Inability to upload/attch files anonimously #16363
Labels
Comments
|
This issue has been closed as we only track bugs here. You can get community support on forums or you can consider taking a subscription to get professional support. |
We consider that anonymous uploads cannot be secured. There is no plan to provide back this feature. |
|
Ok, then we'll see how we can handle this case in our company. Thanks for the reply! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code of Conduct
Is there an existing issue for this?
Version
10.0.10
Bug description
According to this issue in FormCreator (pluginsGLPI/formcreator#3290) and this release note (https://github.com/pluginsGLPI/formcreator/releases/tag/2.13.5), since version 10.0.5 GLPI does not allow upload as an anonymous user due to a fixed security vulnerability in this version.
I'd like to know if a solution to securely allow anonymous upload was developed of if there is any plan to provide one. In case there isn't, is there any known workaround to upload a file in an anonymous ticket?
This feature is very useful for our organisation.
Relevant log output
No response
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
Operating system: Linux production-7d4ddf778d-xblzd 5.4.258-171.360.amzn2.x86_64 #1 SMP Wed Oct 11 12:52:43 UTC 2023 x86_64
PHP 8.1.26 fpm-fcgi (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bz2, cgi-fcgi, ctype, curl, date, dom, exif,
fileinfo, filter, ftp, gd, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, pdo_sqlite,
posix, readline, redis, session, soap, sodium, sqlite3, standard, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, zip, zlib)
Setup: max_execution_time="300" memory_limit="768M" post_max_size="20M" safe_mode="" session.save_handler="files"
upload_max_filesize="20M"
Software: nginx
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Server Software: Please upgrade to 8.0 or opt-in to the paid RDS Extended Support service before 5.7 reaches end of standard support on 29 February, 2024: https://a.co/hQqiIn0
Server Version: 5.7.44-log
Server SQL Mode: NO_ENGINE_SUBSTITUTION
PHP version (8.1.26) is supported.
Sessions configuration is OK.
Allocated memory is sufficient.
mysqli extension is installed.
Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.
curl extension is installed.
gd extension is installed.
intl extension is installed.
zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (5.7.44) is supported.
No files from previous GLPI version detected.
The log file has been created successfully.
Write access to /glpidata/files/_cache has been validated.
Write access to /glpidata/config has been validated.
Write access to /glpidata/files/_cron has been validated.
Write access to /glpidata/files has been validated.
Write access to /glpidata/files/_dumps has been validated.
Write access to /glpidata/files/_graphs has been validated.
Write access to /glpidata/files/_lock has been validated.
Write access to /glpidata/files/_pictures has been validated.
Write access to /glpidata/files/_plugins has been validated.
Write access to /glpidata/files/_rss has been validated.
Write access to /glpidata/files/_sessions has been validated.
Write access to /glpidata/files/_tmp has been validated.
Write access to /glpidata/files/_uploads has been validated.
Web server root directory configuration seems safe.
Sessions configuration is secured.
OS and PHP are relying on 64 bits integers.
exif extension is installed.
ldap extension is installed.
openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /var/www/html/marketplace has been validated.
Timezones seems loaded in database.
Anything else?
I also found this issue which is possibly related to this problem: #15869
The text was updated successfully, but these errors were encountered: