composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'support/2.5'

Browse Source 
# Conflicts:
#	datamodels/2.x/itop-hub-connector/zh_cn.dict.itop-hub-connector.php
#	lib/tcpdf/CHANGELOG.TXT
#	lib/tcpdf/composer.json
#	lib/tcpdf/include/tcpdf_fonts.php
#	lib/tcpdf/include/tcpdf_images.php
#	lib/tcpdf/include/tcpdf_static.php
#	lib/tcpdf/tcpdf.php
This commit is contained in:
Pierre Goiffon
2019-01-28 16:04:19 +01:00
parent 00c59b7f2c 4508b9d7d5
commit 505aad1e89
18 changed files with 281 additions and 315 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
application/dashlet.class.inc.php
View File

@@ -619,7 +619,7 @@ class DashletUnknown extends Dashlet
$oPage->add('<div class="dashlet-content">');
$oPage->add('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div>');
$oPage->add('<div class="dashlet-ukn-image"><img src="'.utils::HtmlEntities($sIconUrl).'" /></div>');
$oPage->add('<div class="dashlet-ukn-text">'.$sExplainText.'</div>');
$oPage->add('</div>');
@@ -639,7 +639,7 @@ class DashletUnknown extends Dashlet
$oPage->add('<div class="dashlet-content">');
$oPage->add('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div>');
$oPage->add('<div class="dashlet-ukn-image"><img src="'.utils::HtmlEntities($sIconUrl).'" /></div>');
$oPage->add('<div class="dashlet-ukn-text">'.$sExplainText.'</div>');
$oPage->add('</div>');
@@ -780,7 +780,7 @@ class DashletProxy extends DashletUnknown
$oPage->add('<div class="dashlet-content">');
$oPage->add('<div class="dashlet-pxy-image"><img src="'.$sIconUrl.'" /></div>');
$oPage->add('<div class="dashlet-pxy-image"><img src="'.utils::HtmlEntities($sIconUrl).'" /></div>');
$oPage->add('<div class="dashlet-pxy-text">'.$sExplainText.'</div>');
$oPage->add('</div>');
@@ -1917,7 +1917,7 @@ class DashletHeaderStatic extends Dashlet
$oPage->add('<div class="dashlet-content">');
$oPage->add('<div class="main_header">');
$oPage->add('<img src="'.$sIconPath.'">');
$oPage->add('<img src="'.utils::HtmlEntities($sIconPath).'">');
$oPage->add('<h1>'.$this->oModelReflection->DictString($sTitle).'</h1>');
$oPage->add('</div>');
@@ -2073,7 +2073,7 @@ class DashletHeaderDynamic extends Dashlet
$oPage->add('<div class="dashlet-content">');
$oPage->add('<div class="main_header">');
$oPage->add('<img src="'.$sIconPath.'">');
$oPage->add('<img src="'.utils::HtmlEntities($sIconPath).'">');
if (isset($aExtraParams['query_params']))
{
@@ -2117,7 +2117,7 @@ class DashletHeaderDynamic extends Dashlet
$oPage->add('<div class="dashlet-content">');
$oPage->add('<div class="main_header">');
$oPage->add('<img src="'.$sIconPath.'">');
$oPage->add('<img src="'.utils::HtmlEntities($sIconPath).'">');
$sBlockId = 'block_fake_'.$this->sId.($bEditMode ? '_edit' : ''); // make a unique id (edition occuring in the same DOM)
@@ -2336,7 +2336,7 @@ class DashletBadge extends Dashlet
$oPage->add('<div id="block_fake_'.$this->sId.'" class="display_block">');
$oPage->add('<p>');
$oPage->add(' <a class="actions"><img src="'.$sIconUrl.'" style="vertical-align:middle;float;left;margin-right:10px;border:0;">'.$sClassLabel.': 947</a>');
$oPage->add(' <a class="actions"><img src="'.utils::HtmlEntities($sIconUrl).'" style="vertical-align:middle;float;left;margin-right:10px;border:0;">'.$sClassLabel.': 947</a>');
$oPage->add('</p>');
$oPage->add('<p>');
$oPage->add(' <a>'.Dict::Format('UI:ClickToCreateNew', $sClassLabel).'</a>');

4
application/utils.inc.php
View File

@@ -62,11 +62,11 @@ class utils
{
if (!file_exists($sParamFile))
{
throw new Exception("Could not find the parameter file: '$sParamFile'");
throw new Exception("Could not find the parameter file: '".utils::HtmlEntities($sParamFile)."'");
}
if (!is_readable($sParamFile))
{
throw new Exception("Could not load parameter file: '$sParamFile'");
throw new Exception("Could not load parameter file: '".utils::HtmlEntities($sParamFile)."'");
}
$sParams = file_get_contents($sParamFile);

2
datamodels/2.x/itop-backup/ajax.backup.php
View File

@@ -184,7 +184,7 @@ EOF
$sFile = utils::ReadParam('file', '', false, 'raw_data');
$oBackup = new DBBackupScheduled();
$sBackupDir = APPROOT.'data/backups/';
$sPathNoDotDotPattern = '/^((?!\/\.\.\/).)*$/';
$sPathNoDotDotPattern = "/^((?![\/\\\\]\.\.[\/\\\\]).)*$/";
if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1)
{
$oBackup->DownloadBackup($sBackupDir.$sFile);

