diff --git a/inc/composer.json b/inc/composer.json index acd3ccc..d474567 100644 --- a/inc/composer.json +++ b/inc/composer.json @@ -4,7 +4,7 @@ "cocur/background-process" : "~0.7", "tecnickcom/tcpdf" : "~6.2", "pacificsec/cpe" : "1.0.1", - "godsgood33/php-db" : "~1.3" + "monolog/monolog" : "~1.23" }, "require-dev" : { "phpunit/phpunit" : "~7.3" diff --git a/inc/composer.lock b/inc/composer.lock index 8eaaff6..9bad4ec 100644 --- a/inc/composer.lock +++ b/inc/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "184b710525eca347d52d3a2062cdf1c7", + "content-hash": "8bf5f4a76098ff9277648c58793a04b5", "packages": [ { "name": "cocur/background-process", @@ -44,53 +44,6 @@ ], "time": "2017-02-11T12:41:41+00:00" }, - { - "name": "godsgood33/php-db", - "version": "1.3.1", - "source": { - "type": "git", - "url": "https://github.com/godsgood33/php-db.git", - "reference": "cdf01f123c16dcb0b294b3b9013557e2d472f1c9" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/godsgood33/php-db/zipball/cdf01f123c16dcb0b294b3b9013557e2d472f1c9", - "reference": "cdf01f123c16dcb0b294b3b9013557e2d472f1c9", - "shasum": "" - }, - "require": { - "monolog/monolog": "~1.23" - }, - "require-dev": { - "phpunit/phpunit": "~7.2" - }, - "type": "library", - "autoload": { - "psr-4": { - "Godsgood33\\Php_Db\\": "src" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "Apache-2.0" - ], - "authors": [ - { - "name": "Ryan Prather", - "email": "godsgood33@gmail.com", - "role": "Developer" - } - ], - "description": "PHP Database Library", - "homepage": "https://github.com/godsgood33/php-db", - "keywords": [ - "database", - "library", - "mysql", - "mysqli" - ], - "time": "2018-06-07T18:30:13+00:00" - }, { "name": "markbaker/complex", "version": "1.4.6", @@ -491,16 +444,16 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.2.17", + "version": "6.2.22", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53" + "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/64fc19439863e1b1314487a72a74d9bfd0b55a53", - "reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/ac6e92fccc7d9383dfd787056831349621b1aca2", + "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2", "shasum": "" }, "require": { @@ -549,7 +502,7 @@ "pdf417", "qrcode" ], - "time": "2018-02-24T11:48:20+00:00" + "time": "2018-09-14T15:26:29+00:00" } ], "packages-dev": [ @@ -1037,21 +990,24 @@ }, { "name": "phpunit/php-file-iterator", - "version": "2.0.1", + "version": "2.0.2", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-file-iterator.git", - "reference": "cecbc684605bb0cc288828eb5d65d93d5c676d3c" + "reference": "050bedf145a257b1ff02746c31894800e5122946" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/cecbc684605bb0cc288828eb5d65d93d5c676d3c", - "reference": "cecbc684605bb0cc288828eb5d65d93d5c676d3c", + "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/050bedf145a257b1ff02746c31894800e5122946", + "reference": "050bedf145a257b1ff02746c31894800e5122946", "shasum": "" }, "require": { "php": "^7.1" }, + "require-dev": { + "phpunit/phpunit": "^7.1" + }, "type": "library", "extra": { "branch-alias": { @@ -1080,7 +1036,7 @@ "filesystem", "iterator" ], - "time": "2018-06-11T11:44:00+00:00" + "time": "2018-09-13T20:33:42+00:00" }, { "name": "phpunit/php-text-template", @@ -1223,16 +1179,16 @@ }, { "name": "phpunit/phpunit", - "version": "7.3.2", + "version": "7.3.5", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "34705f81bddc3f505b9599a2ef96e2b4315ba9b8" + "reference": "7b331efabbb628c518c408fdfcaf571156775de2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/34705f81bddc3f505b9599a2ef96e2b4315ba9b8", - "reference": "34705f81bddc3f505b9599a2ef96e2b4315ba9b8", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/7b331efabbb628c518c408fdfcaf571156775de2", + "reference": "7b331efabbb628c518c408fdfcaf571156775de2", "shasum": "" }, "require": { @@ -1303,7 +1259,7 @@ "testing", "xunit" ], - "time": "2018-08-22T06:39:21+00:00" + "time": "2018-09-08T15:14:29+00:00" }, { "name": "sebastian/code-unit-reverse-lookup", diff --git a/inc/vendor/composer/autoload_psr4.php b/inc/vendor/composer/autoload_psr4.php index 076955b..6d5df70 100644 --- a/inc/vendor/composer/autoload_psr4.php +++ b/inc/vendor/composer/autoload_psr4.php @@ -11,7 +11,6 @@ return array( 'PhpOffice\\PhpSpreadsheet\\' => array($vendorDir . '/phpoffice/phpspreadsheet/src/PhpSpreadsheet'), 'PacificSec\\CPE\\' => array($vendorDir . '/pacificsec/cpe/src'), 'Monolog\\' => array($vendorDir . '/monolog/monolog/src/Monolog'), - 'Godsgood33\\Php_Db\\' => array($vendorDir . '/godsgood33/php-db/src'), 'Complex\\' => array($vendorDir . '/markbaker/complex/classes/src'), 'Cocur\\BackgroundProcess\\' => array($vendorDir . '/cocur/background-process/src'), ); diff --git a/inc/vendor/composer/autoload_static.php b/inc/vendor/composer/autoload_static.php index 42ceafc..81d1d20 100644 --- a/inc/vendor/composer/autoload_static.php +++ b/inc/vendor/composer/autoload_static.php @@ -63,10 +63,6 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72 array ( 'Monolog\\' => 8, ), - 'G' => - array ( - 'Godsgood33\\Php_Db\\' => 18, - ), 'C' => array ( 'Complex\\' => 8, @@ -95,10 +91,6 @@ class ComposerStaticInit69a0c53551ee5f4e61c53efb549e5e72 array ( 0 => __DIR__ . '/..' . '/monolog/monolog/src/Monolog', ), - 'Godsgood33\\Php_Db\\' => - array ( - 0 => __DIR__ . '/..' . '/godsgood33/php-db/src', - ), 'Complex\\' => array ( 0 => __DIR__ . '/..' . '/markbaker/complex/classes/src', diff --git a/inc/vendor/composer/installed.json b/inc/vendor/composer/installed.json index ddbe219..79cc9ac 100644 --- a/inc/vendor/composer/installed.json +++ b/inc/vendor/composer/installed.json @@ -39,55 +39,6 @@ "unix" ] }, - { - "name": "godsgood33/php-db", - "version": "1.3.1", - "version_normalized": "1.3.1.0", - "source": { - "type": "git", - "url": "https://github.com/godsgood33/php-db.git", - "reference": "cdf01f123c16dcb0b294b3b9013557e2d472f1c9" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/godsgood33/php-db/zipball/cdf01f123c16dcb0b294b3b9013557e2d472f1c9", - "reference": "cdf01f123c16dcb0b294b3b9013557e2d472f1c9", - "shasum": "" - }, - "require": { - "monolog/monolog": "~1.23" - }, - "require-dev": { - "phpunit/phpunit": "~7.2" - }, - "time": "2018-06-07T18:30:13+00:00", - "type": "library", - "installation-source": "dist", - "autoload": { - "psr-4": { - "Godsgood33\\Php_Db\\": "src" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "Apache-2.0" - ], - "authors": [ - { - "name": "Ryan Prather", - "email": "godsgood33@gmail.com", - "role": "Developer" - } - ], - "description": "PHP Database Library", - "homepage": "https://github.com/godsgood33/php-db", - "keywords": [ - "database", - "library", - "mysql", - "mysqli" - ] - }, { "name": "markbaker/complex", "version": "1.4.6", @@ -500,23 +451,23 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.2.17", - "version_normalized": "6.2.17.0", + "version": "6.2.22", + "version_normalized": "6.2.22.0", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53" + "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/64fc19439863e1b1314487a72a74d9bfd0b55a53", - "reference": "64fc19439863e1b1314487a72a74d9bfd0b55a53", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/ac6e92fccc7d9383dfd787056831349621b1aca2", + "reference": "ac6e92fccc7d9383dfd787056831349621b1aca2", "shasum": "" }, "require": { "php": ">=5.3.0" }, - "time": "2018-02-24T11:48:20+00:00", + "time": "2018-09-14T15:26:29+00:00", "type": "library", "installation-source": "dist", "autoload": { diff --git a/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT b/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT index d6e4cf0..fc0bb41 100644 --- a/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT +++ b/inc/vendor/tecnickcom/tcpdf/CHANGELOG.TXT @@ -1,5 +1,8 @@ -Unreleased - - fix Undesired mouseover effect on links in PDF on Chrome Pdf Viewer +6.2.20 + - Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. + +6.2.19 + - Merge various fixes for PHP 7.3 compatibility and security. 6.2.13 (2016-06-10) - IMPORTANT: A new version of this library is under development at https://github.com/tecnickcom/tc-lib-pdf and as a consequence this version will not receive any additional development or support. This version should be considered obsolete, new projects should use the new version as soon it will become stable. diff --git a/inc/vendor/tecnickcom/tcpdf/composer.json b/inc/vendor/tecnickcom/tcpdf/composer.json index 83ffd67..df1e50d 100644 --- a/inc/vendor/tecnickcom/tcpdf/composer.json +++ b/inc/vendor/tecnickcom/tcpdf/composer.json @@ -1,6 +1,6 @@ { "name": "tecnickcom/tcpdf", - "version": "6.2.17", + "version": "6.2.22", "homepage": "http://www.tcpdf.org/", "type": "library", "description": "TCPDF is a PHP class for generating PDF documents and barcodes.", diff --git a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php index ba89c7c..211a236 100644 --- a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php +++ b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php @@ -70,7 +70,7 @@ class TCPDF_FONTS { * @public static */ public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $outpath='', $platid=3, $encid=1, $addcbbox=false, $link=false) { - if (!file_exists($fontfile)) { + if (!TCPDF_STATIC::file_exists($fontfile)) { // Could not find file return false; } @@ -95,7 +95,7 @@ class TCPDF_FONTS { $outpath = self::_getfontpath(); } // check if this font already exist - if (@file_exists($outpath.$font_name.'.php')) { + if (@TCPDF_STATIC::file_exists($outpath.$font_name.'.php')) { // this font already exist (delete it from fonts folder to rebuild it) return $font_name; } @@ -1543,11 +1543,11 @@ class TCPDF_FONTS { public static function getFontFullPath($file, $fontdir=false) { $fontfile = ''; // search files on various directories - if (($fontdir !== false) AND @file_exists($fontdir.$file)) { + if (($fontdir !== false) AND @TCPDF_STATIC::file_exists($fontdir.$file)) { $fontfile = $fontdir.$file; - } elseif (@file_exists(self::_getfontpath().$file)) { + } elseif (@TCPDF_STATIC::file_exists(self::_getfontpath().$file)) { $fontfile = self::_getfontpath().$file; - } elseif (@file_exists($file)) { + } elseif (@TCPDF_STATIC::file_exists($file)) { $fontfile = $file; } return $fontfile; diff --git a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_images.php b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_images.php index c2e3c36..86b3c20 100644 --- a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_images.php +++ b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_images.php @@ -161,12 +161,8 @@ class TCPDF_IMAGES { */ public static function _parsejpeg($file) { // check if is a local file - if (!@file_exists($file)) { - // try to encode spaces on filename - $tfile = str_replace(' ', '%20', $file); - if (@file_exists($tfile)) { - $file = $tfile; - } + if (!