6.2.0 (2014-12-10)

- Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fixed. - Static methods serializeTCPDFtagParameters() and unserializeTCPDFtagParameters() were moved as non static to the main TCPDF class (see changes in example n. 49). - Deprecated methods were removed, please use the equivalents defined in other classes (i.e. TCPDF_STATIC and TCPDF_FONTS). - The constant K_TCPDF_CALLS_IN_HTML is now set by default to FALSE. - DLE, DLX and DLP page format was added. - Page format are now defined as a public property in TCPDF_STATIC.
2014-12-10 18:53:49 +00:00 · 2014-12-10 18:53:49 +00:00 · 40662daa76
parent 3d5921442e
commit 40662daa76
10 changed files with 469 additions and 818 deletions
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@ -1,5 +1,13 @@
-6.1.0 (2014-12-07)
+6.2.0 (2014-12-10)
-	- The method TCPDF_STATIC::getRandomSeed() was improved.
+	- Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fixed.
 	- Static methods serializeTCPDFtagParameters() and unserializeTCPDFtagParameters() were moved as non static to the main TCPDF class (see changes in example n. 49).
 	- Deprecated methods were removed, please use the equivalents defined in other classes (i.e. TCPDF_STATIC and TCPDF_FONTS).
 	- The constant K_TCPDF_CALLS_IN_HTML is now set by default to FALSE.
 	- DLE, DLX and DLP page format was added.
 	- Page format are now defined as a public property in TCPDF_STATIC.
 6.1.1 (2014-12-09)
 	- Fixed bug with the register_shutdown_function().
 6.1.0 (2014-12-07)
 	- The method TCPDF_STATIC::getRandomSeed() was improved.
--- a/README.TXT
+++ b/README.TXT
@ -8,8 +8,8 @@ http://sourceforge.net/donate/index.php?group_id=128076
 ------------------------------------------------------------
 Name: TCPDF
-Version: 6.1.1
+Version: 6.2.0
-Release date: 2014-12-09
+Release date: 2014-12-10
 Author:	Nicola Asuni
 Copyright (c) 2002-2014:
--- a/composer.json
+++ b/composer.json
@ -1,6 +1,6 @@
 {
 	"name": "tecnick.com/tcpdf",
-	"version": "6.1.1",
+	"version": "6.2.0",
 	"homepage": "http://www.tcpdf.org/",
 	"type": "library",
 	"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",
--- a/examples/example_049.php
+++ b/examples/example_049.php
@ -2,7 +2,7 @@
 //============================================================+
 // File name   : example_049.php
 // Begin       : 2009-04-03
-// Last Update : 2013-05-14
+// Last Update : 2014-12-10
 //
 // Description : Example 049 for TCPDF class
 //               WriteHTML with TCPDF callback functions
@ -93,18 +93,18 @@ $html = '<h1>Test TCPDF Methods in HTML</h1>
 You can disable this tag by setting to false the <b>K_TCPDF_CALLS_IN_HTML</b> constant on TCPDF configuration file.</span>
 <h2>write1DBarcode method in HTML</h2>';
-$params = TCPDF_STATIC::serializeTCPDFtagParameters(array('CODE 39', 'C39', '', '', 80, 30, 0.4, array('position'=>'S', 'border'=>true, 'padding'=>4, 'fgcolor'=>array(0,0,0), 'bgcolor'=>array(255,255,255), 'text'=>true, 'font'=>'helvetica', 'fontsize'=>8, 'stretchtext'=>4), 'N'));
+$params = $pdf->serializeTCPDFtagParameters(array('CODE 39', 'C39', '', '', 80, 30, 0.4, array('position'=>'S', 'border'=>true, 'padding'=>4, 'fgcolor'=>array(0,0,0), 'bgcolor'=>array(255,255,255), 'text'=>true, 'font'=>'helvetica', 'fontsize'=>8, 'stretchtext'=>4), 'N'));
 $html .= '<tcpdf method="write1DBarcode" params="'.$params.'" />';
-$params = TCPDF_STATIC::serializeTCPDFtagParameters(array('CODE 128', 'C128', '', '', 80, 30, 0.4, array('position'=>'S', 'border'=>true, 'padding'=>4, 'fgcolor'=>array(0,0,0), 'bgcolor'=>array(255,255,255), 'text'=>true, 'font'=>'helvetica', 'fontsize'=>8, 'stretchtext'=>4), 'N'));
+$params = $pdf->serializeTCPDFtagParameters(array('CODE 128', 'C128', '', '', 80, 30, 0.4, array('position'=>'S', 'border'=>true, 'padding'=>4, 'fgcolor'=>array(0,0,0), 'bgcolor'=>array(255,255,255), 'text'=>true, 'font'=>'helvetica', 'fontsize'=>8, 'stretchtext'=>4), 'N'));
 $html .= '<tcpdf method="write1DBarcode" params="'.$params.'" />';
 $html .= '<tcpdf method="AddPage" /><h2>Graphic Functions</h2>';
-$params = TCPDF_STATIC::serializeTCPDFtagParameters(array(0));
+$params = $pdf->serializeTCPDFtagParameters(array(0));
 $html .= '<tcpdf method="SetDrawColor" params="'.$params.'" />';
-$params = TCPDF_STATIC::serializeTCPDFtagParameters(array(50, 50, 40, 10, 'DF', array(), array(0,128,255)));
+$params = $pdf->serializeTCPDFtagParameters(array(50, 50, 40, 10, 'DF', array(), array(0,128,255)));
 $html .= '<tcpdf method="Rect" params="'.$params.'" />';
--- a/examples/example_055.php
+++ b/examples/example_055.php
@ -2,7 +2,7 @@
 //============================================================+
 // File name   : example_055.php
 // Begin       : 2009-10-21
-// Last Update : 2013-05-14
+// Last Update : 2014-12-10
 //
 // Description : Example 055 for TCPDF class
 //               Display all characters available on core fonts.
@ -96,7 +96,7 @@ foreach($core_fonts as $font) {
 		if (($i > 0) AND (($i % 16) == 0)) {
 			$pdf->Ln();
 		}
-		$pdf->Cell(11.25, 11.25, $pdf->unichr($i), 1, 0, 'C', false, '', 0, false, 'T', 'M');
+		$pdf->Cell(11.25, 11.25, TCPDF_FONTS::unichr($i), 1, 0, 'C', false, '', 0, false, 'T', 'M');
 	}
 	$pdf->Ln(20);
--- a/examples/tcpdf_include.php
+++ b/examples/tcpdf_include.php
@ -2,7 +2,7 @@
 //============================================================+
 // File name   : tcpdf_include.php
 // Begin       : 2008-05-14
-// Last Update : 2013-05-14
+// Last Update : 2014-12-10
 //
 // Description : Search and include the TCPDF library.
 //
@ -27,7 +27,15 @@
 require_once('config/tcpdf_config_alt.php');
 // Include the main TCPDF library (search the library on the following directories).
-$tcpdf_include_dirs = array(realpath('../tcpdf.php'), '/usr/share/php/tcpdf/tcpdf.php', '/usr/share/tcpdf/tcpdf.php', '/usr/share/php-tcpdf/tcpdf.php', '/var/www/tcpdf/tcpdf.php', '/var/www/html/tcpdf/tcpdf.php', '/usr/local/apache2/htdocs/tcpdf/tcpdf.php');
+$tcpdf_include_dirs = array(
 	realpath('../tcpdf.php'),
 	'/usr/share/php/tcpdf/tcpdf.php',
 	'/usr/share/tcpdf/tcpdf.php',
 	'/usr/share/php-tcpdf/tcpdf.php',
 	'/var/www/tcpdf/tcpdf.php',
 	'/var/www/html/tcpdf/tcpdf.php',
 	'/usr/local/apache2/htdocs/tcpdf/tcpdf.php'
 );
 foreach ($tcpdf_include_dirs as $tcpdf_include_path) {
 	if (@file_exists($tcpdf_include_path)) {
 		require_once($tcpdf_include_path);
--- a/include/tcpdf_fonts.php
+++ b/include/tcpdf_fonts.php
@ -1,9 +1,9 @@
 <?php
 //============================================================+
 // File name   : tcpdf_fonts.php
-// Version     : 1.0.014
+// Version     : 1.1.0
 // Begin       : 2008-01-01
-// Last Update : 2014-11-08
+// Last Update : 2014-12-10
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
@ -42,7 +42,7 @@
 * @class TCPDF_FONTS
 * Font methods for TCPDF library.
