Fix the inline images -bug- in glpi knowledgebase (htmLawed.php)

GLPI uses the htmLawed filter to clean inserted HTML code. Documentation on this framework can be found here: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/

Problem with this framework in GLPI is that it does not match image tags properly when they contain inline base64 information.

Here is a simple fix to overcome this problem. The htmLawed.php file can be located in %glpi_root%/lib/htmlawed/htmLawed.php. Open it with your favorite editor. Next locate line: 47. Somewhere arround that area you should find the following.

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_prod_lib_htmlawed_htmLawed.php - A_2013-10-29_12-34-30

Add ‘data’ at the end of the marked line.

$x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https, data';

The above will stop htmLawed from adding disabled: to the data: in the src=”” tag.

The next step is a bit trickier.

Now we need to actually change the hl_tag function. In the file locate the hl_tag($t) function somewhere around line:407. In this codeblock we are looking for the regular expression marked in the image below:

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_prod_lib_htmlawed_htmLawed.php - A_2013-10-29_12-38-10

This is the expression that doenst match the valid <img> tags within the htmLawed. We dont want to create leaks here, so all we need to do is introduce an exception for our images. You can do so by replacing the text with the following:

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_test_lib_htmlawed_htmLawed.php - A_2013-10-29_12-49-27

In code:


if(!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\s?>$`m', $t, $m)){
if(strstr($t, 'data:image')){
return $t;
}else{
return str_replace(array('<', '>'), array('&lt;', '&gt;'), $t);
}
}elseif(!isset($C['elements'][($e = strtolower($m[2]))])){
return (($C['keep_bad']%2) ? str_replace(array('<', '>'), array('&lt;', '&gt;'), $t) : '');
}

After this, the images should show up just fine

GLPI - Knowledge base_2013-10-29_12-50-51

I hope this was helpfull :)

About these ads

About Chris Gralike

Listen carefully to the people around you. Keep an open-mind, realize there is far more to learn, do, and accomplish. Treat your colleagues and competitors with respect and have FUN doing what you do best! These are my recommendations for success, what are yours? Find me at : LINKEDIN : http://www.linkedin.com/in/chrisgralike TWITTER : http://twitter.com/#!/chris_gralike WORDPRESS : http://sysengineers.wordpress.com/

Posted on October 29, 2013, in General, GLPI and tagged , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink. 3 Comments.

  1. Thanks, very helpful !

  2. Hi, I am trying to show up images in the knowledge base section but the above steps don’t work. Images from the web using the standard img html tags work just fine. Unfortunately, when I’m trying to show images from a local folder it doesn’t work. Do you have any possilble solution/workaround to fix this?
    I searched the GLPI forum already but I haven’t found any helpful answer yet.

    Also, a followup question if you excuse me, is there any possible way to insert images from the KB editor when I’m writing each article? Can you help on this too?

    Thanks! :)

    • Hi Jimmy,

      To be honest, I think answering your last question will solve all your problems.

      My article is a fix for using so called inline (part of the HTML source), base64 encoded images. This article explains it roughly from the performance point of view: http://davidbcalhoun.com/2011/when-to-base64-encode-images-and-when-not-to

      The advantage you have with GLPI is that the inline images are stored in the database and not the disks. So you’ll have no hassle with file management, rights, permissions, etc. Greenshot allows you to paste base64 encoded images directly to your browser from your clipboard.

      So try this:

      1. Implement the fix i described in this article;
      2. Download the best screenshot tool ever, called ‘Greenshot’
      http://getgreenshot.org/
      3. Use Greenshot to create a -partial- screenshot and edit it in the GS-editor if you like;
      4. Copy the image to your clipboard;
      5. Open an GLPI KB article and paste (ctr+v) the image inside the KB editor;
      6. Save the KB article and voila!

      –PS
      The pdf export function sadly doesnt allow images to be included this way. (DOMpdf lib should have been used but sadly they have not)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 52 other followers

%d bloggers like this: