Security attack ..! - on Statistics \ Graphs

Daoud Ghannam · 2011-02-24 12:31:44

Hello There,

Thank you for Opening my Topic,

I have Recently Upgraded my GLPI v0.72 to v0.78.2.

Every thing Seems Great , But i Opened the Statistics Page (Graphs)

then i Got }{> Security attack ..! <}{ ??

I think Its a PHP Thing ,

but im sure you can Help ^_^

Thank you !

MoYo · 2011-02-24 12:55:21

more informations about your environnement ?
http://www.glpi-project.org/forum/viewt … p?id=10279

Daoud Ghannam · 2011-02-24 13:10:26

MoYo wrote:

more informations about your environnement ?
http://www.glpi-project.org/forum/viewt … p?id=10279

Sorry !

OS : RHEL 5

PHP 5.1

glpi version 0.78.2

Old glpi version 0.72

Daoud Ghannam · 2011-02-27 12:01:57

Any Assistance !

JMD · 2011-02-27 16:20:25

We are on sunday... Sometimes the glpi community take care about it's family or other things...

Your problem does'nt seems to
be relevant to GLPI but with a sysadmin problem.

I think you would probably find more help in a RHEL forum...

gabrieldepaula · 2011-04-12 20:09:17

Hellow...

The same problem here, but i using Fedora 14, PHP 5.3.5 and MySQL 5.1.55. My GLPI is the 0.78.3...

Can anyone help us?

Thanks!

gabrieldepaula · 2011-04-12 21:10:41

OK, here is my solution...

I located in the file /inc/commons.function.php the function "sendFile" and in the first IF, the first condition i removed the: "../"

Now my condition is: if (strstr($tmpfile, "") || strstr($tmpfile, "..\\") {...

The graphics now appear, but if there were any negative result, I will know later! But i do not believe this will generate some negative result, because this IF, in this function only checks if the GLPI is looking for a file outside of your installation directory ...

I hope it will be useful to someone!

Sorry for my english..

Cheers from Brazil!

Last edited by gabrieldepaula (2011-04-12 21:14:08)

corit · 2012-10-19 16:55:35

gabrieldepaula wrote:

OK, here is my solution...
I located in the file /inc/commons.function.php the function "sendFile" and in the first IF, the first condition i removed the: "../"
Now my condition is: if (strstr($tmpfile, "") || strstr($tmpfile, "..\\") {...
The graphics now appear, but if there were any negative result, I will know later! But i do not believe this will generate some negative result, because this IF, in this function only checks if the GLPI is looking for a file outside of your installation directory ...
I hope it will be useful to someone!
Sorry for my english..
Cheers from Brazil!

Had the same issue in when upgrading to version 0.83.6, however it was also located in the file /inc/toolboxclass.php under the same function name "sendFile".

Forum GLPI-Project

Announcement

#1 2011-02-24 12:31:44

Security attack ..! - on Statistics \ Graphs

#2 2011-02-24 12:55:21

Re: Security attack ..! - on Statistics \ Graphs

#3 2011-02-24 13:10:26

Re: Security attack ..! - on Statistics \ Graphs

#4 2011-02-27 12:01:57

Re: Security attack ..! - on Statistics \ Graphs

#5 2011-02-27 16:20:25

Re: Security attack ..! - on Statistics \ Graphs

#6 2011-04-12 20:09:17

Re: Security attack ..! - on Statistics \ Graphs

#7 2011-04-12 21:10:41

Re: Security attack ..! - on Statistics \ Graphs

#8 2012-10-19 16:55:35

Re: Security attack ..! - on Statistics \ Graphs

Board footer