From ac6e92fccc7d9383dfd787056831349621b1aca2 Mon Sep 17 00:00:00 2001
From: nicolaasuni <info@tecnick.com>
Date: Fri, 14 Sep 2018 16:26:29 +0100
Subject: [PATCH] Fix for security vulnerability: Using the phar:// wrapper it
 was possible to trigger the unserialization of user provided data.

---
 composer.json            |  2 +-
 include/tcpdf_images.php |  6 +-----
 include/tcpdf_static.php |  6 +++++-
 tcpdf.php                | 14 +++++---------
 4 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/composer.json b/composer.json
index 9bd838f..df1e50d 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
 {
   "name": "tecnickcom/tcpdf",
-  "version": "6.2.21",
+  "version": "6.2.22",
   "homepage": "http://www.tcpdf.org/",
   "type": "library",
   "description": "TCPDF is a PHP class for generating PDF documents and barcodes.",
diff --git a/include/tcpdf_images.php b/include/tcpdf_images.php
index cf2ce0d..86b3c20 100644
--- a/include/tcpdf_images.php
+++ b/include/tcpdf_images.php
@@ -162,11 +162,7 @@ class TCPDF_IMAGES {
 	public static function _parsejpeg($file) {
 		// check if is a local file
 		if (!@TCPDF_STATIC::file_exists($file)) {
-			// try to encode spaces on filename
-			$tfile = str_replace(' ', '%20', $file);
-			if (@TCPDF_STATIC::file_exists($tfile)) {
-				$file = $tfile;
-			}
+			return false;
 		}
 		$a = getimagesize($file);
 		if (empty($a)) {
diff --git a/include/tcpdf_static.php b/include/tcpdf_static.php
index 35ef39d..b010f7a 100644
--- a/include/tcpdf_static.php
+++ b/include/tcpdf_static.php
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
 	 * Current TCPDF version.
 	 * @private static
 	 */
-	private static $tcpdf_version = '6.2.21';
+	private static $tcpdf_version = '6.2.22';
 
 	/**
 	 * String alias for total number of pages.
@@ -1841,6 +1841,10 @@ class TCPDF_STATIC {
 				}
 			}
 		}
+		if (!@file_exists($filename)) {
+			// try to encode spaces on filename
+			$filename = str_replace(' ', '%20', $filename);
+		}
 		return @file_exists($filename);
 	}
 
diff --git a/tcpdf.php b/tcpdf.php
index b9e8da5..b2c8ceb 100644
--- a/tcpdf.php
+++ b/tcpdf.php
@@ -1,7 +1,7 @@
 <?php
 //============================================================+
 // File name   : tcpdf.php
-// Version     : 6.2.21
+// Version     : 6.2.22
 // Begin       : 2002-08-03
 // Last Update : 2018-09-14
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
@@ -104,7 +104,7 @@
  * Tools to encode your unicode fonts are on fonts/utils directory.</p>
  * @package com.tecnick.tcpdf
  * @author Nicola Asuni
- * @version 6.2.21
+ * @version 6.2.22
  */
 
 // TCPDF configuration
@@ -128,7 +128,7 @@ require_once(dirname(__FILE__).'/include/tcpdf_static.php');
  * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
  * @package com.tecnick.tcpdf
  * @brief PHP class for generating PDF documents without requiring external extensions.
- * @version 6.2.21
+ * @version 6.2.22
  * @author Nicola Asuni - info@tecnick.com
  * @IgnoreAnnotation("protected")
  * @IgnoreAnnotation("public")
@@ -6845,13 +6845,9 @@ class TCPDF {
 				$file = substr($file, 1);
 				$exurl = $file;
 			}
-			// check if is a local file
+			// check if file exist and it is valid
 			if (!@TCPDF_STATIC::file_exists($file)) {
-				// try to encode spaces on filename
-				$tfile = str_replace(' ', '%20', $file);
-				if (@TCPDF_STATIC::file_exists($tfile)) {
-					$file = $tfile;
-				}
+				return false;
 			}
 			if (($imsize = @getimagesize($file)) === FALSE) {
 				if (in_array($file, $this->imagekeys)) {