Exception in RichText/UserMention.php when certain email replies are processed by mail receivers

[GusADS]

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• [X] I have searched the existing issues

Version

10.0.10

Bug description

Exception in RichText/UserMention.php when certain email replies are processed by mail receivers

Relevant log output

When I process this email via an email receiver:

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><title>[ASKIT #0005094] NEW STARTER - Person-Name Surname</Title><style><!--
/* Font Definitions */
@font-face
    {font-family:"Cambria Math";
    panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
    {font-family:Calibri;
    panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
    {margin:0cm;
    font-size:12.0pt;
    font-family:"Times New Roman",serif;}
.MsoChpDefault
    {mso-style-type:export-only;
    font-size:10.0pt;}
@page WordSection1
    {size:612.0pt 792.0pt;
    margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
    {page:WordSection1;}
--></Style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</Head>
    <body lang=EN-AU link=blue vlink=purple style='word-wrap:break-word'>
        <div class=WordSection1>
            <div>
                <div>
                    <p class=MsoNormal style='margin-bottom:12.0pt'>
                        <br>=_=_=_= To answer by email, write under this line =_=_=_= 
                        <o:p></o:p>
                    </P>
                </Div>
            </Div>
        </Div>
    </Body>
</Html>

GLPI shows a blank white screen and an error is logged. All processing of incoming emails to our various mailboxes halts at this point and does not resume until the problematic email is removed from the mailbox. 

In php-errors.php:
[2023-12-11 11:49:50] glpiphplog.WARNING:   *** PHP Warning (2): simplexml_import_dom(): Invalid Nodetype to import in /var/www/glpi/src/RichText/UserMention.php at line 200
  Backtrace :
  src/RichText/UserMention.php:200                   simplexml_import_dom()
  src/RichText/UserMention.php:91                    Glpi\RichText\UserMention::getUserIdsFromUserMentions()
  src/CommonDBTM.php:1538                            Glpi\RichText\UserMention::handleUserMentions()
  src/CommonDBChild.php:540                          CommonDBTM->post_addItem()
  src/ITILFollowup.php:301                           CommonDBChild->post_addItem()
  src/CommonDBTM.php:1324                            ITILFollowup->post_addItem()
  src/MailCollector.php:954                          CommonDBTM->add()
  front/mailcollector.form.php:103                   MailCollector->collect()
  public/index.php:82                                require()

[2023-12-11 11:49:50] glpiphplog.CRITICAL:   *** Uncaught Exception Error: Call to a member function xpath() on null in /var/www/glpi/src/RichText/UserMention.php at line 207
  Backtrace :
  src/RichText/UserMention.php:91                    Glpi\RichText\UserMention::getUserIdsFromUserMentions()
  src/CommonDBTM.php:1538                            Glpi\RichText\UserMention::handleUserMentions()
  src/CommonDBChild.php:540                          CommonDBTM->post_addItem()
  src/ITILFollowup.php:301                           CommonDBChild->post_addItem()
  src/CommonDBTM.php:1324                            ITILFollowup->post_addItem()
  src/MailCollector.php:954                          CommonDBTM->add()
  front/mailcollector.form.php:103                   MailCollector->collect()
  public/index.php:82                                require()

Page URL

https://GLPIURL.somedomain/ajax/common.tabs.php?_target=/front/mailcollector.form.php&_itemtype=MailCollector&_glpi_tab=MailCollector$1&id=7

Steps To reproduce

1. Create an email with the html snippet above and send to GLPI receiver
2. Submit [Get Email Tickets Now] button under receivers -> actions or just wait for cron to run it

Your GLPI setup information

Information about system installation & configuration

  GLPI 10.0.10 ( => /var/www/glpi) Installation mode: TARBALL Current language:en_US

