Changeset 3372510
- Timestamp:
- 10/03/2025 05:14:00 PM (6 months ago)
- Location:
- wpos-lite-version/trunk/vendor/tecnickcom/tcpdf
- Files:
-
- 10 edited
-
CHANGELOG.TXT (modified) (1 diff)
-
LICENSE.TXT (modified) (1 diff)
-
README.md (modified) (1 diff)
-
VERSION (modified) (1 diff)
-
composer.json (modified) (4 diffs)
-
include/tcpdf_colors.php (modified) (3 diffs)
-
include/tcpdf_fonts.php (modified) (9 diffs)
-
include/tcpdf_static.php (modified) (10 diffs)
-
tcpdf.php (modified) (39 diffs)
-
tcpdf_autoconfig.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/CHANGELOG.TXT
r3372370 r3372510 1 6.10.0 (2025-05-27) 2 - Embedded files support (Factur-X 1.07 / ZUGFeRD 2.3) #789 3 4 6.9.5 (2025-05-27) 5 - Automatically add destinations from HTML code #804 6 - Wrong default value when $table_el['old_cell_padding'] is missing #807 7 - Fixed PHP warning when empty hash link for image exists in HTML #809 8 - Fix for application of alpha component to SVG RGBA fills #810 9 10 6.9.4 (2025-05-13) 11 - Update donation link. 12 13 6.9.3 (2025-04-20) 14 - New fix for "Deserialization of untrusted data" (check on valid protocols). 15 - Removed global phar configuration. 16 17 6.9.2 (2025-04-18) 18 - Quick fix for "Deserialization of untrusted data" security vulnerability reported by Positive Technologies. 19 - Disable phar protocol globally. 20 21 6.9.1 (2025-04-03) 22 - Fixed "Path Traversal" security vulnerability reported by Positive Technologies. 23 24 6.9.0 (2025-03-30) 25 - Added PHP 8.4 testing. 26 - Removed tcpdf_import.php and tcpdf_parser.php files (for a parser check the tc-lib-pdf-parser project instead). 27 - Fix composer.json. 28 29 6.8.2 (2025-01-26) 30 - Fix some annotation flags values. 31 - Remove examples from packaging. 32 33 6.8.1 (2025-01-26) - UNTAGGED 34 - Check relative paths on SVG images. 35 36 6.8.0 (2024-12-23) 37 - Requires PHP 7.1+ and curl extension. 38 - Escape error message. 39 - Use strict time-constant function to compare TCPDF-tag hashes. 40 - Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed). 41 - Add some addTTFfont fixes from tc-lib-pdf-font. 42 43 6.7.8 (2024-12-13) 44 - Improve SVG detection by checking for (mandatory) namespace. 45 - Use late state binding now that minimum PHP version is 5.5. 46 47 6.7.7 (2024-10-26) 48 - Update regular expression to avoid ReDoS (CVE-2024-22641) 49 - [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675 50 - SVG detection fix for inline data images #646 51 - Fix count svg #647 52 - Since the version 6.7.4, the "0" is considered like empty string and not displayed 53 - Fixed handling of transparency in PDF/A mode in addExtGState method 54 - Encrypt /DA string when document is encrypted 55 - Improve quality of generated seed, avoid potential security pitfall 56 - Try to use random_bytes() first if it's available 57 - Do not include the server parameters in the generated seed, as they might contain sensitive data 58 - Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page 59 - Fix SVG coordinate parser that caused drawing artifacts 60 - Remove usage of xml_set_object() function 61 62 6.7.6 (2024-10-06) 63 - Forbid access to parent folder in HTML images. 64 65 6.7.5 (2024-04-20) 66 - Update GitHub actions 67 - fix: CSV-2024-22640 (#712) 68 1 69 6.7.4 (2024-03-24) 2 70 - Upgrade tcpdf tag encryption algorithm. -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/LICENSE.TXT
r3372370 r3372510 8 8 License, or (at your option) any later version. 9 9 10 2002-202 4Nicola Asuni - Tecnick.com LTD10 2002-2025 Nicola Asuni - Tecnick.com LTD 11 11 12 12 ********************************************************************** -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/README.md
r3372370 r3372510 2 2 *PHP PDF Library* 3 3 4 [](https://www.paypal.com/ cgi-bin/webscr?cmd=_donations¤cy_code=GBP&business=paypal@tecnick.com&item_name=donation%20for%20TCPDF%20project)5 *Please consider supporting this project by making a donation via [PayPal](https://www.paypal.com/ cgi-bin/webscr?cmd=_donations¤cy_code=GBP&business=paypal@tecnick.com&item_name=donation%20for%20TCPDF%20project)*4 [](https://www.paypal.com/donate/?hosted_button_id=NZUEC5XS8MFBJ) 5 *Please consider supporting this project by making a donation via [PayPal](https://www.paypal.com/donate/?hosted_button_id=NZUEC5XS8MFBJ)* 6 6 7 7 * **category** Library 8 8 * **author** Nicola Asuni <info@tecnick.com> 9 * **copyright** 2002-202 4Nicola Asuni - Tecnick.com LTD9 * **copyright** 2002-2025 Nicola Asuni - Tecnick.com LTD 10 10 * **license** http://www.gnu.org/copyleft/lesser.html GNU-LGPL v3 (see LICENSE.TXT) 11 11 * **link** http://www.tcpdf.org -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/VERSION
