Closed JennyferSanchez closed 6 months ago
Having the exact same issue, after updating to 10.0.14 the actor dropdowns come up empty. Logs also show the IDOR reference. Currently working around it by impersonating the person I want to assign and then selecting assign myself.
I do not reproduce. Please provide information so it can be reproduced on a blank install.
GLPI 10.0.14 ( => /var/www/html/glpisistemas) Installation mode: TARBALL Current language:es_419
Operating system: Linux raselgeuse 6.5.0-21-generic #21~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 9 13:32:52 UTC 2 x86_64 PHP 8.1.2-1ubuntu2.14 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apcu, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, imap, intl, json, ldap, libxml, mbstring, memcache, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, pspell, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files" upload_max_filesize="2M" disable_functions="" Software: Apache/2.4.52 (Ubuntu) (Apache/2.4.52 (Ubuntu) Server at helpdesk.fepco.com.co Port 443 ) Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Server Software: (Ubuntu) Server Version: 8.0.36-0ubuntu0.22.04.1 Server SQL Mode: STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION Parameters: root@localhost/glpi Host info: Localhost via UNIX socket PHP version (8.1.2-1ubuntu2.14) is supported. Sessions configuration is OK. Allocated memory is sufficient. mysqli extension is installed. Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter. curl extension is installed. gd extension is installed. intl extension is installed. zlib extension is installed. The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present. Database engine version (8.0.36) is supported. No files from previous GLPI version detected. The log file has been created successfully. Write access to /var/www/html/glpisistemas/files/_cache has been validated. Write access to /var/www/html/glpisistemas/files/_cron has been validated. Write access to /var/www/html/glpisistemas/files has been validated. Write access to /var/www/html/glpisistemas/files/_dumps has been validated. Write access to /var/www/html/glpisistemas/files/_graphs has been validated. Write access to /var/www/html/glpisistemas/files/_lock has been validated. Write access to /var/www/html/glpisistemas/files/_pictures has been validated. Write access to /var/www/html/glpisistemas/files/_plugins has been validated. Write access to /var/www/html/glpisistemas/files/_rss has been validated. Write access to /var/www/html/glpisistemas/files/_sessions has been validated. Write access to /var/www/html/glpisistemas/files/_tmp has been validated. Write access to /var/www/html/glpisistemas/files/_uploads has been validated. Web server root directory configuration seems safe. Sessions configuration is secured. OS and PHP are relying on 64 bits integers. exif extension is installed. ldap extension is installed. openssl extension is installed. Following extensions are installed: bz2, Phar, zip. Zend OPcache extension is installed. Following extensions are installed: ctype, iconv, mbstring, sodium. Write access to /var/www/html/glpisistemas/marketplace has been validated. Timezones seems loaded in database.
GLPI_ROOT: "/var/www/html/glpisistemas" GLPI_CONFIG_DIR: "/var/www/html/glpisistemas/config" GLPI_VAR_DIR: "/var/www/html/glpisistemas/files" GLPI_MARKETPLACE_DIR: "/var/www/html/glpisistemas/marketplace" GLPI_USE_CSRF_CHECK: "1" GLPI_CSRF_EXPIRES: "7200" GLPI_CSRF_MAX_TOKENS: "100" GLPI_USE_IDOR_CHECK: "1" GLPI_IDOR_EXPIRES: "7200" GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\\/\\/[^@:]+(\\/.*)?