Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Picture of User on 9.4.1.1 disapear #5604

Closed
fgendorf opened this issue Mar 15, 2019 · 4 comments

Comments

Projects
None yet
3 participants
@fgendorf
Copy link

commented Mar 15, 2019

Describe the bug

After update to 9.4.1.1 the User picture are not showed as version 9.4

Page(s) URL

when access direct the URL /glpi//front/document.send.php?file=_pictures/ab/6_5c8290b63a4ab_min.jpg
a message "Unauthorized Access to this File" appear

To reproduce
open any ticket and mouse over "i" to show user information and the image is not show

Expected behavior

see the picture of user

Screenshots

Screenshot_2019-03-15_10-47-14

Your GLPI setup (you can find it in Setup > General menu, System tab)

{
    "glpi": {
        "uuid": "0VCdUigR9KxVvVLrgYvz31lF9VZPdFAdaur4fQZ0",
        "version": "9.4.1.1",
        "plugins": [
            {
                "key": "fields",
                "version": "1.9.1"
            },
            {
                "key": "addressing",
                "version": "2.8.0"
            },
            {
                "key": "datainjection",
                "version": "2.7.0"
            },
            {
                "key": "formcreator",
                "version": "2.8.0"
            },
            {
                "key": "fusioninventory",
                "version": "9.4.0+1.0"
            },
            {
                "key": "pdf",
                "version": "1.4.0"
            },
            {
                "key": "mailanalyzer",
                "version": "1.3.8"
            },
            {
                "key": "mreporting",
                "version": "1.6.1"
            },
            {
                "key": "ocsinventoryng",
                "version": "1.6.0"
            },
            {
                "key": "reports",
                "version": "1.12.0"
            },
            {
                "key": "simcard",
                "version": "1.4.2"
            }
        ],
        "default_language": "pt_BR",
        "install_mode": "TARBALL",
        "usage": {
            "avg_entities": "0-500",
            "avg_computers": "500-1000",
            "avg_networkequipments": "0-500",
            "avg_tickets": "10000-50000",
            "avg_problems": "0-500",
            "avg_changes": "0-500",
            "avg_projects": "0-500",
            "avg_users": "500-1000",
            "avg_groups": "0-500",
            "ldap_enabled": true,
            "mailcollector_enabled": true,
            "notifications_modes": [],
            "notifications": [
                "mailing",
                "ajax"
            ]
        }
    },
    "system": {
        "db": {
            "engine": "MySQL Community Server (GPL)",
            "version": "5.7.25",
            "size": "1636.9",
            "log_size": "",
            "sql_mode": ""
        },
        "web_server": {
            "engine": "",
            "version": ""
        },
        "php": {
            "version": "7.2.15",
            "modules": [
                "Core",
                "date",
                "libxml",
                "openssl",
                "pcre",
                "zlib",
                "filter",
                "hash",
                "Reflection",
                "SPL",
                "session",
                "standard",
                "apache2handler",
                "bz2",
                "calendar",
                "ctype",
                "curl",
                "dom",
                "mbstring",
                "fileinfo",
                "ftp",
                "gd",
                "gettext",
                "iconv",
                "imap",
                "json",
                "ldap",
                "exif",
                "mysqlnd",
                "PDO",
                "Phar",
                "posix",
                "shmop",
                "SimpleXML",
                "soap",
                "sockets",
                "sqlite3",
                "sysvmsg",
                "sysvsem",
                "sysvshm",
                "tokenizer",
                "xml",
                "xmlwriter",
                "xsl",
                "mcrypt",
                "mysqli",
                "pdo_dblib",
                "pdo_mysql",
                "pdo_sqlite",
                "wddx",
                "xmlreader",
                "xmlrpc",
                "apcu",
                "zip",
                "Zend OPcache"
            ],
            "setup": {
                "max_execution_time": "300",
                "memory_limit": "256M",
                "post_max_size": "200M",
                "safe_mode": false,
                "session": "files",
                "upload_max_filesize": "200M"
            }
        },
        "os": {
            "family": "Linux",
            "distribution": "CentOS release 6.10 (Final)",
            "version": "2.6.32-754.10.1.el6.x86_64"
        }
    }
}

Additional context

Add any other context about the problem here.

@fgendorf

This comment has been minimized.

Copy link
Author

commented Mar 15, 2019

I Found the solution, file document.send.php
Replace

if ($splitter[0] == "_pictures") {
         if (Document::isImage($_GET['file'])) {
            $send = true;
         }
      }

TO

if ($splitter[0] == "_pictures") {
         if (Document::isImage(GLPI_DOC_DIR."/".$_GET['file'])) {
            $send = true;
         }
      }
@trasher

This comment has been minimized.

Copy link
Member

commented Mar 15, 2019

Indeed, thank for the fix. Could you open a pull request on 9.4/bugfixes branch?

I'll do if you cannot.

@trasher trasher added the bug label Mar 15, 2019

@trasher trasher added this to the 9.4.2 milestone Mar 15, 2019

@trasher trasher self-assigned this Mar 15, 2019

cedric-anne added a commit to cedric-anne/glpi that referenced this issue Mar 15, 2019

@fralla2

This comment has been minimized.

Copy link

commented Mar 15, 2019

Tried fgendorf' fix but uploading a new pict still don't work.
Interface displays : Fichier trop volumineux ou attaque potentielle. Le déplacement du fichier temporaire a échoué.
Logs display this error in php-errors.log :

[2019-03-15 14:16:32] glpiphplog.ERROR: Toolbox::userErrorHandlerNormal() in /var/www/html/glpi-9.4.1.1/inc/toolbox.class.php line 659
*** PHP Warning(2): exif_imagetype(5c8bebfc69afd1.97865426Windows_Movie_Maker_icon.png): failed to open stream: No such file or directory
Backtrace :
:
inc/document.class.php:1545 exif_imagetype()
inc/user.class.php:712 Document::isImage()
inc/commondbtm.class.php:1362 User->prepareInputForUpdate()
front/user.form.php:107 CommonDBTM->update()
{"user":"141@glpi05"}

@fgendorf

This comment has been minimized.

Copy link
Author

commented Mar 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.