r3372370 r3372510 1 6. 7.41 6.10.0 -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/composer.json
r3372370 r3372510 13 13 ], 14 14 "homepage": "http://www.tcpdf.org/", 15 "version": "6. 7.4",15 "version": "6.10.0", 16 16 "license": "LGPL-3.0-or-later", 17 17 "authors": [ … … 23 23 ], 24 24 "require": { 25 "php": ">=5.5.0" 25 "php": ">=7.1.0", 26 "ext-curl": "*" 26 27 }, 27 28 "autoload": { … … 30 31 "include", 31 32 "tcpdf.php", 32 "tcpdf_parser.php",33 "tcpdf_import.php",34 33 "tcpdf_barcodes_1d.php", 35 34 "tcpdf_barcodes_2d.php", … … 44 43 "include/barcodes/qrcode.php" 45 44 ] 46 },47 "archive": {48 "exclude": [49 "/examples"50 ]51 45 } 52 46 } -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/include/tcpdf_colors.php
r3372370 r3372510 276 276 // check for javascript color array syntax 277 277 if (strpos($color, '[') !== false) { 278 if (preg_match('/[\[][\"\'](t|g|rgb |cmyk)[\"\'][\,]?([0-9\.]*)[\,]?([0-9\.]*)[\,]?([0-9\.]*)[\,]?([0-9\.]*)[\]]/', $color, $m) > 0) {278 if (preg_match('/[\[][\"\'](t|g|rgba|rgb|cmyk)[\"\'][\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\]]/', $color, $m) > 0) { 279 279 $returncolor = array(); 280 280 switch ($m[1]) { … … 287 287 break; 288 288 } 289 case 'rgb': { 289 case 'rgb': 290 case 'rgba': { 290 291 // RGB 291 292 $returncolor['R'] = max(0, min(255, (floatval($m[2]) * 255))); … … 318 319 return $defcol; 319 320 } 321 // RGBA ARRAY 322 if (substr($color, 0, 4) == 'rgba') { 323 $codes = substr($color, 5); 324 $codes = str_replace(')', '', $codes); 325 $returncolor = explode(',', $codes); 326 // remove alpha component 327 array_pop($returncolor); 328 foreach ($returncolor as $key => $val) { 329 if (strpos($val, '%') > 0) { 330 // percentage 331 $returncolor[$key] = (255 * intval($val) / 100); 332 } else { 333 $returncolor[$key] = intval($val); /* floatize */ 334 } 335 // normalize value 336 $returncolor[$key] = max(0, min(255, $returncolor[$key])); 337 } 338 return $returncolor; 339 } 320 340 // RGB ARRAY 321 341 if (substr($color, 0, 3) == 'rgb') { -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/include/tcpdf_fonts.php
r3372370 r3372510 2 2 //============================================================+ 3 3 // File name : tcpdf_fonts.php 4 // Version : 1.1. 04 // Version : 1.1.1 5 5 // Begin : 2008-01-01 6 // Last Update : 20 14-12-106 // Last Update : 2024-12-23 7 7 // Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com 8 8 // License : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html) 9 9 // ------------------------------------------------------------------- 10 // Copyright (C) 2008-20 14Nicola Asuni - Tecnick.com LTD10 // Copyright (C) 2008-2025 Nicola Asuni - Tecnick.com LTD 11 11 // 12 12 // This file is part of TCPDF software library. … … 43 43 * Font methods for TCPDF library. 44 44 * @package com.tecnick.tcpdf 45 * @version 1.1. 045 * @version 1.1.1 46 46 * @author Nicola Asuni - info@tecnick.com 47 47 */ … … 192 192 // get font info 193 193 $fmetric['Flags'] = $flags; 194 preg_match ('#/FullName[\s]* \(([^\)]*)#', $font, $matches);194 preg_match ('#/FullName[\s]*+\(([^\)]*+)#', $font, $matches); 195 195 $fmetric['name'] = preg_replace('/[^a-zA-Z0-9_\-]/', '', $matches[1]); 196 preg_match('#/FontBBox[\s]*{([^}]*)#', $font, $matches); 197 $fmetric['bbox'] = trim($matches[1]); 198 $bv = explode(' ', $fmetric['bbox']); 199 $fmetric['Ascent'] = intval($bv[3]); 200 $fmetric['Descent'] = intval($bv[1]); 201 preg_match('#/ItalicAngle[\s]*([0-9\+\-]*)#', $font, $matches); 196 preg_match('#/FontBBox[\s]*+{([^}]*+)#', $font, $matches); 197 $rawbvl = explode(' ', trim($matches[1])); 198 $bvl = [(int) $rawbvl[0], (int) $rawbvl[1], (int) $rawbvl[2], (int) $rawbvl[3]]; 199 $fmetric['bbox'] = implode(' ', $bvl); 200 $fmetric['Ascent'] = $bvl[3]; 201 $fmetric['Descent'] = $bvl[1]; 202 preg_match('#/ItalicAngle[\s]*+([0-9\+\-]*+)#', $font, $matches); 202 203 $fmetric['italicAngle'] = intval($matches[1]); 203 204 if ($fmetric['italicAngle'] != 0) { 204 205 $fmetric['Flags'] |= 64; 205 206 } 206 preg_match('#/UnderlinePosition[\s]* ([0-9\+\-]*)#', $font, $matches);207 preg_match('#/UnderlinePosition[\s]*+([0-9\+\-]*+)#', $font, $matches); 207 208 $fmetric['underlinePosition'] = intval($matches[1]); 208 preg_match('#/UnderlineThickness[\s]* ([0-9\+\-]*)#', $font, $matches);209 preg_match('#/UnderlineThickness[\s]*+([0-9\+\-]*+)#', $font, $matches); 209 210 $fmetric['underlineThickness'] = intval($matches[1]); 210 preg_match('#/isFixedPitch[\s]* ([^\s]*)#', $font, $matches);211 preg_match('#/isFixedPitch[\s]*+([^\s]*+)#', $font, $matches); 211 212 if ($matches[1] == 'true') { 212 213 $fmetric['Flags'] |= 1; … … 214 215 // get internal map 215 216 $imap = array(); 216 if (preg_match_all('#dup[\s]([0-9]+)[\s]* /([^\s]*)[\s]put#sU', $font, $fmap, PREG_SET_ORDER) > 0) {217 if (preg_match_all('#dup[\s]([0-9]+)[\s]*+/([^\s]*+)[\s]put#sU', $font, $fmap, PREG_SET_ORDER) > 0) { 217 218 foreach ($fmap as $v) { 218 219 $imap[$v[2]] = $v[1]; … … 230 231 $r = ((($chr + $r) * $c1 + $c2) % 65536); 231 232 } 232 if (preg_match('#/ForceBold[\s]* ([^\s]*)#', $eplain, $matches) > 0) {233 if (preg_match('#/ForceBold[\s]*+([^\s]*+)#', $eplain, $matches) > 0) { 233 234 if ($matches[1] == 'true') { 234 235 $fmetric['Flags'] |= 0x40000; 235 236 } 236 237 } 237 if (preg_match('#/StdVW[\s]* \[([^\]]*)#', $eplain, $matches) > 0) {238 if (preg_match('#/StdVW[\s]*+\[([^\]]*+)#', $eplain, $matches) > 0) { 238 239 $fmetric['StemV'] = intval($matches[1]); 239 240 } else { 240 241 $fmetric['StemV'] = 70; 241 242 } 242 if (preg_match('#/StdHW[\s]* \[([^\]]*)#', $eplain, $matches) > 0) {243 if (preg_match('#/StdHW[\s]*+\[([^\]]*+)#', $eplain, $matches) > 0) { 243 244 $fmetric['StemH'] = intval($matches[1]); 244 245 } else { 245 246 $fmetric['StemH'] = 30; 246 247 } 247 if (preg_match('#/BlueValues[\s]* \[([^\]]*)#', $eplain, $matches) > 0) {248 if (preg_match('#/BlueValues[\s]*+\[([^\]]*+)#', $eplain, $matches) > 0) { 248 249 $bv = explode(' ', $matches[1]); 249 250 if (count($bv) >= 6) { … … 266 267 } 267 268 // get the number of random bytes at the beginning of charstrings 268 if (preg_match('#/lenIV[\s]* ([0-9]*)#', $eplain, $matches) > 0) {269 if (preg_match('#/lenIV[\s]*+([\d]*+)#', $eplain, $matches) > 0) { 269 270 $lenIV = intval($matches[1]); 270 271 } else { … … 274 275 // get charstring data 275 276 $eplain = substr($eplain, (strpos($eplain, '/CharStrings') + 1)); 276 preg_match_all('#/([A-Za-z0-9\.]* )[\s][0-9]+[\s]RD[\s](.*)[\s]ND#sU', $eplain, $matches, PREG_SET_ORDER);277 preg_match_all('#/([A-Za-z0-9\.]*+)[\s][0-9]+[\s]RD[\s](.*)[\s]ND#sU', $eplain, $matches, PREG_SET_ORDER); 277 278 if (!empty($enc) AND isset(TCPDF_FONT_DATA::$encmap[$enc])) { 278 279 $enc_map = TCPDF_FONT_DATA::$encmap[$enc]; … … 1781 1782 public static function UTF8ArrayToUniArray($ta, $isunicode=true) { 1782 1783 if ($isunicode) { 1783 return array_map( get_called_class().'::unichrUnicode', $ta);1784 } 1785 return array_map( get_called_class().'::unichrASCII', $ta);1784 return array_map(static::class.'::unichrUnicode', $ta); 1785 } 1786 return array_map(static::class.'::unichrASCII', $ta); 1786 1787 } 1787 1788 … … 2003 2004 // requires PCRE unicode support turned on 2004 2005 $chars = TCPDF_STATIC::pregSplit('//','u', $str, -1, PREG_SPLIT_NO_EMPTY); 2005 $carr = array_map( get_called_class().'::uniord', $chars);2006 $carr = array_map(static::class.'::uniord', $chars); 2006 2007 } else { 2007 2008 $chars = str_split($str); -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/include/tcpdf_static.php
r3372370 r3372510 2 2 //============================================================+ 3 3 // File name : tcpdf_static.php 4 // Version : 1.1. 44 // Version : 1.1.5 5 5 // Begin : 2002-08-03 6 // Last Update : 202 3-09-066 // Last Update : 2024-12-23 7 7 // Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com 8 8 // License : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html) 9 9 // ------------------------------------------------------------------- 10 // Copyright (C) 2002-202 3Nicola Asuni - Tecnick.com LTD10 // Copyright (C) 2002-2025 Nicola Asuni - Tecnick.com LTD 11 11 // 12 12 // This file is part of TCPDF software library. … … 39 39 * @package com.tecnick.tcpdf 40 40 * @author Nicola Asuni 41 * @version 1.1. 241 * @version 1.1.5 42 42 */ 43 43 … … 47 47 * @package com.tecnick.tcpdf 48 48 * @brief PHP class for generating PDF documents without requiring external extensions. 49 * @version 1.1. 149 * @version 1.1.5 50 50 * @author Nicola Asuni - info@tecnick.com 51 51 */ … … 56 56 * @private static 57 57 */ 58 private static $tcpdf_version = '6. 7.4';58 private static $tcpdf_version = '6.10.0'; 59 59 60 60 /** … … 106 106 */ 107 107 public static $pageboxes = array('MediaBox', 'CropBox', 'BleedBox', 'TrimBox', 'ArtBox'); 108 109 /** 110 * Array of default cURL options for curl_setopt_array. 111 * 112 * @var array<int, bool|int|string> cURL options. 113 */ 114 protected const CURLOPT_DEFAULT = [ 115 CURLOPT_CONNECTTIMEOUT => 5, 116 CURLOPT_MAXREDIRS => 5, 117 CURLOPT_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP | CURLPROTO_FTP | CURLPROTO_FTPS, 118 CURLOPT_SSL_VERIFYHOST => 2, 119 CURLOPT_SSL_VERIFYPEER => true, 120 CURLOPT_TIMEOUT => 30, 121 CURLOPT_USERAGENT => 'tcpdf', 122 ]; 123 124 /** 125 * Array of fixed cURL options for curl_setopt_array. 126 * 127 * @var array<int, bool|int|string> cURL options. 128 */ 129 protected const CURLOPT_FIXED = [ 130 CURLOPT_FAILONERROR => true, 131 CURLOPT_RETURNTRANSFER => true, 132 ]; 108 133 109 134 // - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - … … 380 405 $rnd .= posix_getpid(); 381 406 } 382 if (function_exists('openssl_random_pseudo_bytes') AND (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { 407 408 if (function_exists('random_bytes')) { 409 $rnd .= random_bytes(512); 410 } elseif (function_exists('openssl_random_pseudo_bytes') AND (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { 383 411 // this is not used on windows systems because it is very slow for a know bug 384 412 $rnd .= openssl_random_pseudo_bytes(512); … … 388 416 } 389 417 } 390 return $rnd.$seed.__FILE__. serialize($_SERVER).microtime(true);418 return $rnd.$seed.__FILE__.microtime(true); 391 419 } 392 420 … … 1821 1849 public static function url_exists($url) { 1822 1850 $crs = curl_init(); 1823 // encode query params in URL to get right response form the server 1824 $url = self::encodeUrlQuery($url); 1825 curl_setopt($crs, CURLOPT_URL, $url); 1826 curl_setopt($crs, CURLOPT_NOBODY, true); 1827 curl_setopt($crs, CURLOPT_FAILONERROR, true); 1828 if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) { 1829 curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true); 1830 } 1831 curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5); 1832 curl_setopt($crs, CURLOPT_TIMEOUT, 30); 1833 curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false); 1834 curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false); 1835 curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file'); 1836 curl_setopt($crs, CURLOPT_MAXREDIRS, 5); 1837 if (defined('CURLOPT_PROTOCOLS')) { 1838 curl_setopt($crs, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP | CURLPROTO_FTP | CURLPROTO_FTPS); 1839 } 1851 $curlopts = []; 1852 if ( 1853 (ini_get('open_basedir') == '') 1854 && (ini_get('safe_mode') === '' 1855 || ini_get('safe_mode') === false) 1856 ) { 1857 $curlopts[CURLOPT_FOLLOWLOCATION] = true; 1858 } 1859 $curlopts = array_replace($curlopts, self::CURLOPT_DEFAULT); 1860 $curlopts = array_replace($curlopts, K_CURLOPTS); 1861 $curlopts = array_replace($curlopts, self::CURLOPT_FIXED); 1862 $curlopts[CURLOPT_URL] = $url; 1863 curl_setopt_array($crs, $curlopts); 1840 1864 curl_exec($crs); 1841 1865 $code = curl_getinfo($crs, CURLINFO_HTTP_CODE); … … 1958 1982 // try to get remote file data using cURL 1959 1983 $crs = curl_init(); 1960 curl_setopt($crs, CURLOPT_URL, $path); 1961 curl_setopt($crs, CURLOPT_BINARYTRANSFER, true); 1962 curl_setopt($crs, CURLOPT_FAILONERROR, true); 1963 curl_setopt($crs, CURLOPT_RETURNTRANSFER, true); 1964 if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) { 1965 curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true); 1966 } 1967 curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5); 1968 curl_setopt($crs, CURLOPT_TIMEOUT, 30); 1969 curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false); 1970 curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false); 1971 curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file'); 1972 curl_setopt($crs, CURLOPT_MAXREDIRS, 5); 1973 if (defined('CURLOPT_PROTOCOLS')) { 1974 curl_setopt($crs, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP | CURLPROTO_FTP | CURLPROTO_FTPS); 1975 } 1984 $curlopts = []; 1985 if ( 1986 (ini_get('open_basedir') == '') 1987 && (ini_get('safe_mode') === '' 1988 || ini_get('safe_mode') === false) 1989 ) { 1990 $curlopts[CURLOPT_FOLLOWLOCATION] = true; 1991 } 1992 $curlopts = array_replace($curlopts, self::CURLOPT_DEFAULT); 1993 $curlopts = array_replace($curlopts, K_CURLOPTS); 1994 $curlopts = array_replace($curlopts, self::CURLOPT_FIXED); 1995 $curlopts[CURLOPT_URL] = $url; 1996 curl_setopt_array($crs, $curlopts); 1976 1997 $ret = curl_exec($crs); 1977 1998 curl_close($crs); … … 2632 2653 } 2633 2654 2634 2635 2655 } // END OF TCPDF_STATIC CLASS 2636 2656 -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/tcpdf.php
