Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #8871 Image added to Text field type whose format is set to HTML not displayed
    Actions
    Infos
    #8871
    Patricia Carrasco (pcar)
    2018-03-09 08:26
    2016-02-15 17:30
    8980
    Details
    Image added to Text field type whose format is set to HTML not displayed

    The default format is set to HTML. When you open the artifact the image is not displayed. If you edit the field, the image is then displayed. A user will not be aware that there is image unless the field is edited.

    Trackers
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Emilio Palmiero (empa)
    Stage
    Empty
    Closed
    2018-03-09
    Attachments
    Empty
    References
    References list is empty
    Display settings

    Follow-ups

    User avatar
    Florian Zrenner (fzr)2016-07-07 13:28
    I understand the described problems and think we'll stick to attachments then.
    Thank you very much for your feedback!
    User avatar
    Manuel Vacelet (vaceletm)2016-07-07 12:19

    There are 2 major issues there:

    • First with the modifications you did on Codendi_HTMLPurifier.class.php, it means that you are now exposed to XSS injections through artifacts comments. It's a major security flaw.
    • Second is that by copy/pasting content with images you created huge payloads in the database (hence the need to adjust column sizes). This will clutter your DB with blob data. At scale this might have a significant impact on performances and DB maintenance operations (backup, optimize, etc). Images (like any other binary format) must not be stored in DB.
    • Reported in version cleared values: 8.11
    User avatar
    Florian Zrenner (fzr)2016-06-28 13:47

    maybe this could be of any help. we adapted the code to solve the problem for our installation:

    Text field: \plugins\tracker\include\Tracker\FormElement\Tracker_FormElement_Field_Text.class.php

    using getText() instead of getValue() within fetchArtifactValueReadOnly

    public function fetchArtifactValueReadOnly(Tracker_Artifact $artifact, Tracker_Artifact_ChangesetValue $value = null) {
        //$text = $value ? $value->getValue() : '';
	/*changed trying to show image*/
	$text = $value ? $value->getText() : ''; ...

     

    Comments: /src/common/include/Codendi_HTMLPurifier.class.php

    maybe a more critical change, but for us it seems to work just fine. Function seems to be called for the comments only, by now ...

    using CODENDI_PURIFIER_DISABLED instead of CODENDI_PURIFIER_FULL within purifyHTMLWithReferences

    public function purifyHTMLWithReferences($html, $group_id) {
        $this->insertReferences($html, $group_id);
	/*changed this to allow images in comment
        return $this->purify($html, CODENDI_PURIFIER_FULL);
	*/
	return $this->purify($html, CODENDI_PURIFIER_DISABLED);
    }

    Size of Images / multiple Images ...

    using images excessively we encountered the problem, that some images were not saved / displayed correctly, and in this case the HTML layout of artifact fields sometimes was shuffled. The problem seemed to be at db level, were column type TEXT is used. Here content is cut a 64 kb for this type. So we fixed it by changing column types to MEDIUMTEXT (16 MB)

    alter table tracker_changeset_value_text modify column value mediumtext;

    alter table tracker_changeset_comment modify column body mediumtext;

    User avatar
    Florian Zrenner (fzr)2016-03-01 11:29
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Florian Zrenner (fzr)2016-03-01 11:28

    We are facing the same problem using 8.11. 

    Pasting an image while editing the textfield works fine - the image is displyed fine while editing. But if we just view an atrifact and the textfield is not in edit-mode, images are not displayed.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes