Merge "Security bug 1979575: Add the -dSAFER flag to ghostscript calls" into main

Doris Tam · Gerrit Code Review · commit 097231919369 · 2022-11-01T12:21:07.000+13:00
diff --git a/htdocs/export/pdf/lib.php b/htdocs/export/pdf/lib.php
@@ -339,7 +339,7 @@ private function pdf_view_export_data() {
                     exec('pdfunite ' . implode(' ', $collection) . ' ' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf', $output);
                 }
                 else {
-                    exec('gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' .  $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);
+                    exec('gs -dSAFER -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' .  $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);
                 }
                 // remove the page pdfs that are now in collections
                 foreach ($collection as $c) {
diff --git a/htdocs/export/pdflite/lib.php b/htdocs/export/pdflite/lib.php
@@ -323,7 +323,7 @@ private function pdf_view_export_data() {
                     exec('pdfunite ' . implode(' ', $collection) . ' ' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf', $output);
                 }
                 else {
-                    exec('gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' .  $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);
+                    exec('gs -dSAFER -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' .  $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);
                 }
                 // remove the page pdfs that are now in collections
                 foreach ($collection as $c) {

Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,7 @@ private function pdf_view_export_data() {`
`339`	`339`	`exec('pdfunite ' . implode(' ', $collection) . ' ' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf', $output);`
`340`	`340`	`}`
`341`	`341`	`else {`
`342`		`- exec('gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);`
	`342`	`+ exec('gs -dSAFER -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);`
`343`	`343`	`}`
`344`	`344`	`// remove the page pdfs that are now in collections`
`345`	`345`	`foreach ($collection as $c) {`
Original file line number	Diff line number	Diff line change
`@@ -323,7 +323,7 @@ private function pdf_view_export_data() {`
`323`	`323`	`exec('pdfunite ' . implode(' ', $collection) . ' ' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf', $output);`
`324`	`324`	`}`
`325`	`325`	`else {`
`326`		`- exec('gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);`
	`326`	`+ exec('gs -dSAFER -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=' . $pdfdirectory . '/' . $collectionid . '_' . $collectionname . '.pdf -dBATCH ' . implode(' ', $collection), $output);`
`327`	`327`	`}`
`328`	`328`	`// remove the page pdfs that are now in collections`
`329`	`329`	`foreach ($collection as $c) {`