From 69c8791fc5e4f38dc6ade0289b0ce2a49513556d Mon Sep 17 00:00:00 2001 From: Timothee Date: Wed, 3 Jul 2024 16:48:08 +0200 Subject: [PATCH 1/6] Fix merge conflit resolution d3b996528380c34172e7d8978096dc385a7f3f45 --- core/cmdbsource.class.inc.php | 94 ----------------------------------- 1 file changed, 94 deletions(-) diff --git a/core/cmdbsource.class.inc.php b/core/cmdbsource.class.inc.php index de3523ee0..a5bf616a7 100644 --- a/core/cmdbsource.class.inc.php +++ b/core/cmdbsource.class.inc.php @@ -29,100 +29,6 @@ use Combodo\iTop\Core\DbConnectionWrapper; require_once('MyHelpers.class.inc.php'); require_once(APPROOT.'core/kpi.class.inc.php'); -class MySQLException extends CoreException -{ - /** - * MySQLException constructor. - * - * @param string $sIssue - * @param array $aContext - * @param \Exception $oException - * @param \mysqli $oMysqli to use when working with a custom mysqli instance - */ - public function __construct($sIssue, $aContext, $oException = null, $oMysqli = null) - { - - if ($oException != null) - { - $aContext['mysql_errno'] = $oException->getCode(); - $this->code = $oException->getCode(); - $aContext['mysql_error'] = $oException->getMessage(); - } - else if ($oMysqli != null) - { - $aContext['mysql_errno'] = $oMysqli->errno; - $this->code = $oMysqli->errno; - $aContext['mysql_error'] = $oMysqli->error; - } - else - { - $aContext['mysql_errno'] = CMDBSource::GetErrNo(); - $this->code = CMDBSource::GetErrNo(); - $aContext['mysql_error'] = CMDBSource::GetError(); - } - parent::__construct($sIssue, $aContext); - //if is connection error, don't log the default message with password in - if (mysqli_connect_errno()) { - error_log($this->message); - error_reporting(0); - } - } -} - -/** - * Class MySQLQueryHasNoResultException - * - * @since 2.5.0 - */ -class MySQLQueryHasNoResultException extends MySQLException -{ - -} - -/** - * Class MySQLHasGoneAwayException - * - * @since 2.5.0 - * @see itop bug 1195 - * @see https://dev.mysql.com/doc/refman/5.7/en/gone-away.html - */ -class MySQLHasGoneAwayException extends MySQLException -{ - /** - * can not be a constant before PHP 5.6 (http://php.net/manual/fr/language.oop5.constants.php) - * - * @return int[] - */ - public static function getErrorCodes() - { - return array( - 2006, - 2013, - ); - } - - public function __construct($sIssue, $aContext) - { - parent::__construct($sIssue, $aContext, null); - } -} - -/** - * @since 2.7.0 N°679 - */ -class MySQLNoTransactionException extends MySQLException -{ - -} - -/** - * @since 2.7.8 3.0.3 3.1.0 N°5538 - */ -class MySQLTransactionNotClosedException extends MySQLException -{ - -} - /** * CMDBSource From c3547f29d077ab28b83028e33a9ab9cec05d1a5e Mon Sep 17 00:00:00 2001 From: Romain Quetiez Date: Thu, 4 Jul 2024 09:38:35 +0200 Subject: [PATCH 2/6] :white_check_mark: Cosmetics on the test framework --- .../src/BaseTestCase/ItopDataTestCase.php | 28 +++---------------- .../php-unit-tests/GivenObjectInDBTest.php | 8 ++++-- 2 files changed, 10 insertions(+), 26 deletions(-) diff --git a/tests/php-unit-tests/src/BaseTestCase/ItopDataTestCase.php b/tests/php-unit-tests/src/BaseTestCase/ItopDataTestCase.php index 3baab4203..4c4f756e5 100644 --- a/tests/php-unit-tests/src/BaseTestCase/ItopDataTestCase.php +++ b/tests/php-unit-tests/src/BaseTestCase/ItopDataTestCase.php @@ -127,7 +127,10 @@ abstract class ItopDataTestCase extends ItopTestCase } if (static::CREATE_TEST_ORG) { - $this->GivenTestOrganization(); + // Create a specific organization for the tests + $this->iTestOrgId = $this->GivenObjectInDB('Organization', [ + 'name' => 'UnitTestOrganization', + ]); } $oConfig = MetaModel::GetConfig(); @@ -1175,29 +1178,6 @@ abstract class ItopDataTestCase extends ItopTestCase return $iKey; } - /** - * Create an Organization in database - * - * @param string $sName - * - * @throws Exception - */ - protected function GivenOrganization($sName): string - { - $sId = $this->GivenObjectInDB('Organization', [ - 'name' => $sName, - ]); - $this->debug("Created Organization $sName"); - - return $sId; - } - - protected function GivenTestOrganization(): void - { - // Create a specific organization for the tests - $this->iTestOrgId = $this->GivenOrganization('UnitTestOrganization'); - } - /** * Create a Farm in database * diff --git a/tests/php-unit-tests/unitary-tests/tests/php-unit-tests/GivenObjectInDBTest.php b/tests/php-unit-tests/unitary-tests/tests/php-unit-tests/GivenObjectInDBTest.php index d26397e1d..7b4553959 100644 --- a/tests/php-unit-tests/unitary-tests/tests/php-unit-tests/GivenObjectInDBTest.php +++ b/tests/php-unit-tests/unitary-tests/tests/php-unit-tests/GivenObjectInDBTest.php @@ -46,17 +46,21 @@ class GivenObjectInDBTest extends ItopDataTestCase 'first_name' => 'John', ]); + $iRole = $this->GivenObjectInDB('ContactType', [ + 'name' => 'The Boss', + ]); + $iTeam = $this->GivenObjectInDB('Team', [ 'name' => 'The A Team', 'persons_list' => [ - "person_id:$iPerson;role_id:1" + "person_id:$iPerson;role_id:$iRole" ], ]); $oSet = new \DBObjectSet(\DBObjectSearch::FromOQL("SELECT lnkPersonToTeam AS lnk WHERE lnk.team_id = $iTeam AND lnk.person_id = $iPerson")); $this->assertEquals(1, $oSet->Count(), "The link between the team and the person should be there"); $oLnk = $oSet->Fetch(); - $this->assertEquals(1, $oLnk->Get('role_id'), "The role should be correctly set"); + $this->assertEquals($iRole, $oLnk->Get('role_id'), "The role should be correctly set"); } public function testItShouldFailExplicitlyWhenAnAttributeCodeIsUnknown() From d5d93ed147eec8a93298215a3e0fd0ebb859e2cb Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Thu, 4 Jul 2024 09:43:55 +0200 Subject: [PATCH 3/6] =?UTF-8?q?N=C2=B07530=20-=20Fix=20quickcreate=20autoc?= =?UTF-8?q?omplete=20results=20not=20displaying=20properly?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/backoffice/components/_quick-create.scss | 47 +++++++++++++------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/css/backoffice/components/_quick-create.scss b/css/backoffice/components/_quick-create.scss index 93c4222c7..ba6f157ef 100644 --- a/css/backoffice/components/_quick-create.scss +++ b/css/backoffice/components/_quick-create.scss @@ -39,6 +39,8 @@ $ibo-quick-create--compartment-title--line-spacing: $ibo-spacing-300 !default; $ibo-quick-create--compartment-content--text-color: $ibo-color-grey-900 !default; +$ibo-quick-create--compartment-results--element--max-height: unset !default; + $ibo-quick-create--compartment-element--padding-x: $ibo-spacing-300 !default; $ibo-quick-create--compartment-element--padding-y: $ibo-spacing-200 !default; $ibo-quick-create--compartment-element--margin-x: -1 * $ibo-quick-create--compartment-element--padding-x !default; @@ -49,6 +51,7 @@ $ibo-quick-create--compartment-element-image--margin-right: $ibo-spacing-300 !de $ibo-quick-create--compartment-element-image--width: 20px !default; $ibo-quick-create--compartment-results--container--width: 100% !important !default; +$ibo-quick-create--compartment-results--container--background-color: transparent !default; $ibo-quick-create--compartment--placeholder-image--margin-top: $ibo-spacing-600 !default; $ibo-quick-create--compartment--placeholder-image--margin-bottom: $ibo-spacing-500 !default; @@ -219,28 +222,38 @@ $ibo-quick-create--compartment--placeholder-hint--text-color: $ibo-color-grey-70 } .ibo-quick-create--compartment-results--container{ + position: static; width: $ibo-quick-create--compartment-results--container--width; + background: $ibo-quick-create--compartment-results--container--background-color; + border: none; + box-shadow: none; } -.ibo-quick-create--compartment-results--element > .option{ - padding: $ibo-quick-create--compartment-element--padding-y $ibo-quick-create--compartment-element--padding-x; - margin-left: $ibo-quick-create--compartment-element--margin-x; - margin-right: $ibo-quick-create--compartment-element--margin-x; - color: inherit; +.ibo-quick-create--compartment-results--element { + overflow: unset; + max-height: $ibo-quick-create--compartment-results--element--max-height; + + &> .option { + padding: $ibo-quick-create--compartment-element--padding-y $ibo-quick-create--compartment-element--padding-x; + margin-left: $ibo-quick-create--compartment-element--margin-x; + margin-right: $ibo-quick-create--compartment-element--margin-x; + color: inherit; - @extend %ibo-text-truncated-with-ellipsis; + @extend %ibo-text-truncated-with-ellipsis; - &.active{ - background-color: $ibo-quick-create--compartment-element--background-color--is-active; - border-radius: $ibo-quick-create--compartment-element--border-radius--is-active; - } - &:hover{ - cursor: pointer; - @extend a; - } + &.active { + background-color: $ibo-quick-create--compartment-element--background-color--is-active; + border-radius: $ibo-quick-create--compartment-element--border-radius--is-active; + } - .highlight{ - font-weight: bold; - } + &:hover { + cursor: pointer; + @extend a; + } + + .highlight { + font-weight: bold; + } + } } .ibo-quick-create--compartment--placeholder{ From 64974a2c5434b56a6235409903983d68905a7f1c Mon Sep 17 00:00:00 2001 From: Stephen Abello Date: Thu, 4 Jul 2024 10:11:47 +0200 Subject: [PATCH 4/6] =?UTF-8?q?N=C2=B07530=20-=20Fix=20selectize=20results?= =?UTF-8?q?