diff --git a/include/class.pdf.php b/include/class.pdf.php index 5e0b76371a55886d90e1353c886064fcff931c42..14c7b20c97c0dd948a7f87f2a8a472c8daa92b5e 100644 --- a/include/class.pdf.php +++ b/include/class.pdf.php @@ -19,6 +19,9 @@ define('THIS_DIR', str_replace('\\', '/', Misc::realpath(dirname(__FILE__))) . ' require_once(INCLUDE_DIR.'mpdf/vendor/autoload.php'); +// unregister phar stream to mitigate vulnerability in mpdf library +@stream_wrapper_unregister('phar'); + class mPDFWithLocalImages extends Mpdf { function WriteHtml($html, $sub = 0, $init = true, $close = true) { static $filenumber = 1; diff --git a/include/mpdf/vendor/mpdf/mpdf/src/CssManager.php b/include/mpdf/vendor/mpdf/mpdf/src/CssManager.php index eabda53c3c74f1d385a3dd5782dca78131c8812b..a78362033d43265112577b87e9239d69d61895ef 100644 --- a/include/mpdf/vendor/mpdf/mpdf/src/CssManager.php +++ b/include/mpdf/vendor/mpdf/mpdf/src/CssManager.php @@ -2224,6 +2224,17 @@ class CssManager $path = preg_replace('/\.css\?.*$/', '.css', $path); } + /*** Start osTicket Security Patch ***/ + + // Make sure only schemes allowed are http & https - this is to + // neutralize phar:// attack + $scheme = parse_url($path, PHP_URL_SCHEME); + if ($scheme && !in_array(strtolower($scheme), ['http', 'https'])) + return ''; + + /*** End osTicket Security Patch ***/ + + $contents = @file_get_contents($path); if ($contents) {