$/"] GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org" GLPI_INSTALL_MODE: "TARBALL" GLPI_NETWORK_MAIL: "glpi@teclib.com" GLPI_NETWORK_SERVICES: "https://services.glpi-network.com" GLPI_MARKETPLACE_ALLOW_OVERRIDE: true GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true GLPI_USER_AGENT_EXTRA_COMMENTS: "" GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1" GLPI_AJAX_DASHBOARD: "1" GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: "0" GLPI_CENTRAL_WARNINGS: "1" GLPI_TEXT_MAXSIZE: "4000" GLPI_DOC_DIR: "/var/www/html/glpisistemas/files" GLPI_CACHE_DIR: "/var/www/html/glpisistemas/files/_cache" GLPI_CRON_DIR: "/var/www/html/glpisistemas/files/_cron" GLPI_DUMP_DIR: "/var/www/html/glpisistemas/files/_dumps" GLPI_GRAPH_DIR: "/var/www/html/glpisistemas/files/_graphs" GLPI_LOCAL_I18N_DIR: "/var/www/html/glpisistemas/files/_locales" GLPI_LOCK_DIR: "/var/www/html/glpisistemas/files/_lock" GLPI_LOG_DIR: "/var/www/html/glpisistemas/files/_log" GLPI_PICTURE_DIR: "/var/www/html/glpisistemas/files/_pictures" GLPI_PLUGIN_DOC_DIR: "/var/www/html/glpisistemas/files/_plugins" GLPI_RSS_DIR: "/var/www/html/glpisistemas/files/_rss" GLPI_SESSION_DIR: "/var/www/html/glpisistemas/files/_sessions" GLPI_TMP_DIR: "/var/www/html/glpisistemas/files/_tmp" GLPI_UPLOAD_DIR: "/var/www/html/glpisistemas/files/_uploads" GLPI_INVENTORY_DIR: "/var/www/html/glpisistemas/files/_inventories" GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/" GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/" GLPI_I18N_DIR: "/var/www/html/glpisistemas/locales" GLPI_VERSION: "10.0.14" GLPI_SCHEMA_VERSION: "10.0.14" GLPI_MARKETPLACE_PRERELEASES: false GLPI_MIN_PHP: "7.4.0" GLPI_MAX_PHP: "8.4.0" GLPI_YEAR: "2024"
htmlawed/htmlawed version 1.2.14 in (/var/www/html/glpisistemas/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.8.0 in (/var/www/html/glpisistemas/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.8 in (/var/www/html/glpisistemas/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.4.4 in (/var/www/html/glpisistemas/marketplace/pdf/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/var/www/html/glpisistemas/vendor/michelf/php-markdown/Michelf) true/punycode in (/var/www/html/glpisistemas/vendor/true/punycode/src) iamcal/lib_autolink in (/var/www/html/glpisistemas/vendor/iamcal/lib_autolink) sabre/dav in (/var/www/html/glpisistemas/vendor/sabre/dav/lib/DAV) sabre/http in (/var/www/html/glpisistemas/vendor/sabre/http/lib) sabre/uri in (/var/www/html/glpisistemas/vendor/sabre/uri/lib) sabre/vobject in (/var/www/html/glpisistemas/vendor/sabre/vobject/lib) laminas/laminas-i18n in (/var/www/html/glpisistemas/vendor/laminas/laminas-i18n/src) laminas/laminas-servicemanager in (/var/www/html/glpisistemas/vendor/laminas/laminas-servicemanager/src) monolog/monolog in (/var/www/html/glpisistemas/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/var/www/html/glpisistemas/vendor/sebastian/diff/src) donatj/phpuseragentparser in (/var/www/html/glpisistemas/vendor/donatj/phpuseragentparser/src/UserAgent) elvanto/litemoji in (/var/www/html/glpisistemas/vendor/elvanto/litemoji/src) symfony/console in (/var/www/html/glpisistemas/vendor/symfony/console) scssphp/scssphp in (/var/www/html/glpisistemas/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/var/www/html/glpisistemas/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/var/www/html/glpisistemas/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/var/www/html/glpisistemas/vendor/rlanvin/php-rrule/src) ramsey/uuid in (/var/www/html/glpisistemas/vendor/ramsey/uuid/src) psr/log in (/var/www/html/glpisistemas/vendor/psr/log/Psr/Log) psr/simple-cache in (/var/www/html/glpisistemas/vendor/psr/simple-cache/src) psr/cache in (/var/www/html/glpisistemas/vendor/psr/cache/src) league/csv in (/var/www/html/glpisistemas/vendor/league/csv/src) mexitek/phpcolors in (/var/www/html/glpisistemas/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/var/www/html/glpisistemas/vendor/guzzlehttp/guzzle/src) guzzlehttp/psr7 in (/var/www/html/glpisistemas/vendor/guzzlehttp/psr7/src) glpi-project/inventory_format in (/var/www/html/glpisistemas/vendor/glpi-project/inventory_format/lib/php) wapmorgan/unified-archive in (/var/www/html/glpisistemas/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/var/www/html/glpisistemas/vendor/paragonie/sodium_compat/src) symfony/cache