18
datamodels/2.x/itop-hub-connector/ajax.php
View File

@@ -256,7 +256,11 @@ try
case 'compile':
SetupPage::log_info('Deployment starts...');
$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
if (!file_exists(APPROOT.'data/hub/compile_authent') || $sAuthent !== file_get_contents(APPROOT.'data/hub/compile_authent'))
{
throw new SecurityException(Dict::S('iTopHub:FailAuthent'));
}
// First step: prepare the datamodel, if it fails, roll-back
$aSelectedExtensionCodes = utils::ReadParam('extension_codes', array());
$aSelectedExtensionDirs = utils::ReadParam('extension_dirs', array());
@@ -295,7 +299,13 @@ try
try
{
SetupPage::log_info('Move to production starts...');
// Load the "production" config file to clone & update it
$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
if (!file_exists(APPROOT.'data/hub/compile_authent') || $sAuthent !== file_get_contents(APPROOT.'data/hub/compile_authent'))
{
throw new SecurityException(Dict::S('iTopHub:FailAuthent'));
}
unlink(APPROOT.'data/hub/compile_authent');
// Load the "production" config file to clone & update it
$oConfig = new Config(APPCONF.'production/'.ITOP_CONFIG_FILE);
$oRuntimeEnv->InitDataModel($oConfig, true /* model only */);
@@ -357,6 +367,10 @@ try
}
catch (Exception $e)
{
if(file_exists(APPROOT.'data/hub/compile_authent'))
{
unlink(APPROOT.'data/hub/compile_authent');
}
// Note: at this point, the dictionnary is not necessarily loaded
SetupPage::log_error(get_class($e).': '.Dict::S('iTopHub:ConfigurationSafelyReverted')."\n".$e->getMessage());
SetupPage::log_error('Debug trace: '.$e->getTraceAsString());

4
datamodels/2.x/itop-hub-connector/en.dict.itop-hub-connector.php
View File

@@ -48,7 +48,9 @@ Dict::Add('EN US', 'English', 'English', array(
'iTopHub:Landing:Install' => 'Deploying extensions...',
'iTopHub:CompiledOK' => 'Compilation successful.',
'iTopHub:ConfigurationSafelyReverted' => 'Error detected during deployment!<br/>iTop configuration has NOT been modified.',
'iTopHub:FailAuthent' => 'Authentication failed for this action.',
'iTopHub:InstalledExtensions' => 'Extensions deployed on this instance',
'iTopHub:ExtensionCategory:Manual' => 'Extensions deployed manually',
'iTopHub:ExtensionCategory:Manual+' => 'The following extensions have been deployed by copying them manually in the %1$s directory of iTop:',

1
datamodels/2.x/itop-hub-connector/fr.dict.itop-hub-connector.php
View File

@@ -32,6 +32,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
'iTopHub:Landing:Install' => 'Déploiement des extensions...',
'iTopHub:CompiledOK' => 'Compilation réussie.',
'iTopHub:ConfigurationSafelyReverted' => 'Une erreur a été détectée durant le déploiement!<br/>La configuration d\'iTop n\'a PAS été modifiée.',
'iTopHub:FailAuthent' => 'Échec d\'authentification pour cette action',
'iTopHub:InstalledExtensions' => 'Extensions déployées sur cette instance',
'iTopHub:ExtensionCategory:Manual' => 'Extensions déployées manuellement',

7
datamodels/2.x/itop-hub-connector/js/hub.js
View File

@@ -18,7 +18,8 @@ $(function()
extensions_installation: 'Installation of the extensions...',
installation_successful: 'Installation successful!',
rollback: 'iTop configuration has NOT been modified.'
}
},
authent : ''
},
// the constructor
@@ -106,7 +107,7 @@ $(function()
var aExtensionCodes = [];
var aExtensionDirs = [];
$('.choice :input:checked').each(function() { aExtensionCodes.push($(this).attr('data-extension-code')); aExtensionDirs.push($(this).attr('data-extension-dir')); });
$.post(this.options.self_url, {operation: 'compile', extension_codes: aExtensionCodes, extension_dirs: aExtensionDirs}, function(data) { me._on_compile(data) }, 'json');
$.post(this.options.self_url, {operation: 'compile', extension_codes: aExtensionCodes, extension_dirs: aExtensionDirs, authent: this.options.authent}, function(data) { me._on_compile(data) }, 'json');
},
_on_compile: function(data)
{
@@ -125,7 +126,7 @@ $(function()
{
$('#hub-installation-progress-text').html('<i class="fa fa-cogs"></i> '+this.options.labels.extensions_installation);
var me = this;
$.post(this.options.self_url, {operation: 'move_to_production'}, function(data) { me._on_move_to_prod(data) }, 'json');
$.post(this.options.self_url, {operation: 'move_to_production', authent: this.options.authent}, function(data) { me._on_move_to_prod(data) }, 'json');
},
_on_move_to_prod: function(data)
{

12
datamodels/2.x/itop-hub-connector/land.php
View File

@@ -107,7 +107,7 @@ function DoLanding(WebPage $oPage)
$sPath = APPROOT.'data/downloaded-extensions/';
if (!is_dir($sPath))
{
if (!mkdir($sPath)) throw new Exception("ERROR: Unable to create the directory '$sPath'. Cannot download any extension. Check the access rights on '".dirname($sPath)."'");
if (!mkdir($sPath)) throw new Exception("ERROR: Unable to create the directory '$sPath'. Cannot download any extension. Check the access rights on '".dirname('data/downloaded-extensions/')."'");
}
else
{
@@ -126,7 +126,7 @@ function DoLanding(WebPage $oPage)
$oZip = new ZipArchive();
if (!$oZip->open($sZipArchiveFile))
{
throw new Exception('Unable to open "'.$sZipArchiveFile.'" for extraction. Make sure that the directory "'.$sPath.'" is writable for the web server.');
throw new Exception('Unable to open "'.$sZipArchiveFile.'" for extraction. Make sure that the directory "'.'data/downloaded-extensions/'.'" is writable for the web server.');
}
for($idx = 0; $idx < $oZip->numFiles; $idx++)
{
@@ -146,6 +146,9 @@ function DoLanding(WebPage $oPage)
function DoInstall(WebPage $oPage)
{
$sUID = hash('sha256', rand());
file_put_contents(APPROOT.'data/hub/compile_authent', $sUID);
$oPage->add_linked_stylesheet(utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/css/hub.css');
$oPage->add('<table class="module-selection-banner"><tr>');
$sBannerUrl = utils::GetAbsoluteUrlModulesRoot().'/itop-hub-connector/images/landing-extension.png';
@@ -259,6 +262,7 @@ function DoInstall(WebPage $oPage)
'installation_successful' => Dict::S('iTopHub:InstallationProgress:InstallationSuccessful'),
'rollback' => Dict::S('iTopHub:ConfigurationSafelyReverted'),
),
'authent' => $sUID,
);
$sWidgetParams = json_encode($aWidgetParams);
@@ -301,6 +305,10 @@ try
break;
case 'install':
if (!file_exists(APPROOT.'data/hub'))
{
mkdir(APPROOT.'data/hub');
}
DoInstall($oPage);
break;

3
datamodels/2.x/itop-hub-connector/zh_cn.dict.itop-hub-connector.php
View File

@@ -48,7 +48,8 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', array(
'iTopHub:Landing:Install' => '扩展安装进行中...',
'iTopHub:CompiledOK' => '编译成功.',
'iTopHub:ConfigurationSafelyReverted' => '安装时发生错误!<br/>iTop 配置将不会改变.',
'iTopHub:FailAuthent' => 'Authentication failed for this action.~~',
'iTopHub:InstalledExtensions' => '本机已安装的扩展',
'iTopHub:ExtensionCategory:Manual' => '手动安装的扩展',
'iTopHub:ExtensionCategory:Manual+' => '下列已安装的扩展是手动将文件放置到 %1$s 目录的:',

16
lib/tcpdf/CHANGELOG.TXT
View File

@@ -1,5 +1,17 @@
Unreleased
- fix Undesired mouseover effect on links in PDF on Chrome Pdf Viewer
6.2.25
- Fix support for image URLs.
6.2.24
- Support remote urls when checking if file exists.
6.2.23
- Simplify file_exists function.
6.2.22
- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.
6.2.19
- Merge various fixes for PHP 7.3 compatibility and security.
6.2.13 (2016-06-10)
- IMPORTANT: A new version of this library is under development at https://github.com/tecnickcom/tc-lib-pdf and as a consequence this version will not receive any additional development or support. This version should be considered obsolete, new projects should use the new version as soon it will become stable.

115
lib/tcpdf/README.TXT
View File

@@ -1,115 +0,0 @@
TCPDF - README
============================================================
I WISH TO IMPROVE AND EXPAND TCPDF BUT I NEED YOUR SUPPORT.
PLEASE MAKE A DONATION:
http://sourceforge.net/donate/index.php?group_id=128076
------------------------------------------------------------
Name: TCPDF
Version: 6.2.6
Release date: 2015-01-28
Author: Nicola Asuni
Copyright (c) 2002-2015:
Nicola Asuni
Tecnick.com LTD
www.tecnick.com
URLs:
http://www.tcpdf.org
http://www.sourceforge.net/projects/tcpdf
Description:
TCPDF is a PHP class for generating PDF files on-the-fly without requiring external extensions.
This library includes also a class to extract data from existing PDF documents and
classes to generate 1D and 2D barcodes in various formats.
Main Features:
* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode v1, TrueType, OpenType v1, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD (GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93, USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits UPC-Based Extension, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET, RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code), KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode, USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS, Datamatrix, QR-Code, PDF417;
* JPEG and PNG ICC profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks, named destinations and table of content;
* text hyphenation;
* text stretching and spacing (tracking);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject Templates;
* Layers and object visibility.
* PDF/A-1b support.
Installation (full instructions on http: www.tcpdf.org):
1. copy the folder on your Web server
2. set your installation path and other parameters on the config/tcpdf_config.php
3. call the examples/example_001.php page with your browser to see an example
Source Code Documentation:
http://www.tcpdf.org
Additional Documentation:
http://www.tcpdf.org
License:
Copyright (C) 2002-2014 Nicola Asuni - Tecnick.com LTD
TCPDF is free software: you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
TCPDF is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details.
You should have received a copy of the License
along with TCPDF. If not, see
<http://www.tecnick.com/pagefiles/tcpdf/LICENSE.TXT>.
See LICENSE.TXT file for more information.
Third party fonts:
This library may include third party font files released with different licenses.
All the PHP files on the fonts directory are subject to the general TCPDF license (GNU-LGPLv3),
they do not contain any binary data but just a description of the general properties of a particular font.
These files can be also generated on the fly using the font utilities and TCPDF methods.
All the original binary TTF font files have been renamed for compatibility with TCPDF and compressed using the gzcompress PHP function that uses the ZLIB data format (.z files).
The binary files (.z) that begins with the prefix "free" have been extracted from the GNU FreeFont collection (GNU-GPLv3).
The binary files (.z) that begins with the prefix "pdfa" have been derived from the GNU FreeFont, so they are subject to the same license.
For the details of Copyright, License and other information, please check the files inside the directory fonts/freefont-20120503
Link : http://www.gnu.org/software/freefont/
The binary files (.z) that begins with the prefix "dejavu" have been extracted from the DejaVu fonts 2.33 (Bitstream) collection.
For the details of Copyright, License and other information, please check the files inside the directory fonts/dejavu-fonts-ttf-2.33
Link : http://dejavu-fonts.org
The binary files (.z) that begins with the prefix "ae" have been extracted from the Arabeyes.org collection (GNU-GPLv2).
Link : http://projects.arabeyes.org/
ICC profile:
TCPDF includes the sRGB.icc profile from the icc-profiles-free Debian package:
https://packages.debian.org/source/stable/icc-profiles-free
============================================================

2
lib/tcpdf/composer.json
View File

@@ -1,6 +1,6 @@
{
"name": "tecnickcom/tcpdf",
"version": "6.2.17",
"version": "6.2.26",
"homepage": "http://www.tcpdf.org/",
"type": "library",
"description": "TCPDF is a PHP class for generating PDF documents and barcodes.",

16
lib/tcpdf/include/tcpdf_fonts.php
View File

@@ -70,7 +70,7 @@ class TCPDF_FONTS {
* @public static
*/
public static function addTTFfont($fontfile, $fonttype='', $enc='', $flags=32, $outpath='', $platid=3, $encid=1, $addcbbox=false, $link=false) {
if (!file_exists($fontfile)) {
if (!TCPDF_STATIC::file_exists($fontfile)) {
// Could not find file
return false;
}
@@ -95,7 +95,7 @@ class TCPDF_FONTS {
$outpath = self::_getfontpath();
}
// check if this font already exist
if (@file_exists($outpath.$font_name.'.php')) {
if (@TCPDF_STATIC::file_exists($outpath.$font_name.'.php')) {
// this font already exist (delete it from fonts folder to rebuild it)
return $font_name;
}
@@ -1543,11 +1543,11 @@ class TCPDF_FONTS {
public static function getFontFullPath($file, $fontdir=false) {
$fontfile = '';
// search files on various directories
if (($fontdir !== false) AND @file_exists($fontdir.$file)) {
if (($fontdir !== false) AND @TCPDF_STATIC::file_exists($fontdir.$file)) {
$fontfile = $fontdir.$file;
} elseif (@file_exists(self::_getfontpath().$file)) {
} elseif (@TCPDF_STATIC::file_exists(self::_getfontpath().$file)) {
$fontfile = self::_getfontpath().$file;
} elseif (@file_exists($file)) {
} elseif (@TCPDF_STATIC::file_exists($file)) {
$fontfile = $file;
}
return $fontfile;
@@ -2003,7 +2003,11 @@ class TCPDF_FONTS {
$chars = str_split($str);
$carr = array_map('ord', $chars);
}
$currentfont['subsetchars'] += array_fill_keys($carr, true);
if (is_array($currentfont['subsetchars']) && is_array($carr)) {
$currentfont['subsetchars'] += array_fill_keys($carr, true);
} else {
$currentfont['subsetchars'] = array_merge($currentfont['subsetchars'], $carr);
}
return $carr;
}

8
lib/tcpdf/include/tcpdf_images.php
View File

@@ -161,12 +161,8 @@ class TCPDF_IMAGES {
*/
public static function _parsejpeg($file) {
// check if is a local file
if (!@file_exists($file)) {
// try to encode spaces on filename
$tfile = str_replace(' ', '%20', $file);
if (@file_exists($tfile)) {
$file = $tfile;
}
if (!@TCPDF_STATIC::file_exists($file)) {
return false;
}
$a = getimagesize($file);
if (empty($a)) {

84
lib/tcpdf/include/tcpdf_static.php
View File

@@ -55,7 +55,7 @@ class TCPDF_STATIC {
* Current TCPDF version.
* @private static
*/
private static $tcpdf_version = '6.2.17';
private static $tcpdf_version = '6.2.26';
/**
* String alias for total number of pages.
@@ -1774,39 +1774,6 @@ class TCPDF_STATIC {
return $angle;
}
// ====================================================================================================================
// REIMPLEMENTED
// ====================================================================================================================
/**
* Split string by a regular expression.
* This is a wrapper for the preg_split function to avoid the bug: https://bugs.php.net/bug.php?id=45850
@@ -1854,6 +1821,49 @@ class TCPDF_STATIC {
return fopen($filename, $mode);
}
/**
* Check if the URL exist.
* @param url (string) URL to check.
* @return Returns TRUE if the URL exists; FALSE otherwise.
* @public static
*/
public static function url_exists($url) {
$crs = curl_init();
curl_setopt($crs, CURLOPT_URL, $url);
curl_setopt($crs, CURLOPT_NOBODY, true);
curl_setopt($crs, CURLOPT_FAILONERROR, true);
if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) {
curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true);
}
curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($crs, CURLOPT_TIMEOUT, 30);
curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file');
curl_exec($crs);
$code = curl_getinfo($crs, CURLINFO_HTTP_CODE);
curl_close($crs);
return ($code == 200);
}
/**
* Wrapper for file_exists.
* Checks whether a file or directory exists.
* Only allows some protocols and local files.
* @param filename (string) Path to the file or directory.
* @return Returns TRUE if the file or directory specified by filename exists; FALSE otherwise.
* @public static
*/
public static function file_exists($filename) {
if (preg_match('|^https?://|', $filename) == 1) {
return self::url_exists($filename);
}
if (strpos($filename, '://')) {
return false; // only support http and https wrappers for security reasons
}
return @file_exists($filename);
}
/**
* Reads entire file into a string.
* The file can be also an URL.
@@ -1914,8 +1924,10 @@ class TCPDF_STATIC {
}
//
$alt = array_unique($alt);
//var_dump($alt);exit;//DEBUG
foreach ($alt as $path) {
if (!self::file_exists($path)) {
return false;
}
$ret = @file_get_contents($path);
if ($ret !== false) {
return $ret;
@@ -1949,8 +1961,6 @@ class TCPDF_STATIC {
return false;
}
/**
* Get ULONG from string (Big Endian 32-bit unsigned integer).
* @param $str (string) string from where to extract value

265
lib/tcpdf/tcpdf.php
View File

@@ -1,13 +1,13 @@
<?php
//============================================================+
// File name : tcpdf.php
// Version : 6.2.13
// Version : 6.2.26
// Begin : 2002-08-03
// Last Update : 2015-06-18
// Last Update : 2018-09-14
// Author : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
// License : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
// -------------------------------------------------------------------
// Copyright (C) 2002-2015 Nicola Asuni - Tecnick.com LTD
// Copyright (C) 2002-2018 Nicola Asuni - Tecnick.com LTD
//
// This file is part of TCPDF software library.
//
@@ -104,7 +104,7 @@
* Tools to encode your unicode fonts are on fonts/utils directory.</p>
* @package com.tecnick.tcpdf
* @author Nicola Asuni
* @version 6.2.8
* @version 6.2.26
*/
// TCPDF configuration
@@ -128,8 +128,11 @@ require_once(dirname(__FILE__).'/include/tcpdf_static.php');
* TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
* @package com.tecnick.tcpdf
* @brief PHP class for generating PDF documents without requiring external extensions.
* @version 6.2.8
* @version 6.2.26
* @author Nicola Asuni - info@tecnick.com
* @IgnoreAnnotation("protected")
* @IgnoreAnnotation("public")
* @IgnoreAnnotation("pre")
*/
class TCPDF {
@@ -1994,10 +1997,6 @@ class TCPDF {
* @since 1.53.0.TC016
*/
public function __destruct() {
// restore internal encoding
if (isset($this->internal_encoding) AND !empty($this->internal_encoding)) {
mb_internal_encoding($this->internal_encoding);
}
// cleanup
$this->_destroy(true);
}
@@ -4257,7 +4256,7 @@ class TCPDF {
// true when the font style variation is missing
$missing_style = false;
// search and include font file
if (TCPDF_STATIC::empty_string($fontfile) OR (!@file_exists($fontfile))) {
if (TCPDF_STATIC::empty_string($fontfile) OR (!@TCPDF_STATIC::file_exists($fontfile))) {
// build a standard filenames for specified font
$tmp_fontfile = str_replace(' ', '', $family).strtolower($style).'.php';
$fontfile = TCPDF_FONTS::getFontFullPath($tmp_fontfile, $fontdir);
@@ -4269,7 +4268,7 @@ class TCPDF {
}
}
// include font file
if (!TCPDF_STATIC::empty_string($fontfile) AND (@file_exists($fontfile))) {
if (!TCPDF_STATIC::empty_string($fontfile) AND (@TCPDF_STATIC::file_exists($fontfile))) {
include($fontfile);
} else {
$this->Error('Could not include font definition file: '.$family.'');
@@ -4453,6 +4452,7 @@ class TCPDF {
* @see SetFont()
*/
public function SetFontSize($size, $out=true) {
$size = (float)$size;
// font size in points
$this->FontSizePt = $size;
// font size in user units
@@ -4809,19 +4809,19 @@ class TCPDF {
$this->PageAnnots[$page][] = array('n' => ++$this->n, 'x' => $x, 'y' => $y, 'w' => $w, 'h' => $h, 'txt' => $text, 'opt' => $opt, 'numspaces' => $spaces);
if (!$this->pdfa_mode) {
if ((($opt['Subtype'] == 'FileAttachment') OR ($opt['Subtype'] == 'Sound')) AND (!TCPDF_STATIC::empty_string($opt['FS']))
AND (@file_exists($opt['FS']) OR TCPDF_STATIC::isValidURL($opt['FS']))
AND (@TCPDF_STATIC::file_exists($opt['FS']) OR TCPDF_STATIC::isValidURL($opt['FS']))
AND (!isset($this->embeddedfiles[basename($opt['FS'])]))) {
$this->embeddedfiles[basename($opt['FS'])] = array('f' => ++$this->n, 'n' => ++$this->n, 'file' => $opt['FS']);
}
}
// Add widgets annotation's icons
if (isset($opt['mk']['i']) AND @file_exists($opt['mk']['i'])) {
if (isset($opt['mk']['i']) AND @TCPDF_STATIC::file_exists($opt['mk']['i'])) {
$this->Image($opt['mk']['i'], '', '', 10, 10, '', '', '', false, 300, '', false, false, 0, false, true);
}
if (isset($opt['mk']['ri']) AND @file_exists($opt['mk']['ri'])) {
if (isset($opt['mk']['ri']) AND @TCPDF_STATIC::file_exists($opt['mk']['ri'])) {
$this->Image($opt['mk']['ri'], '', '', 0, 0, '', '', '', false, 300, '', false, false, 0, false, true);
}
if (isset($opt['mk']['ix']) AND @file_exists($opt['mk']['ix'])) {
if (isset($opt['mk']['ix']) AND @TCPDF_STATIC::file_exists($opt['mk']['ix'])) {
$this->Image($opt['mk']['ix'], '', '', 0, 0, '', '', '', false, 300, '', false, false, 0, false, true);
}
}
@@ -5769,10 +5769,9 @@ class TCPDF {
$this->resetLastH();
}
if (!TCPDF_STATIC::empty_string($y)) {
$this->SetY($y);
} else {
$y = $this->GetY();
$this->SetY($y); // set y in order to convert negative y values to positive ones
}
$y = $this->GetY();
$resth = 0;
if (($h > 0) AND $this->inPageBody() AND (($y + $h + $mc_margin['T'] + $mc_margin['B']) > $this->PageBreakTrigger)) {
// spit cell in more pages/columns
@@ -6845,13 +6844,9 @@ class TCPDF {
$file = substr($file, 1);
$exurl = $file;
}
// check if is a local file
if (!@file_exists($file)) {
// try to encode spaces on filename
$tfile = str_replace(' ', '%20', $file);
if (@file_exists($tfile)) {
$file = $tfile;
}
// check if file exist and it is valid
if (!@TCPDF_STATIC::file_exists($file)) {
return false;
}
