search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
4.24k stars 1.29k forks source link

[GLPI 9.1.2] Security die. trying to load an forbidden class name #1804

Closed atchen45 closed 7 years ago

atchen45 commented 7 years ago

Good Morning,

I have the following issue for one entity since I install the latest GLPI version when I am in the page to create ticket

image

I didn't have this issue with others entities (didn't tested all). Renaming entity didn't change anything

Following is our GLPI setup :

image

image

Please let me know if you need more details.

Thanks

Armin83 commented 7 years ago

Do you try ticket from user interface ?

atchen45 commented 7 years ago

Yes, I have tried user interface (both standard & simplified)

yllen commented 7 years ago

Can you post the exact error log?

atchen45 commented 7 years ago

Hi,

I don't have error in log files but in GLPI interface I have this "Security die. trying to load an forbidden class name" if it can help.

Thanks

Armin83 commented 7 years ago

I have the same problem. Debug Mode on

Message in Firefox (52.0.2)

PHP Notice: Undefined index: itemtype in /var/www/glpi/front/ticket.form.php at line 192
PHP Notice: Undefined index: items_id in /var/www/glpi/front/ticket.form.php at line 192

/var/www/glpi/files/_log# cat php-errors.log

2017-04-11 20:58:19 [6@hostname]
  *** PHP Notice(8): Undefined index: itemtype
  Backtrace :
  front/ticket.form.php:192
2017-04-11 20:58:19 [6@hostname]
  *** PHP Notice(8): Undefined index: items_id
  Backtrace :
  front/ticket.form.php:192

System information


GLPI 9.1.2 (/glpi => /var/www/glpi)

Server

Operating system: Linux nothing to see 3.13.0-85-generic #129-Ubuntu SMP Thu Mar 17 20:50:41 UTC 2016 i686
PHP 5.5.9-1ubuntu4.20 apache2handler (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apc, apcu,
    bcmath, bz2, calendar, ctype, curl, date, dba, dom, ereg, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, json,
    ldap, libxml, mbstring, mhash, mysql, mysqli, openssl, pcre, pdo_mysql, posix, readline, session, shmop, soap, sockets,
    standard, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xml, xmlreader, xmlwriter, zip, zlib)
Setup: max_execution_time="180" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"
    upload_max_filesize="50M" 
Software: Apache/2.4.7 (Ubuntu) (Apache/2.4.7 (Ubuntu) Server at nothing to see Port 80)
    Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Server Software: (Ubuntu)
    Server Version: 5.5.49-0ubuntu0.14.04.1
    Server SQL Mode: 
    Parameters: nothing to see
    Host info: Localhost via UNIX socket

OK/var/www/glpi/config : OK
OK/var/www/glpi/files : OK
OK/var/www/glpi/files/_dumps : OK
OK/var/www/glpi/files/_sessions : OK
OK/var/www/glpi/files/_cron : OK
OK/var/www/glpi/files/_graphs : OK
OK/var/www/glpi/files/_lock : OK
OK/var/www/glpi/files/_plugins : OK
OK/var/www/glpi/files/_tmp : OK
OK/var/www/glpi/files/_rss : OK
OK/var/www/glpi/files/_uploads : OK
OK/var/www/glpi/files/_pictures : OK
OK/var/www/glpi/files/_log : OK
Web access to files directory is protectedWeb access to files directory is protected : OK

Libraries

htmLawed version 1.1.21 in (/var/www/glpi/lib/htmlawed)
phpCas version 1.3.4 in (/var/www/glpi/vendor/jasig/phpcas/source)
PHPMailer version 5.2.16 in (/var/www/glpi/vendor/phpmailer/phpmailer)
Zend Framework in (/var/www/glpi/vendor/zendframework/zend-loader/src)
zetacomponents/graph in (/var/www/glpi/vendor/zetacomponents/graph/src)
SimplePie version 1.4.1 in (/var/www/glpi/vendor/simplepie/simplepie/library)
TCPDF version 6.2.12 in (/var/www/glpi/vendor/tecnickcom/tcpdf)
michelf/php-markdown in (/var/www/glpi/vendor/michelf/php-markdown/Michelf)
true/punycode in (/var/www/glpi/vendor/true/punycode/src)
iacaml/autolink in (/var/www/glpi/vendor/iamcal/lib_autolink)
sabre/vobject in (/var/www/glpi/vendor/sabre/vobject/lib)

Plugins list

    news                 Name: Alarme                         Version: 1.3.2.4    State: Enabled
    barcode              Name: Barcode                        Version: 0.90+1.0   State: Not activated
    reports              Name: Berichte                       Version: 1.7.2      State: Not activated
    dashboard            Name: Dashboard                      Version: 0.8.1      State: Enabled
    datainjection        Name: File injection                 Version: 2.3.1      State: Not activated
    formcreator          Name: Formulare                      Version: 2.4.0      State: Enabled
    addressing           Name: IP Adressierung                Version: 2.3.0      State: Not activated
    mreporting           Name: More Reporting                 Version: 1.3.1      State: Enabled
    pdf                  Name: PDF-Ausgabe                    Version: 1.1        State: Enabled
    ticketcleaner        Name: Ticket Cleaner                 Version: 2.0.4      State: Enabled
trasher commented 7 years ago

This sounds like a bug; have to check if that has not yet been fixed.

trasher commented 7 years ago

Duplicates #1644