diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT index 4a845350..2158b941 100644 --- a/CHANGELOG.TXT +++ b/CHANGELOG.TXT @@ -1,3 +1,6 @@ +6.7.6 (2024-10-06) + - Forbid access to parent folder in HTML images. + 6.7.5 (2024-04-20) - Update GitHub actions - fix: CSV-2024-22640 (#712) diff --git a/VERSION b/VERSION index c56facf8..2ed16f40 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.7.5 +6.7.6 diff --git a/composer.json b/composer.json index 7389d090..66724a17 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,7 @@ "barcodes" ], "homepage": "http://www.tcpdf.org/", - "version": "6.7.5", + "version": "6.7.6", "license": "LGPL-3.0-or-later", "authors": [ { diff --git a/include/tcpdf_static.php b/include/tcpdf_static.php index 04f74461..b4f7c5f4 100644 --- a/include/tcpdf_static.php +++ b/include/tcpdf_static.php @@ -55,7 +55,7 @@ class TCPDF_STATIC { * Current TCPDF version. * @private static */ - private static $tcpdf_version = '6.7.5'; + private static $tcpdf_version = '6.7.6'; /** * String alias for total number of pages. diff --git a/tcpdf.php b/tcpdf.php index 60f93c41..c4b66932 100644 --- a/tcpdf.php +++ b/tcpdf.php @@ -1,9 +1,9 @@ * @package com.tecnick.tcpdf * @brief PHP class for generating PDF documents without requiring external extensions. - * @version 6.7.5 + * @version 6.7.6 * @author Nicola Asuni - info@tecnick.com * @IgnoreAnnotation("protected") * @IgnoreAnnotation("public") @@ -19010,29 +19010,29 @@ protected function openHTMLTagHandler($dom, $key, $cell) { $this->setLineWidth($hrHeight); $lineStyle = array(); - if (isset($tag['fgcolor'])) { - $lineStyle['color'] = $tag['fgcolor']; - } + if (isset($tag['fgcolor'])) { + $lineStyle['color'] = $tag['fgcolor']; + } - if (isset($tag['fgcolor'])) { - $lineStyle['color'] = $tag['fgcolor']; - } + if (isset($tag['fgcolor'])) { + $lineStyle['color'] = $tag['fgcolor']; + } - if (isset($tag['style']['cap'])) { - $lineStyle['cap'] = $tag['style']['cap']; - } + if (isset($tag['style']['cap'])) { + $lineStyle['cap'] = $tag['style']['cap']; + } - if (isset($tag['style']['join'])) { - $lineStyle['join'] = $tag['style']['join']; - } + if (isset($tag['style']['join'])) { + $lineStyle['join'] = $tag['style']['join']; + } - if (isset($tag['style']['dash'])) { - $lineStyle['dash'] = $tag['style']['dash']; - } + if (isset($tag['style']['dash'])) { + $lineStyle['dash'] = $tag['style']['dash']; + } - if (isset($tag['style']['phase'])) { - $lineStyle['phase'] = $tag['style']['phase']; - } + if (isset($tag['style']['phase'])) { + $lineStyle['phase'] = $tag['style']['phase']; + } $lineStyle = array_filter($lineStyle); @@ -19059,11 +19059,14 @@ protected function openHTMLTagHandler($dom, $key, $cell) { } else if (preg_match('@^data:image/([^;]*);base64,(.*)@', $imgsrc, $reg)) { $imgsrc = '@'.base64_decode($reg[2]); $type = $reg[1]; + } elseif (str_contains($imgsrc, '../')) { + // accessing parent folders is not allowed + break; } elseif ( $this->allowLocalFiles && substr($imgsrc, 0, 7) === 'file://') { - // get image type from a local file path - $imgsrc = substr($imgsrc, 7); - $type = TCPDF_IMAGES::getImageFileType($imgsrc); - } else { + // get image type from a local file path + $imgsrc = substr($imgsrc, 7); + $type = TCPDF_IMAGES::getImageFileType($imgsrc); + } else { if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) { // fix image path $findroot = strpos($imgsrc, $_SERVER['DOCUMENT_ROOT']);