mirror_php/TCPDF
1
0
Fork 0
mirror of https://github.com/tecnickcom/TCPDF.git synced 2025-04-08 16:22:28 +02:00
Code Issues Projects Releases Wiki Activity

Fix vulnerability to roman numeral bombs (#315)

Browse Source 
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
This commit is contained in:
Florian Mortgat 2021-03-27 09:47:48 +01:00 committed by GitHub
parent f0e42daeae
commit e17b28015d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/tcpdf_static.php
View File

@ -1440,6 +1440,10 @@ class TCPDF_STATIC {
*/
public static function intToRoman($number) {
$roman = '';
if ($number >= 4000) {
// do not represent numbers above 4000 in Roman numerals
return strval($number);
}
while ($number >= 1000) {
$roman .= 'M';
$number -= 1000;