=20not=20stylized=20properly=20in=20other=20themes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- css/backoffice/vendors/_selectize.scss | 21 +++++++++++++++---- .../scss/scss-variables.scss | 4 ++++ 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/css/backoffice/vendors/_selectize.scss b/css/backoffice/vendors/_selectize.scss index ccceea0fc..ef655c02f 100644 --- a/css/backoffice/vendors/_selectize.scss +++ b/css/backoffice/vendors/_selectize.scss @@ -23,6 +23,17 @@ $ibo-vendors-selectize--item--ignore-partial--background-color: $ibo-color-grey- $ibo-vendors-selectize--input-error--border: 1px solid $ibo-color-red-600 !default; +$ibo-vendors-selectize--input--border-color: $ibo-color-grey-500 !default; + +$ibo-vendors-selectize--element--active--background: $ibo-color-white-100 !default; +$ibo-vendors-selectize--element--active--color: $ibo-color-grey-500 !default; + +$ibo-vendors-selectize--dropdown--background-color: $ibo-vendors-selectize-input--background-color !default; +$ibo-vendors-selectize--dropdown--color: $ibo-vendors-selectize-input--color!default; + +$ibo-vendors-selectize--header--padding-x: 8px !default; +$ibo-vendors-selectize--header--padding-y: 5px !default; + .selectize-control.single .selectize-input { box-shadow: unset; background-color: $ibo-vendors-selectize-input--background-color; @@ -55,20 +66,22 @@ $ibo-vendors-selectize--input-error--border: 1px solid $ibo-color-red-600 !defau } .selectize-control.single .selectize-input, .selectize-dropdown.single { - border-color: $ibo-color-grey-500; + border-color: $ibo-vendors-selectize--input--border-color; } .selectize-dropdown { + background-color: $ibo-vendors-selectize--dropdown--background-color; + color: $ibo-vendors-selectize--dropdown--color; .selected, .active, .active:not(.selected){ - background: #f5fafd; - color: #495c68; + background: $ibo-vendors-selectize--element--active--background; + color: $ibo-vendors-selectize--element--active--color; } [data-selectable], .optgroup-header { - padding: 5px 8px; + padding: $ibo-vendors-selectize--header--padding-y $ibo-vendors-selectize--header--padding-x; } .option { diff --git a/datamodels/2.x/combodo-backoffice-darkmoon-theme/scss/scss-variables.scss b/datamodels/2.x/combodo-backoffice-darkmoon-theme/scss/scss-variables.scss index 13fb1d084..a46759782 100644 --- a/datamodels/2.x/combodo-backoffice-darkmoon-theme/scss/scss-variables.scss +++ b/datamodels/2.x/combodo-backoffice-darkmoon-theme/scss/scss-variables.scss @@ -176,6 +176,10 @@ $ibo-input-select--action-button--color: $ibo-input-select-wrapper--after--color $ibo-input-select-selectize--item--active--text-color: $ibo-color-grey-100; $ibo-input-select-selectize--item--active--background-color: $ibo-color-grey-500; $ibo-vendors-selectize-input--color: $ibo-body-text-color; +$ibo-vendors-selectize-input--background-color: $ibo-input--background-color; +$ibo-vendors-selectize--input--border-color: $ibo-input--border-color; +$ibo-vendors-selectize--element--active--background: $ibo-color-grey-400; +$ibo-vendors-selectize--element--active--color: $ibo-body-text-color; $ibo-popover-menu--item-separator--background-color: $ibo-color-grey-500; $ibo-popover-menu--item--text-color: $ibo-color-grey-200; From fd64be1dcd83dbaacf21ac194d4d3055debd7d2b Mon Sep 17 00:00:00 2001 From: Timothee Date: Thu, 4 Jul 2024 10:39:27 +0200 Subject: [PATCH 5/6] =?UTF-8?q?N=C2=B07490=20Upgrade=20tcpdf=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.lock | 14 +- lib/composer/installed.json | 16 +- lib/composer/installed.php | 10 +- lib/tecnickcom/tcpdf/CHANGELOG.TXT | 18 +- lib/tecnickcom/tcpdf/LICENSE.TXT | 2 +- lib/tecnickcom/tcpdf/README.md | 2 +- lib/tecnickcom/tcpdf/VERSION | 2 +- lib/tecnickcom/tcpdf/composer.json | 4 +- lib/tecnickcom/tcpdf/config/tcpdf_config.php | 8 + lib/tecnickcom/tcpdf/include/tcpdf_colors.php | 2 +- lib/tecnickcom/tcpdf/include/tcpdf_static.php | 2 +- lib/tecnickcom/tcpdf/tcpdf.php | 203 +++++++++++------- lib/tecnickcom/tcpdf/tcpdf_autoconfig.php | 4 + 13 files changed, 172 insertions(+), 115 deletions(-) diff --git a/composer.lock b/composer.lock index 01d78be94..56df831df 100644 --- a/composer.lock +++ b/composer.lock @@ -4911,20 +4911,20 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.6.5", + "version": "6.7.5", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce" + "reference": "951eabf0338ec2522bd0d5d9c79b08a3a3d36b36" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/5fce932fcee4371865314ab7f6c0d85423c5c7ce", - "reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/951eabf0338ec2522bd0d5d9c79b08a3a3d36b36", + "reference": "951eabf0338ec2522bd0d5d9c79b08a3a3d36b36", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=5.5.0" }, "type": "library", "autoload": { @@ -4971,7 +4971,7 @@ ], "support": { "issues": "https://github.com/tecnickcom/TCPDF/issues", - "source": "https://github.com/tecnickcom/TCPDF/tree/6.6.5" + "source": "https://github.com/tecnickcom/TCPDF/tree/6.7.5" }, "funding": [ { @@ -4979,7 +4979,7 @@ "type": "custom" } ], - "time": "2023-09-06T15:09:26+00:00" + "time": "2024-04-20T17:25:10+00:00" }, { "name": "thenetworg/oauth2-azure", diff --git a/lib/composer/installed.json b/lib/composer/installed.json index bc2c481d8..967b09a19 100644 --- a/lib/composer/installed.json +++ b/lib/composer/installed.json @@ -5330,23 +5330,23 