if (($imsize = @getimagesize($file)) === FALSE) {
if (in_array($file, $this->imagekeys)) {
@@ -7750,6 +7745,10 @@ class TCPDF {
* @since 4.5.016 (2009-02-24)
*/
public function _destroy($destroyall=false, $preserve_objcopy=false) {
// restore internal encoding
if (isset($this->internal_encoding) AND !empty($this->internal_encoding)) {
mb_internal_encoding($this->internal_encoding);
}
if ($destroyall AND !$preserve_objcopy) {
// remove all temporary files
$tmpfiles = glob(K_PATH_CACHE.'__tcpdf_'.$this->file_id.'_*');
@@ -9648,7 +9647,7 @@ class TCPDF {
protected function _putcatalog() {
// put XMP
$xmpobj = $this->_putXMP();
// if required, add standard sRGB_IEC61966-2.1 blackscaled ICC colour profile
// if required, add standard sRGB ICC colour profile
if ($this->pdfa_mode OR $this->force_srgb) {
$iccobj = $this->_newobj();
$icc = file_get_contents(dirname(__FILE__).'/include/sRGB.icc');
@@ -17783,7 +17782,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
// justify block
if (!TCPDF_STATIC::empty_string($this->lispacer)) {
$this->lispacer = '';
continue;
break;
}
preg_match('/([0-9\.\+\-]*)[\s]([0-9\.\+\-]*)[\s]([0-9\.\+\-]*)[\s]('.$strpiece[1][0].')[\s](re)([\s]*)/x', $pmid, $xmatches);
if (!isset($xmatches[1])) {
@@ -18318,7 +18317,8 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
}
// text
$this->htmlvspace = 0;
if ((!$this->premode) AND $this->isRTLTextDir()) {
$isRTLString = preg_match(TCPDF_FONT_DATA::$uni_RE_PATTERN_RTL, $dom[$key]['value']) || preg_match(TCPDF_FONT_DATA::$uni_RE_PATTERN_ARABIC, $dom[$key]['value']);
if ((!$this->premode) AND $this->isRTLTextDir() AND !$isRTLString) {
// reverse spaces order
$lsp = ''; // left spaces
$rsp = ''; // right spaces
@@ -18333,7 +18333,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
if ($newline) {
if (!$this->premode) {
$prelen = strlen($dom[$key]['value']);
if ($this->isRTLTextDir()) {
if ($this->isRTLTextDir() AND !$isRTLString) {
// right trim except non-breaking space
$dom[$key]['value'] = $this->stringRightTrim($dom[$key]['value']);
} else {
@@ -18817,102 +18817,124 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
break;
}
case 'img': {
if (!empty($tag['attribute']['src'])) {
if ($tag['attribute']['src'][0] === '@') {
// data stream
$tag['attribute']['src'] = '@'.base64_decode(substr($tag['attribute']['src'], 1));
$type = '';
} else {
// get image type
$type = TCPDF_IMAGES::getImageFileType($tag['attribute']['src']);
}
if (!isset($tag['width'])) {
$tag['width'] = 0;
}
if (!isset($tag['height'])) {
$tag['height'] = 0;
}
//if (!isset($tag['attribute']['align'])) {
// the only alignment supported is "bottom"
// further development is required for other modes.
$tag['attribute']['align'] = 'bottom';
//}
switch($tag['attribute']['align']) {
case 'top': {
$align = 'T';
break;
}
case 'middle': {
$align = 'M';
break;
}
case 'bottom': {
$align = 'B';
break;
}
default: {
$align = 'B';
break;
}
}
$prevy = $this->y;
$xpos = $this->x;
$imglink = '';
if (isset($this->HREF['url']) AND !TCPDF_STATIC::empty_string($this->HREF['url'])) {
$imglink = $this->HREF['url'];
if ($imglink[0] == '#') {
// convert url to internal link
$lnkdata = explode(',', $imglink);
if (isset($lnkdata[0])) {
$page = intval(substr($lnkdata[0], 1));
if (empty($page) OR ($page <= 0)) {
$page = $this->page;
}
if (isset($lnkdata[1]) AND (strlen($lnkdata[1]) > 0)) {
$lnky = floatval($lnkdata[1]);
} else {
$lnky = 0;
}
$imglink = $this->AddLink();
$this->SetLink($imglink, $lnky, $page);
if (empty($tag['attribute']['src'])) {
break;
}
$imgsrc = $tag['attribute']['src'];
if ($imgsrc[0] === '@') {
// data stream
$imgsrc = '@'.base64_decode(substr($imgsrc, 1));
$type = '';
} else {
if (($imgsrc[0] === '/') AND !empty($_SERVER['DOCUMENT_ROOT']) AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
// fix image path
$findroot = strpos($imgsrc, $_SERVER['DOCUMENT_ROOT']);
if (($findroot === false) OR ($findroot > 1)) {
if (substr($_SERVER['DOCUMENT_ROOT'], -1) == '/') {
$imgsrc = substr($_SERVER['DOCUMENT_ROOT'], 0, -1).$imgsrc;
} else {
$imgsrc = $_SERVER['DOCUMENT_ROOT'].$imgsrc;
}
}
}
$border = 0;
if (isset($tag['border']) AND !empty($tag['border'])) {
// currently only support 1 (frame) or a combination of 'LTRB'
$border = $tag['border'];
}
$iw = '';
if (isset($tag['width'])) {
$iw = $this->getHTMLUnitToUnits($tag['width'], ($tag['fontsize'] / $this->k), 'px', false);
}
$ih = '';
if (isset($tag['height'])) {
$ih = $this->getHTMLUnitToUnits($tag['height'], ($tag['fontsize'] / $this->k), 'px', false);
}
if (($type == 'eps') OR ($type == 'ai')) {
$this->ImageEps($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, $imglink, true, $align, '', $border, true);
} elseif ($type == 'svg') {
$this->ImageSVG($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, $imglink, $align, '', $border, true);
} else {