r3372370 r3372510 2 2 //============================================================+ 3 3 // File name : tcpdf.php 4 // Version : 6. 7.44 // Version : 6.10.0 5 5 // Begin : 2002-08-03 6 // Last Update : 202 4-03-186 // Last Update : 2025-05-27 7 7 // Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com 8 8 // License : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html) 9 9 // ------------------------------------------------------------------- 10 // Copyright (C) 2002-202 4Nicola Asuni - Tecnick.com LTD10 // Copyright (C) 2002-2025 Nicola Asuni - Tecnick.com LTD 11 11 // 12 12 // This file is part of TCPDF software library. … … 105 105 * @package com.tecnick.tcpdf 106 106 * @author Nicola Asuni 107 * @version 6. 6.5107 * @version 6.10.0 108 108 */ 109 109 … … 129 129 * @package com.tecnick.tcpdf 130 130 * @brief PHP class for generating PDF documents without requiring external extensions. 131 * @version 6. 7.4131 * @version 6.10.0 132 132 * @author Nicola Asuni - info@tecnick.com 133 133 * @IgnoreAnnotation("protected") … … 842 842 * Internal secret used to encrypt data. 843 843 * @protected 844 * @since 6.7. 4(2024-03-21)844 * @since 6.7.5 (2024-03-21) 845 845 */ 846 846 protected $hash_key; … … 1810 1810 */ 1811 1811 protected $custom_xmp_rdf = ''; 1812 1813 /** 1814 * Custom XMP RDF pdfaextension data. 1815 * @protected 1816 * @since 6.9.0 (2025-02-11) 1817 */ 1818 protected $custom_xmp_rdf_pdfaExtension = ''; 1812 1819 1813 1820 /** … … 3008 3015 // unset all class variables 3009 3016 $this->_destroy(true); 3017 $msg = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8'); 3010 3018 if (defined('K_TCPDF_THROW_EXCEPTION_ERROR') AND !K_TCPDF_THROW_EXCEPTION_ERROR) { 3011 3019 die('<strong>TCPDF ERROR: </strong>'.$msg); … … 4933 4941 4934 4942 /** 4943 * Embed the attached files. 4944 * @since 6.9.000 (2025-02-11) 4945 * @public 4946 */ 4947 public function EmbedFile($opt) { 4948 if (!$this->pdfa_mode || ($this->pdfa_mode && $this->pdfa_version == 3)) { 4949 if ((($opt['Subtype'] == 'FileAttachment')) AND (!TCPDF_STATIC::empty_string($opt['FS'])) 4950 AND (@TCPDF_STATIC::file_exists($opt['FS']) OR TCPDF_STATIC::isValidURL($opt['FS'])) 4951 AND (!isset($this->embeddedfiles[basename($opt['FS'])]))) { 4952 $this->embeddedfiles[basename($opt['FS'])] = array('f' => ++$this->n, 'n' => ++$this->n, 'file' => $opt['FS']); 4953 } 4954 } 4955 } 4956 4957 /** 4958 * Embed the attached files. 4959 * @since 6.9.000 (2025-02-11) 4960 * @public 4961 */ 4962 public function EmbedFileFromString($filename, $content) { 4963 if (!$this->pdfa_mode || ($this->pdfa_mode && $this->pdfa_version == 3)) { 4964 $this->embeddedfiles[$filename] = array('f' => ++$this->n, 'n' => ++$this->n, 'content' => $content ); 4965 } 4966 } 4967 4968 /** 4935 4969 * Embedd the attached files. 4936 4970 * @since 4.4.000 (2008-12-07) … … 4945 4979 reset($this->embeddedfiles); 4946 4980 foreach ($this->embeddedfiles as $filename => $filedata) { 4947 $data = $this->getCachedFileContents($filedata['file']); 4981 $data = false; 4982 if (isset($filedata['file']) && !empty($filedata['file'])) { 4983 $data = $this->getCachedFileContents($filedata['file']); 4984 } elseif ($filedata['content'] && !empty($filedata['content'])) { 4985 $data = $filedata['content']; 4986 } 4948 4987 if ($data !== FALSE) { 4949 4988 $rawsize = strlen($data); … … 6989 7028 $imsize = @getimagesize($file); 6990 7029 if ($imsize === FALSE) { 6991 unlink($file);7030 $this->_unlink($file); 6992 7031 $file = $original_file; 6993 7032 } … … 7222 7261 $img->writeImage($tempname); 7223 7262 $info = TCPDF_IMAGES::_parsejpeg($tempname); 7224 unlink($tempname);7263 $this->_unlink($tempname); 7225 7264 $img->destroy(); 7226 7265 } catch(Exception $e) { … … 7858 7897 while ( false !== ( $file_name = readdir( $handle ) ) ) { 7859 7898 if (strpos($file_name, '__tcpdf_'.$this->file_id.'_') === 0) { 7860 unlink(K_PATH_CACHE.$file_name);7899 $this->_unlink(K_PATH_CACHE.$file_name); 7861 7900 } 7862 7901 } … … 7865 7904 if (isset($this->imagekeys)) { 7866 7905 foreach($this->imagekeys as $file) { 7867 if (strpos($file, K_PATH_CACHE) === 0 && TCPDF_STATIC::file_exists($file)) { 7868 @unlink($file); 7906 if ((strpos($file, K_PATH_CACHE.'