Updating XMF and vendor/composer/library#1643
Merged
mambax7 merged 3 commits intoXOOPS:masterfrom Mar 12, 2026
Merged
Conversation
WalkthroughReplaced the xoops/base-requires25 metapackage with explicit composer.dist.json entries, added symfony/var-dumper and funding metadata, upgraded multiple vendor packages (php‑debugbar, symfony, firebase/php-jwt, TCPDF, etc.), introduced JSON var-dumper support (server + JS), added wildcard SQL filtering, and removed the WideImage test suite and related test helpers. Changes
Sequence Diagram(s)sequenceDiagram
participant App as Application (PHP)
participant DebugBar as DebugBar (server)
participant Storage as PdoStorage/DB
participant Browser as Client (JS)
rect rgba(120,120,255,0.5)
App->>DebugBar: collect messages / dumps
DebugBar->>DebugBar: DataFormatter (JsonDataFormatter or Html)
DebugBar->>Storage: store/debug entries (message_json/context_json)
DebugBar-->>Browser: render DebugBar payload (assets + dump JSON)
end
rect rgba(120,255,120,0.5)
Browser->>Browser: VarDumpRenderer renders JSON (_sd metadata)
Browser->>Browser: JsonVariableListWidget uses renderValueInto/editorLink
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested reviewers
✨ Finishing Touches🧪 Generate unit tests (beta)
|
There was a problem hiding this comment.
Pull request overview
This pull request updates several third-party libraries under htdocs/xoops_lib/vendor/ (notably Symfony VarDumper/Yaml, php-debugbar, TCPDF, firebase/php-jwt, and the Public Suffix List cache) and adjusts related assets/formatters to support updated DebugBar var-dumping behavior.
Changes:
- Update vendor packages (TCPDF 6.11.2, php-debugbar 3.5.1, firebase/php-jwt 7.0.3, Symfony components, PSL cache refresh).
- Add/adjust DebugBar variable dumping (new JSON dumper/formatter, new
vardumper.css, widget rendering changes). - Remove WideImage’s bundled test suite from the vendored package.
Reviewed changes
Copilot reviewed 3 out of 164 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| htdocs/xoops_lib/vendor/composer/platform_check.php | Raises enforced PHP minimum version to 8.4 via Composer platform check. |
| htdocs/xoops_lib/vendor/symfony/var-dumper/composer.json | Updates VarDumper to a version requiring PHP >=8.4. |
| htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets.js | Adds shared rendering/editor-link helpers; introduces a JS bug in editorLink(). |
| htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataCollector/TimeDataCollector.php | Changes merge behavior; contains a no-op bug in merged start/end update. |
| htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/VarDumper/DebugBarJsonDumper.php | Adds JSON dumper; fallback node shape appears inconsistent. |
| htdocs/xoops_lib/vendor/tecnickcom/tcpdf/** | TCPDF update and PHP 8.5 deprecation-related changes; introduces cleanup/version-guard and string/typo issues. |
| htdocs/xoops_lib/vendor/xoops/regdom/data/* | Refreshes Public Suffix List cache and metadata. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 23
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/openhandler.js (1)
105-116:⚠️ Potential issue | 🟠 MajorRestore the pagination control when a new search starts.
handleFind()hides Load more for short result sets, but this search path never shows it again. After one short search, later searches triggered from the new shortcuts stay unpageable even when more rows exist.🛠️ Proposed fix
searchBtn.addEventListener('click', function (e) { self.table.innerHTML = ''; + self.loadmorebtn.style.display = ''; const search = {}; const formData = new FormData(this.parentElement);🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/openhandler.js` around lines 105 - 116, The click handler for search (in the block with searchBtn.addEventListener) clears the table and calls self.find(self.handleFind) but does not restore pagination controls or reset paging state, so after a short result that hid "Load more" subsequent searches never re-enable it; fix by resetting the pagination state and re-showing the load-more control before calling self.find — e.g. reset any offset/cursor (like self.offset or self.currentPage) to 0 and call the method or toggle the element that shows the "Load more" control (e.g. self.loadMoreBtn or self.showLoadMore()) so handleFind can manage visibility correctly when new results arrive.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@htdocs/xoops_lib/README.md`:
- Around line 5-6: The blockquote under the "## Security Notice:" heading in
README.md is missing a blank quoted line which triggers markdownlint MD022; edit
the quoted block so that immediately after the "## Security Notice:" line you
add a blank quoted line (i.e., a line containing just ">") to create the
required blank line inside the quote block and satisfy the linter.
In `@htdocs/xoops_lib/vendor/composer/installed.json`:
- Around line 1173-1199: The composer lock/install shows symfony/var-dumper
v8.0.6 requiring "php": ">=8.4" which conflicts with the project's
composer.dist.json declaring "php": "^8.2" and the platform check in
vendor/composer/platform_check.php; fix by either pinning symfony/var-dumper to
a 7.x release that supports PHP 8.2 (update composer.json require to
"symfony/var-dumper": "^7.0" and run composer update to regenerate
installed.json) or by raising the project's declared PHP floor to "^8.4" in
composer.dist.json (and regenerate composer.lock/installed.json), then verify
vendor/composer/platform_check.php is consistent with the new floor.
In `@htdocs/xoops_lib/vendor/composer/installed.php`:
- Around line 4-6: The project root package xoopscore25/libraries is set to the
unstable alias "dev-master" (seen as 'pretty_version' => 'dev-master' /
'version' => 'dev-master'); replace this with a stable tagged release or pin to
a specific commit/release in composer.json and regenerate composer.lock so
deployments use a reproducible version (e.g., change the package requirement
away from dev-master to a semver tag or exact commit reference and run composer
update to lock it), and ensure the repository creates and documents tagged
releases for future production deployments.
In `@htdocs/xoops_lib/vendor/composer/platform_check.php`:
- Around line 7-8: The platform version check in platform_check.php currently
enforces PHP_VERSION_ID >= 80400; revert this to enforce PHP 8.2 minimum by
changing the numeric constant from 80400 to 80200 and update the error string
from ">= 8.4.0" to ">= 8.2.0"; also ensure any CI/docs/metadata (project docs,
.github/copilot-instructions.md, changelog) that were updated for 8.4 are
restored to reflect PHP 8.2–8.5 compatibility if this was unintentional.
In `@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/openhandler.js`:
- Around line 61-63: Reset the search form before applying the shortcut filters:
in the click handlers (e.g. this.showonlycurrentbtn,
this.showonlycurrentmethodbtn, this.showonlycurrentipbtn) call the form reset
(e.g. self.form.reset() or the appropriate search form element) first, then set
the single field (self.uriInput / self.methodInput / self.ipInput) and finally
trigger the search with self.searchBtn.click(); this ensures previous
method/ip/uri values are cleared before submitting the shortcut search.
In `@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/vardumper.css`:
- Line 1: The vendor CSS contains linter-flagged issues: in the dark-theme block
for the selector ".phpdebugbar[data-theme='dark'] pre.sf-dump" the shorthand
"font" appears after "line-height" (overriding it), deprecated "word-wrap" is
used, and the vendor prefix "-webkit-sticky" is unnecessary; do not modify
vendor upstream unless absolutely necessary—open an upstream issue with these
findings referencing the selectors and the exact properties, and if a local fix
is required, adjust the CSS by moving the "font" shorthand before "line-height"
(or expand it to explicit font-family/font-size declarations so line-height
isn’t overridden), replace "word-wrap" with "overflow-wrap", and remove the
"-webkit-sticky" fallback from ".phpdebugbar pre.sf-dump .sf-dump-search-wrapper
{ position: -webkit-sticky; position: sticky; }" (or keep only "position:
sticky") to preserve behavior while satisfying linters.
In `@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets.js`:
- Around line 62-85: The editorLink widget references an undefined identifier
"stmt" (stmt.xdebug_link.url) inside PhpDebugBar.Widgets.editorLink; change that
reference to use the incoming parameter "value" (i.e., use
value.xdebug_link.url) so the AJAX fetch uses the correct object, and while here
fix the setAttribute call to check value.ajax (not link.ajax) when choosing
'title' vs 'href' to ensure attributes are set correctly.
In
`@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/HasDataFormatter.php`:
- Around line 32-39: Add an explicit PHPDoc block above the new public method
isJsonVarDumperUsed() in the HasDataFormatter trait: include a short one-line
description, an `@return` bool tag, and (per project policy for new public
methods) an `@throws` void tag (no `@param` needed since there are no parameters);
keep the implementation unchanged (it still uses getDataFormatter() and
JsonDataFormatter for the runtime check).
In
`@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/HasXdebugLinks.php`:
- Around line 73-74: The PHPDoc for getXdebugLink() declares the returned array
shape but was not updated to include the new "path" key; update the docblock
above getXdebugLink() to add "path" (string|null) to the declared return array
shape alongside url, ajax, filename, and line so static analyzers and callers
see the extended contract; ensure the PHPDoc matches the actual returned
structure in HasXdebugLinks::getXdebugLink().
In
`@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/HtmlDataFormatter.php`:
- Around line 153-160: getAssets() is currently returning only the static
'vardumper.css' and the JS from DebugBarHtmlDumper, omitting the runtime CSS
generated by the dumper (mergeDumperOptions() / dark-theme overrides). Update
the branch that handles DebugBarHtmlDumper in HtmlDataFormatter (where
$dumper->resetDumpHeader() and $dumper->getDumpJs() are used) to also include
the dumper-generated styles by calling the dumper method that returns the
header/styles (e.g. getDumpHeaderByDebugBar() or equivalent) and emit that CSS
as a 'styles' (or 'css' entry carrying the runtime CSS) alongside the existing
assets so customized dumps retain their dynamic styling.
In
`@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/JsonDataFormatter.php`:
- Around line 63-68: Add a single blank line before the docblock that begins
"Check if a value can be represented as plain JSON..." in the JsonDataFormatter
class (JsonDataFormatter.php) so the docblock is visually separated per PSR-12;
locate the docblock immediately above the method that inspects values (the
method in JsonDataFormatter responsible for deciding plain JSON vs Symfony dump)
and insert one empty line before /** to satisfy formatting.
In
`@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/Storage/PdoStorage.php`:
- Around line 179-195: In globToSql() the provided escape character isn’t
escaped before escaping SQL wildcards, so literal backslashes in the input
become misinterpreted; update globToSql to first double-escape the escapeChar
(escapeChar => escapeChar . escapeChar), then escape SQL wildcards ($sqlMulti
and $sqlSingle) using that doubled escapeChar, and finally replace glob
wildcards ($globMulti and $globSingle) with SQL wildcards ($sqlMulti and
$sqlSingle) so the sequence is: self-escape escapeChar, escape SQL wildcards,
then translate glob wildcards.
In `@htdocs/xoops_lib/vendor/symfony/var-dumper/composer.json`:
- Around line 19-20: Root manifest PHP constraint conflicts with vendored
symfony/var-dumper which requires "php": ">=8.4"; update either the vendored
package or the root manifest: either change the vendored dependency to a
VarDumper release that supports PHP ^8.2 (replace the symfony/var-dumper version
in htdocs/xoops_lib/vendor/symfony/var-dumper/composer.json with a compatible
tag) or raise the root PHP floor in htdocs/xoops_lib/composer.dist.json to
">=8.4" (and update any docs/README accordingly) so both manifests agree on the
PHP minimum.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/config/tcpdf_config.php`:
- Line 11: Replace the malformed copyright year range string "2004-2014 2026" in
the tcpdf_config.php header with a continuous range "2004-2026"; locate the
exact line containing that string and update it to the corrected format so the
header reads "Copyright (C) 2004-2026 Nicola Asuni - Tecnick.com LTD".
- Line 117: The PDF_HEADER_STRING constant contains a mistaken "by2026 Nicola
Asuni" token; update the define for PDF_HEADER_STRING to the intended
attribution text by removing the erroneous "2026" so it reads the correct author
string (e.g., "by Nicola Asuni - Tecnick.com\nwww.tcpdf.org") in the
define('PDF_HEADER_STRING', ...) declaration.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/barcodes/datamatrix.php`:
- Line 10: Update the malformed copyright header in datamatrix.php: locate the
header comment containing "2010-2014 2026" and replace it with a single valid
year or range (for example "2010-2026") or the exact upstream wording so the
copyright span is correctly formatted.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/barcodes/pdf417.php`:
- Line 10: Update the malformed copyright year in the header of pdf417.php:
replace the incorrect "2010-2013 2026" token with a correctly formatted range or
list (e.g., "2010-2026" or "2010-2013, 2026") in the file
include/barcodes/pdf417.php so the header reflects the intended copyright span;
note this is a vendor file and ideally the same correction should be applied
upstream in the TCPDF project.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_colors.php`:
- Line 10: Update the malformed copyright year in the vendor header: replace the
incorrect "2002-2013 2026" sequence with a properly formatted range "2002-2026"
in the header comment of tcpdf_colors.php (same fix needed as in pdf417.php);
since this is a vendor file, prefer submitting the correction upstream or ensure
the local copy uses the corrected single-line range.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php`:
- Line 1387: The write to the head table uses the wrong byte offsets and
overwrites fontRevision instead of checkSumAdjustment; in the line that builds
$font (using $table['head']['offset'] and $offset) replace the current +4/+8
slice bounds with +8/+12 so the pack('N', $checkSumAdjustment) is written into
bytes 8–11 of the head table (matching the earlier zeroing at line 1325) —
adjust the substr boundaries around $table['head']['offset'] + $offset
accordingly to target checkSumAdjustment rather than fontRevision.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_images.php`:
- Line 277: Several inline error comments in tcpdf_images.php contain the
misspelled phrase "Unknownn compression method"; update each occurrence of the
string "Unknownn compression method" to "Unknown compression method" so the
error/comment text is correct (search for the exact malformed phrase in
tcpdf_images.php to find all instances, e.g., the occurrences near the code that
handles image compression/error reporting).
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/README.md`:
- Line 83: Restore the Markdown list formatting in the README by adding a space
after the leading asterisk on the line containing "*2026 Nicola Asuni
<info@tecnick.com>" so it becomes a proper list item; locate the line in
README.md (the metadata entry with "2026 Nicola Asuni") and insert a single
space between the asterisk and "2026" to match the surrounding bullets.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf_autoconfig.php`:
- Line 157: The PDF header constant PDF_HEADER_STRING contains a merge-artifact
typo ("by2026 Nicola Asuni - Tecnick.com\nwww.tcpdf.org"); update the value of
PDF_HEADER_STRING to the correct string "by Nicola Asuni -
Tecnick.com\nwww.tcpdf.org" so it matches the intended header text (same fix as
applied to tcpdf_config.php).
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf.php`:
- Around line 7435-7446: The current catch block in tcpdf.php uses catch
(Exception $e) which misses PHP 8+ GD errors (TypeError/ValueError); update the
exception handler to catch all throwables by changing the catch to catch
(\Throwable $e) in the same try/catch that handles image parsing (the block that
sets $parsed = true and refers to $imgalpha, $imgplain, $tempfile_plain) so the
fallback logic still runs for GD errors; preserve the existing variable name $e
and existing error handling/logging within that catch.
---
Outside diff comments:
In `@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/openhandler.js`:
- Around line 105-116: The click handler for search (in the block with
searchBtn.addEventListener) clears the table and calls
self.find(self.handleFind) but does not restore pagination controls or reset
paging state, so after a short result that hid "Load more" subsequent searches
never re-enable it; fix by resetting the pagination state and re-showing the
load-more control before calling self.find — e.g. reset any offset/cursor (like
self.offset or self.currentPage) to 0 and call the method or toggle the element
that shows the "Load more" control (e.g. self.loadMoreBtn or
self.showLoadMore()) so handleFind can manage visibility correctly when new
results arrive.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 0b947523-a0fa-41b2-bd41-dca823cbfe1d
⛔ Files ignored due to path filters (28)
htdocs/xoops_lib/composer.dist.lockis excluded by!**/*.lockhtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/dist/debugbar.min.cssis excluded by!**/dist/**htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/dist/debugbar.min.jsis excluded by!**/dist/**,!**/*.min.jshtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-blue-alpha.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-color-hole.gifis excluded by!**/*.gifhtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-color-hole.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-rainbow.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-red-spot-half-cut.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-red-spot.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-red-transparent.gifis excluded by!**/*.gifhtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-rgbyg.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x100-square-overlay.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/100x50-rgbt.gifis excluded by!**/*.gifhtdocs/xoops_lib/vendor/smottt/wideimage/test/images/75x25-gray.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/actually-a-png.jpgis excluded by!**/*.jpghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/bmp/favicon.icois excluded by!**/*.icohtdocs/xoops_lib/vendor/smottt/wideimage/test/images/bmp/rainbow-16b-x.bmpis excluded by!**/*.bmphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/bmp/rainbow-16b.bmpis excluded by!**/*.bmphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/bmp/rainbow-24b.bmpis excluded by!**/*.bmphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/bmp/rainbow-32b.bmpis excluded by!**/*.bmphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/bmp/rainbow-palette-rle.bmpis excluded by!**/*.bmphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/empty.tgais excluded by!**/*.tgahtdocs/xoops_lib/vendor/smottt/wideimage/test/images/fakeimage.pngis excluded by!**/*.pnghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/fgnl-bmp.jpgis excluded by!**/*.jpghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/fgnl.bmpis excluded by!**/*.bmphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/fgnl.jpgis excluded by!**/*.jpghtdocs/xoops_lib/vendor/smottt/wideimage/test/images/logo.gifis excluded by!**/*.gifhtdocs/xoops_lib/vendor/smottt/wideimage/test/images/splat.tgais excluded by!**/*.tga
📒 Files selected for processing (136)
docs/changelog.250.txthtdocs/xoops_lib/README.mdhtdocs/xoops_lib/composer.dist.jsonhtdocs/xoops_lib/vendor/composer/autoload_classmap.phphtdocs/xoops_lib/vendor/composer/autoload_static.phphtdocs/xoops_lib/vendor/composer/installed.jsonhtdocs/xoops_lib/vendor/composer/installed.phphtdocs/xoops_lib/vendor/composer/platform_check.phphtdocs/xoops_lib/vendor/firebase/php-jwt/CHANGELOG.mdhtdocs/xoops_lib/vendor/firebase/php-jwt/src/JWT.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/openhandler.jshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/vardumper.csshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/vardumper.jshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets.csshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets.jshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets/http/widget.jshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets/sqlqueries/widget.jshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/widgets/templates/widget.jshtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataCollector/ConfigCollector.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataCollector/HidesMaskedValues.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataCollector/MessagesCollector.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataCollector/RequestDataCollector.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataCollector/TimeDataCollector.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/DataFormatter.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/DataFormatterInterface.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/HasDataFormatter.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/HasXdebugLinks.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/HtmlDataFormatter.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/JsonDataFormatter.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/QueryFormatter.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/VarDumper/DebugBarHtmlDumper.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/DataFormatter/VarDumper/DebugBarJsonDumper.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/JavascriptRenderer.phphtdocs/xoops_lib/vendor/php-debugbar/php-debugbar/src/Storage/PdoStorage.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/CanvasTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/CoordinateTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/ImageTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/BMPTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/FOO.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/FOO2.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/GD2Test.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/GDTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/GIFTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/JPEGTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/PNGTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/TGATest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/MapperFactoryTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ApplyConvolutionTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ApplyFilterTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ApplyMaskTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/AsGrayscaleTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/AsNegativeTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/AutoCrop.test.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/CorrectGammaTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/CropTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/CustomOp.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/FlipTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/GetChannelsTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/GetMaskTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/MergeTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/MirrorTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/MyOperation.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ResizeCanvasTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ResizeTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/RotateTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/RoundCornersTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/UnsharpTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/OperationFactoryTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/PaletteImageTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/TrueColorImageTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/WideImageTest.phphtdocs/xoops_lib/vendor/smottt/wideimage/test/images/image-actually-foo.foo2htdocs/xoops_lib/vendor/smottt/wideimage/test/images/image.foohtdocs/xoops_lib/vendor/smottt/wideimage/test/run.bathtdocs/xoops_lib/vendor/smottt/wideimage/test/run.shhtdocs/xoops_lib/vendor/smottt/wideimage/test/test-init.