fix XSS vulnerabilities in examples

Author: spipu

CHANGELOG.md

@@ -2,9 +2,13 @@
 
 All notable changes to this project will be documented in this file.
 
+## [5.2.8](https://github.com/spipu/html2pdf/compare/v5.2.7...v5.2.8) - 2023-07-18
+
+  * fix XSS vulnerabilities in examples `example9.php` and `forms.php` - thanks to Michał Majchrowicz, Livio Victoriano and Zbigniew Piotrak  from [AFINE  Team](https://www.afine.pl/)
+
 ## [5.2.7](https://github.com/spipu/html2pdf/compare/v5.2.6...v5.2.7) - 2023-02-02
 
-* fix phunit compatibility
+  * fix phunit compatibility
 
 ## [5.2.6](https://github.com/spipu/html2pdf/compare/v5.2.5...v5.2.6) - 2023-01-28
 

examples/example09.php

@@ -15,23 +15,18 @@
 use Spipu\Html2Pdf\Exception\Html2PdfException;
 use Spipu\Html2Pdf\Exception\ExceptionFormatter;
 
-if (isset($_SERVER['REQUEST_URI'])) {
-    $generate = isset($_GET['make_pdf']);
-    $nom = isset($_GET['nom']) ? $_GET['nom'] : 'inconnu';
-    $url = dirname($_SERVER['REQUEST_URI']);
-    if (substr($url, 0, 7)!=='http://') {
-        $url = 'http://'.$_SERVER['HTTP_HOST'].$url;
-    }
-} else {
+$name = 'spipu';
+$generate = false;
+
+if (isset($_GET['nom'])) {
+    $generate = true;
+    $name = $_GET['nom'];
+    $name = preg_replace('/[^a-zA-Z0-9]/isU', '', $name);
+    $name = substr($name, 0, 26);
+} else if (!isset($_SERVER['REQUEST_URI'])) {
     $generate = true;
-    $nom = 'spipu';
-    $url = 'http://localhost/html2pdf/examples/';
 }
 
-$nom = substr(preg_replace('/[^a-zA-Z0-9]/isU', '', $nom), 0, 26);
-$url.= '/res/example09.png.php?px=5&py=20';
-
-
 if ($generate) {
     ob_start();
 } else {
@@ -49,13 +44,13 @@
 <br>
 Ceci est un exemple de génération de PDF via un bouton :)<br>
 <br>
-<img src="<?php echo $url; ?>" alt="image_php" ><br>
+<img src="http://html2pdf-dev.lxd/res/example09.png.php?px=5&amp;py=20" alt="image_php" ><br>
 <br>
 <?php
 if ($generate) {
 ?>
-Bonjour <b><?php echo $nom; ?></b>, ton nom peut s'écrire : <br>
-<barcode type="C39" value="<?php echo strtoupper($nom); ?>" style="color: #770000" ></barcode><hr>
+Bonjour <b><?php echo $name; ?></b>, ton nom peut s'écrire : <br>
+<barcode type="C39" value="<?php echo strtoupper($name); ?>" style="color: #770000" ></barcode><hr>
 <br>
 <?php
 }

examples/forms.php

@@ -15,14 +15,6 @@
 use Spipu\Html2Pdf\Exception\Html2PdfException;
 use Spipu\Html2Pdf\Exception\ExceptionFormatter;
 
-// for display the post information
-if (isset($_POST['test'])) {
-    echo '<pre>';
-    echo htmlentities(print_r($_POST, true));
-    echo '</pre>';
-    exit;
-}
-
 try {
     ob_start();
     require dirname(__FILE__).'/res/forms.php';

examples/res/forms.php

@@ -1,18 +1,3 @@
-<?php
-
-if (isset($_SERVER['REQUEST_URI'])) {
-    $url = $_SERVER['REQUEST_URI'];
-    if (substr($url, 0, 7)!=='http://') {
-        $url = 'http://'.$_SERVER['HTTP_HOST'];
-        if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT']!=80) {
-            $url.= ':'.$_SERVER['SERVER_PORT'];
-        }
-        $url.= $_SERVER['REQUEST_URI'];
-    }
-} else {
-    $url = 'http://localhost/html2pdf/examples/forms.php';
-}
-?>
 <style type="text/css">
 li
 { font-size: 10pt; }
@@ -29,7 +14,7 @@
 <page footer="form,date,time">
     <h1>Test de formulaire</h1><br>
     <br>
-    <form action="<?php echo $url; ?>">
+    <form>
         <input type="hidden" name="test" value="1">
         Vous utilisez cette librairie dans le cadre :
         <ul style="list-style: none">
@@ -66,6 +51,5 @@
         <br>
         <input type="reset" name="btn_reset" value="Initialiser">
         <input type="button" name="btn_print" value="Imprimer" onclick="print(true);">
-        <input type="submit" name="btn_submit" value="Envoyer">
     </form>
 </page>

src/Html2Pdf.php

@@ -247,7 +247,7 @@ public function getVersionAsArray()
         return array(
             'major'     => 5,
             'minor'     => 2,
-            'revision'  => 7
+            'revision'  => 8
         );
     }