mirror_php/TCPDF
1
0
Fork 0
mirror of https://github.com/tecnickcom/TCPDF.git synced 2025-03-26 17:02:24 +01:00
Code Issues Projects Releases Wiki Activity
840 Commits 1 Branch 135 Tags
Commit Graph

164 Commits

Author SHA1 Message Date
Roy Van Ginneken
869ab2651b
Fix image file type for urls with query params (#287) 
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
 2021-03-27 09:17:09 +00:00
Florian Mortgat
e17b28015d
Fix vulnerability to roman numeral bombs (#315) 
Co-authored-by: Nicola Asuni <nicolaasuni@users.noreply.github.com>
 2021-03-27 08:47:48 +00:00
Nicola Asuni
76864e25f5
Merge branch 'main' into curl-hardening 2021-03-27 08:36:10 +00:00
Marc van Tilburg
e5c11046f8 PHP 8 (deprecation) fixes 2021-03-03 10:13:36 +01:00
Ayesh Karunaratne
65cc96b190
Curl Security: Limit protocols and redirects 
In `include/tcpdf_static.php` file, there are couple Curl calls that could use some additional Curl hardening.

1. Limit the maximum number of redirects Curl is allowed to follow. Currently, it is configured in PHP source code to 20. However, as a [security precaution, limit it to 5](https://php.watch/articles/php-curl-security-hardening#infinite-redirects).

2. Curl is used here for HTTP, HTTPS, and in one instance, for FTP URLs. With `CURLOPT_FOLLOWLOCATION` option enabled, this allows a malicious remote server to perform SSRF attacks and utilize all protocols Curl supports, such as LDAP, FTP, etc that are highly undesired. Setting a restricted [`CURLOPT_PROTOCOLS` value mitigates this vulnerability](https://php.watch/articles/php-curl-security-hardening#ssrf). In older Curl versions, it even allows local file inclusion attacks with `file:///etc/passwd` style redirect URLs.
 2021-01-23 14:57:33 +07:00
Cédric Anne
9616e9e44b
Fix optionnal "$tagvspaces" parameter declaration 2020-10-14 10:35:46 +02:00
Cédric Anne
292fc741f8
Fix optionnal "$k" parameter declaration 2020-10-14 10:35:08 +02:00
Cédric Anne
e5f4da5a76
Fix optionnal "$currentfont" parameter declaration 2020-10-14 10:33:59 +02:00
SuperVirus
6617ab2cd9
Changed [] to array() to maintain PHP 5.3 compat. 2020-03-08 23:19:12 +01:00
nicolaasuni
19a535eaa7 Bump version 2020-02-14 14:20:12 +00:00
Lukas Winkler
c09bef348d
fix curly braces in pdf417 2020-02-13 12:46:53 +01:00
nicolaasuni
84d41c66fd Check if imagekeys exist 2020-02-12 13:14:52 +00:00
nicolaasuni
185eb13f21 Fix syntax error 2020-02-12 11:32:17 +00:00
Nicola Asuni
06ac099478
Merge pull request #148 from ivan-koliadynskyy/patch 
Update tcpdf_static.php
 2020-02-12 11:16:19 +00:00
Ivan Koliadynskyy
0f84e8e754
Fix for deprecated PHP features 
Update encodeUrlQuery to make method static and prevent errors related to call non static method in static way
 2020-01-23 14:57:37 +02:00
mhedderich
8d20c494fb
Fixed datamatrix.php for PHP 7.4 
Resolved deprecation error: "Deprecated: Array and string offset access syntax with curly braces is deprecated"
 2020-01-15 22:24:49 +01:00
Ivan Koliadynskyy
a428c95eaf
Update tcpdf_static.php 2019-11-01 15:07:12 +02:00
nicolaasuni
9fde7bb9b4 Update ICC profile 2019-09-20 10:35:01 +01:00
nicolaasuni
898eba141c Bump version 2019-09-20 07:48:57 +01:00
Remi Collet
cabbccc022
Fix reported version 2019-09-19 13:02:12 +02:00
nicolaasuni
b41a5ca311 new setExtraXMPRDF function to set custom RDF XMP data 2019-09-19 10:41:12 +01:00
Nicola Asuni
8a07572324
Merge pull request #130 from erichk4/patch-1 
file_get_contents
 2019-09-19 09:51:01 +01:00
Remi Collet
e2deae00e5 fix PHP Warning: chr() expects parameter 1 to be int 2019-09-13 11:23:30 +02:00
Remi Collet
b0948269a6 Fix Array and string offset access syntax with curly braces is deprecated 2019-09-13 11:13:56 +02:00
Erich Munz
d144ad0078
file_get_contents 
return value should also be checked for a non-empty string
 2019-08-28 11:44:18 +02:00
Nicola Asuni
756908329d
Merge pull request #105 from fschaeffer/patch-1 
[BUGFIX] fix SpotColor handling in HTML
 2019-01-16 11:51:36 +00:00
Martin Auswöger
b83e325c38
Fix TCPDF_STATIC::fileGetContents() 
Currently only the first path in the `$alt` array gets checked. This pull request fixes this so that all paths are checked.
 2019-01-07 13:19:28 +01:00
Florian Schaeffer
14b1dee166
fix SpotColor handling in HTML 
As the spot color array contains the user defined spotcolors provided by AddColor() we need to use the original color name here (as stored in $hcolor) and not the flattened one.

Example for usage <span style="color:SPOTCOLOR 15/5;">Your text here</span>
 2018-11-15 10:54:44 +01:00
nicolaasuni
367241059c Format code 2018-10-16 18:24:05 +01:00
Nicola Asuni
a38e94f98f
Merge pull request #100 from visual4/master 
Fix unsupported operand types error when codepoints arrays are merged
 2018-10-16 18:22:08 +01:00
nicolaasuni
5ec5211b82 Update sRGB.icc with the one from the Debian package icc-profiles-free 2018-10-16 18:17:17 +01:00
Jonas Nutz
b9b5a0b77f Fix unsupported operand types error when codepoints arrays are merged - corrected assignment of resulting array 2018-10-05 13:04:08 +02:00
Jonas Nutz
d06fee8012 Fix unsupported operand types error when codepoints arrays are merged 2018-10-01 13:48:27 +02:00
nicolaasuni
a5135e2cf0 Fix support for image URLs 2018-09-23 08:52:24 +01:00
nicolaasuni
aee50eb2bf Support remote files in file_exists 2018-09-22 12:50:04 +01:00
nicolaasuni
98799ea173 Simplify file_exists function 2018-09-22 10:37:08 +01:00
nicolaasuni
ac6e92fccc Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. 2018-09-14 16:26:29 +01:00
nicolaasuni
a3273af312 Remove typo comment 2018-09-14 14:49:09 +01:00
nicolaasuni
1861e33fe0 Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. 2018-09-14 14:28:55 +01:00
nicolaasuni
b32e75e1ec Bump version 2018-09-14 13:08:15 +01:00
nicolaasuni
e6285db003 Bump version 2018-09-14 12:56:15 +01:00
nicolaasuni
64fc194398 Bump version 2018-02-24 11:48:20 +00:00
nicolaasuni
3527098537 Bump version 2018-02-19 15:01:27 +00:00
Nicola Asuni
21b7a5abc6
Update tcpdf_static.php 2018-02-19 14:32:39 +00:00
Nicola Asuni
c549697bd2
Merge pull request #62 from procurios/url-bug-in-fileGetContents 
Add url as an alternative path instead of returning directly
 2018-02-19 14:27:42 +00:00
Nicola Asuni
7e88955807
Merge pull request #65 from berlinquin/master 
Reverse order of operations in getErrorCorrectionLevel
 2018-02-19 14:21:42 +00:00
Nicola Asuni
1b4dffc80c
Merge pull request #73 from rgarcia-martin/patch-tcpdf_fonts 
Update tcpdf_fonts.php
 2018-02-19 14:17:24 +00:00
Nicola Asuni
618efe390b
Update tcpdf_static.php 2018-02-19 14:10:48 +00:00
Rafael Garcia
d8e86f7136 Update tcpdf_fonts.php 
#813 Undefined offset: 32766

I get that bug when i import that font: http://www.dafont.com/es/accidental-presiden.font

https://sourceforge.net/p/tcpdf/bugs/813/
 2017-08-28 12:44:08 +02:00
berlinquin
05731a11d2 Reverse order of operations in getErrorCorrectionLevel 2017-06-24 16:12:41 -06:00