From 978eb8c8247cc1069a2935784125596fc3507326 Mon Sep 17 00:00:00 2001
From: mtreuberg <1148760+mtreuberg@users.noreply.github.com>
Date: Sat, 27 Mar 2021 10:08:05 +0100
Subject: [PATCH] check if file exists before calling unlink (#327)

* check if file exists before calling unlink

file_exists has a known vulnerability.
Replacing with the internal one.

Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
---
 tcpdf.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcpdf.php b/tcpdf.php
index cbc380a..024c56a 100644
--- a/tcpdf.php
+++ b/tcpdf.php
@@ -7806,7 +7806,7 @@ class TCPDF {
 			}
 			if (isset($this->imagekeys)) {
 				foreach($this->imagekeys as $file) {
-					if (strpos($file, K_PATH_CACHE) === 0) {
+					if (strpos($file, K_PATH_CACHE) === 0 && TCPDF_STATIC::file_exists($file)) {
 						@unlink($file);
 					}
 				}