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.6.5", - "version_normalized": "6.6.5.0", + "version": "6.7.5", + "version_normalized": "6.7.5.0", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce" + "reference": "951eabf0338ec2522bd0d5d9c79b08a3a3d36b36" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/5fce932fcee4371865314ab7f6c0d85423c5c7ce", - "reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/951eabf0338ec2522bd0d5d9c79b08a3a3d36b36", + "reference": "951eabf0338ec2522bd0d5d9c79b08a3a3d36b36", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=5.5.0" }, - "time": "2023-09-06T15:09:26+00:00", + "time": "2024-04-20T17:25:10+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -5393,7 +5393,7 @@ ], "support": { "issues": "https://github.com/tecnickcom/TCPDF/issues", - "source": "https://github.com/tecnickcom/TCPDF/tree/6.6.5" + "source": "https://github.com/tecnickcom/TCPDF/tree/6.7.5" }, "funding": [ { diff --git a/lib/composer/installed.php b/lib/composer/installed.php index c0cea0397..41505b3e7 100644 --- a/lib/composer/installed.php +++ b/lib/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'combodo/itop', 'pretty_version' => 'dev-develop', 'version' => 'dev-develop', - 'reference' => '71e36d264e098583e31c752528c815d1f9e29032', + 'reference' => 'e363692822a66c4d716075b386ceca676ad0ced6', 'type' => 'project', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -22,7 +22,7 @@ 'combodo/itop' => array( 'pretty_version' => 'dev-develop', 'version' => 'dev-develop', - 'reference' => '71e36d264e098583e31c752528c815d1f9e29032', + 'reference' => 'e363692822a66c4d716075b386ceca676ad0ced6', 'type' => 'project', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -720,9 +720,9 @@ 'dev_requirement' => false, ), 'tecnickcom/tcpdf' => array( - 'pretty_version' => '6.6.5', - 'version' => '6.6.5.0', - 'reference' => '5fce932fcee4371865314ab7f6c0d85423c5c7ce', + 'pretty_version' => '6.7.5', + 'version' => '6.7.5.0', + 'reference' => '951eabf0338ec2522bd0d5d9c79b08a3a3d36b36', 'type' => 'library', 'install_path' => __DIR__ . '/../tecnickcom/tcpdf', 'aliases' => array(), diff --git a/lib/tecnickcom/tcpdf/CHANGELOG.TXT b/lib/tecnickcom/tcpdf/CHANGELOG.TXT index efd3b52f2..4a845350e 100644 --- a/lib/tecnickcom/tcpdf/CHANGELOG.TXT +++ b/lib/tecnickcom/tcpdf/CHANGELOG.TXT @@ -1,10 +1,18 @@ -6.6.5 (2023-09-06) +6.7.5 (2024-04-20) + - Update GitHub actions + - fix: CSV-2024-22640 (#712) + +6.7.4 (2024-03-24) + - Upgrade tcpdf tag encryption algorithm. + - Fix regression issue #699. + - Fix security issue. + - [BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php. + - New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag. + - Raised minimum PHP version to PHP 5.5.0. + +6.6.5 (2023-09-02) - Fix corrupted file. - -6.6.4 (2023-09-06) - Fix GitHub automation tests. - -6.6.3 (2023-09-06) - Fix SPDX license ID (#591) - Fix warning "array offset on value of type null" (#620) - Improve the README about the status of this library (#589) diff --git a/lib/tecnickcom/tcpdf/LICENSE.TXT b/lib/tecnickcom/tcpdf/LICENSE.TXT index 072e73a75..ec7968a7e 100644 --- a/lib/tecnickcom/tcpdf/LICENSE.TXT +++ b/lib/tecnickcom/tcpdf/LICENSE.TXT @@ -7,7 +7,7 @@ published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - 2002-2023 Nicola Asuni - Tecnick.com LTD + 2002-2024 Nicola Asuni - Tecnick.com LTD ********************************************************************** ********************************************************************** diff --git a/lib/tecnickcom/tcpdf/README.md b/lib/tecnickcom/tcpdf/README.md index 39ea1c458..f59f66339 100644 --- a/lib/tecnickcom/tcpdf/README.md +++ b/lib/tecnickcom/tcpdf/README.md @@ -6,7 +6,7 @@ * **category** Library * **author** Nicola Asuni -* **copyright** 2002-2023 Nicola Asuni - Tecnick.com LTD +* **copyright** 2002-2024 Nicola Asuni - Tecnick.com LTD * **license** http://www.gnu.org/copyleft/lesser.html GNU-LGPL v3 (see LICENSE.TXT) * **link** http://www.tcpdf.org * **source** https://github.com/tecnickcom/TCPDF diff --git a/lib/tecnickcom/tcpdf/VERSION b/lib/tecnickcom/tcpdf/VERSION index 5dbe61b99..c56facf89 100644 --- a/lib/tecnickcom/tcpdf/VERSION +++ b/lib/tecnickcom/tcpdf/VERSION @@ -1 +1 @@ -6.6.5 +6.7.5 diff --git a/lib/tecnickcom/tcpdf/composer.json b/lib/tecnickcom/tcpdf/composer.json index f24d581d3..7389d0900 100644 --- a/lib/tecnickcom/tcpdf/composer.json +++ b/lib/tecnickcom/tcpdf/composer.json @@ -12,7 +12,7 @@ "barcodes" ], "homepage": "http://www.tcpdf.org/", - "version": "6.6.5", + "version": "6.7.5", "license": "LGPL-3.0-or-later", "authors": [ { @@ -22,7 +22,7 @@ } ], "require": { - "php": ">=5.3.0" + "php": ">=5.5.0" }, "autoload": { "classmap": [ diff --git a/lib/tecnickcom/tcpdf/config/tcpdf_config.php b/lib/tecnickcom/tcpdf/config/tcpdf_config.php index 92317b121..9888a6778 100644 --- a/lib/tecnickcom/tcpdf/config/tcpdf_config.php +++ b/lib/tecnickcom/tcpdf/config/tcpdf_config.php @@ -212,6 +212,14 @@ define('K_THAI_TOPCHARS', true); */ define('K_TCPDF_CALLS_IN_HTML', false); +/** + * List of TCPDF methods that are allowed to be called using HTML syntax. + * Note: each method name must end with surrounded with | (pipe) character. + * The constant K_TCPDF_CALLS_IN_HTML must be set to true. + * IMPORTANT: For security reason, disable this feature if you are allowing user HTML content. + */ +define('K_ALLOWED_TCPDF_TAGS', ''); + /** * If true and PHP version is greater than 5, then the Error() method throw new exception instead of terminating the execution. */ diff --git a/lib/tecnickcom/tcpdf/include/tcpdf_colors.php b/lib/tecnickcom/tcpdf/include/tcpdf_colors.php index 7f337f31a..5a51594c3 100644 --- a/lib/tecnickcom/tcpdf/include/tcpdf_colors.php +++ b/lib/tecnickcom/tcpdf/include/tcpdf_colors.php @@ -275,7 +275,7 @@ class TCPDF_COLORS { $color = strtolower($color); // check for javascript color array syntax if (strpos($color, '[') !== false) { - if (preg_match('/[\[][\"\'](t|g|rgb|cmyk)[\"\'][\,]?([0-9\.]*)[\,]?([0-9\.]*)[\,]?([0-9\.]*)[\,]?([0-9\.]*)[\]]/', $color, $m) > 0) { + if (preg_match('/[\[][\"\'](t|g|rgb|cmyk)[\"\'][\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\,]?([0-9\.]*+)[\]]/', $color, $m) > 0) { $returncolor = array(); switch ($m[1]) { case 'cmyk': { diff --git a/lib/tecnickcom/tcpdf/include/tcpdf_static.php b/lib/tecnickcom/tcpdf/include/tcpdf_static.php index 4c28850e8..04f74461f 100644 --- a/lib/tecnickcom/tcpdf/include/tcpdf_static.php +++ b/lib/tecnickcom/tcpdf/include/tcpdf_static.php @@ -55,7 +55,7 @@ class TCPDF_STATIC { * Current TCPDF version. * @private static */ - private static $tcpdf_version = '6.6.5'; + private static $tcpdf_version = '6.7.5'; /** * String alias for total number of pages. diff --git a/lib/tecnickcom/tcpdf/tcpdf.php b/lib/tecnickcom/tcpdf/tcpdf.php index cd0205129..60f93c416 100644 --- a/lib/tecnickcom/tcpdf/tcpdf.php +++ b/lib/tecnickcom/tcpdf/tcpdf.php @@ -1,13 +1,13 @@ * @package com.tecnick.tcpdf * @brief PHP class for generating PDF documents without requiring external extensions. - * @version 6.6.5 + * @version 6.7.5 * @author Nicola Asuni - info@tecnick.com * @IgnoreAnnotation("protected") * @IgnoreAnnotation("public") @@ -838,6 +838,13 @@ class TCPDF { */ protected $file_id; + /** + * Internal secret used to encrypt data. + * @protected + * @since 6.7.5 (2024-03-21) + */ + protected $hash_key; + // --- bookmark --- /** @@ -1880,10 +1887,10 @@ class TCPDF { // set file ID for trailer $serformat = (is_array($format) ? json_encode($format) : $format); $this->file_id = md5(TCPDF_STATIC::getRandomSeed('TCPDF'.$orientation.$unit.$serformat.$encoding)); + $this->hash_key = hash_hmac('sha256', TCPDF_STATIC::getRandomSeed($this->file_id), TCPDF_STATIC::getRandomSeed('TCPDF'), false); $this->font_obj_ids = array(); $this->page_obj_id = array(); $this->form_obj_id = array(); - // set pdf/a mode if ($pdfa != false) { $this->pdfa_mode = true; @@ -4427,7 +4434,7 @@ class TCPDF { $this->Error('Unknow font type: '.$type.''); } // set name if unset - if (!isset($name) OR empty($name)) { + if (empty($name)) { $name = $fontkey; } // create artificial font style variations if missing (only works with non-embedded fonts) @@ -4470,7 +4477,7 @@ class TCPDF { // we are inside an XObject template $this->xobjects[$this->xobjid]['fonts'][$fontkey] = $this->numfonts; } - if (isset($diff) AND (!empty($diff))) { + if (!empty($diff)) { //Search existing encodings $d = 0; $nb = count($this->diffs); @@ -16389,6 +16396,53 @@ class TCPDF { * @since 3.2.000 (2008-06-20) */ protected function getHtmlDomArray($html) { + // set inheritable properties fot the first void element + // possible inheritable properties are: azimuth, border-collapse, border-spacing, caption-side, color, cursor, direction, empty-cells, font, font-family, font-stretch, font-size, font-size-adjust, font-style, font-variant, font-weight, letter-spacing, line-height, list-style, list-style-image, list-style-position, list-style-type, orphans, page, page-break-inside, quotes, speak, speak-header, text-align, text-indent, text-transform, volume, white-space, widows, word-spacing + $dom = array( + array( + 'tag' => false, + 'block' => false, + 'value' => '', + 'parent' => 0, + 'hide' => false, + 'fontname' => $this->FontFamily, + 'fontstyle' => $this->FontStyle, + 'fontsize' => $this->FontSizePt, + 'font-stretch' => $this->font_stretching, + 'letter-spacing' => $this->font_spacing, + 'stroke' => $this->textstrokewidth, + 'fill' => (($this->textrendermode % 2) == 0), + 'clip' => ($this->textrendermode > 3), + 'line-height' => $this->cell_height_ratio, + 'bgcolor' => false, + 'fgcolor' => $this->fgcolor, // color + 'strokecolor' => $this->strokecolor, + 'align' => '', + 'listtype' => '', + 'text-indent' => 0, + 'text-transform' => '', + 'border' => array(), + 'dir' => $this->rtl?'rtl':'ltr', + 'width' => 0, + 'height' => 0, + 'x' => 0, + 'y' => 0, + 'w' => 0, + 'h' => 0, + 'l' => 0, + 't' => 0, + 'r' => 0, + 'b' => 0, + 'padding' => array('T' => 0, 'R' => 0, 'B' => 0, 'L' => 0), + 'margin' => array('T' => 0, 'R' => 0, 'B' => 0, 'L' => 0), + 'border-spacing' => array('H' => 0, 'V' => 0), + 'border-collapse' => 'separate', + ) + ); + + if(empty($html)) { + return $dom; + } // array of CSS styles ( selector => properties). $css = array(); // get CSS array defined at previous call @@ -16533,37 +16587,8 @@ class TCPDF { // count elements $maxel = count($a); $elkey = 0; - $key = 0; - // create an array of elements - $dom = array(); - $dom[$key] = array(); - // set inheritable properties fot the first void element - // possible inheritable properties are: azimuth, border-collapse, border-spacing, caption-side, color, cursor, direction, empty-cells, font, font-family, font-stretch, font-size, font-size-adjust, font-style, font-variant, font-weight, letter-spacing, line-height, list-style, list-style-image, list-style-position, list-style-type, orphans, page, page-break-inside, quotes, speak, speak-header, text-align, text-indent, text-transform, volume, white-space, widows, word-spacing - $dom[$key]['tag'] = false; - $dom[$key]['block'] = false; - $dom[$key]['value'] = ''; - $dom[$key]['parent'] = 0; - $dom[$key]['hide'] = false; - $dom[$key]['fontname'] = $this->FontFamily; - $dom[$key]['fontstyle'] = $this->FontStyle; - $dom[$key]['fontsize'] = $this->FontSizePt; - $dom[$key]['font-stretch'] = $this->font_stretching; - $dom[$key]['letter-spacing'] = $this->font_spacing; - $dom[$key]['stroke'] = $this->textstrokewidth; - $dom[$key]['fill'] = (($this->textrendermode % 2) == 0); - $dom[$key]['clip'] = ($this->textrendermode > 3); - $dom[$key]['line-height'] = $this->cell_height_ratio; - $dom[$key]['bgcolor'] = false; - $dom[$key]['fgcolor'] = $this->fgcolor; // color - $dom[$key]['strokecolor'] = $this->strokecolor; - $dom[$key]['align'] = ''; - $dom[$key]['listtype'] = ''; - $dom[$key]['text-indent'] = 0; - $dom[$key]['text-transform'] = ''; - $dom[$key]['border'] = array(); - $dom[$key]['dir'] = $this->rtl?'rtl':'ltr'; $thead = false; // true when we are inside the THEAD tag - ++$key; + $key = 1; $level = array(); array_push($level, 0); // root while ($elkey < $maxel) { @@ -17200,41 +17225,59 @@ class TCPDF { } /** - * Return an hash code used to ensure that the serialized data has been generated by this TCPDF instance. - * @param string $data serialized data - * @return string - * @public static + * Calculates the hash value of the given data. + * + * @param string $data The data to be hashed. + * @return string The hashed value of the data. */ - protected function getHashForTCPDFtagParams($data) { - return md5(strlen($data).$this->file_id.$data); + protected function hashTCPDFtag($data) { + return hash_hmac('sha256', $data, $this->hash_key, false); } /** - * Serialize an array of parameters to be used with TCPDF tag in HTML code. - * @param array $data parameters array - * @return string containing serialized data + * Serialize data to be used with TCPDF tag in HTML code. + * @param string $method TCPDF method name + * @param array $params Method parameters + * @return string Serialized data * @public static */ - public function serializeTCPDFtagParameters($data) { + public function serializeTCPDFtag($method, $params=array()) { + $data = array('m' => $method, 'p' => $params); $encoded = urlencode(json_encode($data)); - return $this->getHashForTCPDFtagParams($encoded).$encoded; + $hash = $this->hashTCPDFtag($encoded); + return strlen($hash).'+'.$hash.'+'.$encoded; } /** - * Unserialize parameters to be used with TCPDF tag in HTML code. + * Unserialize data to be used with TCPDF tag in HTML code. * @param string $data serialized data * @return array containing unserialized data * @protected static */ - protected function unserializeTCPDFtagParameters($data) { - $hash = substr($data, 0, 32); - $encoded = substr($data, 32); - if ($hash != $this->getHashForTCPDFtagParams($encoded)) { + protected function unserializeTCPDFtag($data) { + $hpos = strpos($data, '+'); + $hlen = intval(substr($data, 0, $hpos)); + $hash = substr($data, $hpos + 1, $hlen); + $encoded = substr($data, $hpos + 2 + $hlen); + if ($hash != $this->hashTCPDFtag($encoded)) { $this->Error('Invalid parameters'); } return json_decode(urldecode($encoded), true); } + /** + * Check if a TCPDF tag is allowed + * @param string $method TCPDF method name + * @return boolean + * @protected + */ + protected function allowedTCPDFtag($method) { + if (defined('K_ALLOWED_TCPDF_TAGS')) { + return (strpos(K_ALLOWED_TCPDF_TAGS, '|'.$method.'|') !== false); + } + return false; + } + /** * Prints a cell (rectangular area) with optional borders, background color and html text string. * The upper-left corner of the cell corresponds to the current position. After the call, the current position moves to the right or to the next line.
