missing Documentation on K_ALLOWED_TCPDF_TAGS

[THenkeDE]

With the breaking change of 6.7.4 (2024-03-24) the K_ALLOWED_TCPDF_TAGS definition has beein added, too and changelog is saying:

New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.

Well, even the example_049.php beeing referenced in the changelog is not making use of this and the Tag is not working in any way because the default does not allow any method:

if (!defined('K_ALLOWED_TCPDF_TAGS')) {
	define('K_ALLOWED_TCPDF_TAGS', '');
}

Maybe it is just me but have you checked the example prior publishing? This hard to find "bug" gave me headaches ...

[d-javu]

The alternative configuration file offer this:

TCPDF/examples/config/tcpdf_config_alt.php

Lines 215 to 221 in 82fc97b

	/**
	* List of TCPDF methods that are allowed to be called using HTML syntax.
	* Note: each method name must end with surrounded with | (pipe) character.
	* The constant K_TCPDF_CALLS_IN_HTML must be set to true.
	* IMPORTANT: For security reason, disable this feature if you are allowing user HTML content.
	*/
	define('K_ALLOWED_TCPDF_TAGS', '|AddPage|Rect|SetDrawColor|write1DBarcode|');

[THenkeDE]

well yes, i should have mentioned that i looked it up, too.

But i still think that an example that shows how a "BREAKING CHANGE" should be used should not rely on a slightly "hidden" configuration override.

A note inside the example with a reference to the tcpdf_config_alt.php configline would've done the job.

Configurations of such a major change should not be hidden under the radar like this.

Anyhow, thanks for reply and reminding myself of beeing a little more into detail.