Merge branch 'MDL-70735-pdf-metadata' of https://github.com/brendanhe…

…ywood/moodle
moodle · Feb 15, 2021 · c09879f · c09879f
2 parents 41037ef + 6532708
commit c09879f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 1 deletion.
diff --git a/lib/tcpdf/include/tcpdf_static.php b/lib/tcpdf/include/tcpdf_static.php
@@ -125,7 +125,7 @@ public static function getTCPDFVersion() {
 	 * @public static
 	 */
 	public static function getTCPDFProducer() {
-		return "\x54\x43\x50\x44\x46\x20".self::getTCPDFVersion()."\x20\x28\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x63\x70\x64\x66\x2e\x6f\x72\x67\x29";
+		return "\x54\x43\x50\x44\x46\x20\x28\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x63\x70\x64\x66\x2e\x6f\x72\x67\x29";
 	}
 
 	/**

diff --git a/lib/tcpdf/readme_moodle.txt b/lib/tcpdf/readme_moodle.txt
@@ -5,12 +5,18 @@ Description of TCPDF library import 6.3.5
 * remove tcpdf_import.php from composer.json
 * remove all fonts that were not already present
 * visit http://127.0.0.1/lib/tests/other/pdflibtestpage.php and view the pdf
+* modify getTCPDFProducer lib/tcpdf/include/tcpdf_static.php to remove the version number
 
 Important
 ---------
 A new version of the libray is being developed @ https://github.com/tecnickcom/tc-lib-pdf . Check periodically when it's ready
 and if it's a drop-in replacement for the legacy tcpdf one.
 
+2021/02/11
+----------
+Reduce PDF metadata disclosure (MDL-70735)
+by Brendan Heywood <brendan@catalyst-au.net>
+
 2020/12/15
 ----------
 Upgrade to tcpdf TCPDF 6.3.5 (MDL-70294)

diff --git a/lib/tests/pdflib_test.php b/lib/tests/pdflib_test.php
@@ -0,0 +1,45 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Tests for PDFlib
+ *
+ * @package    core
+ * @copyright  2021 Brendan Heywood (brendan@catalyst-au.net)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Tests for PDFlib
+ *
+ * @package    core
+ * @copyright  2021 Brendan Heywood (brendan@catalyst-au.net)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class core_pdflib_testcase extends advanced_testcase {
+
+    public function test_gettcpdf_producer() {
+        global $CFG;
+        require_once($CFG->libdir.'/pdflib.php');
+
+        // This is to reduce the information disclosure in PDF metadata.
+        // If we upgrade TCPDF keep it just the major version.
+        $producer = TCPDF_STATIC::getTCPDFProducer();
+        $this->assertEquals('TCPDF (http://www.tcpdf.org)', $producer);
+    }
+}