Skip to content

Commit

Permalink
Merge pull request #757 from tecnickcom/develop
Browse files Browse the repository at this point in the history
New release version
  • Loading branch information
nicolaasuni authored Oct 26, 2024
2 parents 01c96e8 + 696d233 commit cfbc002
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 7 deletions.
15 changes: 15 additions & 0 deletions CHANGELOG.TXT
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
6.7.7 (2024-10-26)
- Update regular expression to avoid ReDoS (CVE-2024-22641)
- [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
- SVG detection fix for inline data images #646
- Fix count svg #647
- Since the version 6.7.4, the "0" is considered like empty string and not displayed
- Fixed handling of transparency in PDF/A mode in addExtGState method
- Encrypt /DA string when document is encrypted
- Improve quality of generated seed, avoid potential security pitfall
- Try to use random_bytes() first if it's available
- Do not include the server parameters in the generated seed, as they might contain sensitive data
- Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
- Fix SVG coordinate parser that caused drawing artifacts
- Remove usage of xml_set_object() function

6.7.6 (2024-10-06)
- Forbid access to parent folder in HTML images.

Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
6.7.6
6.7.7
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"barcodes"
],
"homepage": "http://www.tcpdf.org/",
"version": "6.7.6",
"version": "6.7.7",
"license": "LGPL-3.0-or-later",
"authors": [
{
Expand Down
2 changes: 1 addition & 1 deletion include/tcpdf_static.php
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ class TCPDF_STATIC {
* Current TCPDF version.
* @private static
*/
private static $tcpdf_version = '6.7.6';
private static $tcpdf_version = '6.7.7';

/**
* String alias for total number of pages.
Expand Down
8 changes: 4 additions & 4 deletions tcpdf.php
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
<?php
//============================================================+
// File name : tcpdf.php
// Version : 6.7.6
// Version : 6.7.7
// Begin : 2002-08-03
// Last Update : 2024-10-06
// Last Update : 2024-10-26
// Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - [email protected]
// License : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
// -------------------------------------------------------------------
Expand Down Expand Up @@ -128,7 +128,7 @@
* TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
* @package com.tecnick.tcpdf
* @brief PHP class for generating PDF documents without requiring external extensions.
* @version 6.7.6
* @version 6.7.7
* @author Nicola Asuni - [email protected]
* @IgnoreAnnotation("protected")
* @IgnoreAnnotation("public")
Expand Down Expand Up @@ -23328,7 +23328,7 @@ protected function setSVGStyles($svgstyle, $prevsvgstyle, $x=0, $y=0, $w=1, $h=1
$text_color = TCPDF_COLORS::convertHTMLColorToDec($svgstyle['text-color'], $this->spot_colors);
$this->setTextColorArray($text_color);
// clip
if (preg_match('/rect\(([a-z0-9\-\.]*)[\s]*([a-z0-9\-\.]*)[\s]*([a-z0-9\-\.]*)[\s]*([a-z0-9\-\.]*)\)/si', $svgstyle['clip'], $regs)) {
if (preg_match('/rect\(([a-z0-9\-\.]*+)[\s]*+([a-z0-9\-\.]*+)[\s]*+([a-z0-9\-\.]*+)[\s]*+([a-z0-9\-\.]*+)\)/si', $svgstyle['clip'], $regs)) {
$top = (isset($regs[1])?$this->getHTMLUnitToUnits($regs[1], 0, $this->svgunit, false):0);
$right = (isset($regs[2])?$this->getHTMLUnitToUnits($regs[2], 0, $this->svgunit, false):0);
$bottom = (isset($regs[3])?$this->getHTMLUnitToUnits($regs[3], 0, $this->svgunit, false):0);
Expand Down

0 comments on commit cfbc002

Please sign in to comment.