GLPI_MARKETPLACE_DIR doesn't work

[0xNath]

Code of Conduct

• I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• I have searched the existing issues

Version

10.0.15 and up to date 10.0.16-dev

Bug description

When using a custom folder location for the marketplace folder, the URL returned by the server looks something like that :

http://glpi.bazaar.test/var/lib/glpi/marketplace

This issue was already reported in the issue 9074 as well as on the forums :
https://forum.glpi-project.org/viewtopic.php?id=281140

Relevant log output

No response

Page URL

No response

Steps To reproduce

1. Do a fresh installation.
2. Set the GLPI_MARKETPLACE_DIR variable in your "local_define.php" :

<?php
define('GLPI_VAR_DIR', '/var/lib/glpi/files');
define('GLPI_MARKETPLACE_DIR', '/var/lib/glpi/marketplace');

3. Install the GLPI plugin "glpiinventory", I have tried several other plugins which were all failing too.
4. Try to access a page related to the plugin, like the configuration page of the plugin.

Your GLPI setup information

Informations sur le système, l'installation et la configuration

GLPI 10.0.16-dev ( => /var/www/glpi)
Installation mode: GIT
Current language:fr_FR

Server

 

Operating system: Linux glpi 6.1.0-21-amd64 #​1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64

PHP 8.2.18 fpm-fcgi (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, bz2, calendar, cgi-fcgi, ctype, curl, date,

dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre,

pdo_mysql, posix, random, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tokenizer, xml,

xmlreader, xmlwriter, xsl, zip, zlib)

Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"

upload_max_filesize="2M" disable_functions=""

Software: nginx/1.22.1

Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

Server Software: Debian 12

Server Version: 10.11.6-MariaDB-0+deb12u1

Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Parameters: glpi@localhost/glpi

Host info: Localhost via UNIX socket

PHP version (8.2.18) is supported.

Sessions configuration is OK.

Allocated memory is sufficient.

mysqli extension is installed.

Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.

curl extension is installed.

gd extension is installed.

intl extension is installed.

zlib extension is installed.

The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.

Database engine version (10.11.6) is supported.

No files from previous GLPI version detected.

The log file has been created successfully.

Write access to /var/lib/glpi/files/_cache has been validated.

Write access to /var/lib/glpi/files/_cron has been validated.

Write access to /var/lib/glpi/files has been validated.

Write access to /var/lib/glpi/files/_dumps has been validated.

Write access to /var/lib/glpi/files/_graphs has been validated.

Write access to /var/lib/glpi/files/_lock has been validated.

Write access to /var/lib/glpi/files/_pictures has been validated.

Write access to /var/lib/glpi/files/_plugins has been validated.

Write access to /var/lib/glpi/files/_rss has been validated.

Write access to /var/lib/glpi/files/_sessions has been validated.

Write access to /var/lib/glpi/files/_tmp has been validated.

Write access to /var/lib/glpi/files/_uploads has been validated.
Web server root directory configuration seems safe.

Sessions configuration is secured.

OS and PHP are relying on 64 bits integers.

exif extension is installed.

ldap extension is installed.

openssl extension is installed.

Following extensions are installed: bz2, Phar, zip.

Zend OPcache extension is installed.

Following extensions are installed: ctype, iconv, mbstring, sodium.

Write access to /var/lib/glpi/marketplace has been validated.

Access to timezone database (mysql) is not allowed.

GLPI constants

 

GLPI_ROOT: "/var/www/glpi"

GLPI_CONFIG_DIR: "/etc/glpi/"

GLPI_VAR_DIR: "/var/lib/glpi/files"

GLPI_LOG_DIR: "/var/log/glpi"

GLPI_MARKETPLACE_DIR: "/var/lib/glpi/marketplace"

GLPI_USE_CSRF_CHECK: "1"

GLPI_CSRF_EXPIRES: "7200"

GLPI_CSRF_MAX_TOKENS: "100"

GLPI_USE_IDOR_CHECK: "1"

GLPI_IDOR_EXPIRES: "7200"

GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false

GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\/\/[^@:]+(\/.*)?$/"]

GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org"

GLPI_INSTALL_MODE: "GIT"

GLPI_NETWORK_MAIL: "glpi@teclib.com"

GLPI_NETWORK_SERVICES: "https://services.glpi-network.com"

