You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dans le ficher src/Api/API.php (methode updateItems), Il y a une inohérence au niveau du check des arguments de property_exists.
Cette fonction vérifie si le premier argument est une chaine ou un objet, or en ligne1953 nous avons une condition qui fait que cet argument ne peut être qu'un tableau.
Lgn 1953: if (is_array($input)) { #on teste si input est un array
......
Lgn 1983: if (!property_exists($input, $fk_parent)) { # et la c'est le drame ..!
Cela va occasionner la génération d'une execption, D'ou le message 'Uncaught Exception TypeError: property_exists(): Argument #1 ($object_or_class) must be of type object|string, array given in /var/www/glpi-10.0.7/src/Api/API.php at line 1983'
Les conséquences:
Les appels à l' API pour updater des champs dans ces conditions ne se feront pas .
L'exception étant mal trappé , l'appel à l'API REST génèrera un code retour HTTP/200.
Seul le fichier d'er
Relevant log output
[2023-07-13 18:09:18] glpiphplog.CRITICAL: *** Uncaught Exception TypeError: property_exists(): Argument #1 ($object_or_class) must be of type object|string, array given in /var/www/glpi-10.0.7/src/Api/API.php at line 1983
Backtrace :
src/Api/API.php:1985 property_exists()
src/Api/APIRest.php:326 Glpi\Api\API->updateItems()
apirest.php:57 Glpi\Api\APIRest->call()
public/index.php:73 require()
Page URL
No response
Steps To reproduce
-Deployer le plugin fields.
-Ajouter un champ supplémentaire 'toto' sur les 'computer'.
-Effectuer une recherche sur les computers en utilisant comme critère ''Plugins - Champs supplémentaires -Liste" et champ toto, afin de trouver l'id (présent dans l'url is_deleted=0&as_map=0&browse=0&criteria[0][link]=AND&criteria[0][field]=76811&criteria[0][searchtype]=notcontains&criteria[0][value]=^%24&itemtype=Compute ... ).
Sur mon instance, il s'ait donc de 76811.
-Effectue un call pour mette à jour ce champ.
curl --insecure -v --compressed -X PUT -v
-H "Content-Type: ${CONTENTTYPE}"
-H "App-Token: ${CFG_GLPI_CNX_API_TOKEN}"
-H "Session-Token: ${SESSION_TOKEN}"
-d '{
"input": {
"id": 76811,
"totofield": "Test"
}}' "${URL}"
;;
-Confirmer :
code retour HTTP est 200
maj non effective
exception présente dans le fichier glpi/files/_log/php-errors.log
Your GLPI setup information
Informations sur le système, l'installation et la configuration
GLPI 10.0.7 ( => /var/www/glpi-10.0.7)
Installation mode: TARBALL
Current language:fr_FR
PHP version (8.1.9) is supported.
Sessions configuration is OK.
Allocated memory is sufficient.
mysqli extension is installed.
Following extensions are installed: dom, fileinfo, json, simplexml.
curl extension is installed.
gd extension is installed.
intl extension is installed.
libxml extension is installed.
zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.5.19) is supported.
No files from previous GLPI version detected.
The log file has been created successfully.
Write access to /var/www/glpi-10.0.7/files/_cache has been validated.
Write access to /var/www/glpi-10.0.7/config has been validated.
Write access to /var/www/glpi-10.0.7/files/_cron has been validated.
Write access to /var/www/glpi-10.0.7/files has been validated.
Write access to /var/www/glpi-10.0.7/files/_dumps has been validated.
Write access to /var/www/glpi-10.0.7/files/_graphs has been validated.
Write access to /var/www/glpi-10.0.7/files/_lock has been validated.
Write access to /var/www/glpi-10.0.7/files/_pictures has been validated.
Write access to /var/www/glpi-10.0.7/files/_plugins has been validated.
Write access to /var/www/glpi-10.0.7/files/_rss has been validated.
Write access to /var/www/glpi-10.0.7/files/_sessions has been validated.
