|
1 | 1 | <?php |
2 | 2 | //============================================================+ |
3 | 3 | // File name : tcpdf.php |
4 | | -// Version : 6.9.2 |
| 4 | +// Version : 6.9.3 |
5 | 5 | // Begin : 2002-08-03 |
6 | 6 | // Last Update : 2025-04-18 |
7 | 7 | // Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - [email protected] |
|
104 | 104 | * Tools to encode your unicode fonts are on fonts/utils directory.</p> |
105 | 105 | * @package com.tecnick.tcpdf |
106 | 106 | * @author Nicola Asuni |
107 | | - * @version 6.9.2 |
| 107 | + * @version 6.9.3 |
108 | 108 | */ |
109 | 109 |
|
110 | 110 | // TCPDF configuration |
|
128 | 128 | * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br> |
129 | 129 | * @package com.tecnick.tcpdf |
130 | 130 | * @brief PHP class for generating PDF documents without requiring external extensions. |
131 | | - * @version 6.9.2 |
| 131 | + * @version 6.9.3 |
132 | 132 | * @author Nicola Asuni - [email protected] |
133 | 133 | * @IgnoreAnnotation("protected") |
134 | 134 | * @IgnoreAnnotation("public") |
@@ -6989,7 +6989,7 @@ public function Image($file, $x=null, $y=null, $w=0, $h=0, $type='', $link='', $ |
6989 | 6989 | unset($imgdata); |
6990 | 6990 | $imsize = @getimagesize($file); |
6991 | 6991 | if ($imsize === FALSE) { |
6992 | | - unlink($file); |
| 6992 | + $this->_unlink($file); |
6993 | 6993 | $file = $original_file; |
6994 | 6994 | } |
6995 | 6995 | } |
@@ -7222,7 +7222,7 @@ public function Image($file, $x=null, $y=null, $w=0, $h=0, $type='', $link='', $ |
7222 | 7222 | $tempname = TCPDF_STATIC::getObjFilename('img', $this->file_id); |
7223 | 7223 | $img->writeImage($tempname); |
7224 | 7224 | $info = TCPDF_IMAGES::_parsejpeg($tempname); |
7225 | | - unlink($tempname); |
| 7225 | + $this->_unlink($tempname); |
7226 | 7226 | $img->destroy(); |
7227 | 7227 | } catch(Exception $e) { |
7228 | 7228 | $info = false; |
@@ -7858,15 +7858,16 @@ public function _destroy($destroyall=false, $preserve_objcopy=false) { |
7858 | 7858 | if ($handle = @opendir(K_PATH_CACHE)) { |
7859 | 7859 | while ( false !== ( $file_name = readdir( $handle ) ) ) { |
7860 | 7860 | if (strpos($file_name, '__tcpdf_'.$this->file_id.'_') === 0) { |
7861 | | - unlink(K_PATH_CACHE.$file_name); |
| 7861 | + $this->_unlink(K_PATH_CACHE.$file_name); |
7862 | 7862 | } |
7863 | 7863 | } |
7864 | 7864 | closedir($handle); |
7865 | 7865 | } |
7866 | 7866 | if (isset($this->imagekeys)) { |
7867 | 7867 | foreach($this->imagekeys as $file) { |
7868 | | - if (strpos($file, K_PATH_CACHE.'__tcpdf_'.$this->file_id.'_') === 0 && TCPDF_STATIC::file_exists($file)) { |
7869 | | - @unlink($file); |
| 7868 | + if ((strpos($file, K_PATH_CACHE.'__tcpdf_'.$this->file_id.'_') === 0) |
| 7869 | + && TCPDF_STATIC::file_exists($file)) { |
| 7870 | + $this->_unlink($file); |
7870 | 7871 | } |
7871 | 7872 | } |
7872 | 7873 | } |
@@ -18875,10 +18876,22 @@ public function writeHTML($html, $ln=true, $fill=false, $reseth=false, $cell=fal |
18875 | 18876 | * @protected |
18876 | 18877 | * @since 6.9.1 |
18877 | 18878 | */ |
18878 | | - protected function isRelativePath($path) { |
| 18879 | + protected function isRelativePath($path) { |
18879 | 18880 | return (strpos(str_ireplace('%2E', '.', $this->unhtmlentities($path)), '..') !== false); |
18880 | 18881 | } |
18881 | 18882 |
|
| 18883 | + /** |
| 18884 | + * Check if it contains a non-allowed external protocol. |
| 18885 | + * @param string $path path to check |
| 18886 | + * @return boolean true if the protocol is not allowed. |
| 18887 | + * @protected |
| 18888 | + * @since 6.9.3 |
| 18889 | + */ |
| 18890 | + protected function hasExtForbiddenProtocol($path) { |
| 18891 | + return ((strpos($path, '://') !== false) |
| 18892 | + && (preg_match('|^https?://|', $path) !== 1)); |
| 18893 | + } |
| 18894 | + |
18882 | 18895 | /** |
18883 | 18896 | * Process opening tags. |
18884 | 18897 | * @param array $dom html dom array |
@@ -19078,6 +19091,8 @@ protected function openHTMLTagHandler($dom, $key, $cell) { |
19078 | 19091 | // get image type from a local file path |
19079 | 19092 | $imgsrc = substr($imgsrc, 7); |
19080 | 19093 | $type = TCPDF_IMAGES::getImageFileType($imgsrc); |
| 19094 | + } elseif ($this->hasExtForbiddenProtocol($imgsrc)) { |
| 19095 | + break; |
19081 | 19096 | } else { |
19082 | 19097 | if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) { |
19083 | 19098 | // fix image path |
@@ -24478,8 +24493,7 @@ protected function startSVGElementHandler($parser, $name, $attribs, $ctm=array() |
24478 | 24493 | $img = '@'.base64_decode(substr($img, strlen($m[0]))); |
24479 | 24494 | } else { |
24480 | 24495 | // fix image path |
24481 | | - if ($this->isRelativePath($img)) { |
24482 | | - // accessing parent folders is not allowed |
| 24496 | + if ($this->isRelativePath($img) || $this->hasExtForbiddenProtocol($img)) { |
24483 | 24497 | break; |
24484 | 24498 | } |
24485 | 24499 | if (!TCPDF_STATIC::empty_string($this->svgdir) AND (($img[0] == '.') OR (basename($img) == $img))) { |
@@ -24802,6 +24816,20 @@ protected function fileExists($file) |
24802 | 24816 | return TCPDF_STATIC::file_exists($file); |
24803 | 24817 | } |
24804 | 24818 |
|
| 24819 | + /** |
| 24820 | + * Wrapper for unlink with disabled protocols. |
| 24821 | + * @param string $file |
| 24822 | + * @return bool |
| 24823 | + */ |
| 24824 | + protected function _unlink($file) |
| 24825 | + { |
| 24826 | + if ((strpos($file, '://') !== false) && ((substr($file, 0, 7) !== 'file://') || (!$this->allowLocalFiles))) { |
| 24827 | + // forbidden protocol |
| 24828 | + return false; |
| 24829 | + } |
| 24830 | + return @unlink($file); |
| 24831 | + } |
| 24832 | + |
24805 | 24833 | } // END OF TCPDF CLASS |
24806 | 24834 |
|
24807 | 24835 | //============================================================+ |
|
0 commit comments