You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2023-05-16 21:13:00

edelgadi
Member
Registered: 2022-04-25
Posts: 6

I can't attach a file or picture to the tickets

Hello everyone:
When I try to attach an image or file (Pasted o loaded from file) I get the following error:

Forbidden
You don't have permission to access this resource
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Does anyone know what could be causing this behavior?

Thanks for your help

Offline

#2 2023-05-16 22:55:42

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,813
Website

Re: I can't attach a file or picture to the tickets

Which version of GLPI?
If you are using 10.0.2 or later, please check if there are any related entries in the "files/_log/access-errors.log" file.


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#3 2023-05-16 22:56:54

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,813
Website

Re: I can't attach a file or picture to the tickets

You should also check the php-error.log file in the same folder.

I also recommend checking the permissions on the "files" folder and its sub-folders to ensure the web server user has write permissions.


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#4 2023-05-17 16:14:46

edelgadi
Member
Registered: 2022-04-25
Posts: 6

Re: I can't attach a file or picture to the tickets

Thanks for your response.
You're correct, I just updated from 10.0.0 to 10.0.7, but the incidence comes since 10.0.0.

There is nothing about in the php_errors log.

Here is the access_error last content. It includes something about CSRF check failed ¿Any idea?:

2023-05-04 17:05:40 [@]
CSRF check failed for User ID:  at /ayuda/front/itilsolution.form.php2023-05-04 17:05:49 [@]
CSRF check failed for User ID:  at /ayuda/front/itilsolution.form.php2023-05-04 17:06:02 [@]
CSRF check failed for User ID:  at /ayuda/front/itilsolution.form.php2023-05-04 17:06:09 [@]
CSRF check failed for User ID:  at /ayuda/front/itilsolution.form.php2023-05-05 19:23:52 [272@]
CSRF check failed for User ID: 272 at /ayuda/front/tracking.injector.php2023-05-08 09:16:01 [@]
CSRF check failed for User ID:  at /ayuda/front/login.php2023-05-08 11:02:01 [280@]
CSRF check failed for User ID: 280 at /ayuda/front/document.form.php2023-05-08 11:02:03 [280@]
CSRF check failed for User ID: 280 at /ayuda/front/document.form.php2023-05-08 12:16:05 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/login.php2023-05-08 16:45:46 [268@]
CSRF check failed for User ID: 268 at /ayuda/front/ticket.form.php?id=13622023-05-08 17:11:55 [7@]
CSRF check failed for User ID: 7 at /ayuda/ajax/fileupload.php2023-05-08 17:12:22 [7@]
CSRF check failed for User ID: 7 at /ayuda/ajax/fileupload.php2023-05-08 18:52:53 [@]
CSRF check failed for User ID:  at /ayuda/front/login.php2023-05-08 18:53:09 [182@]
CSRF check failed for User ID: 182 at /ayuda/front/tracking.injector.php2023-05-09 14:23:05 [268@]
CSRF check failed for User ID: 268 at /ayuda/front/ticket.form.php2023-05-09 16:20:34 [172@]
User ID: 172 tried to access or perform an action on /ayuda/front/contact_supplier.form.php with insufficient rights. Additional information: User failed a can* method check for right 4 (unknown right name) on item Type: Contact_Supplier ID: -1
    Stack Trace:
        /home/soport62/public_html/ayuda/src/CommonDBTM.php:2946 displayRightError()
        /home/soport62/public_html/ayuda/front/contact_supplier.form.php:47 check()
2023-05-11 12:52:37 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/mailcollector.form.php2023-05-11 13:59:24 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/massiveaction.php2023-05-11 14:04:16 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/massiveaction.php2023-05-14 16:00:43 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/login.php2023-05-14 17:16:50 [@]
CSRF check failed for User ID:  at /ayuda/front/login.php2023-05-15 09:14:59 [@]
CSRF check failed for User ID:  at /ayuda/front/login.php2023-05-15 10:48:17 [215@]
User ID: 215 tried to access or perform an action on /ayuda/front/user.form.php?id=215 with insufficient rights. Additional information: No additional information given
    Stack Trace:
        /home/soport62/public_html/ayuda/src/CommonDBTM.php:6240 displayRightError()
        /home/soport62/public_html/ayuda/src/CommonDBTM.php:6328 displayAccessDeniedPage()
        /home/soport62/public_html/ayuda/front/user.form.php:241 displayFullPageForItem()
2023-05-15 11:07:28 [@]
CSRF check failed for User ID:  at /ayuda/front/change.form.php?id=962023-05-15 11:07:32 [@]
CSRF check failed for User ID:  at /ayuda/front/change.form.php?id=962023-05-15 11:07:36 [@]
CSRF check failed for User ID:  at /ayuda/front/change.form.php?id=962023-05-15 22:43:50 [@]
CSRF check failed for User ID:  at /ayuda/front/login.php2023-05-16 07:14:39 [7@]
CSRF check failed for User ID: 7 at /ayuda/front/login.php2023-05-16 17:08:56 [285@]
User ID: 285 tried to access or perform an action on /ayuda/front/user.form.php?id=285 with insufficient rights. Additional information: Missing READ right. Cannot view the item.
    Stack Trace:
        /home/soport62/public_html/ayuda/src/CommonDBTM.php:6354 displayRightError()
        /home/soport62/public_html/ayuda/src/CommonDBTM.php:6444 displayAccessDeniedPage()
        /home/soport62/public_html/ayuda/front/user.form.php:241 displayFullPageForItem()
2023-05-16 17:10:32 [285@]
CSRF check failed for User ID: 285 at /ayuda/front/itilfollowup.form.php

Offline

#5 2023-05-18 13:45:41

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,813
Website

Re: I can't attach a file or picture to the tickets

CSRF check failures usually indicate that someone tried submitting a form two hours or more after the page was loaded, which means the token provided had expired.


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#6 2023-05-18 14:22:49

sandroalves
Member
Registered: 2021-07-03
Posts: 33

Re: I can't attach a file or picture to the tickets

cconard96 wrote:

CSRF check failures usually indicate that someone tried submitting a form two hours or more after the page was loaded, which means the token provided had expired.

Hi.

The problem in my case (The action you requested is not allowed by sandroalves) is similar or equal to this one.

Is it a BUG?

Thanks.

Last edited by sandroalves (2023-05-18 14:29:43)

Offline

#7 2023-05-18 14:53:18

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,813
Website

Re: I can't attach a file or picture to the tickets

If it has been more than two hours, it is not a bug.


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#8 2023-05-18 20:01:51

edelgadi
Member
Registered: 2022-04-25
Posts: 6

Re: I can't attach a file or picture to the tickets

The situation here is, the error happens right in the moment when I paste the image and then click "+Add" for a response or a new ticket. 5 seconds?

Offline

#9 2023-05-18 21:35:36

sandroalves
Member
Registered: 2021-07-03
Posts: 33

Re: I can't attach a file or picture to the tickets

Hi,

exactly.

My case too.

When I try to add some types of specific extensions.

Other extensions accepted normally.

I don't know what is the default extension that already comes in the default GLPI, but a type that I added a little while ago is not accepting it.

So I'm not sure if it is accepting only those that were added later or not accepting what is already configured by default.

I'm trying to validate to understand the logic of the possible error.

This started to happen in version 10.0.7, before it worked perfectly.

Thanks.

Offline

#10 2023-05-25 00:42:21

drilling.29
Member
Registered: 2023-05-25
Posts: 1

Re: I can't attach a file or picture to the tickets

I am also having this issue on 10.0.7 specifically with XLSX files. I see the file upload to _tmp but never moves after the error. Same Files as XLS works. Also uploads fine from the email receiver.
Error is CSRF check failed for User ID:  at /front/itilfollowup.form.php

Which first thing I notice is there is no User ID

Have removed and added back the XLSX document type and verified it is set to allow.

Running PHP 8.2.5 now 8.2.6
IIS on server 2019 up to date

Happens even after rebooting the server.

Last edited by drilling.29 (2023-05-25 00:43:29)

Offline

#11 2023-05-26 18:00:02

sandroalves
Member
Registered: 2021-07-03
Posts: 33

Re: I can't attach a file or picture to the tickets

drilling.29 wrote:

I am also having this issue on 10.0.7 specifically with XLSX files. I see the file upload to _tmp but never moves after the error. Same Files as XLS works. Also uploads fine from the email receiver.
Error is CSRF check failed for User ID:  at /front/itilfollowup.form.php

Which first thing I notice is there is no User ID

Have removed and added back the XLSX document type and verified it is set to allow.

Running PHP 8.2.5 now 8.2.6
IIS on server 2019 up to date

Happens even after rebooting the server.

Hello,

I see that you use windows environment.

Changing the subject, were you able to resolve the error message (Web server root directory configuration is not safe as it allows access to non-public files. See installation documentation for more details)?

Can you tell me how you configured your site to compare with our configuration?

Thanks.

Offline

Board footer

Powered by FluxBB