Closed JennyferSanchez closed 6 months ago
deanboock
commented
6 months ago Having the exact same issue, after updating to 10.0.14 the actor dropdowns come up empty. Logs also show the IDOR reference. Currently working around it by impersonating the person I want to assign and then selecting assign myself.
trasher
commented
6 months ago I do not reproduce. Please provide information so it can be reproduced on a blank install.
JennyferSanchez
commented
6 months ago GLPI 10.0.14 ( => /var/www/html/glpisistemas) Installation mode: TARBALL Current language:es_419
Operating system: Linux raselgeuse 6.5.0-21-generic #21~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 9 13:32:52 UTC 2 x86_64
PHP 8.1.2-1ubuntu2.14 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apcu, bz2,
calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, imap, intl, json, ldap,
libxml, mbstring, memcache, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, pspell, readline, session, shmop, sockets, sodium,
standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"
upload_max_filesize="2M" disable_functions=""
Software: Apache/2.4.52 (Ubuntu) (Apache/2.4.52 (Ubuntu) Server at helpdesk.fepco.com.co Port 443
)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Server Software: (Ubuntu)
Server Version: 8.0.36-0ubuntu0.22.04.1
Server SQL Mode: STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
Parameters: root@localhost/glpi
Host info: Localhost via UNIX socket
PHP version (8.1.2-1ubuntu2.14) is supported.
Sessions configuration is OK.
Allocated memory is sufficient.
mysqli extension is installed.
Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.
curl extension is installed.
gd extension is installed.
intl extension is installed.
zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (8.0.36) is supported.
No files from previous GLPI version detected.
The log file has been created successfully.
Write access to /var/www/html/glpisistemas/files/_cache has been validated.
Write access to /var/www/html/glpisistemas/files/_cron has been validated.
Write access to /var/www/html/glpisistemas/files has been validated.
Write access to /var/www/html/glpisistemas/files/_dumps has been validated.
Write access to /var/www/html/glpisistemas/files/_graphs has been validated.
Write access to /var/www/html/glpisistemas/files/_lock has been validated.
Write access to /var/www/html/glpisistemas/files/_pictures has been validated.
Write access to /var/www/html/glpisistemas/files/_plugins has been validated.
Write access to /var/www/html/glpisistemas/files/_rss has been validated.
Write access to /var/www/html/glpisistemas/files/_sessions has been validated.
Write access to /var/www/html/glpisistemas/files/_tmp has been validated.
Write access to /var/www/html/glpisistemas/files/_uploads has been validated.
Web server root directory configuration seems safe.
Sessions configuration is secured.
OS and PHP are relying on 64 bits integers.
exif extension is installed.
ldap extension is installed.
openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /var/www/html/glpisistemas/marketplace has been validated.
Timezones seems loaded in database.
GLPI_ROOT: "/var/www/html/glpisistemas" GLPI_CONFIG_DIR: "/var/www/html/glpisistemas/config" GLPI_VAR_DIR: "/var/www/html/glpisistemas/files" GLPI_MARKETPLACE_DIR: "/var/www/html/glpisistemas/marketplace" GLPI_USE_CSRF_CHECK: "1" GLPI_CSRF_EXPIRES: "7200" GLPI_CSRF_MAX_TOKENS: "100" GLPI_USE_IDOR_CHECK: "1" GLPI_IDOR_EXPIRES: "7200" GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\\/\\/[^@:]+(\\/.*)?$/"] GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org" GLPI_INSTALL_MODE: "TARBALL" GLPI_NETWORK_MAIL: "glpi@teclib.com" GLPI_NETWORK_SERVICES: "https://services.glpi-network.com" GLPI_MARKETPLACE_ALLOW_OVERRIDE: true GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true GLPI_USER_AGENT_EXTRA_COMMENTS: "" GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1" GLPI_AJAX_DASHBOARD: "1" GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: "0" GLPI_CENTRAL_WARNINGS: "1" GLPI_TEXT_MAXSIZE: "4000" GLPI_DOC_DIR: "/var/www/html/glpisistemas/files" GLPI_CACHE_DIR: "/var/www/html/glpisistemas/files/_cache" GLPI_CRON_DIR: "/var/www/html/glpisistemas/files/_cron" GLPI_DUMP_DIR: "/var/www/html/glpisistemas/files/_dumps" GLPI_GRAPH_DIR: "/var/www/html/glpisistemas/files/_graphs" GLPI_LOCAL_I18N_DIR: "/var/www/html/glpisistemas/files/_locales" GLPI_LOCK_DIR: "/var/www/html/glpisistemas/files/_lock" GLPI_LOG_DIR: "/var/www/html/glpisistemas/files/_log" GLPI_PICTURE_DIR: "/var/www/html/glpisistemas/files/_pictures" GLPI_PLUGIN_DOC_DIR: "/var/www/html/glpisistemas/files/_plugins" GLPI_RSS_DIR: "/var/www/html/glpisistemas/files/_rss" GLPI_SESSION_DIR: "/var/www/html/glpisistemas/files/_sessions" GLPI_TMP_DIR: "/var/www/html/glpisistemas/files/_tmp" GLPI_UPLOAD_DIR: "/var/www/html/glpisistemas/files/_uploads" GLPI_INVENTORY_DIR: "/var/www/html/glpisistemas/files/_inventories" GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/" GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/" GLPI_I18N_DIR: "/var/www/html/glpisistemas/locales" GLPI_VERSION: "10.0.14" GLPI_SCHEMA_VERSION: "10.0.14" GLPI_MARKETPLACE_PRERELEASES: false GLPI_MIN_PHP: "7.4.0" GLPI_MAX_PHP: "8.4.0" GLPI_YEAR: "2024"
htmlawed/htmlawed version 1.2.14 in (/var/www/html/glpisistemas/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.8.0 in (/var/www/html/glpisistemas/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.8 in (/var/www/html/glpisistemas/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.4.4 in (/var/www/html/glpisistemas/marketplace/pdf/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/var/www/html/glpisistemas/vendor/michelf/php-markdown/Michelf) true/punycode in (/var/www/html/glpisistemas/vendor/true/punycode/src) iamcal/lib_autolink in (/var/www/html/glpisistemas/vendor/iamcal/lib_autolink) sabre/dav in (/var/www/html/glpisistemas/vendor/sabre/dav/lib/DAV) sabre/http in (/var/www/html/glpisistemas/vendor/sabre/http/lib) sabre/uri in (/var/www/html/glpisistemas/vendor/sabre/uri/lib) sabre/vobject in (/var/www/html/glpisistemas/vendor/sabre/vobject/lib) laminas/laminas-i18n in (/var/www/html/glpisistemas/vendor/laminas/laminas-i18n/src) laminas/laminas-servicemanager in (/var/www/html/glpisistemas/vendor/laminas/laminas-servicemanager/src) monolog/monolog in (/var/www/html/glpisistemas/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/var/www/html/glpisistemas/vendor/sebastian/diff/src) donatj/phpuseragentparser in (/var/www/html/glpisistemas/vendor/donatj/phpuseragentparser/src/UserAgent) elvanto/litemoji in (/var/www/html/glpisistemas/vendor/elvanto/litemoji/src) symfony/console in (/var/www/html/glpisistemas/vendor/symfony/console) scssphp/scssphp in (/var/www/html/glpisistemas/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/var/www/html/glpisistemas/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/var/www/html/glpisistemas/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/var/www/html/glpisistemas/vendor/rlanvin/php-rrule/src) ramsey/uuid in (/var/www/html/glpisistemas/vendor/ramsey/uuid/src) psr/log in (/var/www/html/glpisistemas/vendor/psr/log/Psr/Log) psr/simple-cache in (/var/www/html/glpisistemas/vendor/psr/simple-cache/src) psr/cache in (/var/www/html/glpisistemas/vendor/psr/cache/src) league/csv in (/var/www/html/glpisistemas/vendor/league/csv/src) mexitek/phpcolors in (/var/www/html/glpisistemas/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/var/www/html/glpisistemas/vendor/guzzlehttp/guzzle/src) guzzlehttp/psr7 in (/var/www/html/glpisistemas/vendor/guzzlehttp/psr7/src) glpi-project/inventory_format in (/var/www/html/glpisistemas/vendor/glpi-project/inventory_format/lib/php) wapmorgan/unified-archive in (/var/www/html/glpisistemas/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/var/www/html/glpisistemas/vendor/paragonie/sodium_compat/src) symfony/cache in (/var/www/html/glpisistemas/vendor/symfony/cache) html2text/html2text in (/var/www/html/glpisistemas/vendor/html2text/html2text/src) symfony/css-selector in (/var/www/html/glpisistemas/vendor/symfony/css-selector) symfony/dom-crawler in (/var/www/html/glpisistemas/vendor/symfony/dom-crawler) twig/twig in (/var/www/html/glpisistemas/vendor/twig/twig/src) twig/string-extra in (/var/www/html/glpisistemas/vendor/twig/string-extra) symfony/polyfill-ctype not found symfony/polyfill-iconv not found symfony/polyfill-mbstring not found symfony/polyfill-php80 not found symfony/polyfill-php81 not found symfony/polyfill-php82 in (/var/www/html/glpisistemas/vendor/symfony/polyfill-php82) league/oauth2-client in (/var/www/html/glpisistemas/vendor/league/oauth2-client/src/Provider) league/oauth2-google in (/var/www/html/glpisistemas/vendor/league/oauth2-google/src/Provider) thenetworg/oauth2-azure in (/var/www/html/glpisistemas/vendor/thenetworg/oauth2-azure/src/Provider) phpCas version 1.3.8 in (/usr/share/php/CAS/source)
Server: 'ldap://dcmintaka.fepco.loc', Port: '389', BaseDN: 'DC=FEPCO,DC=LOC', Connection filter: '(objectClass=user)', RootDN:
'CN=Libreta Direcciones,OU=SISTEMAS_ZFB,OU=FEPCO_ZFB,DC=FEPCO,DC=LOC', Use TLS: none
Not active
Way of sending emails: SMTP+TLS (plataformas@fepco.com.co@smtp.office365.com)
fields Name: Additional fields Version: 1.21.6 State: Installed / not activated
Install Method: Marketplace
badges Name: Badges Version: 3.0.0 State: Installed / not activated
Install Method: Marketplace
barcode Name: Barcode Version: 2.7.1 State: Not installed
Install Method: Marketplace
behaviors Name: Behaviours Version: 2.7.2 State: Not installed
Install Method: Marketplace
dashboard Name: Dashboard Version: 1.0.3 State: Enabled
Install Method: Manual
datainjection Name: Data injection Version: 2.13.4 State: Not installed
Install Method: Marketplace
formcreator Name: Form Creator Version: 2.13.9 State: Not installed
Install Method: Marketplace
gantt Name: gantt Version: 1.1.0 State: Enabled
Install Method: Marketplace
glpiinventory Name: GLPI Inventory Version: 1.3.4 State: Enabled
Install Method: Manual
resources Name: Human Resources Version: 3.0.4 State: Not installed
Install Method: Marketplace
metademands Name: Meta-Demands Version: 3.3.10 State: Not installed
Install Method: Marketplace
metabase Name: Metabase Version: 1.3.3 State: Installed / not activated
Install Method: Marketplace
moreticket Name: More ticket Version: 1.7.3 State: Not installed
Install Method: Marketplace
mydashboard Name: My Dashboard Version: 2.1.5 State: Not installed
Install Method: Marketplace
oauthimap Name: Oauth IMAP Version: 1.4.3 State: Installed / not activated
Install Method: Marketplace
genericobject Name: Objects management Version: 2.14.8 State: Not installed
Install Method: Marketplace
ocsinventoryng Name: OCS Inventory NG Version: 2.0.4 State: Not installed
Install Method: Marketplace
additionalalerts Name: Others alerts Version: 2.4.0 State: Not installed
Install Method: Marketplace
pdf Name: Print to pdf Version: 3.0.0 State: Enabled
Install Method: Marketplace
protocolsmanager Name: Protocols manager Version: 1.5.3.4 State: Enabled
Install Method: Manual
reports Name: Reports Version: 1.16.0 State: Not installed
Install Method: Marketplace
manufacturersimports Name: Suppliers imports Version: 3.0.5 State: Installed / not activated
Install Method: Marketplace
tasklists Name: Tasks list Version: 2.0.3 State: Not installed
Install Method: Marketplace
useditemsexport Name: Used items export Version: 2.5.1 State: Installed / not activated
Install Method: Marketplace
vip Name: VIP Version: 1.8.2 State: Not installed
Install Method: Marketplace
webresources Name: Web Resources Version: 2.0.3 State: Not installed
Install Method: Marketplace
deanboock
commented
6 months ago Is there a particular log or dump we can do that will give you the info you need?
