You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The way the inline attachment feature is created, leaves room for the entire application to break.
One user uploaded a 2.18MB JFIF image, resolution 4600x3600, using the inline drag and drop attachment feature.
Hence the Tickets page, with "process(assigned)" selected, was not responding anymore, as the ajax page requesting the results was crushing due to maximum execution time exceeded.
Even using my MySQL client was not easy to use for debugging because the result of the query select id, content from glpi_tickets where id = {ticketId} had 12MB because of the created blob. Every time I ran a query for finding the big size row, I had to open another tab, because that last one was not responding anymore.
PHP version (7.4.33) is supported.PHP version (7.4.33) is supported.
Sessions configuration is OK.Sessions configuration is OK.
Allocated memory is sufficient.Allocated memory is sufficient.
mysqli extension is installed.mysqli extension is installed.
Following extensions are installed: dom, fileinfo, json, simplexml.Following extensions are installed: dom, fileinfo, json, simplexml.
curl extension is installed.curl extension is installed.
gd extension is installed.gd extension is installed.
intl extension is installed.intl extension is installed.
libxml extension is installed.libxml extension is installed.
zlib extension is installed.zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.3.35) is supported.Database engine version (10.3.35) is supported.
No files from previous GLPI version detected.No files from previous GLPI version detected.
The log file has been created successfully.The log file has been created successfully.
Write access to /var/www/html/glpi-myapp/backend/files/_cache has been validated. Write access to /var/www/html/glpi-myapp/backend/config has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_cron has been validated. Write access to /var/www/html/glpi-myapp/backend/files has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_dumps has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_graphs has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_lock has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_pictures has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_plugins has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_rss has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_sessions has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_tmp has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_uploads has been validated.Write access to /var/www/html/glpi-myapp/backend/files/_cache has been validated.
Write access to /var/www/html/glpi-myapp/backend/config has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_cron has been validated.
Write access to /var/www/html/glpi-myapp/backend/files has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_dumps has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_graphs has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_lock has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_pictures has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_plugins has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_rss has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_sessions has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_tmp has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_uploads has been validated.
For security reasons, SELinux mode should be Enforcing.For security reasons, SELinux mode should be Enforcing.
PHP 7.4 official support has ended. An upgrade to a more recent PHP version is recommended.PHP 7.4 official support has ended. An upgrade to a more recent PHP version is recommended.
Web server root directory configuration seems safe.Web server root directory configuration seems safe.
Sessions configuration is secured.Sessions configuration is secured.
OS and PHP are relying on 64 bits integers.OS and PHP are relying on 64 bits integers.
exif extension is installed.exif extension is installed.
ldap extension is installed.ldap extension is installed.
openssl extension is installed.openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring. Following extensions are not present: sodium.Following extensions are installed: ctype, iconv, mbstring.
Following extensions are not present: sodium.
Write access to /var/www/html/glpi-myapp/backend/marketplace has been validated.Write access to /var/www/html/glpi-myapp/backend/marketplace has been validated.
Timezones seems loaded in database.Timezones seems loaded in database.
Anything else?
This feature caused us problems more than once and i did not manage to find a setting for resizing images before upload, or even stopping the inline attachment feature altogether.
images should be automatically resized before being inline attached
or the inline attachment should just be reference in the content field, and save the image somewhere else (quite like the git editor I am adding this bug on).
there should be a setting for stopping the inline upload feature altogether
The text was updated successfully, but these errors were encountered:
or the inline attachment should just be reference in the content field, and save the image somewhere else (quite like the git editor I am adding this bug on).
This is what is supposed to be done, but with big images, the extraction of image blob into a dedicated document file may fail. To prevent this, you could change the pcre.backtrack_limit to increase it.
This issue will be fixed in GLPI 10.1, but existing tickets will not be fixed as it is nearly impossible to do it automatically.
Code of Conduct
Is there an existing issue for this?
Version
10.3.335
Bug description
The way the inline attachment feature is created, leaves room for the entire application to break.
One user uploaded a 2.18MB JFIF image, resolution 4600x3600, using the inline drag and drop attachment feature.
