* Fix call signatures on example 12 for PHP 8.1 strpos null errors
* Fix#401 - PHP 8.1 casts to int - getGDgamma - CoonsPatchMesh
Fixes: tecnickcom/TCPDF#401
* PHP 8.1 - cast in _RC4 before sending to str_repeat
* Enable back extensions on PHP 5.{3,4,5}
* Improve the test script to allow testing other PHP versions locally
* Fix typo on "parametrs" -> "parameters"
* Reduce possible side effects with the OS
* Fix#461 - fix barcodes handling using false, PHP 8.1 deprecation
Fixes: tecnickcom/TCPDF#461
* Fix#401 - PHP 8.1 casts to int - CoonsPatchMesh
Fixes: tecnickcom/TCPDF#401
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
* Fix phpdoc and prefer null as default value
Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
* Fix type hints
* More accurate type hint
Co-authored-by: William Desportes <williamdes@wdes.fr>
* document void return
* document void return
* Update include/tcpdf_fonts.php
Co-authored-by: William Desportes <williamdes@wdes.fr>
* Fix type hints
Co-authored-by: William Desportes <williamdes@wdes.fr>
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
* Add a @since on a function
* Refresh phpdoc blocks
Using `@param (\$[a-zA-Z0-9_]+)\s\(([a-z]+)\)`
* Fix phpdoc blocks
* Fix typos and phpdoc mistakes
* More phpdoc block fixes
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
In `include/tcpdf_static.php` file, there are couple Curl calls that could use some additional Curl hardening.
1. Limit the maximum number of redirects Curl is allowed to follow. Currently, it is configured in PHP source code to 20. However, as a [security precaution, limit it to 5](https://php.watch/articles/php-curl-security-hardening#infinite-redirects).
2. Curl is used here for HTTP, HTTPS, and in one instance, for FTP URLs. With `CURLOPT_FOLLOWLOCATION` option enabled, this allows a malicious remote server to perform SSRF attacks and utilize all protocols Curl supports, such as LDAP, FTP, etc that are highly undesired. Setting a restricted [`CURLOPT_PROTOCOLS` value mitigates this vulnerability](https://php.watch/articles/php-curl-security-hardening#ssrf). In older Curl versions, it even allows local file inclusion attacks with `file:///etc/passwd` style redirect URLs.
As the spot color array contains the user defined spotcolors provided by AddColor() we need to use the original color name here (as stored in $hcolor) and not the flattened one.
Example for usage <span style="color:SPOTCOLOR 15/5;">Your text here</span>