 * @package com.tecnick.tcpdf
- * @version 1.0.014
+ * @version 1.1.0
 * @author Nicola Asuni - info@tecnick.com
 */
 class TCPDF_FONTS {
@ -186,7 +186,7 @@ class TCPDF_FONTS {
 			$data .= $encrypted;
 			// store compressed font
 			$fmetric['file'] .= '.z';
-			$fp = fopen($outpath.$fmetric['file'], 'wb');
+			$fp = TCPDF_STATIC::fopenLocal($outpath.$fmetric['file'], 'wb');
 			fwrite($fp, gzcompress($data));
 			fclose($fp);
 			// get font info
@ -354,6 +354,11 @@ class TCPDF_FONTS {
 			$fmetric['AvgWidth'] = round($fmetric['AvgWidth'] / count($cwidths));
 		} else {
 			// ---------- TRUE TYPE ----------
 			$offset = 0; // offset position of the font data
 			if (TCPDF_STATIC::_getULONG($font, $offset) != 0x10000) {
 				// sfnt version must be 0x00010000 for TrueType version 1.0.
 				return false;
 			}
 			if ($fmetric['type'] != 'cidfont0') {
 				if ($link) {
 					// creates a symbolic link to the existing font
@ -361,16 +366,11 @@ class TCPDF_FONTS {
 				} else {
 					// store compressed font
 					$fmetric['file'] .= '.z';
-					$fp = fopen($outpath.$fmetric['file'], 'wb');
+					$fp = TCPDF_STATIC::fopenLocal($outpath.$fmetric['file'], 'wb');
 					fwrite($fp, gzcompress($font));
 					fclose($fp);
 				}
 			}
 			$offset = 0; // offset position of the font data
 			if (TCPDF_STATIC::_getULONG($font, $offset) != 0x10000) {
 				// sfnt version must be 0x00010000 for TrueType version 1.0.
 				return false;
 			}
 			$offset += 4;
 			// get number of tables
 			$numTables = TCPDF_STATIC::_getUSHORT($font, $offset);
@ -885,7 +885,7 @@ class TCPDF_FONTS {
 					$cidtogidmap = self::updateCIDtoGIDmap($cidtogidmap, $cid, $ctg[$cid]);
 				}
 				// store compressed CIDToGIDMap
-				$fp = fopen($outpath.$fmetric['ctg'], 'wb');
+				$fp = TCPDF_STATIC::fopenLocal($outpath.$fmetric['ctg'], 'wb');
 				fwrite($fp, gzcompress($cidtogidmap));
 				fclose($fp);
 			}
@ -911,7 +911,7 @@ class TCPDF_FONTS {
 		$pfile .= '$cw=array('.substr($fmetric['cw'], 1).');'."\n";
 		$pfile .= '// --- EOF ---'."\n";
 		// store file
-		$fp = fopen($outpath.$font_name.'.php', 'w');
+		$fp = TCPDF_STATIC::fopenLocal($outpath.$font_name.'.php', 'w');
 		fwrite($fp, $pfile);
 		fclose($fp);
 		// return TCPDF font name
--- a/include/tcpdf_static.php
+++ b/include/tcpdf_static.php
--- a/tcpdf.php
+++ b/tcpdf.php
@ -1,9 +1,9 @@
 <?php
 //============================================================+
 // File name   : tcpdf.php
-// Version     : 6.1.1
+// Version     : 6.2.0
 // Begin       : 2002-08-03
-// Last Update : 2014-12-07
+// Last Update : 2014-12-10
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
@ -104,7 +104,7 @@
 * Tools to encode your unicode fonts are on fonts/utils directory.</p>
 * @package com.tecnick.tcpdf
 * @author Nicola Asuni
- * @version 6.1.1
+ * @version 6.2.0
 */
 // TCPDF configuration
@ -128,7 +128,7 @@ require_once(dirname(__FILE__).'/include/tcpdf_static.php');
 * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
 * @package com.tecnick.tcpdf
 * @brief PHP class for generating PDF documents without requiring external extensions.
- * @version 6.1.1
+ * @version 6.2.0
 * @author Nicola Asuni - info@tecnick.com
 */
 class TCPDF {
@ -4155,38 +4155,6 @@ class TCPDF {
 		}
 	}
 	/**
 	 * Returns the unicode caracter specified by the value
 	 * @param $c (int) UTF-8 value
 	 * @return Returns the specified character.
 	 * @since 2.3.000 (2008-03-05)
 	 * @public
 	 * @deprecated
 	 */
 	public function unichr($c) {
 		return TCPDF_FONTS::unichr($c, $this->isunicode);
 	}
 	/**
 	 * Convert and add the selected TrueType or Type1 font to the fonts folder (that must be writeable).
 	 * @param $fontfile (string) Font file (full path).
 	 * @param $fonttype (string) Font type. Leave empty for autodetect mode. Valid values are: TrueTypeUnicode, TrueType, Type1, CID0JP = CID-0 Japanese, CID0KR = CID-0 Korean, CID0CS = CID-0 Chinese Simplified, CID0CT = CID-0 Chinese Traditional.
 	 * @param $enc (string) Name of the encoding table to use. Leave empty for default mode. Omit this parameter for TrueType Unicode and symbolic fonts like Symbol or ZapfDingBats.
 	 * @param $flags (int) Unsigned 32-bit integer containing flags specifying various characteristics of the font (PDF32000:2008 - 9.8.2 Font Descriptor Flags): +1 for fixed font; +4 for symbol or +32 for non-symbol; +64 for italic. Fixed and Italic mode are generally autodetected so you have to set it to 32 = non-symbolic font (default) or 4 = symbolic font.
 	 * @param $outpath (string) Output path for generated font files (must be writeable by the web server). Leave empty for default font folder.
 	 * @param $platid (int) Platform ID for CMAP table to extract (when building a Unicode font for Windows this value should be 3, for Macintosh should be 1).
 	 * @param $encid (int) Encoding ID for CMAP table to extract (when building a Unicode font for Windows this value should be 1, for Macintosh should be 0). When Platform ID is 3, legal values for Encoding ID are: 0=Symbol, 1=Unicode, 2=ShiftJIS, 3=PRC, 4=Big5, 5=Wansung, 6=Johab, 7=Reserved, 8=Reserved, 9=Reserved, 10=UCS-4.
 	 * @param $addcbbox (boolean) If true includes the character bounding box information on the php font file.
 	 * @return (string) TCPDF font name.
 	 * @author Nicola Asuni
 	 * @since 5.9.123 (2010-09-30)
 	 * @public
 	 * @deprecated
 	 */
 	public function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $outpath='', $platid=3, $encid=1, $addcbbox=false) {
 		return TCPDF_FONTS::addTTFfont($fontfile, $fonttype, $enc, $flags, $outpath, $platid, $encid, $addcbbox);
 	}
 	/**
 	 * Imports a TrueType, Type1, core, or CID0 font and makes it available.
 	 * It is necessary to generate a font definition file first (read /fonts/utils/README.TXT).