@@ -17248,8 +17291,7 @@ class TCPDF { * @param float|null $y upper-left corner Y coordinate * @param string $html html text to print. Default value: empty string. * @param mixed $border Indicates if borders must be drawn around the cell. The value can be a number:
  • 0: no border (default)
  • 1: frame
or a string containing some or all of the following characters (in any order):
  • L: left
  • T: top
  • R: right
  • B: bottom
or an array of line styles for each border group - for example: array('LTRB' => array('width' => 2, 'cap' => 'butt', 'join' => 'miter', 'dash' => 0, 'color' => array(0, 0, 0))) - * @param int $ln Indicates where the current position should go after the call. Possible values are:
  • 0: to the right (or left for RTL language)
  • 1: to the beginning of the next line
  • 2: below
-Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: 0. + * @param int $ln Indicates where the current position should go after the call. Possible values are:
  • 0: to the right (or left for RTL language)
  • 1: to the beginning of the next line
  • 2: below
Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: 0. * @param boolean $fill Indicates if the cell background must be painted (true) or transparent (false). * @param boolean $reseth if true reset the last cell height (default true). * @param string $align Allows to center or align the text. Possible values are:
  • L : left align
  • C : center
  • R : right align
  • '' : empty string : left for LTR or right for RTL
@@ -19510,17 +19552,14 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: case 'tcpdf': { if (defined('K_TCPDF_CALLS_IN_HTML') AND (K_TCPDF_CALLS_IN_HTML === true)) { // Special tag used to call TCPDF methods - if (isset($tag['attribute']['method'])) { - $tcpdf_method = $tag['attribute']['method']; - if (method_exists($this, $tcpdf_method)) { - if (isset($tag['attribute']['params']) AND (!empty($tag['attribute']['params']))) { - $params = $this->unserializeTCPDFtagParameters($tag['attribute']['params']); - call_user_func_array(array($this, $tcpdf_method), $params); - } else { - $this->$tcpdf_method(); - } - $this->newline = true; + // This tag is disabled by default by the K_TCPDF_CALLS_IN_HTML constant on TCPDF configuration file. + // Please use this feature only if you are in control of the HTML content and you are sure that it does not contain any harmful code. + if (!empty($tag['attribute']['data'])) { + $tcpdf_tag_data = $this->unserializeTCPDFtag($tag['attribute']['data']); + if ($this->allowedTCPDFtag($tcpdf_tag_data['m'])) { + call_user_func_array(array($this, $tcpdf_tag_data['m']), $tcpdf_tag_data['p']); } + $this->newline = true; } } break; @@ -21867,25 +21906,23 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value: * @since 4.5.029 (2009-03-19) */ public function rollbackTransaction($self=false) { - if (isset($this->objcopy)) { - $objcopy = $this->objcopy; - $this->_destroy(true, true); - if ($self) { - $objvars = get_object_vars($objcopy); - foreach ($objvars as $key => $value) { - $this->$key = $value; - } - $objcopy->_destroy(true, true); - /* The unique file_id should not be used during cleanup again */ - $objcopy->file_id = NULL; - unset($objcopy); - return $this; - } - /* The unique file_id should not be used during cleanup again */ - $this->file_id = NULL; - return $objcopy; + if (!isset($this->objcopy)) { + return $this; } - return $this; + $file_id = $this->file_id; + $objcopy = $this->objcopy; + $this->_destroy(true, true); + if ($self) { + $objvars = get_object_vars($objcopy); + foreach ($objvars as $key => $value) { + $this->$key = $value; + } + $objcopy->_destroy(true, true); + unset($objcopy); + return $this; + } + $this->file_id = $file_id; + return $objcopy; } // --- MULTI COLUMNS METHODS ----------------------- diff --git a/lib/tecnickcom/tcpdf/tcpdf_autoconfig.php b/lib/tecnickcom/tcpdf/tcpdf_autoconfig.php index 6ec9ce83b..2bcfccb82 100644 --- a/lib/tecnickcom/tcpdf/tcpdf_autoconfig.php +++ b/lib/tecnickcom/tcpdf/tcpdf_autoconfig.php @@ -228,6 +228,10 @@ if (!defined('K_TCPDF_CALLS_IN_HTML')) { define('K_TCPDF_CALLS_IN_HTML', false); } +if (!defined('K_ALLOWED_TCPDF_TAGS')) { + define('K_ALLOWED_TCPDF_TAGS', ''); +} + if (!defined('K_TCPDF_THROW_EXCEPTION_ERROR')) { define('K_TCPDF_THROW_EXCEPTION_ERROR', false); } From 96e1388dde31885170b61c71cbb0d5ae37f70d94 Mon Sep 17 00:00:00 2001 From: jf-cbd Date: Thu, 4 Jul 2024 10:55:52 +0200 Subject: [PATCH 6/6] =?UTF-8?q?N=C2=B07603=20-=20Security=20hardening=20+?= =?UTF-8?q?