Update dependencies

Author: nicolaasuni

VERSION

@@ -1 +1 @@
-2.6.6
+2.6.7

composer.json

@@ -32,8 +32,8 @@
   "require-dev": {
     "pdepend/pdepend": "2.16.2",
     "phpmd/phpmd": "2.15.0",
-    "phpunit/phpunit": "12.0.1 || 11.5.7 || 10.5.40",
-    "squizlabs/php_codesniffer": "3.11.3"
+    "phpunit/phpunit": "12.1.3 || 11.5.7 || 10.5.40",
+    "squizlabs/php_codesniffer": "3.12.2"
   },
   "autoload": {
     "psr-4": {

resources/debian/control

@@ -10,6 +10,6 @@ Vcs-Git: https://github.com/~#VENDOR#~/~#PROJECT#~.git
 Package: ~#PKGNAME#~
 Provides: php-~#PROJECT#~
 Architecture: all
-Depends: php (>= 8.1.0), php-json, php-zip, php-tecnickcom-tc-lib-file (<< 3.0.0), php-tecnickcom-tc-lib-file (>= 2.1.3), php-tecnickcom-tc-lib-unicode-data (<< 3.0.0), php-tecnickcom-tc-lib-unicode-data (>= 2.0.19), php-tecnickcom-tc-lib-pdf-encrypt (<< 3.0.0), php-tecnickcom-tc-lib-pdf-encrypt (>= 2.1.11), php-tecnickcom-tc-lib-pdf-font-core (<< 2.0.0), php-tecnickcom-tc-lib-pdf-font-data-core (>= 1.8.7), ${misc:Depends}
+Depends: php (>= 8.1.0), php-json, php-zip, php-tecnickcom-tc-lib-file (<< 3.0.0), php-tecnickcom-tc-lib-file (>= 2.1.4), php-tecnickcom-tc-lib-unicode-data (<< 3.0.0), php-tecnickcom-tc-lib-unicode-data (>= 2.0.20), php-tecnickcom-tc-lib-pdf-encrypt (<< 3.0.0), php-tecnickcom-tc-lib-pdf-encrypt (>= 2.1.12), php-tecnickcom-tc-lib-pdf-font-core (<< 2.0.0), php-tecnickcom-tc-lib-pdf-font-data-core (>= 1.8.7), ${misc:Depends}
 Description: PHP PDF Fonts Library
  PHP library containing PDF font methods and utilities.

resources/rpm/rpm.spec

@@ -21,11 +21,11 @@ Requires:  php-json
 Requires:  php-pcre
 Requires:  php-zlib
 Requires:  php-composer(%{c_vendor}/tc-lib-file) < 3.0.0
-Requires:  php-composer(%{c_vendor}/tc-lib-file) >= 2.1.3
+Requires:  php-composer(%{c_vendor}/tc-lib-file) >= 2.1.4
 Requires:  php-composer(%{c_vendor}/tc-lib-unicode-data) < 3.0.0
-Requires:  php-composer(%{c_vendor}/tc-lib-unicode-data) >= 2.0.19
+Requires:  php-composer(%{c_vendor}/tc-lib-unicode-data) >= 2.0.20
 Requires:  php-composer(%{c_vendor}/tc-lib-pdf-encrypt) < 3.0.0
-Requires:  php-composer(%{c_vendor}/tc-lib-pdf-encrypt) >= 2.1.11
+Requires:  php-composer(%{c_vendor}/tc-lib-pdf-encrypt) >= 2.1.12
 Requires:  php-composer(%{c_vendor}/tc-lib-pdf-font-data-core) < 2.0.0
 Requires:  php-composer(%{c_vendor}/tc-lib-pdf-font-data-core) >= 1.8.7
 

src/Font.php

@@ -17,6 +17,7 @@
 namespace Com\Tecnick\Pdf\Font;
 
 use Com\Tecnick\Pdf\Font\Exception as FontException;
+use Com\Tecnick\File\File;
 
 /**
  * Com\Tecnick\Pdf\Font\Font
@@ -97,6 +98,10 @@ public function __construct(
             throw new FontException('empty font family name');
         }
 
+        if (FILE::hasDoubleDots($ifile) || FILE::hasForbiddenProtocol($ifile)) {
+            throw new FontException('Invalid font ifile: ' . $ifile);
+        }
+
         $this->data['ifile'] = $ifile;
         $this->data['family'] = $font;
         $this->data['unicode'] = $unicode;

src/Import.php

@@ -218,6 +218,10 @@ public function __construct(
         int $encoding_id = 1,
         bool $linked = false
     ) {
+        if (FILE::hasDoubleDots($file) || FILE::hasForbiddenProtocol($file)) {
+            throw new FontException('Invalid font file name: ' . $file);
+        }
+
         $this->fdt['input_file'] = $file;
         $this->fdt['file_name'] = $this->makeFontName($file);
         if (empty($this->fdt['file_name'])) {
@@ -450,7 +454,12 @@ protected function makeFontName(string $font_file): string
      */
     protected function findOutputPath(string $output_path = ''): string
     {
-        if ($output_path !== '' && is_writable($output_path)) {
+        if (
+            $output_path !== ''
+            && (strpos($output_path, '://') === false)
+            && !FILE::hasDoubleDots($output_path)
+            && is_writable($output_path)
+        ) {
             return $output_path;
         }
 

test/ImportTest.php

@@ -33,6 +33,18 @@
  */
 class ImportTest extends TestUtil
 {
+    public function testImportForbiddenProtocol(): void
+    {
+        $this->bcExpectException('\\' . \Com\Tecnick\Pdf\Font\Exception::class);
+        new \Com\Tecnick\Pdf\Font\Import('phar://test.txt');
+    }
+
+    public function testImportParentDir(): void
+    {
+        $this->bcExpectException('\\' . \Com\Tecnick\Pdf\Font\Exception::class);
+        new \Com\Tecnick\Pdf\Font\Import('/tmp/something/../test.txt');
+    }
+
     public function testImportEmptyName(): void
     {
         $this->bcExpectException('\\' . \Com\Tecnick\Pdf\Font\Exception::class);