@ -6893,7 +6861,7 @@ class TCPDF {
 			// copy image to cache
 			$original_file = $file;
 			$file = TCPDF_STATIC::getObjFilename('img', $this->file_id);
-			$fp = fopen($file, 'w');
+			$fp = TCPDF_STATIC::fopenLocal($file, 'w');
 			if (!$fp) {
 				$this->Error('Unable to write file: '.$file);
 			}
@ -7612,7 +7580,7 @@ class TCPDF {
 			$pdfdoc = str_replace(TCPDF_STATIC::$byterange_string, $byterange, $pdfdoc);
 			// write the document to a temporary folder
 			$tempdoc = TCPDF_STATIC::getObjFilename('doc', $this->file_id);
-			$f = fopen($tempdoc, 'wb');
+			$f = TCPDF_STATIC::fopenLocal($tempdoc, 'wb');
 			if (!$f) {
 				$this->Error('Unable to create temporary file: '.$tempdoc);
 			}
@ -7701,7 +7669,7 @@ class TCPDF {
 			case 'FI':
 			case 'FD': {
 				// save PDF to a local file
-				$f = fopen($name, 'wb');
+				$f = TCPDF_STATIC::fopenLocal($name, 'wb');
 				if (!$f) {
 					$this->Error('Unable to create output file: '.$name);
 				}
@ -8064,18 +8032,6 @@ class TCPDF {
 		$this->_out($out);
 	}
 	/**
 	 * Output references to page annotations
 	 * @param $n (int) page number
 	 * @protected
 	 * @author Nicola Asuni
 	 * @since 4.7.000 (2008-08-29)
 	 * @deprecated
 	 */
 	protected function _putannotsrefs($n) {
 		$this->_out($this->_getannotsrefs($n));
 	}
 	/**
 	 * Get references to page annotations.
 	 * @param $n (int) page number
@ -10279,26 +10235,6 @@ class TCPDF {
 		return $this->_datastring($s, $n);
 	}
 	/**
 	 * THIS METHOD IS DEPRECATED
 	 * Format a text string
 	 * @param $s (string) string to escape.
 	 * @return string escaped string.
 	 * @protected
 	 * @deprecated
 	 */
 	protected function _escapetext($s) {
 		if ($this->isunicode) {
 			if (($this->CurrentFont['type'] == 'core') OR ($this->CurrentFont['type'] == 'TrueType') OR ($this->CurrentFont['type'] == 'Type1')) {
 				$s = TCPDF_FONTS::UTF8ToLatin1($s, $this->isunicode, $this->CurrentFont);
 			} else {
 				//Convert string to UTF-16BE and reverse RTL language
 				$s = TCPDF_FONTS::utf8StrRev($s, false, $this->tmprtl, $this->isunicode, $this->CurrentFont);
 			}
 		}
 		return TCPDF_STATIC::_escape($s);
 	}
 	/**
 	 * get raw output stream.
 	 * @param $s (string) string to output.
@ -10315,28 +10251,6 @@ class TCPDF {
 		return $this->_encrypt_data($n, $s);
 	}
 	/**
 	 * Format output stream (DEPRECATED).
 	 * @param $s (string) string to output.
 	 * @param $n (int) object reference for encryption mode
 	 * @protected
 	 * @deprecated
 	 */
 	protected function _getstream($s, $n=0) {
 		return 'stream'."\n".$this->_getrawstream($s, $n)."\n".'endstream';
 	}
 	/**
 	 * Output a stream (DEPRECATED).
 	 * @param $s (string) string to output.
 	 * @param $n (int) object reference for encryption mode
 	 * @protected
 	 * @deprecated
 	 */
 	protected function _putstream($s, $n=0) {
 		$this->_out($this->_getstream($s, $n));
 	}
 	/**
 	 * Output a string to the document.
 	 * @param $s (string) string to output.