=20UI=20blocks=20examples=20updated?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pages/run_query.php | 4 +-- .../Layout/UIContentBlockUIBlockFactory.php | 28 +++++++++++++------ .../Backoffice/RenderAllUiBlocks.php | 17 +++++++++++ 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/pages/run_query.php b/pages/run_query.php index c197182ca..8139b382a 100644 --- a/pages/run_query.php +++ b/pages/run_query.php @@ -243,11 +243,11 @@ EOF $aMoreInfoBlocks = []; $oDevelopedQuerySet = new FieldSet(Dict::S('UI:RunQuery:DevelopedQuery')); - $oDevelopedQuerySet->AddSubBlock(UIContentBlockUIBlockFactory::MakeForCode(utils::EscapeHtml($oFilter->ToOQL()))); + $oDevelopedQuerySet->AddSubBlock(UIContentBlockUIBlockFactory::MakeForCode($oFilter->ToOQL())); $aMoreInfoBlocks[] = $oDevelopedQuerySet; $oSerializedQuerySet = new FieldSet(Dict::S('UI:RunQuery:SerializedFilter')); - $oSerializedQuerySet->AddSubBlock(UIContentBlockUIBlockFactory::MakeForCode(utils::EscapeHtml($oFilter->serialize()))); + $oSerializedQuerySet->AddSubBlock(UIContentBlockUIBlockFactory::MakeForCode($oFilter->serialize())); $aMoreInfoBlocks[] = $oSerializedQuerySet; diff --git a/sources/application/UI/Base/Layout/UIContentBlockUIBlockFactory.php b/sources/application/UI/Base/Layout/UIContentBlockUIBlockFactory.php index f55eda536..07d557ee1 100644 --- a/sources/application/UI/Base/Layout/UIContentBlockUIBlockFactory.php +++ b/sources/application/UI/Base/Layout/UIContentBlockUIBlockFactory.php @@ -45,33 +45,45 @@ class UIContentBlockUIBlockFactory extends AbstractUIBlockFactory * The \n are replaced by
* * @api - * @param string $sCode + * @param string $sCode plain text code * @param string|null $sId * * @return \Combodo\iTop\Application\UI\Base\Layout\UIContentBlock */ public static function MakeForCode(string $sCode, string $sId = null) { - $oCode = new UIContentBlock($sId, ['ibo-is-code']); - $sCode = str_replace("\n", '
', $sCode); - $oCode->AddSubBlock(new Html($sCode)); + $sCode = str_replace("\n", '
', \utils::HtmlEntities($sCode)); - return $oCode; + return self::MakeFromHTMLCode($sId, $sCode); } /** * Used to display a block of preformatted text in a 
 tag.
 	 *
 	 * @api
-	 * @param string $sCode
+	 * @param string $sCode plain text code
 	 * @param string|null $sId
 	 *
 	 * @return \Combodo\iTop\Application\UI\Base\Layout\UIContentBlock
 	 */
 	public static function MakeForPreformatted(string $sCode, string $sId = null)
 	{
-		$sCode = '
'.$sCode.'
';
+		$sCode = '
'.\utils::HtmlEntities($sCode).'
';
 
-		return static::MakeForCode($sCode, $sId);
+		return self::MakeFromHTMLCode($sId, $sCode);
+	}
+
+	/**
+	 * @param string|null $sId
+	 * @param string $sCode
+	 *
+	 * @return \Combodo\iTop\Application\UI\Base\Layout\UIContentBlock
+	 */
+	private static function MakeFromHTMLCode(?string $sId, string $sCode): UIContentBlock
+	{
+		$oCode = new UIContentBlock($sId, ['ibo-is-code']);
+		$oCode->AddSubBlock(new Html($sCode));
+
+		return $oCode;
 	}
 }
\ No newline at end of file
diff --git a/tests/manual-visual-tests/Backoffice/RenderAllUiBlocks.php b/tests/manual-visual-tests/Backoffice/RenderAllUiBlocks.php
index ea7ed9bb5..579997ee0 100644
--- a/tests/manual-visual-tests/Backoffice/RenderAllUiBlocks.php
+++ b/tests/manual-visual-tests/Backoffice/RenderAllUiBlocks.php
@@ -42,6 +42,7 @@ use Combodo\iTop\Application\UI\Base\Component\PopoverMenu\PopoverMenu;
 use Combodo\iTop\Application\UI\Base\Component\Title\TitleUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\Object\ObjectFactory;
 use Combodo\iTop\Application\UI\Base\Layout\PageContent\PageContentFactory;
+use Combodo\iTop\Application\UI\Base\Layout\UIContentBlockUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\UIContentBlockWithJSRefreshCallback;
 use iTopWebPage;
 use LoginWebPage;
@@ -355,6 +356,22 @@ $oDashletFieldset2->AddSubBlock($oDashletField4);
 $oDashletFieldset2->AddSubBlock($oDashletField5);
 $oDashletFieldset2->AddSubBlock($oDashletField6);
 
+/////////
+// Code
+/////////
+
+$oPage->AddUiBlock(TitleUIBlockFactory::MakeNeutral('Code examples (MakeForCode)', 2 ));
+$oCode1 = UIContentBlockUIBlockFactory::MakeForCode('function mean(int $a, int $b) {
+	return ($a + $b)/2
+}');
+$oPage->AddUiBlock($oCode1);
+
+$oPage->AddUiBlock(TitleUIBlockFactory::MakeNeutral('Code examples (MakeForPreformatted)', 2 ));
+$oCode2 = UIContentBlockUIBlockFactory::MakeForPreformatted('function mean(int $a, int $b) {
+	return ($a + $b)/2
+}');
+$oPage->AddUiBlock($oCode2);
+
 /////////
 // Pill
 /////////