@TCPDF_STATIC::file_exists($file)) { + return false; } $a = getimagesize($file); if (empty($a)) { diff --git a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php index aa42c85..b010f7a 100644 --- a/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php +++ b/inc/vendor/tecnickcom/tcpdf/include/tcpdf_static.php @@ -55,7 +55,7 @@ class TCPDF_STATIC { * Current TCPDF version. * @private static */ - private static $tcpdf_version = '6.2.17'; + private static $tcpdf_version = '6.2.22'; /** * String alias for total number of pages. @@ -1774,39 +1774,6 @@ class TCPDF_STATIC { return $angle; } - - - - - - - - - - - - - - - - -// ==================================================================================================================== -// REIMPLEMENTED -// ==================================================================================================================== - - - - - - - - - - - - - - /** * Split string by a regular expression. * This is a wrapper for the preg_split function to avoid the bug: https://bugs.php.net/bug.php?id=45850 @@ -1854,6 +1821,33 @@ class TCPDF_STATIC { return fopen($filename, $mode); } + /** + * Wrapper for file_exists. + * Checks whether a file or directory exists. + * Only allows some protocols and local files. + * @param filename (string) Path to the file or directory. + * @return Returns TRUE if the file or directory specified by filename exists; FALSE otherwise. + * @public static + */ + public static function file_exists($filename) { + if (strpos($filename, '://') > 0) { + $wrappers = stream_get_wrappers(); + foreach ($wrappers as $wrapper) { + if (($wrapper === 'http') || ($wrapper === 'https')) { + continue; + } + if (stripos($filename, $wrapper.'://') === 0) { + return false; + } + } + } + if (!@file_exists($filename)) { + // try to encode spaces on filename + $filename = str_replace(' ', '%20', $filename); + } + return @file_exists($filename); + } + /** * Reads entire file into a string. * The file can be also an URL. @@ -1914,8 +1908,10 @@ class TCPDF_STATIC { } // $alt = array_unique($alt); - //var_dump($alt);exit;//DEBUG foreach ($alt as $path) { + if (!self::file_exists($path)) { + return false; + } $ret = @file_get_contents($path); if ($ret !== false) { return $ret; @@ -1949,8 +1945,6 @@ class TCPDF_STATIC { return false; } - - /** * Get ULONG from string (Big Endian 32-bit unsigned integer). * @param $str (string) string from where to extract value diff --git a/inc/vendor/tecnickcom/tcpdf/tcpdf.php b/inc/vendor/tecnickcom/tcpdf/tcpdf.php index ef411a1..b2c8ceb 100644 --- a/inc/vendor/tecnickcom/tcpdf/tcpdf.php +++ b/inc/vendor/tecnickcom/tcpdf/tcpdf.php @@ -1,13 +1,13 @@ * @package com.tecnick.tcpdf * @author Nicola Asuni - * @version 6.2.8 + * @version 6.2.22 */ // TCPDF configuration @@ -128,8 +128,11 @@ require_once(dirname(__FILE__).'/include/tcpdf_static.php'); * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.
* @package com.tecnick.tcpdf * @brief PHP class for generating PDF documents without requiring external extensions. - * @version 6.2.8 + * @version 6.2.22 * @author Nicola Asuni - info@tecnick.com + * @IgnoreAnnotation("protected") + * @IgnoreAnnotation("public") + * @IgnoreAnnotation("pre") */ class TCPDF { @@ -1994,10 +1997,6 @@ class TCPDF { * @since 1.53.0.TC016 */ public function __destruct() { - // restore internal encoding - if (isset($this->internal_encoding) AND !empty($this->internal_encoding)) { - mb_internal_encoding($this->internal_encoding); - } // cleanup $this->_destroy(true); } @@ -4257,7 +4256,7 @@ class TCPDF { // true when the font style variation is missing $missing_style = false; // search and include font file - if (TCPDF_STATIC::empty_string($fontfile) OR (!@file_exists($fontfile))) { + if (TCPDF_STATIC::empty_string($fontfile) OR (!@TCPDF_STATIC::file_exists($fontfile))) { // build a standard filenames for specified font $tmp_fontfile = str_replace(' ', '', $family).strtolower($style).'.php'; $fontfile = TCPDF_FONTS::getFontFullPath($tmp_fontfile, $fontdir); @@ -4269,7 +4268,7 @@ class TCPDF { } } // include font file - if (!TCPDF_STATIC::empty_string($fontfile) AND (@file_exists($fontfile))) { + if (!TCPDF_STATIC::empty_string($fontfile) AND (@TCPDF_STATIC::file_exists($fontfile))) { include($fontfile); } else { $this->Error('Could not include font definition file: '.$family.''); @@ -4453,6 +4452,7 @@ class TCPDF { * @see SetFont() */ public function SetFontSize($size, $out=true) { + $size = (float)$size; // font size in points $this->FontSizePt = $size; // font size in user units @@ -4809,19 +4809,19 @@ class TCPDF { $this->PageAnnots[$page][] = array('n' => ++$this->n, 'x' => $x, 'y' => $y, 'w' => $w, 'h' => $h, 'txt' => $text, 'opt' => $opt, 'numspaces' => $spaces); if (!$this->pdfa_mode) { if ((($opt['Subtype'] == 'FileAttachment') OR ($opt['Subtype'] == 'Sound')) AND (!TCPDF_STATIC::empty_string($opt['FS'])) - AND (@file_exists($opt['FS']) OR TCPDF_STATIC::isValidURL($opt['FS'])) + AND (@TCPDF_STATIC::file_exists($opt['FS']) OR TCPDF_STATIC::isValidURL($opt['FS'])) AND (!isset($this->embeddedfiles[basename($opt['FS'])]))) { $this->embeddedfiles[basename($opt['FS'])] = array('f' => ++$this->n, 'n' => ++$this->n, 'file' => $opt['FS']); } } // Add widgets annotation's icons - if (isset($opt['mk']['i']) AND @file_exists($opt['mk']['i'])) { + if (isset($opt['mk']['i']) AND @TCPDF_STATIC::file_exists($opt['mk']['i'])) { $this->Image($opt['mk']['i'], '', '', 10, 10, '', '', '', false, 300, '', false, false, 0, false, true); } - if (isset($opt['mk']['ri']) AND @file_exists($opt['mk']['ri'])) { + if (isset($opt['mk']['ri']) AND @TCPDF_STATIC::file_exists($opt['mk']['ri'])) { $this->Image($opt['mk']['ri'], '', '', 0, 0, '', '', '', false, 300, '', false, false, 0, false, true); } - if (isset($opt['mk']['ix']) AND @file_exists($opt['mk']['ix'])) { + if (isset($opt['mk']['ix']) AND @TCPDF_STATIC::file_exists($opt['mk']['ix'])) { $this->Image($opt['mk']['ix'], '', '', 0, 0, '', '', '', false, 300, '', false, false, 0, false, true); } } @@ -6845,13 +6845,9 @@ class TCPDF { $file = substr($file, 1); $exurl = $file; } - // check if is a local file - if (!@file_exists($file)) { - // try to encode spaces on filename - $tfile = str_replace(' ', '%20', $file); - if (@file_exists($tfile)) { - $file = $tfile; - } + // check if file exist and it is valid + if (!@TCPDF_STATIC::file_exists($file)) { + return false; } if (($imsize = @getimagesize($file)) === FALSE) { if (in_array($file, $this->imagekeys)) { @@ -7750,6 +7746,10 @@ class TCPDF { * @since 4.5.016 (2009-02-24) */ public function _destroy($destroyall=false, $preserve_objcopy=false) { + // restore internal encoding + if (isset($this->internal_encoding) AND !empty($this->internal_encoding)) { + mb_internal_encoding($this->internal_encoding); + } if ($destroyall AND !$preserve_objcopy) { // remove all temporary files $tmpfiles = glob(K_PATH_CACHE.'__tcpdf_'.$this->file_id.'_*'); @@ -17783,7 +17783,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: // justify block if (!TCPDF_STATIC::empty_string($this->lispacer)) { $this->lispacer = ''; - continue; + break; } preg_match('/([0-9\.\+\-]*)[\s]([0-9\.\+\-]*)[\s]([0-9\.\+\-]*)[\s]('.$strpiece[1][0].')[\s](re)([\s]*)/x', $pmid, $xmatches); if (!isset($xmatches[1])) { @@ -18318,7 +18318,8 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: } // text $this->htmlvspace = 0; - if ((!$this->premode) AND $this->isRTLTextDir()) { + $isRTLString = preg_match(TCPDF_FONT_DATA::$uni_RE_PATTERN_RTL, $dom[$key]['value']) || preg_match(TCPDF_FONT_DATA::$uni_RE_PATTERN_ARABIC, $dom[$key]['value']); + if ((!$this->premode) AND $this->isRTLTextDir() AND !$isRTLString) { // reverse spaces order $lsp = ''; // left spaces $rsp = ''; // right spaces @@ -18333,7 +18334,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: if ($newline) { if (!$this->premode) { $prelen = strlen($dom[$key]['value']); - if ($this->isRTLTextDir()) { + if ($this->isRTLTextDir() AND !$isRTLString) { // right trim except non-breaking space $dom[$key]['value'] = $this->stringRightTrim($dom[$key]['value']); } else {