in (/var/www/html/glpisistemas/vendor/symfony/cache) html2text/html2text in (/var/www/html/glpisistemas/vendor/html2text/html2text/src) symfony/css-selector in (/var/www/html/glpisistemas/vendor/symfony/css-selector) symfony/dom-crawler in (/var/www/html/glpisistemas/vendor/symfony/dom-crawler) twig/twig in (/var/www/html/glpisistemas/vendor/twig/twig/src) twig/string-extra in (/var/www/html/glpisistemas/vendor/twig/string-extra) symfony/polyfill-ctype not found symfony/polyfill-iconv not found symfony/polyfill-mbstring not found symfony/polyfill-php80 not found symfony/polyfill-php81 not found symfony/polyfill-php82 in (/var/www/html/glpisistemas/vendor/symfony/polyfill-php82) league/oauth2-client in (/var/www/html/glpisistemas/vendor/league/oauth2-client/src/Provider) league/oauth2-google in (/var/www/html/glpisistemas/vendor/league/oauth2-google/src/Provider) thenetworg/oauth2-azure in (/var/www/html/glpisistemas/vendor/thenetworg/oauth2-azure/src/Provider) phpCas version 1.3.8 in (/usr/share/php/CAS/source)
Server: 'ldap://dcmintaka.fepco.loc', Port: '389', BaseDN: 'DC=FEPCO,DC=LOC', Connection filter: '(objectClass=user)', RootDN: 'CN=Libreta Direcciones,OU=SISTEMAS_ZFB,OU=FEPCO_ZFB,DC=FEPCO,DC=LOC', Use TLS: none
Not active
Way of sending emails: SMTP+TLS (plataformas@fepco.com.co@smtp.office365.com)
fields Name: Additional fields Version: 1.21.6 State: Installed / not activated Install Method: Marketplace badges Name: Badges Version: 3.0.0 State: Installed / not activated Install Method: Marketplace barcode Name: Barcode Version: 2.7.1 State: Not installed Install Method: Marketplace behaviors Name: Behaviours Version: 2.7.2 State: Not installed Install Method: Marketplace dashboard Name: Dashboard Version: 1.0.3 State: Enabled Install Method: Manual datainjection Name: Data injection Version: 2.13.4 State: Not installed Install Method: Marketplace formcreator Name: Form Creator Version: 2.13.9 State: Not installed Install Method: Marketplace gantt Name: gantt Version: 1.1.0 State: Enabled Install Method: Marketplace glpiinventory Name: GLPI Inventory Version: 1.3.4 State: Enabled Install Method: Manual resources Name: Human Resources Version: 3.0.4 State: Not installed Install Method: Marketplace metademands Name: Meta-Demands Version: 3.3.10 State: Not installed Install Method: Marketplace metabase Name: Metabase Version: 1.3.3 State: Installed / not activated Install Method: Marketplace moreticket Name: More ticket Version: 1.7.3 State: Not installed Install Method: Marketplace mydashboard Name: My Dashboard Version: 2.1.5 State: Not installed Install Method: Marketplace oauthimap Name: Oauth IMAP Version: 1.4.3 State: Installed / not activated Install Method: Marketplace genericobject Name: Objects management Version: 2.14.8 State: Not installed Install Method: Marketplace ocsinventoryng Name: OCS Inventory NG Version: 2.0.4 State: Not installed Install Method: Marketplace additionalalerts Name: Others alerts Version: 2.4.0 State: Not installed Install Method: Marketplace pdf Name: Print to pdf Version: 3.0.0 State: Enabled Install Method: Marketplace protocolsmanager Name: Protocols manager Version: 1.5.3.4 State: Enabled Install Method: Manual reports Name: Reports Version: 1.16.0 State: Not installed Install Method: Marketplace manufacturersimports Name: Suppliers imports Version: 3.0.5 State: Installed / not activated Install Method: Marketplace tasklists Name: Tasks list Version: 2.0.3 State: Not installed Install Method: Marketplace useditemsexport Name: Used items export Version: 2.5.1 State: Installed / not activated Install Method: Marketplace vip Name: VIP Version: 1.8.2 State: Not installed Install Method: Marketplace webresources Name: Web Resources Version: 2.0.3 State: Not installed Install Method: Marketplace
Is there a particular log or dump we can do that will give you the info you need?