GLPI_MARKETPLACE_ALLOW_OVERRIDE: true

GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true

GLPI_USER_AGENT_EXTRA_COMMENTS: ""

GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1"

GLPI_AJAX_DASHBOARD: "1"

GLPI_CALDAV_IMPORT_STATE: 0

GLPI_DEMO_MODE: "0"

GLPI_CENTRAL_WARNINGS: "1"

GLPI_TEXT_MAXSIZE: "4000"

GLPI_DOC_DIR: "/var/lib/glpi/files"

GLPI_CACHE_DIR: "/var/lib/glpi/files/_cache"

GLPI_CRON_DIR: "/var/lib/glpi/files/_cron"

GLPI_DUMP_DIR: "/var/lib/glpi/files/_dumps"

GLPI_GRAPH_DIR: "/var/lib/glpi/files/_graphs"

GLPI_LOCAL_I18N_DIR: "/var/lib/glpi/files/_locales"

GLPI_LOCK_DIR: "/var/lib/glpi/files/_lock"

GLPI_PICTURE_DIR: "/var/lib/glpi/files/_pictures"

GLPI_PLUGIN_DOC_DIR: "/var/lib/glpi/files/_plugins"

GLPI_RSS_DIR: "/var/lib/glpi/files/_rss"

GLPI_SESSION_DIR: "/var/lib/glpi/files/_sessions"

GLPI_TMP_DIR: "/var/lib/glpi/files/_tmp"

GLPI_UPLOAD_DIR: "/var/lib/glpi/files/_uploads"

GLPI_INVENTORY_DIR: "/var/lib/glpi/files/_inventories"

GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/"

GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/"

GLPI_I18N_DIR: "/var/www/glpi/locales"

GLPI_VERSION: "10.0.16-dev"

GLPI_SCHEMA_VERSION: "10.0.16-dev@7dbd7f198578e94ab3b1e733729ba60360a0bba7"

GLPI_MARKETPLACE_PRERELEASES: true

GLPI_MIN_PHP: "7.4.0"

GLPI_MAX_PHP: "8.4.0"

GLPI_YEAR: "2024"

Libraries

 

htmlawed/htmlawed version 1.2.14 in (/var/www/glpi/vendor/htmlawed/htmlawed)

phpmailer/phpmailer version 6.8.0 in (/var/www/glpi/vendor/phpmailer/phpmailer/src)

simplepie/simplepie version 1.5.8 in (/var/www/glpi/vendor/simplepie/simplepie/library)

tecnickcom/tcpdf version 6.7.5 in (/var/www/glpi/vendor/tecnickcom/tcpdf)

michelf/php-markdown in (/var/www/glpi/vendor/michelf/php-markdown/Michelf)

true/punycode in (/var/www/glpi/vendor/true/punycode/src)

iamcal/lib_autolink in (/var/www/glpi/vendor/iamcal/lib_autolink)

sabre/dav in (/var/www/glpi/vendor/sabre/dav/lib/DAV)

sabre/http in (/var/www/glpi/vendor/sabre/http/lib)

sabre/uri in (/var/www/glpi/vendor/sabre/uri/lib)

sabre/vobject in (/var/www/glpi/vendor/sabre/vobject/lib)

laminas/laminas-i18n in (/var/www/glpi/vendor/laminas/laminas-i18n/src)

laminas/laminas-servicemanager in (/var/www/glpi/vendor/laminas/laminas-servicemanager/src)

monolog/monolog in (/var/www/glpi/vendor/monolog/monolog/src/Monolog)

sebastian/diff in (/var/www/glpi/vendor/sebastian/diff/src)

donatj/phpuseragentparser in (/var/www/glpi/vendor/donatj/phpuseragentparser/src/UserAgent)

elvanto/litemoji in (/var/www/glpi/vendor/elvanto/litemoji/src)

symfony/console in (/var/www/glpi/vendor/symfony/console)

scssphp/scssphp in (/var/www/glpi/vendor/scssphp/scssphp/src)

laminas/laminas-mail in (/var/www/glpi/vendor/laminas/laminas-mail/src/Protocol)

laminas/laminas-mime in (/var/www/glpi/vendor/laminas/laminas-mime/src)

rlanvin/php-rrule in (/var/www/glpi/vendor/rlanvin/php-rrule/src)

ramsey/uuid in (/var/www/glpi/vendor/ramsey/uuid/src)

psr/log in (/var/www/glpi/vendor/psr/log/Psr/Log)

psr/simple-cache in (/var/www/glpi/vendor/psr/simple-cache/src)

psr/cache in (/var/www/glpi/vendor/psr/cache/src)

league/csv in (/var/www/glpi/vendor/league/csv/src)

mexitek/phpcolors in (/var/www/glpi/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)

guzzlehttp/guzzle in (/var/www/glpi/vendor/guzzlehttp/guzzle/src)

guzzlehttp/psr7 in (/var/www/glpi/vendor/guzzlehttp/psr7/src)

glpi-project/inventory_format in (/var/www/glpi/vendor/glpi-project/inventory_format/lib/php)

wapmorgan/unified-archive in (/var/www/glpi/vendor/wapmorgan/unified-archive/src)

paragonie/sodium_compat in (/var/www/glpi/vendor/paragonie/sodium_compat/src)

symfony/cache in (/var/www/glpi/vendor/symfony/cache)

html2text/html2text in (/var/www/glpi/vendor/html2text/html2text/src)

symfony/css-selector in (/var/www/glpi/vendor/symfony/css-selector)

symfony/dom-crawler in (/var/www/glpi/vendor/symfony/dom-crawler)

twig/twig in (/var/www/glpi/vendor/twig/twig/src)

twig/string-extra in (/var/www/glpi/vendor/twig/string-extra)

symfony/polyfill-ctype not found

symfony/polyfill-iconv not found

symfony/polyfill-mbstring not found

symfony/polyfill-php80 not found

symfony/polyfill-php81 not found

symfony/polyfill-php82 in (/var/www/glpi/vendor/symfony/polyfill-php82)

league/oauth2-client in (/var/www/glpi/vendor/league/oauth2-client/src/Provider)

league/oauth2-google in (/var/www/glpi/vendor/league/oauth2-google/src/Provider)

thenetworg/oauth2-azure in (/var/www/glpi/vendor/thenetworg/oauth2-azure/src/Provider)

SQL replicas

 

Not active

Notifications

 

Way of sending emails: PHP

Plugins list

 

glpiinventory        Name: GLPI Inventory                 Version: 1.3.5      State: Enabled

Install Method: Marketplace

Anything else?

I have not looked into the issue yet, so I don't know if this is a plugin issue, or a GLPI issue or both.
I'll try to look into it and propose fix for GLPI and the repo plugins if possible.

[cconard96]

I think I confirmed the issue in the generation of the "web" directory when the marketplace folder is moved outside the GLPI folder.

The relevant code:

public static function getWebDir(string $plugin_key = "", $full = true, $use_url_base = false)
    {
        /** @var array $CFG_GLPI */
        global $CFG_GLPI;

        $directory = self::getPhpDir($plugin_key, false);

        if ($directory === false) {
            return false;
        }

        $directory = ltrim($directory, '/\\');

        if ($full) {
            $root = $use_url_base ? $CFG_GLPI['url_base'] : $CFG_GLPI["root_doc"];
            $directory = "$root/$directory";
        }

        return str_replace('\\', '/', $directory);
    }

I think the best solution is to always serve marketplace plugins through the /marketplace path and proxy the requests to the actual marketplace location. So, calls to Plugin::getWebDir would always return something like http://glpi.bazaar.test/marketplace/glpiinventory while Plugin::getPhpDir returns /var/lib/glpi/marketplace/glpiinventory.

[cedric-anne]

Hi,

This is indeed a limitation.

We will be able to remove this limitation in GLPI 11.0, as the usage of the public/index.php router will be mandatory. Indeed, the router will be able to serve the plugin files, wherever they are located on the filesystem. It was not possible to do this in GLPI 10.0 as the usage of this router is still optional.

I keep this issue opened, as a reminder that we should work on it for GLPI 11.0.

[cedric-anne]

I forget to say that we will be able to remove this limitation when plgin files will no longer have to include the inc/includes.php file (will be done in #17213). Indeed, as long as this include exists, moving the files in another directory will broke this instruction, unless, maybe, if GLPI is added to the PHP include path, and that is not a common installation.