Fix the inline images -bug- in glpi knowledgebase (htmLawed.php)

GLPI-0-84-8 FIX

GLPI uses the htmLawed filter to clean inserted HTML code. Documentation on this framework can be found here:

Problem with this framework in GLPI is that it does not match image tags properly when they contain inline base64 information.

Here is a simple fix to overcome this problem. The htmLawed.php file can be located in %glpi_root%/lib/htmlawed/htmLawed.php. Open it with your favorite editor. Next locate line: 47. Somewhere arround that area you should find the following.

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_prod_lib_htmlawed_htmLawed.php - A_2013-10-29_12-34-30

Add ‘data’ at the end of the marked line.

$x = (isset($C['schemes'][2]) && strpos($C['schemes'], ':')) ? strtolower($C['schemes']) : 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https, data';

The above will stop htmLawed from adding disabled: to the data: in the src=”” tag.

The next step is a bit trickier.

Now we need to actually change the hl_tag function. In the file locate the hl_tag($t) function somewhere around line:407. In this codeblock we are looking for the regular expression marked in the image below:

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_prod_lib_htmlawed_htmLawed.php - A_2013-10-29_12-38-10

This is the expression that doenst match the valid <img> tags within the htmLawed. We dont want to create leaks here, so all we need to do is introduce an exception for our images. You can do so by replacing the text with the following:

Web - sftp___nagios@glpi.amis.nl_var_www_glpi_test_lib_htmlawed_htmLawed.php - A_2013-10-29_12-49-27

In code:

if(!preg_match('`^&lt;(/?)([a-zA-Z][a-zA-Z1-6]*)([^&gt;]*?)\s?&gt;$`m', $t, $m)){
if(strstr($t, 'data:image')){
return $t;
return str_replace(array('&lt;', '&gt;'), array('&amp;lt;', '&amp;gt;'), $t);
}elseif(!isset($C['elements'][($e = strtolower($m[2]))])){
return (($C['keep_bad']%2) ? str_replace(array('&lt;', '&gt;'), array('&amp;lt;', '&amp;gt;'), $t) : '');

After this, the images should show up just fine

GLPI - Knowledge base_2013-10-29_12-50-51

I hope this was helpfull 🙂


15 thoughts on “Fix the inline images -bug- in glpi knowledgebase (htmLawed.php)

  1. Hi, I am trying to show up images in the knowledge base section but the above steps don’t work. Images from the web using the standard img html tags work just fine. Unfortunately, when I’m trying to show images from a local folder it doesn’t work. Do you have any possilble solution/workaround to fix this?
    I searched the GLPI forum already but I haven’t found any helpful answer yet.

    Also, a followup question if you excuse me, is there any possible way to insert images from the KB editor when I’m writing each article? Can you help on this too?

    Thanks! 🙂

    1. Hi Jimmy,

      To be honest, I think answering your last question will solve all your problems.

      My article is a fix for using so called inline (part of the HTML source), base64 encoded images. This article explains it roughly from the performance point of view:

      The advantage you have with GLPI is that the inline images are stored in the database and not the disks. So you’ll have no hassle with file management, rights, permissions, etc. Greenshot allows you to paste base64 encoded images directly to your browser from your clipboard.

      So try this:

      1. Implement the fix i described in this article;
      2. Download the best screenshot tool ever, called ‘Greenshot’
      3. Use Greenshot to create a -partial- screenshot and edit it in the GS-editor if you like;
      4. Copy the image to your clipboard;
      5. Open an GLPI KB article and paste (ctr+v) the image inside the KB editor;
      6. Save the KB article and voila!

      The pdf export function sadly doesnt allow images to be included this way. (DOMpdf lib should have been used but sadly they have not)

    1. Hi Kevin,

      I’m in GLPI 9.1.2, the last avaible version, and it’s not working for me too.

      Did you find any issue for your GLPI version ?

      Thank you in advance


    2. I just find a solution :

      – I think you need always to apply the fix descibed by Chris Gralike in this page
      – After, you need to update values in database by using phpMyAdmin request tool :

      Table « glpi_knowbaseitems », field « answer », all field with containing value « denied:data:image » must be replaced by « data:image ».

      For that, execute this request on the database :

      UPDATE glpi_knowbaseitems SET answer = REPLACE(answer, ‘denied:data:image’, ‘data:image’)

      It fixed the problem for me

  2. I have applied your fix, and it Works fine for me.

    About the Greenshot lib, I have some questions:
    – Where Have I to install it? I have installed it into my computer, I can copy a window in the clipboard, but after I have tried to make a Ctrl+V into a document of the knowledge base in glpi and it don’t see the image.
    – Have I to install the lib into the glpi server? How?

    About the print of documents. I need export the documents to PDF or print them. I have installed the PDF plugin, but it doesn’t print the images. Can you suggest me a solution?

    Eva Janakieff

    1. Hi Eva,

      Greenshot is installed on your computer. No need to install it on your glpi environment (unless you are running it locally). Greenshot allows the image to be stored in an HTML-inline compatible format in your local clipboard. This allows the clipboard content to be pasted into the webeditor.

      In the greenshot preferences>expert tab, experiment with the ‘HTML with inline images’ option. This should work just fine.

      On the print to PDF it is the plugin that doesnt support printing images. My guess would be that either:
      1. the plugin uses a pdf lib that doesnt support processing inline images;
      2. the images are not passed to the plugin for processing;
      3. processing inline images are disabled in the plugin.

      I didnt look into that (yet?).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s