__tcpdf_'.$this->file_id.'_') === 0) 7907 && TCPDF_STATIC::file_exists($file)) { 7908 $this->_unlink($file); 7869 7909 } 7870 7910 } … … 8165 8205 */ 8166 8206 protected function _getannotsrefs($n) { 8167 if (!(isset($this->PageAnnots[$n]) OR ($this->sign AND isset($this->signature_data['cert_type'])))) {8207 if (!(isset($this->PageAnnots[$n]) OR count($this->empty_signature_appearance)>0 OR ($this->sign AND isset($this->signature_data['cert_type'])))) { 8168 8208 return ''; 8169 8209 } … … 8311 8351 } 8312 8352 case 'locked': { 8353 $fval += 1 << 7; 8354 break; 8355 } 8356 case 'togglenoview': { 8313 8357 $fval += 1 << 8; 8314 8358 break; 8315 8359 } 8316 case ' togglenoview': {8360 case 'lockedcontents': { 8317 8361 $fval += 1 << 9; 8318 break;8319 }8320 case 'lockedcontents': {8321 $fval += 1 << 10;8322 8362 break; 8323 8363 } … … 8533 8573 case 'freetext': { 8534 8574 if (isset($pl['opt']['da']) AND !empty($pl['opt']['da'])) { 8535 $annots .= ' /DA ('.$pl['opt']['da'].')';8575 $annots .= ' /DA '.$this->_datastring($pl['opt']['da']); 8536 8576 } 8537 8577 if (isset($pl['opt']['q']) AND ($pl['opt']['q'] >= 0) AND ($pl['opt']['q'] <= 2)) { … … 8790 8830 } 8791 8831 if (isset($pl['opt']['da']) AND !empty($pl['opt']['da'])) { 8792 $annots .= ' /DA ('.$pl['opt']['da'].')';8832 $annots .= ' /DA '.$this->_datastring($pl['opt']['da']); 8793 8833 } 8794 8834 if (isset($pl['opt']['q']) AND ($pl['opt']['q'] >= 0) AND ($pl['opt']['q'] <= 2)) { … … 9627 9667 public function setExtraXMPRDF($xmp) { 9628 9668 $this->custom_xmp_rdf = $xmp; 9669 } 9670 9671 /** 9672 * Set additional XMP data to be added to the default XMP data for PDF/A extensions. 9673 * IMPORTANT: This data is added as-is without controls, so you have to validate your data before using this method! 9674 * @param string $xmp Custom XMP RDF data. 9675 * @since 6.9.0 (2025-02-14) 9676 * @public 9677 */ 9678 public function setExtraXMPPdfaextension($xmp) { 9679 $this->custom_xmp_rdf_pdfaExtension = $xmp; 9629 9680 } 9630 9681 … … 9763 9814 $xmp .= "\t\t\t\t\t\t".'</pdfaSchema:property>'."\n"; 9764 9815 $xmp .= "\t\t\t\t\t".'</rdf:li>'."\n"; 9816 $xmp .= $this->custom_xmp_rdf_pdfaExtension; 9765 9817 $xmp .= "\t\t\t\t".'</rdf:Bag>'."\n"; 9766 9818 $xmp .= "\t\t\t".'</pdfaExtension:schemas>'."\n"; … … 9801 9853 // start catalog 9802 9854 $oid = $this->_newobj(); 9803 $out = '<< /Type /Catalog'; 9855 $out = '<< '; 9856 if (!empty($this->efnames)) { 9857 $out .= ' /AF [ '. implode(' ', $this->efnames) .' ]'; 9858 } 9859 $out .= ' /Type /Catalog'; 9804 9860 $out .= ' /Version /'.$this->PDFVersion; 9805 9861 //$out .= ' /Extensions <<>>'; … … 9940 9996 } 9941 9997 $font = $this->getFontBuffer((($this->pdfa_mode) ? 'pdfa' : '') .'helvetica'); 9942 $out .= ' /DA (/F'.$font['i'].' 0 Tf 0 g)';9998 $out .= ' /DA ' . $this->_datastring('/F'.$font['i'].' 0 Tf 0 g'); 9943 9999 $out .= ' /Q '.(($this->rtl)?'2':'0'); 9944 10000 //$out .= ' /XFA '; … … 11047 11103 $this->encryptdata['Length'] = 128; 11048 11104 $this->encryptdata['CF']['CFM'] = 'AESV2'; 11049 $this->encryptdata['CF']['Length'] = 1 28;11105 $this->encryptdata['CF']['Length'] = 16; 11050 11106 if ($this->encryptdata['pubkey']) { 11051 11107 $this->encryptdata['SubFilter'] = 'adbe.pkcs7.s5'; … … 11058 11114 $this->encryptdata['Length'] = 256; 11059 11115 $this->encryptdata['CF']['CFM'] = 'AESV3'; 11060 $this->encryptdata['CF']['Length'] = 256;11116 $this->encryptdata['CF']['Length'] = 32; 11061 11117 if ($this->encryptdata['pubkey']) { 11062 11118 $this->encryptdata['SubFilter'] = 'adbe.pkcs7.s5'; … … 13937 13993 */ 13938 13994 protected function addExtGState($parms) { 13939 if ( $this->pdfa_mode || $this->pdfa_version >= 2) {13940 // transparenc ies are not allowed in PDF/Amode13995 if (($this->pdfa_mode && $this->pdfa_version < 2) || ($this->state != 2)) { 13996 // transparency is not allowed in PDF/A-1 mode 13941 13997 return; 13942 13998 } … … 16441 16497 ); 16442 16498 16443 if( empty($html)) {16499 if($html === '' || $html === null) { 16444 16500 return $dom; 16445 16501 } … … 17260 17316 $hash = substr($data, $hpos + 1, $hlen); 17261 17317 $encoded = substr($data, $hpos + 2 + $hlen); 17262 if ( $hash != $this->hashTCPDFtag($encoded)) {17318 if (!hash_equals( $this->hashTCPDFtag($encoded), $hash)) { 17263 17319 $this->Error('Invalid parameters'); 17264 17320 } … … 17426 17482 } 17427 17483 if ($key == $maxel) break; 17484 if ($dom[$key]['tag'] AND $dom[$key]['opening'] AND !empty($dom[$key]['attribute']['id'])) { 17485 $this->setDestination($dom[$key]['attribute']['id']); 17486 } 17428 17487 if ($dom[$key]['tag'] AND isset($dom[$key]['attribute']['pagebreak'])) { 17429 17488 // check for pagebreak … … 18869 18928 18870 18929 /** 18930 * Check if the path is relative. 