I take a look in the GLPI source code, adn the GLPI code itself is not the source of the problem.
The source of the problem can be:
idor_token()
Twig function;files/_cache/template
of your GLPI instance and see if problem persist ?idor_token
function call in *.html.twig
files and see if one of the call is made without arguments ?Thank you so much, clearing the files/_cache/template folder solved it for me. (did a reboot for good measure after clearing it out.)
I guess that, after installation, you copied back the whole files
directory from yout previous GLPI version to your updated GLPI. You should not copy the _cache
directory after an update.
Hi,
- Could you empty the
files/_cache/template
of your GLPI instance
I was having the same issue and this post was the key to solve the problem.
You should not copy the
_cache
directory after an update.
This is not what the official documentation for upgrades says: https://glpi-install.readthedocs.io/en/latest/update.html
So perhaps it would be helpful to add a note specifying that the _cache
folder within the files
folder shouldn't be restored.
As the db:update
command clears the cache directory, I supposed that the directory restore operation was made after the execution of the command.
Code of Conduct
Is there an existing issue for this?
Version
10.0.14
Bug description
I updated glpi to version 10.0.14 but now in my tickets the dropdowns of the actors do not work, neither the search in the logs I get this:
[2024-03-27 11:11:20] glpiphplog.WARNING: *** PHP User Warning (512): IDOR token cannot be generated with empty criteria. in /var/www/html/glpisistemas/src/Session.php at line 1654 Backtrace : src/Session.php:1654 trigger_error() ...tes/1b/1bc59cab74df512e2caa074465da2e41.php:434 Session::getNewIDORToken() vendor/twig/twig/src/Template.php:394 TwigTemplate_d62f8951e4825d75945fe96af6d7f910->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/Template.php:379 Twig\Template->display() vendor/twig/twig/src/TemplateWrapper.php:38 Twig\Template->render() .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render() ...tes/54/54bf5691f5e7b12842576f6eae0cc83b.php:177 twig_include() vendor/twig/twig/src/Template.php:394 TwigTemplate_11331e5866fdd8b06a457601bea3617d->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/Template.php:379 Twig\Template->display() vendor/twig/twig/src/TemplateWrapper.php:38 Twig\Template->render() .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render() ...tes/85/8516ecf745bdabc376ff2cd57117f78d.php:416 twig_include() vendor/twig/twig/src/Template.php:394 TwigTemplate_7b40705d0225b2f830a20cca8c47ae69->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/Template.php:379 Twig\Template->display() vendor/twig/twig/src/TemplateWrapper.php:38 Twig\Template->render() .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render() ...tes/22/22d5d897f4b5af5b403673476f790424.php:152 twig_include() vendor/twig/twig/src/Template.php:394 TwigTemplate_825de126fa2e4aa487bf6a6b66b0f5d2->doDisplay() vendor/twig/twig/src/Template.php:367 Twig\Template->displayWithErrorHandling() vendor/twig/twig/src/TemplateWrapper.php:45 Twig\Template->display() src/Application/View/TemplateRenderer.php:184 Twig\TemplateWrapper->display() src/Ticket.php:4429 Glpi\Application\View\TemplateRenderer->display() src/CommonGLPI.php:680 Ticket->showForm() ajax/common.tabs.php:120 CommonGLPI::displayStandardTab() public/index.php:82 require()
Relevant log output
No response
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
No response
Anything else?
No response