search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
4.13k stars 1.28k forks source link

Trying to access array offset on null for the cleanIDORTokens() #17729

Open M-Falken opened 3 weeks ago

M-Falken commented 3 weeks ago

Code of Conduct

Is there an existing issue for this?

Version

10.0.16

Bug description

Error produced when the clean routine is launch by the public static function cleanIDORTokens()

Relevant log output

[2024-08-27 10:03:26] glpiphplog.WARNING:   *** PHP Warning (2): Trying to access array offset on null in /home/emaging/public_html/GLPINEW/src/Session.php at line 1757
  Backtrace :
  src/Session.php:1690                               Session::cleanIDORTokens()
  src/Dropdown.php:2627                              Session::validateIDOR()
  src/Dropdown.php:261                               Dropdown::getDropdownValue()
  src/CommonDBTM.php:4154                            Dropdown::show()
  ...ication/View/Extension/ItemtypeExtension.php:99 CommonDBTM::dropdown()
  ...es/6b/6bdaac1609dfc3880d8a1dbe05c38f22.php:2367 Glpi\Application\View\Extension\ItemtypeExtension->getItemtypeDropdown()
  .../twig/twig/src/Extension/CoreExtension.php:1224 __TwigTemplate_4cad302603e5c77a607dc9e0bac1ebc3->macro_dropdownField()
  ...tes/b6/b6d073699a3c202180aedd597aea6725.php:329 twig_call_macro()
  vendor/twig/twig/src/Template.php:394              __TwigTemplate_0b3b832b5d6a8b70a02a9064b9322f58->doDisplay()
  vendor/twig/twig/src/Template.php:367              Twig\Template->displayWithErrorHandling()
  vendor/twig/twig/src/Template.php:379              Twig\Template->display()
  vendor/twig/twig/src/TemplateWrapper.php:38        Twig\Template->render()
  .../twig/twig/src/Extension/CoreExtension.php:1347 Twig\TemplateWrapper->render()
  ...tes/18/1838fce3fde5ec681ce1b20d5603106b.php:152 twig_include()
  vendor/twig/twig/src/Template.php:394              __TwigTemplate_01c6216f9e2e88e1b750838150439be8->doDisplay()
  vendor/twig/twig/src/Template.php:367              Twig\Template->displayWithErrorHandling()
  vendor/twig/twig/src/TemplateWrapper.php:45        Twig\Template->display()
  src/Application/View/TemplateRenderer.php:184      Twig\TemplateWrapper->display()
  src/Ticket.php:4428                                Glpi\Application\View\TemplateRenderer->display()
  src/CommonGLPI.php:680                             Ticket->showForm()
  ajax/common.tabs.php:120                           CommonGLPI::displayStandardTab()
  public/index.php:82                                require()

Page URL

No response

Steps To reproduce

No response

Your GLPI setup information

Operating system: Linux hybrid1553.fr.ns.planethoster.net 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #​1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 PHP 8.3.10 litespeed (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apcu, bcmath, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imap, intl, json, ldap, libxml, litespeed, mbstring, memcached, mysqli, mysqlnd, openssl, pcntl, pcre, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, posix, random, readline, session, shmop, soap, sockets, sqlite3, standard, sysvmsg, sysvsem, sysvshm, timezonedb, tokenizer, xml, xmlreader, xmlwriter, xsl, zip, zlib) Setup: max_execution_time="600" memory_limit="256M" post_max_size="16M" safe_mode="" session.save_handler="files" upload_max_filesize="16M" Software: LiteSpeed Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0 Server Software: MariaDB Server Server Version: 10.6.19-MariaDB-log Server SQL Mode: ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION Host info: Localhost via UNIX socket

PHP version (8.3.10) is supported.PHP version (8.3.10) is supported. Sessions configuration is OK. Allocated memory is sufficient. mysqli extension is installed. Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter. curl extension is installed. gd extension is installed. intl extension is installed. zlib extension is installed. The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present. Database engine version (10.6.19) is supported. No files from previous GLPI version detected. The log file has been created successfully. Write access to /files/_cache has been validated. Write access to /files/_cron has been validated. Write access to /files has been validated. Write access to /files/_dumps has been validated. Write access to /files/_graphs has been validated. Write access to /files/_lock has been validated. Write access to /files/_pictures has been validated. Write access to /files/_plugins has been validated. Write access to /files/_rss has been validated. Write access to /files/_sessions has been validated. Write access to /files/_tmp has been validated. Write access to /files/_uploads has been validated. For security reasons, SELinux mode should be Enforcing.

Web server root directory configuration seems safe. Sessions configuration is secured. OS and PHP are relying on 64 bits integers. exif extension is installed. ldap extension is installed. openssl extension is installed. Following extensions are installed: bz2, Phar, zip. Zend OPcache extension is installed. Following extensions are installed: ctype, iconv, mbstring. Following extensions are not present: sodium. Write access to /marketplace has been validated. Timezones seems loaded in database.

Anything else?

No response

cedric-anne commented 2 weeks ago

Hi,

Do you have a plugin that writes data in glpiidortokens or a GLPI patch that may alter glpiidortokens? According to the GLPI code, such a case is not supposed to happen. It can still be fixed by a more defensive code in GLPI.