Write access to /var/www/glpi-10.0.7/files/_tmp has been validated.
Write access to /var/www/glpi-10.0.7/files/_uploads has been validated.
Web server root directory configuration seems safe.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.
OS and PHP are relying on 64 bits integers.
exif extension is installed.
ldap extension is installed.
openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /var/www/glpi-10.0.7/marketplace has been validated.
Timezones seems loaded in database.
htmlawed/htmlawed version 1.2.9 in (/var/www/glpi-10.0.7/vendor/htmlawed/htmlawed)
phpmailer/phpmailer version 6.8.0 in (/var/www/glpi-10.0.7/vendor/phpmailer/phpmailer/src)
simplepie/simplepie version 1.5.8 in (/var/www/glpi-10.0.7/vendor/simplepie/simplepie/library)
tecnickcom/tcpdf version 6.6.2 in (/var/www/glpi-10.0.7/vendor/tecnickcom/tcpdf)
michelf/php-markdown in (/var/www/glpi-10.0.7/vendor/michelf/php-markdown/Michelf)
true/punycode in (/var/www/glpi-10.0.7/vendor/true/punycode/src)
iamcal/lib_autolink in (/var/www/glpi-10.0.7/vendor/iamcal/lib_autolink)
sabre/dav in (/var/www/glpi-10.0.7/vendor/sabre/dav/lib/DAV)
sabre/http in (/var/www/glpi-10.0.7/vendor/sabre/http/lib)
sabre/uri in (/var/www/glpi-10.0.7/vendor/sabre/uri/lib)
sabre/vobject in (/var/www/glpi-10.0.7/vendor/sabre/vobject/lib)
laminas/laminas-i18n in (/var/www/glpi-10.0.7/vendor/laminas/laminas-i18n/src)
laminas/laminas-servicemanager in (/var/www/glpi-10.0.7/vendor/laminas/laminas-servicemanager/src)
monolog/monolog in (/var/www/glpi-10.0.7/vendor/monolog/monolog/src/Monolog)
sebastian/diff in (/var/www/glpi-10.0.7/vendor/sebastian/diff/src)
donatj/phpuseragentparser in (/var/www/glpi-10.0.7/vendor/donatj/phpuseragentparser/src/UserAgent)
elvanto/litemoji in (/var/www/glpi-10.0.7/vendor/elvanto/litemoji/src)
symfony/console in (/var/www/glpi-10.0.7/vendor/symfony/console)
scssphp/scssphp in (/var/www/glpi-10.0.7/vendor/scssphp/scssphp/src)
laminas/laminas-mail in (/var/www/glpi-10.0.7/vendor/laminas/laminas-mail/src/Protocol)
laminas/laminas-mime in (/var/www/glpi-10.0.7/vendor/laminas/laminas-mime/src)
rlanvin/php-rrule in (/var/www/glpi-10.0.7/vendor/rlanvin/php-rrule/src)
blueimp/jquery-file-upload in (/var/www/glpi-10.0.7/vendor/blueimp/jquery-file-upload/server/php)
ramsey/uuid in (/var/www/glpi-10.0.7/vendor/ramsey/uuid/src)
psr/log in (/var/www/glpi-10.0.7/vendor/psr/log/Psr/Log)
psr/simple-cache in (/var/www/glpi-10.0.7/vendor/psr/simple-cache/src)
psr/cache in (/var/www/glpi-10.0.7/vendor/psr/cache/src)
league/csv in (/var/www/glpi-10.0.7/vendor/league/csv/src)
mexitek/phpcolors in (/var/www/glpi-10.0.7/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)
guzzlehttp/guzzle in (/var/www/glpi-10.0.7/vendor/guzzlehttp/guzzle/src)
guzzlehttp/psr7 in (/var/www/glpi-10.0.7/vendor/guzzlehttp/psr7/src)
glpi-project/inventory_format in (/var/www/glpi-10.0.7/vendor/glpi-project/inventory_format/lib/php)
wapmorgan/unified-archive in (/var/www/glpi-10.0.7/vendor/wapmorgan/unified-archive/src)
paragonie/sodium_compat in (/var/www/glpi-10.0.7/vendor/paragonie/sodium_compat/src)
symfony/cache in (/var/www/glpi-10.0.7/vendor/symfony/cache)