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/AddressInfoCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/AmqpCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/Caster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/DOMCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/DateCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/DoctrineCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/ExceptionCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/GmpCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/ImagineCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/IntlCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/MemcachedCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/PdoCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/PgSqlCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/ProxyManagerCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/RdKafkaCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/RedisCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/ReflectionCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/ResourceCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/SocketCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/SplCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/StubCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/SymfonyCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/UuidCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/XmlReaderCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Caster/XmlResourceCaster.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Cloner/AbstractCloner.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Dumper/DataDumperInterface.phphtdocs/xoops_lib/vendor/symfony/var-dumper/Resources/bin/var-dump-serverhtdocs/xoops_lib/vendor/symfony/var-dumper/Test/VarDumperTestTrait.phphtdocs/xoops_lib/vendor/symfony/var-dumper/composer.jsonhtdocs/xoops_lib/vendor/symfony/yaml/Inline.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/CHANGELOG.TXThtdocs/xoops_lib/vendor/tecnickcom/tcpdf/LICENSE.TXThtdocs/xoops_lib/vendor/tecnickcom/tcpdf/README.mdhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/VERSIONhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/composer.jsonhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/config/tcpdf_config.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/ae_fonts_2.0/READMEhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/freefont-20100919/COPYINGhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/freefont-20100919/CREDITShtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/freefont-20120503/COPYINGhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/freefont-20120503/CREDITShtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/freefont-20120503/READMEhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/fonts/freefont-20120503/TROUBLESHOOTINGhtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/barcodes/datamatrix.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/barcodes/pdf417.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/barcodes/qrcode.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_colors.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_filters.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_font_data.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_images.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_static.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf_autoconfig.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf_barcodes_1d.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf_barcodes_2d.phphtdocs/xoops_lib/vendor/tecnickcom/tcpdf/tools/tcpdf_addfont.phphtdocs/xoops_lib/vendor/xoops/regdom/data/psl.cache.phphtdocs/xoops_lib/vendor/xoops/regdom/data/psl.meta.json
💤 Files with no reviewable changes (43)
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/OperationFactoryTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/PNGTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ResizeCanvasTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/MirrorTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/CanvasTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/GDTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/BMPTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/MergeTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/MapperFactoryTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/RotateTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/run.bat
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/CorrectGammaTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/UnsharpTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/CustomOp.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/images/image-actually-foo.foo2
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/CoordinateTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/JPEGTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/FlipTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/MyOperation.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/GIFTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/TrueColorImageTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/run.sh
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/TGATest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/images/image.foo
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ApplyConvolutionTest.php
- htdocs/xoops_lib/vendor/symfony/var-dumper/Cloner/AbstractCloner.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/GetChannelsTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/FOO2.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/ImageTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ResizeTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/GetMaskTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/RoundCornersTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/test-init.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ApplyMaskTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/ApplyFilterTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/WideImageTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/AsGrayscaleTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/GD2Test.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/PaletteImageTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/AutoCrop.test.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/CropTest.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Mapper/FOO.php
- htdocs/xoops_lib/vendor/smottt/wideimage/test/WideImage/Operation/AsNegativeTest.php
Comment on lines
+5
to
6
| > ## Security Notice: | ||
| > For production deployments, move this folder outside the document root. The included `.htaccess` and `index.php` block direct web access, but placing it outside the web root is the strongest protection. |
There was a problem hiding this comment.
Add the missing blank quoted line after the heading.
markdownlint MD022 will keep flagging this blockquote heading until the line below it is blank inside the quote block.
📝 Proposed fix
> ## Security Notice:
+>
> For production deployments, move this folder outside the document root. The included `.htaccess` and `index.php` block direct web access, but placing it outside the web root is the strongest protection.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| > ## Security Notice: | |
| > For production deployments, move this folder outside the document root. The included `.htaccess` and `index.php` block direct web access, but placing it outside the web root is the strongest protection. | |
| > ## Security Notice: | |
| > | |
| > For production deployments, move this folder outside the document root. The included `.htaccess` and `index.php` block direct web access, but placing it outside the web root is the strongest protection. |
🧰 Tools
🪛 markdownlint-cli2 (0.21.0)
[warning] 5-5: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below
(MD022, blanks-around-headings)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/README.md` around lines 5 - 6, The blockquote under the "##
Security Notice:" heading in README.md is missing a blank quoted line which
triggers markdownlint MD022; edit the quoted block so that immediately after the
"## Security Notice:" line you add a blank quoted line (i.e., a line containing
just ">") to create the required blank line inside the quote block and satisfy
the linter.
Comment on lines
+4
to
+6
| 'pretty_version' => 'dev-master', | ||
| 'version' => 'dev-master', | ||
| 'reference' => '68a66063fcbb05c47da34c69a8d193b1e5280081', |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Note: Root package switched to dev-master.