18931 * @param string $path path to check 18932 * @return boolean true if the path is relative 18933 * @protected 18934 * @since 6.9.1 18935 */ 18936 protected function isRelativePath($path) { 18937 return (strpos(str_ireplace('%2E', '.', $this->unhtmlentities($path)), '..') !== false); 18938 } 18939 18940 /** 18941 * Check if it contains a non-allowed external protocol. 18942 * @param string $path path to check 18943 * @return boolean true if the protocol is not allowed. 18944 * @protected 18945 * @since 6.9.3 18946 */ 18947 protected function hasExtForbiddenProtocol($path) { 18948 return ((strpos($path, '://') !== false) 18949 && (preg_match('|^https?://|', $path) !== 1)); 18950 } 18951 18952 /** 18871 18953 * Process opening tags. 18872 18954 * @param array $dom html dom array … … 19011 19093 19012 19094 $lineStyle = array(); 19013 19014 19015 19016 19017 19018 19019 19020 19021 19022 19023 19024 19025 19026 19027 19028 19029 19030 19031 19032 19033 19034 19035 19095 if (isset($tag['fgcolor'])) { 19096 $lineStyle['color'] = $tag['fgcolor']; 19097 } 19098 19099 if (isset($tag['fgcolor'])) { 19100 $lineStyle['color'] = $tag['fgcolor']; 19101 } 19102 19103 if (isset($tag['style']['cap'])) { 19104 $lineStyle['cap'] = $tag['style']['cap']; 19105 } 19106 19107 if (isset($tag['style']['join'])) { 19108 $lineStyle['join'] = $tag['style']['join']; 19109 } 19110 19111 if (isset($tag['style']['dash'])) { 19112 $lineStyle['dash'] = $tag['style']['dash']; 19113 } 19114 19115 if (isset($tag['style']['phase'])) { 19116 $lineStyle['phase'] = $tag['style']['phase']; 19117 } 19036 19118 19037 19119 $lineStyle = array_filter($lineStyle); … … 19056 19138 // data stream 19057 19139 $imgsrc = '@'.base64_decode(substr($imgsrc, 1)); 19058 $type = '';19140 $type = preg_match('/<svg\s+[^>]*[^>]*>.*<\/svg>/is', $imgsrc) ? 'svg' : ''; 19059 19141 } else if (preg_match('@^data:image/([^;]*);base64,(.*)@', $imgsrc, $reg)) { 19060 19142 $imgsrc = '@'.base64_decode($reg[2]); 19061 19143 $type = $reg[1]; 19144 } elseif ($this->isRelativePath($imgsrc)) { 19145 // accessing parent folders is not allowed 19146 break; 19062 19147 } elseif ( $this->allowLocalFiles && substr($imgsrc, 0, 7) === 'file://') { 19063 // get image type from a local file path 19064 $imgsrc = substr($imgsrc, 7); 19065 $type = TCPDF_IMAGES::getImageFileType($imgsrc); 19066 } else { 19148 // get image type from a local file path 19149 $imgsrc = substr($imgsrc, 7); 19150 $type = TCPDF_IMAGES::getImageFileType($imgsrc); 19151 } elseif ($this->hasExtForbiddenProtocol($imgsrc)) { 19152 break; 19153 } else { 19067 19154 if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) { 19068 19155 // fix image path … … 19122 19209 if (isset($this->HREF['url']) AND !TCPDF_STATIC::empty_string($this->HREF['url'])) { 19123 19210 $imglink = $this->HREF['url']; 19124 if ($imglink[0] == '#' ) {19211 if ($imglink[0] == '#' AND isset($imglink[1]) AND is_numeric($imglink[1])) { 19125 19212 // convert url to internal link 19126 19213 $lnkdata = explode(',', $imglink); … … 19983 20070 } 19984 20071 if (!$in_table_head) { // we are not inside a thead section 19985 $this->cell_padding = isset($table_el['old_cell_padding']) ? $table_el['old_cell_padding'] : null;20072 $this->cell_padding = isset($table_el['old_cell_padding']) ? $table_el['old_cell_padding'] : array('T' => 0, 'R' => 0, 'B' => 0, 'L' => 0); 19986 20073 // reset row height 19987 20074 $this->resetLastH(); … … 23171 23258 // creates a new XML parser to be used by the other XML functions 23172 23259 $parser = xml_parser_create('UTF-8'); 23173 // the following function allows to use parser inside object23174 xml_set_object($parser, $this);23175 23260 // disable case-folding for this XML parser 23176 23261 xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0); 23177 23262 // sets the element handler functions for the XML parser 23178 xml_set_element_handler($parser, 'startSVGElementHandler', 'endSVGElementHandler');23263 xml_set_element_handler($parser, [$this, 'startSVGElementHandler'], [$this, 'endSVGElementHandler']); 23179 23264 // sets the character data handler function for the XML parser 23180 xml_set_character_data_handler($parser, 'segSVGContentHandler');23265 xml_set_character_data_handler($parser, [$this, 'segSVGContentHandler']); 23181 23266 // start parsing an XML document 23182 23267 if (!xml_parse($parser, $svgdata)) { … … 23328 23413 $this->setTextColorArray($text_color); 23329 23414 // clip 23330 if (preg_match('/rect\(([a-z0-9\-\.]