Project

General

Profile

Anomalie #25110

Edition OnlyOffice en erreur à partir du tag 2301.0.4 : URL non valide

Added by Charles BATIONO about 1 year ago. Updated about 1 year ago.

Status:
R&D - Terminé
Priority:
0-Bloquant
Target version:
Start date:
05/25/2023
Due date:
Version applicable MC:
2301
Tags Courrier:
2301.1.1 (Correctif)

Description

En tant que utilisateur, quand j'essaie d'éditer un document (OnlyOffice, Collabora), j'ai me message d'erreur en PJ.
Anomalie reproduite sur la demo.
Non reproduite sur les tags 2301.0.3 et inférieurs.


Related issues

Related to Backlog Courrier - Anomalie #24124: CVE - Sécurité - Filtrage Paramétrage URI serveurs éditeursR&D - Terminé2023-03-082023-05-09

History

#1 Updated by Charles BATIONO about 1 year ago

  • Priority changed from 2-Sérieux to 0-Bloquant

L'anomalie est liée aux lignes de code suivantes (ligne 53-57 du fichier DocumentEditorController.php ):

if (!Validator::notEmpty()->ip()->validate($args['uri'] ?? null) && !Validator::notEmpty()->url()->validate($args['uri'] ?? null)) {
            return ['errors' => "Editor 'uri' is not a valid URL or IP address", 'lang' => 'editorHasNoValidUrlOrIp'];
        } elseif (!preg_match('/^(https?:\/\/)?([\da-z.-]+)\.([a-z.]{2,6})([\/\w .-]*)*\/?$|^(https?:\/\/)?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/', $args['uri'] ?? null)) {
            return ['errors' => "Editor 'uri' is not a valid URL or IP address format", 'lang' => 'editorHasNoValidUrlOrIp'];
        }

En commentant ces lignes, on n'a plus le message d'erreur.

#3 Updated by Emmanuel DILLARD about 1 year ago

  • Subject changed from Edition OnlyOffice KO Tag 2301.0.4 (probable sur la 2301.1.0) to Edition OnlyOffice en erreur à partir du tag 2301.0.4 : URL non valide

#4 Updated by Emmanuel DILLARD about 1 year ago

  • Status changed from A qualifier to R&D - En cours
  • Assignee changed from Emmanuel DILLARD to Nicolas LE BOZEC
  • Version applicable MC set to 2301.1

#5 Updated by Emmanuel DILLARD about 1 year ago

Lié au correctif du ticket joint

#6 Updated by Emmanuel DILLARD about 1 year ago

  • Related to Anomalie #24124: CVE - Sécurité - Filtrage Paramétrage URI serveurs éditeurs added

#7 Updated by Emmanuel DILLARD about 1 year ago

  • Version applicable MC changed from 2301.1 to 2301

#8 Updated by Emmanuel DILLARD about 1 year ago

  • Tags Courrier 2301.1.1 (Correctif) added

#9 Updated by Hamza HRAMCHI about 1 year ago

  • Assignee changed from Nicolas LE BOZEC to Hamza HRAMCHI

#11 Updated by Hamza HRAMCHI about 1 year ago

  • Status changed from R&D - En cours to R&D - En test

#12 Updated by Hamza HRAMCHI about 1 year ago

  • Status changed from R&D - En test to R&D - Terminé
  • Assignee changed from Hamza HRAMCHI to Nicolas LE BOZEC

#13 Updated by GIT LAB about 1 year ago

[CLOTURE] MR sur 2301_releases (fix/25110/2301) par Hamza HRAMCHI

https://labs.maarch.org/maarch/MaarchCourrier/-/merge_requests/1101

#15 Updated by GIT LAB about 1 year ago

[CLOTURE] MR sur 2301_releases (fix/25110/2301) par Alex ORLUC

https://labs.maarch.org/maarch/MaarchCourrier/-/merge_requests/1108

Also available in: Atom PDF