The root package xoopscore25/libraries changed from versioned release to dev-master. This is typical during active development but ensure tagged releases are created before production deployments for reproducible builds.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/composer/installed.php` around lines 4 - 6, The
project root package xoopscore25/libraries is set to the unstable alias
"dev-master" (seen as 'pretty_version' => 'dev-master' / 'version' =>
'dev-master'); replace this with a stable tagged release or pin to a specific
commit/release in composer.json and regenerate composer.lock so deployments use
a reproducible version (e.g., change the package requirement away from
dev-master to a semver tag or exact commit reference and run composer update to
lock it), and ensure the repository creates and documents tagged releases for
future production deployments.
Comment on lines
61
to
+63
| this.showonlycurrentbtn.addEventListener('click', () => { | ||
| self.table.innerHTML = ''; | ||
| self.find({ uri: window.location.pathname }, 0, self.handleFind.bind(self)); | ||
| self.uriInput.value = window.location.pathname; | ||
| self.searchBtn.click(); |
There was a problem hiding this comment.
Reset the search form before applying shortcut filters.
These handlers now submit the entire form, so any previously selected method/ip/uri is carried into the next shortcut search. For example, after filtering by IP, clicking Show only current URL still sends the old IP filter and can return the wrong result set or none at all. Reset the form first, then populate the single shortcut field.
🛠️ Proposed fix
this.showonlycurrentbtn.addEventListener('click', () => {
+ self.searchForm.reset();
self.uriInput.value = window.location.pathname;
self.searchBtn.click();
});
...
const form = document.createElement('form');
+ this.searchForm = form;
...
ipLink.addEventListener('click', (e) => {
+ self.searchForm.reset();
self.ipInput.value = meta.ip;
self.searchBtn.click();
e.preventDefault();
});
...
searchLink.addEventListener('click', (e) => {
+ self.searchForm.reset();
self.uriInput.value = meta.uri;
self.searchBtn.click();
e.preventDefault();
});Also applies to: 123-143, 181-190
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/php-debugbar/php-debugbar/resources/openhandler.js`
around lines 61 - 63, Reset the search form before applying the shortcut
filters: in the click handlers (e.g. this.showonlycurrentbtn,
this.showonlycurrentmethodbtn, this.showonlycurrentipbtn) call the form reset
(e.g. self.form.reset() or the appropriate search form element) first, then set
the single field (self.uriInput / self.methodInput / self.ipInput) and finally
trigger the search with self.searchBtn.click(); this ensures previous
method/ip/uri values are cleared before submitting the shortcut search.
| // set checkSumAdjustment on head table | ||
| $checkSumAdjustment = 0xB1B0AFBA - self::_getTTFtableChecksum($font, strlen($font)); | ||
| $font = substr($font, 0, $table['head']['offset'] + $offset + 8).pack('N', $checkSumAdjustment).substr($font, $table['head']['offset'] + $offset + 12); | ||
| $font = substr($font, 0, $table['head']['offset'] + $offset + 4).pack('N', $checkSumAdjustment).substr($font, $table['head']['offset'] + $offset + 8); |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
sed -n '1323,1326p;1385,1388p' htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.phpRepository: XOOPS/XoopsCore25
Length of output: 542
Correct the offset mismatch when writing the checkSumAdjustment field in the head table.
Line 1387 writes 4 bytes to offset + 4 through + 8, which targets the fontRevision field instead of checkSumAdjustment. The preceding zeroing step at line 1325 correctly clears checkSumAdjustment at bytes 8–11. This offset mismatch corrupts the generated font subset by overwriting the revision field while leaving the checksum adjustment zeroed.
Fix
- $font = substr($font, 0, $table['head']['offset'] + $offset + 4).pack('N', $checkSumAdjustment).substr($font, $table['head']['offset'] + $offset + 8);
+ $font = substr($font, 0, $table['head']['offset'] + $offset + 8).pack('N', $checkSumAdjustment).substr($font, $table['head']['offset'] + $offset + 12);📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| $font = substr($font, 0, $table['head']['offset'] + $offset + 4).pack('N', $checkSumAdjustment).substr($font, $table['head']['offset'] + $offset + 8); | |
| $font = substr($font, 0, $table['head']['offset'] + $offset + 8).pack('N', $checkSumAdjustment).substr($font, $table['head']['offset'] + $offset + 12); |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php` at line
1387, The write to the head table uses the wrong byte offsets and overwrites
fontRevision instead of checkSumAdjustment; in the line that builds $font (using
$table['head']['offset'] and $offset) replace the current +4/+8 slice bounds
with +8/+12 so the pack('N', $checkSumAdjustment) is written into bytes 8–11 of
the head table (matching the earlier zeroing at line 1325) — adjust the substr
boundaries around $table['head']['offset'] + $offset accordingly to target
checkSumAdjustment rather than fontRevision.
| } | ||
| if (ord(fread($f, 1)) != 0) { | ||
| // Unknown compression method | ||
| // Unknownn compression method |
There was a problem hiding this comment.