* )[\s]*([a-z0-9\-\.]*)[\s]*([a-z0-9\-\.]*)[\s]*([a-z0-9\-\.]*)\)/si', $svgstyle['clip'], $regs)) {23415 if (preg_match('/rect\(([a-z0-9\-\.]*+)[\s]*+([a-z0-9\-\.]*+)[\s]*+([a-z0-9\-\.]*+)[\s]*+([a-z0-9\-\.]*+)\)/si', $svgstyle['clip'], $regs)) { 23331 23416 $top = (isset($regs[1])?$this->getHTMLUnitToUnits($regs[1], 0, $this->svgunit, false):0); 23332 23417 $right = (isset($regs[2])?$this->getHTMLUnitToUnits($regs[2], 0, $this->svgunit, false):0); … … 23445 23530 } 23446 23531 $this->_out(sprintf('%F 0 0 %F %F %F cm', ($w * $this->k), ($h * $this->k), ($x * $this->k), ($cy * $this->k))); 23447 if ( count($gradient['stops']) > 1) {23448 $this->Gradient($gradient['type'], $gradient['coords'], $gradient['stops'] , array(), false);23532 if ((is_array($gradient['stops']) || $gradient['stops'] instanceof Countable) && count($gradient['stops']) > 1) { 23533 $this->Gradient($gradient['type'], $gradient['coords'], $gradient['stops']); 23449 23534 } 23450 23535 } elseif ($svgstyle['fill'] != 'none') { … … 23452 23537 if ($svgstyle['fill-opacity'] != 1) { 23453 23538 $this->setAlpha($this->alpha['CA'], 'Normal', $svgstyle['fill-opacity'], false); 23539 } elseif (preg_match('/rgba\(\d+%?,\s*\d+%?,\s*\d+%?,\s*(\d+(?:\.\d+)?)\)/i', $svgstyle['fill'], $rgba_matches)) { 23540 $this->setAlpha($this->alpha['CA'], 'Normal', $rgba_matches[1], false); 23454 23541 } 23455 23542 $this->setFillColorArray($fill_color); … … 23485 23572 $font_family = $this->getFontFamilyName($regs[1]); 23486 23573 } else { 23487 $font_family = $ svgstyle['font-family'];23574 $font_family = $this->getFontFamilyName($svgstyle['font-family']); 23488 23575 } 23489 23576 if (preg_match('/font-size[\s]*:[\s]*([^\s\;\"]*)/si', $svgstyle['font'], $regs)) { … … 23640 23727 if (isset($val[2])) { 23641 23728 // get curve parameters 23642 $rawparams = preg_split('/([\,\s]+)/si', trim($val[2])); 23729 preg_match_all('/-?\d*\.?\d+/', trim($val[2]), $matches); 23730 $rawparams = $matches[0]; 23643 23731 $params = array(); 23644 23732 foreach ($rawparams as $ck => $cp) { … … 24465 24553 } else { 24466 24554 // fix image path 24555 if ($this->isRelativePath($img) || $this->hasExtForbiddenProtocol($img)) { 24556 break; 24557 } 24467 24558 if (!TCPDF_STATIC::empty_string($this->svgdir) AND (($img[0] == '.') OR (basename($img) == $img))) { 24468 24559 // replace relative path with full server path … … 24785 24876 } 24786 24877 24878 /** 24879 * Wrapper for unlink with disabled protocols. 24880 * @param string $file 24881 * @return bool 24882 */ 24883 protected function _unlink($file) 24884 { 24885 if ((strpos($file, '://') !== false) && ((substr($file, 0, 7) !== 'file://') || (!$this->allowLocalFiles))) { 24886 // forbidden protocol 24887 return false; 24888 } 24889 return @unlink($file); 24890 } 24891 24787 24892 } // END OF TCPDF CLASS 24788 24893 -
wpos-lite-version/trunk/vendor/tecnickcom/tcpdf/tcpdf_autoconfig.php
r3372370 r3372510 4 4 // Version : 1.1.1 5 5 // Begin : 2013-05-16 6 // Last Update : 20 14-12-186 // Last Update : 2025-04-18 7 7 // Authors : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com 8 8 // License : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html) 9 9 // ------------------------------------------------------------------- 10 // Copyright (C) 2011-20 14Nicola Asuni - Tecnick.com LTD10 // Copyright (C) 2011-2025 Nicola Asuni - Tecnick.com LTD 11 11 // 12 12 // This file is part of TCPDF software library. … … 38 38 * Try to automatically configure some TCPDF constants if not defined. 39 39 * @package com.tecnick.tcpdf 40 * @version 1. 1.140 * @version 1.2.1 41 41 */ 42 43 // Disable phar stream wrapper globally. 44 // if (in_array('phar', stream_get_wrappers(), true)) { 45 // stream_wrapper_unregister('phar'); 46 // } 42 47 43 48 // DOCUMENT_ROOT fix for IIS Webserver … … 241 246 } 242 247 248 // Custom cURL options for curl_setopt_array. 249 if (!defined('K_CURLOPTS')) { 250 define('K_CURLOPTS', array()); 251 } 252 243 253 //============================================================+ 244 254 // END OF FILE
Note: See TracChangeset
for help on using the changeset viewer.