Skip to content
Permalink
Browse files

Fix for security vulnerability: Using the phar:// wrapper it was poss…

…ible to trigger the unserialization of user provided data.
  • Loading branch information...
nicolaasuni committed Sep 14, 2018
1 parent a3273af commit ac6e92fccc7d9383dfd787056831349621b1aca2
Showing with 12 additions and 16 deletions.
  1. +1 −1 composer.json
  2. +1 −5 include/tcpdf_images.php
  3. +5 −1 include/tcpdf_static.php
  4. +5 −9 tcpdf.php
@@ -1,6 +1,6 @@
{
"name": "tecnickcom/tcpdf",
"version": "6.2.21",
"version": "6.2.22",
"homepage": "http://www.tcpdf.org/",
"type": "library",
"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",
@@ -162,11 +162,7 @@ public static function _toJPEG($image, $quality, $tempfile) {
public static function _parsejpeg($file) {
// check if is a local file
if (!@TCPDF_STATIC::file_exists($file)) {
// try to encode spaces on filename
$tfile = str_replace(' ', '%20', $file);
if (@TCPDF_STATIC::file_exists($tfile)) {
$file = $tfile;
}
return false;
}
$a = getimagesize($file);
if (empty($a)) {
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
* Current TCPDF version.
* @private static
*/
private static $tcpdf_version = '6.2.21';
private static $tcpdf_version = '6.2.22';
/**
* String alias for total number of pages.
@@ -1841,6 +1841,10 @@ public static function file_exists($filename) {
}
}
}
if (!@file_exists($filename)) {
// try to encode spaces on filename
$filename = str_replace(' ', '%20', $filename);
}
return @file_exists($filename);
}
@@ -1,7 +1,7 @@
<?php
//============================================================+
// File name : tcpdf.php
// Version : 6.2.21
// Version : 6.2.22
// Begin : 2002-08-03
// Last Update : 2018-09-14
// Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
@@ -104,7 +104,7 @@
* Tools to encode your unicode fonts are on fonts/utils directory.</p>
* @package com.tecnick.tcpdf
* @author Nicola Asuni
* @version 6.2.21
* @version 6.2.22
*/
// TCPDF configuration
@@ -128,7 +128,7 @@
* TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
* @package com.tecnick.tcpdf
* @brief PHP class for generating PDF documents without requiring external extensions.
* @version 6.2.21
* @version 6.2.22
* @author Nicola Asuni - info@tecnick.com
* @IgnoreAnnotation("protected")
* @IgnoreAnnotation("public")
@@ -6845,13 +6845,9 @@ public function Image($file, $x='', $y='', $w=0, $h=0, $type='', $link='', $alig
$file = substr($file, 1);
$exurl = $file;
}
// check if is a local file
// check if file exist and it is valid
if (!@TCPDF_STATIC::file_exists($file)) {
// try to encode spaces on filename
$tfile = str_replace(' ', '%20', $file);
if (@TCPDF_STATIC::file_exists($tfile)) {
$file = $tfile;
}
return false;
}
if (($imsize = @getimagesize($file)) === FALSE) {
if (in_array($file, $this->imagekeys)) {

0 comments on commit ac6e92f

Please sign in to comment.
You can’t perform that action at this time.