Skip to content

Commit 1cdd78d

Browse files
committed
[security] Fixed issue #14670 : update tcpdf to 6.2.25
Dev: security fix in 6.2.22
1 parent f9f561f commit 1cdd78d

File tree

10 files changed

+245
-189
lines changed

10 files changed

+245
-189
lines changed

Diff for: application/third_party/tcpdf/CHANGELOG.TXT

+14-2
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,17 @@
1-
Unreleased
2-
- fix Undesired mouseover effect on links in PDF on Chrome Pdf Viewer
1+
6.2.25
2+
- Fix support for image URLs.
3+
4+
6.2.24
5+
- Support remote urls when checking if file exists.
6+
7+
6.2.23
8+
- Simplify file_exists function.
9+
10+
6.2.22
11+
- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.
12+
13+
6.2.19
14+
- Merge various fixes for PHP 7.3 compatibility and security.
315

416
6.2.13 (2016-06-10)
517
- IMPORTANT: A new version of this library is under development at https://github.com/tecnickcom/tc-lib-pdf and as a consequence this version will not receive any additional development or support. This version should be considered obsolete, new projects should use the new version as soon it will become stable.

Diff for: application/third_party/tcpdf/LIMESURVEY-README.txt

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Not updated tcpdf 6.2.25 version. Remove examples directory.

Diff for: application/third_party/tcpdf/composer.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "tecnickcom/tcpdf",
3-
"version": "6.2.16",
3+
"version": "6.2.26",
44
"homepage": "http://www.tcpdf.org/",
55
"type": "library",
66
"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",

Diff for: application/third_party/tcpdf/include/sRGB.icc

3.78 KB
Binary file not shown.

Diff for: application/third_party/tcpdf/include/tcpdf_fonts.php

+10-6
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ class TCPDF_FONTS {
7070
* @public static
7171
*/
7272
public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $outpath='', $platid=3, $encid=1, $addcbbox=false, $link=false) {
73-
if (!file_exists($fontfile)) {
73+
if (!TCPDF_STATIC::file_exists($fontfile)) {
7474
// Could not find file
7575
return false;
7676
}
@@ -95,7 +95,7 @@ public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $
9595
$outpath = self::_getfontpath();
9696
}
9797
// check if this font already exist
98-
if (@file_exists($outpath.$font_name.'.php')) {
98+
if (@TCPDF_STATIC::file_exists($outpath.$font_name.'.php')) {
9999
// this font already exist (delete it from fonts folder to rebuild it)
100100
return $font_name;
101101
}
@@ -1543,11 +1543,11 @@ public static function _getfontpath() {
15431543
public static function getFontFullPath($file, $fontdir=false) {
15441544
$fontfile = '';
15451545
// search files on various directories
1546-
if (($fontdir !== false) AND @file_exists($fontdir.$file)) {
1546+
if (($fontdir !== false) AND @TCPDF_STATIC::file_exists($fontdir.$file)) {
15471547
$fontfile = $fontdir.$file;
1548-
} elseif (@file_exists(self::_getfontpath().$file)) {
1548+
} elseif (@TCPDF_STATIC::file_exists(self::_getfontpath().$file)) {
15491549
$fontfile = self::_getfontpath().$file;
1550-
} elseif (@file_exists($file)) {
1550+
} elseif (@TCPDF_STATIC::file_exists($file)) {
15511551
$fontfile = $file;
15521552
}
15531553
return $fontfile;
@@ -2003,7 +2003,11 @@ public static function UTF8StringToArray($str, $isunicode=true, &$currentfont) {
20032003
$chars = str_split($str);
20042004
$carr = array_map('ord', $chars);
20052005
}
2006-
$currentfont['subsetchars'] += array_fill_keys($carr, true);
2006+
if (is_array($currentfont['subsetchars']) && is_array($carr)) {
2007+
$currentfont['subsetchars'] += array_fill_keys($carr, true);
2008+
} else {
2009+
$currentfont['subsetchars'] = array_merge($currentfont['subsetchars'], $carr);
2010+
}
20072011
return $carr;
20082012
}
20092013

Diff for: application/third_party/tcpdf/include/tcpdf_images.php

+2-6
Original file line numberDiff line numberDiff line change
@@ -161,12 +161,8 @@ public static function _toJPEG($image, $quality, $tempfile) {
161161
*/
162162
public static function _parsejpeg($file) {
163163
// check if is a local file
164-
if (!@file_exists($file)) {
165-
// try to encode spaces on filename
166-
$tfile = str_replace(' ', '%20', $file);
167-
if (@file_exists($tfile)) {
168-
$file = $tfile;
169-
}
164+
if (!@TCPDF_STATIC::file_exists($file)) {
165+
return false;
170166
}
171167
$a = getimagesize($file);
172168
if (empty($a)) {

Diff for: application/third_party/tcpdf/include/tcpdf_static.php

+47-37
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
5555
* Current TCPDF version.
5656
* @private static
5757
*/
58-
private static $tcpdf_version = '6.2.16';
58+
private static $tcpdf_version = '6.2.26';
5959

6060
/**
6161
* String alias for total number of pages.
@@ -1774,39 +1774,6 @@ public static function getVectorsAngle($x1, $y1, $x2, $y2) {
17741774
return $angle;
17751775
}
17761776

1777-
1778-
1779-
1780-
1781-
1782-
1783-
1784-
1785-
1786-
1787-
1788-
1789-
1790-
1791-
1792-
1793-
// ====================================================================================================================
1794-
// REIMPLEMENTED
1795-
// ====================================================================================================================
1796-
1797-
1798-
1799-
1800-
1801-
1802-
1803-
1804-
1805-
1806-
1807-
1808-
1809-
18101777
/**
18111778
* Split string by a regular expression.
18121779
* This is a wrapper for the preg_split function to avoid the bug: https://bugs.php.net/bug.php?id=45850
@@ -1854,6 +1821,49 @@ public static function fopenLocal($filename, $mode) {
18541821
return fopen($filename, $mode);
18551822
}
18561823

1824+
/**
1825+
* Check if the URL exist.
1826+
* @param url (string) URL to check.
1827+
* @return Returns TRUE if the URL exists; FALSE otherwise.
1828+
* @public static
1829+
*/
1830+
public static function url_exists($url) {
1831+
$crs = curl_init();
1832+
curl_setopt($crs, CURLOPT_URL, $url);
1833+
curl_setopt($crs, CURLOPT_NOBODY, true);
1834+
curl_setopt($crs, CURLOPT_FAILONERROR, true);
1835+
if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) {
1836+
curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true);
1837+
}
1838+
curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5);
1839+
curl_setopt($crs, CURLOPT_TIMEOUT, 30);
1840+
curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false);
1841+
curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false);
1842+
curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file');
1843+
curl_exec($crs);
1844+
$code = curl_getinfo($crs, CURLINFO_HTTP_CODE);
1845+
curl_close($crs);
1846+
return ($code == 200);
1847+
}
1848+
1849+
/**
1850+
* Wrapper for file_exists.
1851+
* Checks whether a file or directory exists.
1852+
* Only allows some protocols and local files.
1853+
* @param filename (string) Path to the file or directory.
1854+
* @return Returns TRUE if the file or directory specified by filename exists; FALSE otherwise.
1855+
* @public static
1856+
*/
1857+
public static function file_exists($filename) {
1858+
if (preg_match('|^https?://|', $filename) == 1) {
1859+
return self::url_exists($filename);
1860+
}
1861+
if (strpos($filename, '://')) {
1862+
return false; // only support http and https wrappers for security reasons
1863+
}
1864+
return @file_exists($filename);
1865+
}
1866+
18571867
/**
18581868
* Reads entire file into a string.
18591869
* The file can be also an URL.
@@ -1914,8 +1924,10 @@ public static function fileGetContents($file) {
19141924
}
19151925
//
19161926
$alt = array_unique($alt);
1917-
//var_dump($alt);exit;//DEBUG
19181927
foreach ($alt as $path) {
1928+
if (!self::file_exists($path)) {
1929+
return false;
1930+
}
19191931
$ret = @file_get_contents($path);
19201932
if ($ret !== false) {
19211933
return $ret;
@@ -1949,8 +1961,6 @@ public static function fileGetContents($file) {
19491961
return false;
19501962
}
19511963

1952-
1953-
19541964
/**
19551965
* Get ULONG from string (Big Endian 32-bit unsigned integer).
19561966
* @param $str (string) string from where to extract value

0 commit comments

Comments
 (0)