Operating system: Linux adcg-glpi-01 5.15.0-89-generic #​99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64 PHP 8.1.2-1ubuntu2.14 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files" upload_max_filesize="2M" Software: Apache () Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0 Server Software: Ubuntu 22.04 Server Version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION Parameters: glpi@localhost/glpi Host info: Localhost via UNIX socket PHP version (8.1.2-1ubuntu2.14) is supported. Sessions configuration is OK. Allocated memory is sufficient. mysqli extension is installed. Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter. curl extension is installed. gd extension is installed. intl extension is installed. zlib extension is installed. The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present. Database engine version (10.6.12) is supported. No files from previous GLPI version detected. The log file has been created successfully. Write access to /var/www/glpi/files/_cache has been validated. Write access to /var/www/glpi/config has been validated. Write access to /var/www/glpi/files/_cron has been validated. Write access to /var/www/glpi/files has been validated. Write access to /var/www/glpi/files/_dumps has been validated. Write access to /var/www/glpi/files/_graphs has been validated. Write access to /var/www/glpi/files/_lock has been validated. Write access to /var/www/glpi/files/_pictures has been validated. Write access to /var/www/glpi/files/_plugins has been validated. Write access to /var/www/glpi/files/_rss has been validated. Write access to /var/www/glpi/files/_sessions has been validated. Write access to /var/www/glpi/files/_tmp has been validated. Write access to /var/www/glpi/files/_uploads has been validated. Web server root directory configuration seems safe. Sessions configuration is secured. OS and PHP are relying on 64 bits integers. exif extension is installed. ldap extension is installed. openssl extension is installed. Following extensions are installed: bz2, Phar, zip. Zend OPcache extension is installed. Following extensions are installed: ctype, iconv, mbstring, sodium. Write access to /var/www/glpi/marketplace has been validated. Timezones seems loaded in database.

GLPI_ROOT: "/var/www/glpi" GLPI_CONFIG_DIR: "/var/www/glpi/config" GLPI_VAR_DIR: "/var/www/glpi/files" GLPI_MARKETPLACE_DIR: "/var/www/glpi/marketplace" GLPI_USE_CSRF_CHECK: "1" GLPI_CSRF_EXPIRES: "7200" GLPI_CSRF_MAX_TOKENS: "100" GLPI_USE_IDOR_CHECK: "1" GLPI_IDOR_EXPIRES: "7200" GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\/\/[^@:]+(\/.*)?$/"] GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org" GLPI_INSTALL_MODE: "TARBALL" GLPI_NETWORK_MAIL: "glpi@teclib.com" GLPI_NETWORK_SERVICES: "https://services.glpi-network.com" GLPI_MARKETPLACE_ALLOW_OVERRIDE: true GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true GLPI_USER_AGENT_EXTRA_COMMENTS: "" GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1" GLPI_AJAX_DASHBOARD: "1" GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: "0" GLPI_CENTRAL_WARNINGS: "1" GLPI_DOC_DIR: "/var/www/glpi/files" GLPI_CACHE_DIR: "/var/www/glpi/files/_cache" GLPI_CRON_DIR: "/var/www/glpi/files/_cron" GLPI_DUMP_DIR: "/var/www/glpi/files/_dumps" GLPI_GRAPH_DIR: "/var/www/glpi/files/_graphs" GLPI_LOCAL_I18N_DIR: "/var/www/glpi/files/_locales" GLPI_LOCK_DIR: "/var/www/glpi/files/_lock" GLPI_LOG_DIR: "/var/www/glpi/files/_log" GLPI_PICTURE_DIR: "/var/www/glpi/files/_pictures" GLPI_PLUGIN_DOC_DIR: "/var/www/glpi/files/_plugins" GLPI_RSS_DIR: "/var/www/glpi/files/_rss" GLPI_SESSION_DIR: "/var/www/glpi/files/_sessions" GLPI_TMP_DIR: "/var/www/glpi/files/_tmp" GLPI_UPLOAD_DIR: "/var/www/glpi/files/_uploads" GLPI_INVENTORY_DIR: "/var/www/glpi/files/_inventories" GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/" GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/" GLPI_I18N_DIR: "/var/www/glpi/locales" GLPI_VERSION: "10.0.10" GLPI_SCHEMA_VERSION: "10.0.10@05de68add675fb55abaeec10f3a2552085594a16" GLPI_MARKETPLACE_PRERELEASES: false GLPI_MIN_PHP: "7.4.0" GLPI_MAX_PHP: "8.4.0" GLPI_YEAR: "2023"