Hence the Tickets page, with "process(assigned)" selected, was not responding anymore, as the ajax page requesting the results was crushing due to maximum execution time exceeded.
Even using my MySQL client was not easy to use for debugging because the result of the query select id, content from glpi_tickets where id = {ticketId} had 12MB because of the created blob. Every time I ran a query for finding the big size row, I had to open another tab, because that last one was not responding anymore.
content_2.txt
Relevant log output
Page URL
/front/ticket.php
Steps To reproduce
Your GLPI setup information
Operating system: Linux ............. 4.18.0-477.21.1.el8_8.x86_64 #1 SMP Thu Jul 20 08:38:27 EDT 2023 x86_64
PHP 7.4.33 fpm-fcgi (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bz2, calendar, cgi-fcgi, ctype, curl, date, dom,
exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre,
pdo_mysql, pdo_sqlite, posix, session, shmop, sockets, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml, xmlreader,
xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="600" memory_limit="512M" post_max_size="64M" safe_mode="" session.save_handler="files"
upload_max_filesize="10M"
Software: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_auth_gssapi/1.6.1 ()
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Server Software: MariaDB Server
Server Version: 10.3.35-MariaDB-log
Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
Parameters: glpi_myapp@localhost/glpi_myapp
Host info: Localhost via UNIX socket
PHP version (7.4.33) is supported.PHP version (7.4.33) is supported.
Sessions configuration is OK.Sessions configuration is OK.
Allocated memory is sufficient.Allocated memory is sufficient.
mysqli extension is installed.mysqli extension is installed.
Following extensions are installed: dom, fileinfo, json, simplexml.Following extensions are installed: dom, fileinfo, json, simplexml.
curl extension is installed.curl extension is installed.
gd extension is installed.gd extension is installed.
intl extension is installed.intl extension is installed.
libxml extension is installed.libxml extension is installed.
zlib extension is installed.zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.3.35) is supported.Database engine version (10.3.35) is supported.
No files from previous GLPI version detected.No files from previous GLPI version detected.
The log file has been created successfully.The log file has been created successfully.
Write access to /var/www/html/glpi-myapp/backend/files/_cache has been validated. Write access to /var/www/html/glpi-myapp/backend/config has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_cron has been validated. Write access to /var/www/html/glpi-myapp/backend/files has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_dumps has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_graphs has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_lock has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_pictures has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_plugins has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_rss has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_sessions has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_tmp has been validated. Write access to /var/www/html/glpi-myapp/backend/files/_uploads has been validated.Write access to /var/www/html/glpi-myapp/backend/files/_cache has been validated.
Write access to /var/www/html/glpi-myapp/backend/config has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_cron has been validated.
Write access to /var/www/html/glpi-myapp/backend/files has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_dumps has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_graphs has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_lock has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_pictures has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_plugins has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_rss has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_sessions has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_tmp has been validated.
Write access to /var/www/html/glpi-myapp/backend/files/_uploads has been validated.
For security reasons, SELinux mode should be Enforcing.For security reasons, SELinux mode should be Enforcing.
PHP 7.4 official support has ended. An upgrade to a more recent PHP version is recommended.PHP 7.4 official support has ended. An upgrade to a more recent PHP version is recommended.
Web server root directory configuration seems safe.Web server root directory configuration seems safe.
Sessions configuration is secured.Sessions configuration is secured.
OS and PHP are relying on 64 bits integers.OS and PHP are relying on 64 bits integers.
exif extension is installed.exif extension is installed.
ldap extension is installed.ldap extension is installed.
openssl extension is installed.openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring. Following extensions are not present: sodium.Following extensions are installed: ctype, iconv, mbstring.
Following extensions are not present: sodium.
Write access to /var/www/html/glpi-myapp/backend/marketplace has been validated.Write access to /var/www/html/glpi-myapp/backend/marketplace has been validated.
Timezones seems loaded in database.Timezones seems loaded in database.
Anything else?
This feature caused us problems more than once and i did not manage to find a setting for resizing images before upload, or even stopping the inline attachment feature altogether.
The text was updated successfully, but these errors were encountered: