Skip to content

Commit ac6e92f

Browse files
committed
Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.
1 parent a3273af commit ac6e92f

File tree

4 files changed

+12
-16
lines changed

4 files changed

+12
-16
lines changed

composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "tecnickcom/tcpdf",
3-
"version": "6.2.21",
3+
"version": "6.2.22",
44
"homepage": "http://www.tcpdf.org/",
55
"type": "library",
66
"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",

include/tcpdf_images.php

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -162,11 +162,7 @@ public static function _toJPEG($image, $quality, $tempfile) {
162162
public static function _parsejpeg($file) {
163163
// check if is a local file
164164
if (!@TCPDF_STATIC::file_exists($file)) {
165-
// try to encode spaces on filename
166-
$tfile = str_replace(' ', '%20', $file);
167-
if (@TCPDF_STATIC::file_exists($tfile)) {
168-
$file = $tfile;
169-
}
165+
return false;
170166
}
171167
$a = getimagesize($file);
172168
if (empty($a)) {

include/tcpdf_static.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
5555
* Current TCPDF version.
5656
* @private static
5757
*/
58-
private static $tcpdf_version = '6.2.21';
58+
private static $tcpdf_version = '6.2.22';
5959

6060
/**
6161
* String alias for total number of pages.
@@ -1841,6 +1841,10 @@ public static function file_exists($filename) {
18411841
}
18421842
}
18431843
}
1844+
if (!@file_exists($filename)) {
1845+
// try to encode spaces on filename
1846+
$filename = str_replace(' ', '%20', $filename);
1847+
}
18441848
return @file_exists($filename);
18451849
}
18461850

tcpdf.php

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<?php
22
//============================================================+
33
// File name : tcpdf.php
4-
// Version : 6.2.21
4+
// Version : 6.2.22
55
// Begin : 2002-08-03
66
// Last Update : 2018-09-14
77
// Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
@@ -104,7 +104,7 @@
104104
* Tools to encode your unicode fonts are on fonts/utils directory.</p>
105105
* @package com.tecnick.tcpdf
106106
* @author Nicola Asuni
107-
* @version 6.2.21
107+
* @version 6.2.22
108108
*/
109109

110110
// TCPDF configuration
@@ -128,7 +128,7 @@
128128
* TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
129129
* @package com.tecnick.tcpdf
130130
* @brief PHP class for generating PDF documents without requiring external extensions.
131-
* @version 6.2.21
131+
* @version 6.2.22
132132
* @author Nicola Asuni - info@tecnick.com
133133
* @IgnoreAnnotation("protected")
134134
* @IgnoreAnnotation("public")
@@ -6845,13 +6845,9 @@ public function Image($file, $x='', $y='', $w=0, $h=0, $type='', $link='', $alig
68456845
$file = substr($file, 1);
68466846
$exurl = $file;
68476847
}
6848-
// check if is a local file
6848+
// check if file exist and it is valid
68496849
if (!@TCPDF_STATIC::file_exists($file)) {
6850-
// try to encode spaces on filename
6851-
$tfile = str_replace(' ', '%20', $file);
6852-
if (@TCPDF_STATIC::file_exists($tfile)) {
6853-
$file = $tfile;
6854-
}
6850+
return false;
68556851
}
68566852
if (($imsize = @getimagesize($file)) === FALSE) {
68576853
if (in_array($file, $this->imagekeys)) {

0 commit comments

Comments
 (0)