cedric-anne
commented
6 months ago I take a look in the GLPI source code, adn the GLPI code itself is not the source of the problem.
The source of the problem can be:
idor_token() Twig function;files/_cache/template of your GLPI instance and see if problem persist ?idor_token function call in *.html.twig files and see if one of the call is made without arguments ?deanboock
commented
6 months ago Thank you so much, clearing the files/_cache/template folder solved it for me. (did a reboot for good measure after clearing it out.)
cedric-anne
commented
6 months ago I guess that, after installation, you copied back the whole files directory from yout previous GLPI version to your updated GLPI. You should not copy the _cache directory after an update.
K-O-K
commented
5 months ago Hi,
- Could you empty the
files/_cache/templateof your GLPI instance
I was having the same issue and this post was the key to solve the problem.
You should not copy the
_cachedirectory after an update.
This is not what the official documentation for upgrades says: https://glpi-install.readthedocs.io/en/latest/update.html
So perhaps it would be helpful to add a note specifying that the _cache folder within the files folder shouldn't be restored.
cedric-anne
commented
5 months ago As the db:update command clears the cache directory, I supposed that the directory restore operation was made after the execution of the command.
Code of Conduct
Is there an existing issue for this?
Version
10.0.14
Bug description
[2024-03-27 11:11:20] glpiphplog.WARNING: *** PHP User Warning (512): IDOR token cannot be generated with empty criteria. in /var/www/html/glpisistemas/src/Session.php at line 1654 Backtrace : src/Session.php:1654 trigger_error() ...tes/1b/1bc59cab74df512e2caa074465da2e41.php:434 Session::getNewIDORToken() vendor/twig/twig/src/Template.php:394 TwigTemplate_d62f8951e4825d75945fe96af6d7f910->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/Template.php:379 Twig\Template->display() vendor/twig/twig/src/TemplateWrapper.php:38 Twig\Template->render() .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render() ...tes/54/54bf5691f5e7b12842576f6eae0cc83b.php:177 twig_include() vendor/twig/twig/src/Template.php:394 TwigTemplate_11331e5866fdd8b06a457601bea3617d->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/Template.php:379 Twig\Template->display() vendor/twig/twig/src/TemplateWrapper.php:38 Twig\Template->render() .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render() ...tes/85/8516ecf745bdabc376ff2cd57117f78d.php:416 twig_include() vendor/twig/twig/src/Template.php:394 TwigTemplate_7b40705d0225b2f830a20cca8c47ae69->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/Template.php:379 Twig\Template->display() vendor/twig/twig/src/TemplateWrapper.php:38 Twig\Template->render() .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render() ...tes/22/22d5d897f4b5af5b403673476f790424.php:152 twig_include() vendor/twig/twig/src/Template.php:394 TwigTemplate_825de126fa2e4aa487bf6a6b66b0f5d2->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/TemplateWrapper.php:45 Twig\Template->display() src/Application/View/TemplateRenderer.php:184 Twig\TemplateWrapper->display() src/Ticket.php:4429 Glpi\Application\View\TemplateRenderer->display() src/CommonGLPI.php:680 Ticket->showForm() ajax/common.tabs.php:120 CommonGLPI::displayStandardTab() public/index.php:82 require()
Relevant log output
No response
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
No response
Anything else?
No response