@ -10861,7 +10775,7 @@ class TCPDF {
 				$envelope = $seed.$pkpermissions;
 				// write the envelope data to a temporary file
 				$tempkeyfile = TCPDF_STATIC::getObjFilename('key', $this->file_id);
-				$f = fopen($tempkeyfile, 'wb');
+				$f = TCPDF_STATIC::fopenLocal($tempkeyfile, 'wb');
 				if (!$f) {
 					$this->Error('Unable to create temporary key file: '.$tempkeyfile);
 				}
@ -17115,15 +17029,39 @@ class TCPDF {
 	}
 	/**
-	 * Serialize an array of parameters to be used with TCPDF tag in HTML code.
+	 * Return an hash code used to ensure that the serialized data has been generated by this TCPDF instance.
-	 * @param $pararray (array) parameters array
+	 * @param $data (string) serialized data
-	 * @return sting containing serialized data
+	 * @return string
-	 * @since 4.9.006 (2010-04-02)
+	 * @public static
 	 * @public
 	 * @deprecated
 	 */
-	public function serializeTCPDFtagParameters($pararray) {
+	protected function getHashForTCPDFtagParams($data) {
-		return TCPDF_STATIC::serializeTCPDFtagParameters($pararray);
+		return md5(strlen($data).$this->file_id.$data);
 	}
 	/**
 	 * Serialize an array of parameters to be used with TCPDF tag in HTML code.
 	 * @param $data (array) parameters array
 	 * @return string containing serialized data
 	 * @public static
 	 */
 	public function serializeTCPDFtagParameters($data) {
 		$encoded = urlencode(json_encode($data));
 		return $this->getHashForTCPDFtagParams($encoded).$encoded;
 	}
 	/**
 	 * Unserialize parameters to be used with TCPDF tag in HTML code.
 	 * @param $data (string) serialized data
 	 * @return array containing unserialized data
 	 * @protected static
 	 */
 	protected function unserializeTCPDFtagParameters($data) {
 		$hash = substr($data, 0, 32);
 		$encoded = substr($data, 32);
 		if ($hash != $this->getHashForTCPDFtagParams($encoded)) {
 			$this->Error('Invalid parameters');
 		}
 		return json_decode(urldecode($encoded), true);
 	}
 	/**
@ -19346,7 +19284,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
 						$tcpdf_method = $tag['attribute']['method'];
 						if (method_exists($this, $tcpdf_method)) {
 							if (isset($tag['attribute']['params']) AND (!empty($tag['attribute']['params']))) {
-								$params = TCPDF_STATIC::unserializeTCPDFtagParameters($tag['attribute']['params']);
+								$params = $this->unserializeTCPDFtagParameters($tag['attribute']['params']);
 								call_user_func_array(array($this, $tcpdf_method), $params);
 							} else {
 								$this->$tcpdf_method();
@ -21697,7 +21635,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
 	 */
 	public function rollbackTransaction($self=false) {
 		if (isset($this->objcopy)) {
-			$this->_destroy(true, true); // DEBUG
+			$this->_destroy(true, true);
 			if ($self) {
 				$objvars = get_object_vars($this->objcopy);
 				foreach ($objvars as $key => $value) {
--- a/tcpdf_autoconfig.php
+++ b/tcpdf_autoconfig.php
@ -1,9 +1,9 @@
 <?php
 //============================================================+
 // File name   : tcpdf_autoconfig.php
-// Version     : 1.0.000
+// Version     : 1.1.0
 // Begin       : 2013-05-16
-// Last Update : 2014-09-02
+// Last Update : 2014-12-10
 // Authors     : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
@ -37,7 +37,7 @@
 * @file
 * Try to automatically configure some TCPDF constants if not defined.
 * @package com.tecnick.tcpdf
- * @version 1.0.000
+ * @version 1.1.0
 */
 // DOCUMENT_ROOT fix for IIS Webserver
@ -225,7 +225,7 @@ if (!defined('K_THAI_TOPCHARS')) {
 }
 if (!defined('K_TCPDF_CALLS_IN_HTML')) {
-	define('K_TCPDF_CALLS_IN_HTML', true);
+	define('K_TCPDF_CALLS_IN_HTML', false);
 }
 if (!defined('K_TCPDF_THROW_EXCEPTION_ERROR')) {