Typos introduced in error comments: "Unknownn".
Multiple error message comments have been corrupted with a double 'n': Unknownn instead of Unknown. This appears to be a merge/update artifact.
Suggested fixes
- // Unknownn compression method
+ // Unknown compression method- // Unknownn filter method
+ // Unknown filter methodLine 334:
- // Unknownn filter method
+ // Unknown filter methodAlso applies to: 282-282, 334-334
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/include/tcpdf_images.php` at line
277, Several inline error comments in tcpdf_images.php contain the misspelled
phrase "Unknownn compression method"; update each occurrence of the string
"Unknownn compression method" to "Unknown compression method" so the
error/comment text is correct (search for the exact malformed phrase in
tcpdf_images.php to find all instances, e.g., the occurrences near the code that
handles image compression/error reporting).
| ## Developer(s) Contact | ||
|
|
||
| * Nicola Asuni <info@tecnick.com> | ||
| *2026 Nicola Asuni <info@tecnick.com> |
There was a problem hiding this comment.
Restore the Markdown bullet formatting.
*2026 Nicola Asuni... is missing the space after *, so it no longer renders as a list item like the surrounding metadata block.
📝 Proposed fix
-*2026 Nicola Asuni <info@tecnick.com>
+* 2026 Nicola Asuni <info@tecnick.com>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| *2026 Nicola Asuni <info@tecnick.com> | |
| * 2026 Nicola Asuni <info@tecnick.com> |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/README.md` at line 83, Restore the
Markdown list formatting in the README by adding a space after the leading
asterisk on the line containing "*2026 Nicola Asuni <info@tecnick.com>" so it
becomes a proper list item; locate the line in README.md (the metadata entry
with "2026 Nicola Asuni") and insert a single space between the asterisk and
"2026" to match the surrounding bullets.
|
|
||
| if (!defined('PDF_HEADER_STRING')) { | ||
| define ('PDF_HEADER_STRING', "by Nicola Asuni - Tecnick.com\nwww.tcpdf.org"); | ||
| define ('PDF_HEADER_STRING', "by2026 Nicola Asuni - Tecnick.com\nwww.tcpdf.org"); |
There was a problem hiding this comment.
Same "by2026" typo in PDF_HEADER_STRING.
Identical merge artifact as in tcpdf_config.php. The string should read "by Nicola Asuni".
Suggested fix
- define ('PDF_HEADER_STRING', "by2026 Nicola Asuni - Tecnick.com\nwww.tcpdf.org");
+ define ('PDF_HEADER_STRING', "by Nicola Asuni - Tecnick.com\nwww.tcpdf.org");📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| define ('PDF_HEADER_STRING', "by2026 Nicola Asuni - Tecnick.com\nwww.tcpdf.org"); | |
| define ('PDF_HEADER_STRING', "by Nicola Asuni - Tecnick.com\nwww.tcpdf.org"); |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf_autoconfig.php` at line 157,
The PDF header constant PDF_HEADER_STRING contains a merge-artifact typo
("by2026 Nicola Asuni - Tecnick.com\nwww.tcpdf.org"); update the value of
PDF_HEADER_STRING to the correct string "by Nicola Asuni -
Tecnick.com\nwww.tcpdf.org" so it matches the intended header text (same fix as
applied to tcpdf_config.php).
Comment on lines
+7435
to
7446
| if (PHP_VERSION_ID < 80000) { | ||
| imagedestroy($imgalpha); | ||
| } | ||
| // extract image without alpha channel | ||
| $imgplain = imagecreatetruecolor($wpx, $hpx); | ||
| imagecopy($imgplain, $img, 0, 0, 0, 0, $wpx, $hpx); | ||
| imagepng($imgplain, $tempfile_plain); | ||
| imagedestroy($imgplain); | ||
| if (PHP_VERSION_ID < 80000) { | ||
| imagedestroy($imgplain); | ||
| } | ||
| $parsed = true; | ||
| } catch (Exception $e) { |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
In PHP 8.2-8.5, can GD functions such as imagepng(), imagecopy(), and imagecreatetruecolor() throw \TypeError or \ValueError that are not caught by catch (\Exception)?
💡 Result:
Yes.
\TypeErrorand\ValueErrorare not\Exceptions (they both extend\Error), socatch (\Exception $e)will not catch them. Catch\Throwable(or\Error) instead. [1] [2] [3]- GD functions can trigger these in PHP 8.x when argument types/values are invalid. For example,
imagepng()throws\ValueError(PHP 8.4+) if the$qualityargument is invalid. [4]
And functions with typed signatures likeimagecopy(GdImage ... , int ...)can throw\TypeErrorif you pass the wrong types. [5] [2]
Practical fix:
try {
imagepng($im, null, 999); // e.g. ValueError in PHP 8.4+
} catch (\Throwable $e) {
// catches Exception + Error (TypeError/ValueError)
}Sources:
[1] https://www.php.net/manual/en/class.typeerror.php
[2] https://www.php.net/manual/en/language.exceptions.php
[3] https://www.php.net/manual/en/class.valueerror.php
[4] https://www.php.net/manual/en/function.imagepng.php
[5] https://www.php.net/manual/en/function.imagecopy.php
Change catch (Exception $e) to catch (\Throwable $e) to handle PHP 8.x GD errors.
