Twig content not allowed in this context! | SecurityException

[Marco]

Hi all,
I have a problem when I'm trying to approve a ticket in the Standar Portal. The problem started with the iTop3, before was working correctly. That's the error I read in the log.

2022-05-09 09:08:27 | Error | 532 | Twig content not allowed in this context! | SecurityException |||
array (
'exception class' => 'SecurityException',
'file' => '/var/www/html/env-production/itop-portal-base/portal/src/Form/ObjectFormManager.php',
'line' => 130,

Has anyone had the same problem?

BR
Marco

[Marco]

I found that this security feature was implemented since the version 2.7.6 (N°4384 Security hardening - Module parameter flag for extensions).

But i didn't understand what should I do in the datamodel to pass this new parameters "TrustContent"

BR
Marco

[Marco]

OK I found the solution, it was also written in the documentation.

'itop-portal' => array(
'enable_formmanager_content_check' => false,
),

[Pierre Goiffon]

Hello,
Sorry I'm just discovering this thread today !

Indeed, we added this security fix that is blocking some uses cases and extensions... The fix was improved recently and should be available in next 2.7.7 / 3.0.2 / 3.1.0 (Combodo ref N°4867)

In the meantime indeed if you get this message on legitimate uses, then the workaround is to set the enable_formmanager_content_check config parameter to false as you said. Wiki doc ref : https://www.itophub.io/wiki/page?id=latest:customization:portal_overview#enable_formmanager_content_check

[Benjamin DALSASS]

Fix iTop 2.7.7 will be delivered next week