fix backward compatibility issue

tecnickcom · Mar 18, 2024 · 5e6ce1e · 5e6ce1e
1 parent 51cd1b3
commit 5e6ce1e
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 15 deletions.
diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
@@ -1,4 +1,4 @@
-6.7.0 (2024-03-18)
+6.7.1 (2024-03-18)
 	- Fix security issue.
 	- [BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
 	- New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-6.7.0
+6.7.1
diff --git a/composer.json b/composer.json
@@ -12,7 +12,7 @@
         "barcodes"
     ],
     "homepage": "http://www.tcpdf.org/",
-    "version": "6.7.0",
+    "version": "6.7.1",
     "license": "LGPL-3.0-or-later",
     "authors": [
         {

diff --git a/config/tcpdf_config.php b/config/tcpdf_config.php
@@ -212,6 +212,14 @@
  */
 define('K_TCPDF_CALLS_IN_HTML', false);
 
+/**
+ * List of TCPDF methods that are allowed to be called using HTML syntax.
+ * Note: each method name must end with surrounded with | (pipe) character.
+ * The constant K_TCPDF_CALLS_IN_HTML must be set to true.
+ * IMPORTANT: For security reason, disable this feature if you are allowing user HTML content.
+ */
+define('K_ALLOWED_TCPDF_TAGS', '');
+
 /**
  * If true and PHP version is greater than 5, then the Error() method throw new exception instead of terminating the execution.
  */

diff --git a/examples/config/tcpdf_config_alt.php b/examples/config/tcpdf_config_alt.php
@@ -213,16 +213,12 @@
 define('K_TCPDF_CALLS_IN_HTML', true);
 
 /**
- * List the TCPDF methods that are allowed to be called using HTML syntax.
+ * List of TCPDF methods that are allowed to be called using HTML syntax.
+ * Note: each method name must end with surrounded with | (pipe) character.
  * The constant K_TCPDF_CALLS_IN_HTML must be set to true.
  * IMPORTANT: For security reason, disable this feature if you are allowing user HTML content.
  */
-define('K_ALLOWED_TCPDF_TAGS', array(
-    'AddPage',
-    'Rect',
-    'SetDrawColor',
-    'write1DBarcode',
-));
+define('K_ALLOWED_TCPDF_TAGS', '|AddPage|Rect|SetDrawColor|write1DBarcode|');
 
 /**
  * If true and PHP version is greater than 5, then the Error() method throw new exception instead of terminating the execution.

diff --git a/include/tcpdf_static.php b/include/tcpdf_static.php
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
 	 * Current TCPDF version.
 	 * @private static
 	 */
-	private static $tcpdf_version = '6.7.0';
+	private static $tcpdf_version = '6.7.1';
 
 	/**
 	 * String alias for total number of pages.

diff --git a/tcpdf.php b/tcpdf.php
@@ -1,7 +1,7 @@
 <?php
 //============================================================+
 // File name   : tcpdf.php
-// Version     : 6.7.0
+// Version     : 6.7.1
 // Begin       : 2002-08-03
 // Last Update : 2024-03-18
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
@@ -128,7 +128,7 @@
  * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
  * @package com.tecnick.tcpdf
  * @brief PHP class for generating PDF documents without requiring external extensions.
- * @version 6.7.0
+ * @version 6.7.1
  * @author Nicola Asuni - info@tecnick.com
  * @IgnoreAnnotation("protected")
  * @IgnoreAnnotation("public")
@@ -17240,7 +17240,7 @@ protected function allowedTCPDFtag($method) {
 		if (!defined('K_ALLOWED_TCPDF_TAGS') || empty(K_ALLOWED_TCPDF_TAGS)) {
 			return false;
 		}
-		return in_array($method, K_ALLOWED_TCPDF_TAGS, true);
+		return str_contains(K_ALLOWED_TCPDF_TAGS, '|'.$method.'|');
 	}
 
 	/**

diff --git a/tcpdf_autoconfig.php b/tcpdf_autoconfig.php
@@ -229,7 +229,7 @@
 }
 
 if (!defined('K_ALLOWED_TCPDF_TAGS')) {
-	define('K_ALLOWED_TCPDF_TAGS', array());
+	define('K_ALLOWED_TCPDF_TAGS', '');
 }
 
 if (!defined('K_TCPDF_THROW_EXCEPTION_ERROR')) {