TL-29209 dompdf: security patch

totara · May 16, 2022 · ca92d26 · ca92d26
1 parent 5031045
commit ca92d26
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/Helpers.php b/src/Helpers.php
@@ -875,6 +875,20 @@ public static function imagecreatefrombmp($filename, $context = null)
      */
     public static function getFileContent($uri, $context = null, $offset = 0, $maxlen = null)
     {
+        // Totara: this must be safe, so allow built-in dompdf resources and pluginfile images only!
+        global $CFG;
+        $resourcepath = DIRECTORY_SEPARATOR.'dompdf'.DIRECTORY_SEPARATOR.'dompdf'.DIRECTORY_SEPARATOR.'lib'.DIRECTORY_SEPARATOR.'res'.DIRECTORY_SEPARATOR;
+        if (is_file($uri) && strpos(realpath($uri), $resourcepath) !== false) {
+            $data = file_get_contents($uri);
+            if ($offset > 0) {
+                $data = substr($data, $offset);
+            }
+            return array($data, array());
+        }
+        if (strpos($uri, $CFG->wwwroot.'/pluginfile.php') !== 0) {
+            return array(false, null);
+        }
+
         $content = null;
         $headers = null;
         [$protocol] = Helpers::explode_url($uri);