On PHP 8.x, GD functions throw \TypeError and \ValueError for invalid arguments or types—these extend \Error, not \Exception, so catch (Exception $e) misses them. This breaks the fallback gracefully here and risks aborting PDF generation on malformed images.
Proposed fix
- } catch (Exception $e) {
+ } catch (\Throwable $e) {
// GD fails🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@htdocs/xoops_lib/vendor/tecnickcom/tcpdf/tcpdf.php` around lines 7435 - 7446,
The current catch block in tcpdf.php uses catch (Exception $e) which misses PHP
8+ GD errors (TypeError/ValueError); update the exception handler to catch all
throwables by changing the catch to catch (\Throwable $e) in the same try/catch
that handles image parsing (the block that sets $parsed = true and refers to
$imgalpha, $imgplain, $tempfile_plain) so the fallback logic still runs for GD
errors; preserve the existing variable name $e and existing error
handling/logging within that catch.
var-dumper v8.0 requires PHP >=8.4, breaking XOOPS on PHP 8.2/8.3. Pin symfony/var-dumper to ^7.2 in composer.dist.json and re-run composer update to downgrade to v7.4.6 (requires PHP >=8.2). This restores the platform_check.php minimum to PHP 8.2.0.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@htdocs/xoops_lib/vendor/composer/installed.json`:
- Around line 1644-1645: The lock indicates dev dependencies were included
("dev": true and "dev-package-names"), so regenerate the lock/install artifacts
for production by running Composer without dev packages (e.g., run composer
install --no-dev or composer update --no-dev in your build/release workflow),
commit the updated lock/installed.json so "dev" becomes false, and ensure
CI/CD/build scripts invoke composer install --no-dev going forward.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 4919965c-aec5-47f4-94e1-54d20a457e20
⛔ Files ignored due to path filters (1)
htdocs/xoops_lib/composer.dist.lockis excluded by!**/*.lock
📒 Files selected for processing (3)
htdocs/xoops_lib/composer.dist.jsonhtdocs/xoops_lib/vendor/composer/installed.jsonhtdocs/xoops_lib/vendor/composer/installed.php
Re-ran composer install --no-dev --optimize-autoloader to flip the dev flag to false in installed.json and installed.php.
|
There was a problem hiding this comment.
♻️ Duplicate comments (1)
htdocs/xoops_lib/vendor/composer/installed.php (1)
4-6:⚠️ Potential issue | 🟡 MinorVerify the root package is intentionally still
dev-master.
installed.phpis generated, but these entries show the build metadata still resolvesxoopscore25/librariesto a branch alias rather than a release version. If this PR is meant to produce release-ready artifacts, the fix belongs in the Composer manifest/lock, then regenerate the vendor metadata.#!/bin/bash set -euo pipefail mapfile -t files < <(fd -HI 'composer(\.dist)?\.json$|composer\.lock$') if [ "${`#files`[@]}" -eq 0 ]; then echo "No composer manifests or lockfile found." exit 1 fi printf 'Inspecting:\n' printf ' %s\n' "${files[@]}" echo echo "== root package / branch alias references ==" rg -n -C2 '"name"\s*:\s*"xoopscore25/libraries"|"version"\s*:\s*"dev-master"|branch-alias|dev-master' "${files[@]}"Expected result: if this is a release-oriented change, the authoritative Composer files should show an intentional pinned version/commit strategy rather than an unresolved
dev-masterroot package.Also applies to: 236-238
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@htdocs/xoops_lib/vendor/composer/installed.php` around lines 4 - 6, The vendor metadata shows the root package still resolving to dev-master (see 'pretty_version'/'version' => 'dev-master' and the reference entry for xoopscore25/libraries), so update the Composer manifest/lock to pin a released version or remove the branch-alias pointing to dev-master for xoopscore25/libraries, commit the corrected composer.json/composer.lock, then regenerate vendor metadata by running composer install/update to produce a non-dev installed.php; verify the change by searching for "dev-master", "branch-alias" and xoopscore25/libraries in the composer files.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@htdocs/xoops_lib/vendor/composer/installed.php`:
- Around line 4-6: The vendor metadata shows the root package still resolving to
dev-master (see 'pretty_version'/'version' => 'dev-master' and the reference
entry for xoopscore25/libraries), so update the Composer manifest/lock to pin a
released version or remove the branch-alias pointing to dev-master for
xoopscore25/libraries, commit the corrected composer.json/composer.lock, then
regenerate vendor metadata by running composer install/update to produce a
non-dev installed.php; verify the change by searching for "dev-master",
"branch-alias" and xoopscore25/libraries in the composer files.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6a2475e5-a3a2-48c3-b6df-d28a9825ea69
📒 Files selected for processing (2)
htdocs/xoops_lib/vendor/composer/installed.jsonhtdocs/xoops_lib/vendor/composer/installed.php
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1643 +/- ##
==============================
==============================
☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
New Features
Dependencies
Improvements
Chores