$this->Image($tag['attribute']['src'], $xpos, $this->y, $iw, $ih, '', $imglink, $align, false, 300, '', false, false, $border, false, false, true);
}
switch($align) {
case 'T': {
$this->y = $prevy;
break;
$imgsrc = urldecode($imgsrc);
$testscrtype = @parse_url($imgsrc);
if (empty($testscrtype['query'])) {
// convert URL to server path
$imgsrc = str_replace(K_PATH_URL, K_PATH_MAIN, $imgsrc);
} elseif (preg_match('|^https?://|', $imgsrc) !== 1) {
// convert URL to server path
$imgsrc = str_replace(K_PATH_MAIN, K_PATH_URL, $imgsrc);
}
case 'M': {
$this->y = (($this->img_rb_y + $prevy - ($this->getCellHeight($tag['fontsize'] / $this->k))) / 2);
break;
}
case 'B': {
$this->y = $this->img_rb_y - ($this->getCellHeight($tag['fontsize'] / $this->k) - ($this->getFontDescent($tag['fontname'], $tag['fontstyle'], $tag['fontsize']) * $this->cell_height_ratio));
break;
}
// get image type
$type = TCPDF_IMAGES::getImageFileType($imgsrc);
}
if (!isset($tag['width'])) {
$tag['width'] = 0;
}
if (!isset($tag['height'])) {
$tag['height'] = 0;
}
//if (!isset($tag['attribute']['align'])) {
// the only alignment supported is "bottom"
// further development is required for other modes.
$tag['attribute']['align'] = 'bottom';
//}
switch($tag['attribute']['align']) {
case 'top': {
$align = 'T';
break;
}
case 'middle': {
$align = 'M';
break;
}
case 'bottom': {
$align = 'B';
break;
}
default: {
$align = 'B';
break;
}
}
$prevy = $this->y;
$xpos = $this->x;
$imglink = '';
if (isset($this->HREF['url']) AND !TCPDF_STATIC::empty_string($this->HREF['url'])) {
$imglink = $this->HREF['url'];
if ($imglink[0] == '#') {
// convert url to internal link
$lnkdata = explode(',', $imglink);
if (isset($lnkdata[0])) {
$page = intval(substr($lnkdata[0], 1));
if (empty($page) OR ($page <= 0)) {
$page = $this->page;
}
if (isset($lnkdata[1]) AND (strlen($lnkdata[1]) > 0)) {
$lnky = floatval($lnkdata[1]);
} else {
$lnky = 0;
}
$imglink = $this->AddLink();
$this->SetLink($imglink, $lnky, $page);
}
}
}
$border = 0;
if (isset($tag['border']) AND !empty($tag['border'])) {
// currently only support 1 (frame) or a combination of 'LTRB'
$border = $tag['border'];
}
$iw = '';
if (isset($tag['width'])) {
$iw = $this->getHTMLUnitToUnits($tag['width'], ($tag['fontsize'] / $this->k), 'px', false);
}
$ih = '';
if (isset($tag['height'])) {
$ih = $this->getHTMLUnitToUnits($tag['height'], ($tag['fontsize'] / $this->k), 'px', false);
}
if (($type == 'eps') OR ($type == 'ai')) {
$this->ImageEps($imgsrc, $xpos, $this->y, $iw, $ih, $imglink, true, $align, '', $border, true);
} elseif ($type == 'svg') {
$this->ImageSVG($imgsrc, $xpos, $this->y, $iw, $ih, $imglink, $align, '', $border, true);
} else {
$this->Image($imgsrc, $xpos, $this->y, $iw, $ih, '', $imglink, $align, false, 300, '', false, false, $border, false, false, true);
}
switch($align) {
case 'T': {
$this->y = $prevy;
break;
}
case 'M': {
$this->y = (($this->img_rb_y + $prevy - ($this->getCellHeight($tag['fontsize'] / $this->k))) / 2);
break;
}
case 'B': {
$this->y = $this->img_rb_y - ($this->getCellHeight($tag['fontsize'] / $this->k) - ($this->getFontDescent($tag['fontname'], $tag['fontstyle'], $tag['fontsize']) * $this->cell_height_ratio));
break;
}
}
break;
}
case 'dl': {
@@ -24206,9 +24228,12 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
}
$img = urldecode($img);
$testscrtype = @parse_url($img);
if (!isset($testscrtype['query']) OR empty($testscrtype['query'])) {
if (empty($testscrtype['query'])) {
// convert URL to server path
$img = str_replace(K_PATH_URL, K_PATH_MAIN, $img);
} elseif (preg_match('|^https?://|', $img) !== 1) {
// convert server path to URL
$img = str_replace(K_PATH_MAIN, K_PATH_URL, $img);
}
}
// get image type

23
setup/backup.class.inc.php
View File

@@ -528,14 +528,21 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
*/
public function DownloadBackup($sFile)
{
header('Content-Description: File Transfer');
header('Content-Type: multipart/x-zip');
header('Content-Disposition: inline; filename="'.basename($sFile).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: '.filesize($sFile));
readfile($sFile);
if (file_exists($sFile))
{
header('Content-Description: File Transfer');
header('Content-Type: multipart/x-zip');
header('Content-Disposition: inline; filename="'.basename($sFile).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: '.filesize($sFile));
readfile($sFile) ;
}
else
{
throw new InvalidParameterException('Invalid file path');
}
}
/**

2
synchro/synchro_exec.php
View File

@@ -135,7 +135,7 @@ foreach(explode(',', $sDataSourcesList) as $iSDS)
$oSynchroDataSource = MetaModel::GetObject('SynchroDataSource', $iSDS, false);
if ($oSynchroDataSource == null)
{
$oP->p("ERROR: The data source (id=$iSDS) does not exist. Exiting...");
$oP->p("ERROR: The data source (id=".utils::HtmlEntities($iSDS).") does not exist. Exiting...");
$oP->output();
exit -3;
}