htmlawed/htmlawed version 1.2.14 in (/var/www/glpi/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.8.0 in (/var/www/glpi/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.8 in (/var/www/glpi/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.6.2 in (/var/www/glpi/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/var/www/glpi/vendor/michelf/php-markdown/Michelf) true/punycode in (/var/www/glpi/vendor/true/punycode/src) iamcal/lib_autolink in (/var/www/glpi/vendor/iamcal/lib_autolink) sabre/dav in (/var/www/glpi/vendor/sabre/dav/lib/DAV) sabre/http in (/var/www/glpi/vendor/sabre/http/lib) sabre/uri in (/var/www/glpi/vendor/sabre/uri/lib) sabre/vobject in (/var/www/glpi/vendor/sabre/vobject/lib) laminas/laminas-i18n in (/var/www/glpi/vendor/laminas/laminas-i18n/src) laminas/laminas-servicemanager in (/var/www/glpi/vendor/laminas/laminas-servicemanager/src) monolog/monolog in (/var/www/glpi/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/var/www/glpi/vendor/sebastian/diff/src) donatj/phpuseragentparser in (/var/www/glpi/vendor/donatj/phpuseragentparser/src/UserAgent) elvanto/litemoji in (/var/www/glpi/vendor/elvanto/litemoji/src) symfony/console in (/var/www/glpi/vendor/symfony/console) scssphp/scssphp in (/var/www/glpi/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/var/www/glpi/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/var/www/glpi/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/var/www/glpi/vendor/rlanvin/php-rrule/src) ramsey/uuid in (/var/www/glpi/vendor/ramsey/uuid/src) psr/log in (/var/www/glpi/vendor/psr/log/Psr/Log) psr/simple-cache in (/var/www/glpi/vendor/psr/simple-cache/src) psr/cache in (/var/www/glpi/vendor/psr/cache/src) league/csv in (/var/www/glpi/vendor/league/csv/src) mexitek/phpcolors in (/var/www/glpi/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/var/www/glpi/vendor/guzzlehttp/guzzle/src) guzzlehttp/psr7 in (/var/www/glpi/vendor/guzzlehttp/psr7/src) glpi-project/inventory_format in (/var/www/glpi/vendor/glpi-project/inventory_format/lib/php) wapmorgan/unified-archive in (/var/www/glpi/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/var/www/glpi/vendor/paragonie/sodium_compat/src) symfony/cache in (/var/www/glpi/vendor/symfony/cache) html2text/html2text in (/var/www/glpi/vendor/html2text/html2text/src) symfony/css-selector in (/var/www/glpi/vendor/symfony/css-selector) symfony/dom-crawler in (/var/www/glpi/vendor/symfony/dom-crawler) twig/twig in (/var/www/glpi/vendor/twig/twig/src) twig/string-extra in (/var/www/glpi/vendor/twig/string-extra) symfony/polyfill-ctype not found symfony/polyfill-iconv not found symfony/polyfill-mbstring not found symfony/polyfill-php80 not found symfony/polyfill-php81 not found symfony/polyfill-php82 in (/var/www/glpi/vendor/symfony/polyfill-php82) league/oauth2-client in (/var/www/glpi/vendor/league/oauth2-client/src/Provider) league/oauth2-google in (/var/www/glpi/vendor/league/oauth2-google/src/Provider) thenetworg/oauth2-azure in (/var/www/glpi/vendor/thenetworg/oauth2-azure/src/Provider)

Server: 'REDACTED', Port: '389', BaseDN: 'ou=REDACTED', Connection filter: '(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 'CN=GLPI LDAP,CN=REDACTED', Use TLS: none

Not active

Way of sending emails: SMTP+SSL (REDACTED)

Name: 'REDACTED' Active: Yes Server: '{outlook.office365.com/imap-oauth-1/ssl}' Login: 'REDACTED' Password: No REDACTED

fields Name: Additional Fields Version: 1.21.6 State: Enabled Install Method: Marketplace datainjection Name: Data injection Version: 2.13.4 State: Installed / not activated Install Method: Marketplace formcreator Name: Form Creator Version: 2.13.8 State: To update Install Method: Marketplace oauthimap Name: Oauth IMAP Version: 1.4.3 State: Enabled Install Method: Marketplace order Name: Orders management Version: 2.10.4 State: Enabled Install Method: Marketplace purchaserequest Name: Purchase request Version: 3.0.1 State: Enabled Install Method: Marketplace screenshot Name: Screenshot Version: 2.0.2 State: Enabled Install Method: Marketplace

Anything else?

Thankyou!

[cedric-anne]

Hi,

It has been fixed in GLPI 10.0.11 (see #15962).