html2text/html2text in (/var/www/glpi-10.0.7/vendor/html2text/html2text/src)
symfony/css-selector in (/var/www/glpi-10.0.7/vendor/symfony/css-selector)
symfony/dom-crawler in (/var/www/glpi-10.0.7/vendor/symfony/dom-crawler)
twig/twig in (/var/www/glpi-10.0.7/vendor/twig/twig/src)
twig/string-extra in (/var/www/glpi-10.0.7/vendor/twig/string-extra)
symfony/polyfill-ctype not found
symfony/polyfill-iconv not found
symfony/polyfill-mbstring not found
symfony/polyfill-php80 not found
symfony/polyfill-php81 not found
symfony/polyfill-php82 in (/var/www/glpi-10.0.7/vendor/symfony/polyfill-php82)
league/oauth2-client in (/var/www/glpi-10.0.7/vendor/league/oauth2-client/src/Provider)
league/oauth2-google in (/var/www/glpi-10.0.7/vendor/league/oauth2-google/src/Provider)
thenetworg/oauth2-azure in (/var/www/glpi-10.0.7/vendor/thenetworg/oauth2-azure/src/Provider)
Code of Conduct
Is there an existing issue for this?
Version
10.0.7
Bug description
Dans le ficher src/Api/API.php (methode updateItems), Il y a une inohérence au niveau du check des arguments de property_exists.
Cette fonction vérifie si le premier argument est une chaine ou un objet, or en ligne1953 nous avons une condition qui fait que cet argument ne peut être qu'un tableau.
Lgn 1953: if (is_array($input)) { #on teste si input est un array
......
Lgn 1983: if (!property_exists($input, $fk_parent)) { # et la c'est le drame ..!
Cela va occasionner la génération d'une execption, D'ou le message 'Uncaught Exception TypeError: property_exists(): Argument #1 ($object_or_class) must be of type object|string, array given in /var/www/glpi-10.0.7/src/Api/API.php at line 1983'
Les conséquences:
Les appels à l' API pour updater des champs dans ces conditions ne se feront pas .
L'exception étant mal trappé , l'appel à l'API REST génèrera un code retour HTTP/200.
Seul le fichier d'er
Relevant log output
Page URL
No response
Steps To reproduce
-Deployer le plugin fields.
-Ajouter un champ supplémentaire 'toto' sur les 'computer'.
-Effectuer une recherche sur les computers en utilisant comme critère ''Plugins - Champs supplémentaires -Liste" et champ toto, afin de trouver l'id (présent dans l'url is_deleted=0&as_map=0&browse=0&criteria[0][link]=AND&criteria[0][field]=76811&criteria[0][searchtype]=notcontains&criteria[0][value]=^%24&itemtype=Compute ... ).
Sur mon instance, il s'ait donc de 76811.
-Effectue un call pour mette à jour ce champ.
curl --insecure -v --compressed -X PUT -v
-H "Content-Type: ${CONTENTTYPE}"
-H "App-Token: ${CFG_GLPI_CNX_API_TOKEN}"
-H "Session-Token: ${SESSION_TOKEN}"
-d '{
"input": {
"id": 76811,
"totofield": "Test"
}}' "${URL}"
;;
-Confirmer :
code retour HTTP est 200
maj non effective
exception présente dans le fichier glpi/files/_log/php-errors.log
Your GLPI setup information
Informations sur le système, l'installation et la configuration
Server
GLPI constants
Libraries
LDAP directories
SQL replicas
Notifications
Plugins list
Anything else?
L'appel curl est fonctionnel en 9.5.11
Le probleme semble exister pour toute version de glpi >= 10.0.0
The text was updated successfully, but these errors were encountered: