACE_ALLOW_OVERRIDE: 1 GLPI_MARKETPLACE_MANUAL_DOWNLOADS: 1 GLPI_USER_AGENT_EXTRA_COMMENTS: GLPI_AJAX_DASHBOARD: 1 GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: 0 GLPI_FORCE_EMPTY_SQL_MODE: 1 GLPI_DOC_DIR: /var/www/html/glpi/files GLPI_CACHE_DIR: /var/www/html/glpi/files/_cache GLPI_CRON_DIR: /var/www/html/glpi/files/_cron GLPI_DUMP_DIR: /var/www/html/glpi/files/_dumps GLPI_GRAPH_DIR: /var/www/html/glpi/files/_graphs GLPI_LOCAL_I18N_DIR: /var/www/html/glpi/files/_locales GLPI_LOCK_DIR: /var/www/html/glpi/files/_lock GLPI_LOG_DIR: /var/www/html/glpi/files/_log GLPI_PICTURE_DIR: /var/www/html/glpi/files/_pictures GLPI_PLUGIN_DOC_DIR: /var/www/html/glpi/files/_plugins GLPI_RSS_DIR: /var/www/html/glpi/files/_rss GLPI_SESSION_DIR: /var/www/html/glpi/files/_sessions GLPI_TMP_DIR: /var/www/html/glpi/files/_tmp GLPI_UPLOAD_DIR: /var/www/html/glpi/files/_uploads GLPI_NETWORK_REGISTRATION_API_URL: https://services.glpi-network.com/api/registration/ GLPI_MARKETPLACE_PLUGINS_API_URI: https://services.glpi-network.com/api/glpi-plugins/ GLPI_I18N_DIR: /var/www/html/glpi/locales GLPI_VERSION: 9.5.7 GLPI_SCHEMA_VERSION: 9.5.7 GLPI_MIN_PHP: 7.2.0 GLPI_YEAR: 2022
htmlawed/htmlawed version 1.2.5 in (/var/www/html/glpi/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.1.6 in (/var/www/html/glpi/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.6 in (/var/www/html/glpi/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.3.5 in (/var/www/html/glpi/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/var/www/html/glpi/vendor/michelf/php-markdown/Michelf) true/punycode in (/var/www/html/glpi/vendor/true/punycode/src) iamcal/lib_autolink in (/var/www/html/glpi/vendor/iamcal/lib_autolink) sabre/dav in (/var/www/html/glpi/vendor/sabre/dav/lib/DAV) sabre/http in (/var/www/html/glpi/vendor/sabre/http/lib) sabre/uri in (/var/www/html/glpi/vendor/sabre/uri/lib) sabre/vobject in (/var/www/html/glpi/vendor/sabre/vobject/lib) laminas/laminas-cache in (/var/www/html/glpi/vendor/laminas/laminas-cache/src) laminas/laminas-i18n in (/var/www/html/glpi/vendor/laminas/laminas-i18n/src) laminas/laminas-serializer in (/var/www/html/glpi/vendor/laminas/laminas-serializer/src) monolog/monolog in (/var/www/html/glpi/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/var/www/html/glpi/vendor/sebastian/diff/src) elvanto/litemoji in (/var/www/html/glpi/vendor/elvanto/litemoji/src) symfony/console in (/var/www/html/glpi/vendor/symfony/console) scssphp/scssphp in (/var/www/html/glpi/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/var/www/html/glpi/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/var/www/html/glpi/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/var/www/html/glpi/vendor/rlanvin/php-rrule/src) blueimp/jquery-file-upload in (/var/www/html/glpi/vendor/blueimp/jquery-file-upload/server/php) ramsey/uuid in (/var/www/html/glpi/vendor/ramsey/uuid/src) psr/log in (/var/www/html/glpi/vendor/psr/log/Psr/Log) psr/simple-cache in (/var/www/html/glpi/vendor/psr/simple-cache/src) mexitek/phpcolors in (/var/www/html/glpi/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/var/www/html/glpi/vendor/guzzlehttp/guzzle/src) guzzlehttp/psr7 in (/var/www/html/glpi/vendor/guzzlehttp/psr7/src) wapmorgan/unified-archive in (/var/www/html/glpi/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/var/www/html/glpi/vendor/paragonie/sodium_compat/src) phpCas version 1.3.8 in (/usr/share/php/CAS/source)
Server: 'ldap://172.28.10.1', Port: '389', BaseDN: 'DC=MUT25,DC=FR', Connection filter: '(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 'CN=glpi,OU=services,OU=users,OU=DSI,DC=mut25,DC=fr', Use TLS: none
Not active
Way of sending emails: SMTP+TLS (anonymous@smtp.fc-net.fr)
Name: 't.guichard@mut25.fr' Active: No Server: '{outlook.office365.com:993/imap/ssl/novalidate-cert/notls}INBOX' Login: 't.guichard@mut25.fr' Password: Yes
news Name: Alertes Version: 1.9.1 State: Enabled servicecatalog Name: Catalogue de service Version: 1.7.12 State: Enabled fields Name: Champs supplémentaires Version: 1.12.9 State: Enabled behaviors Name: Comportements Version: 2.5.0 State: Enabled mydashboard Name: Dashboard Version: 1.8.2 State: Enabled datainjection Name: Data Injection Version: 2.9.0 State: Enabled formcreator Name: Form Creator Version: 2.12.4 State: Enabled fusioninventory Name: FusionInventory Version: 9.5+3.0 State: Enabled pdf Name: Impression pdf Version: 2.0.0 State: Enabled metademands Name: Meta-Demandes Version: 2.7.9 State: Enabled mreporting Name: Plus de rapports Version: 1.7.3 State: Enabled reservation Name: Reservation Version: 2.3.5 State: Enabled dashboard Name: Tableau de bord Version: 0.9.9 State: Enabled
Anything else?
No response