From c6bd9a93a964cb0fc502ae017236fedae145ccb5 Mon Sep 17 00:00:00 2001
From: nicolaasuni <info@tecnick.com>
Date: Sun, 26 Jan 2025 13:37:38 +0000
Subject: [PATCH] Forbid access to parent folders in SVG images path.

---
 CHANGELOG.TXT            |  3 +++
 LICENSE.TXT              |  2 +-
 README.md                |  2 +-
 VERSION                  |  2 +-
 composer.json            |  2 +-
 include/tcpdf_fonts.php  |  2 +-
 include/tcpdf_static.php |  4 ++--
 tcpdf.php                | 12 ++++++++----
 8 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index a6485e3a..cec784c8 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -1,3 +1,6 @@
+6.8.1 (2025-01-26)
+	- Check relative paths on SVG images.
+
 6.8.0 (2024-12-23)
 	- Requires PHP 7.1+ and curl extension.
 	- Escape error message.
diff --git a/LICENSE.TXT b/LICENSE.TXT
index ec7968a7..4e446a12 100644
--- a/LICENSE.TXT
+++ b/LICENSE.TXT
@@ -7,7 +7,7 @@
   published by the Free Software Foundation, either version 3 of the
   License, or (at your option) any later version.
   
-  2002-2024 Nicola Asuni - Tecnick.com LTD
+  2002-2025 Nicola Asuni - Tecnick.com LTD
 
 **********************************************************************
 **********************************************************************
diff --git a/README.md b/README.md
index f59f6633..81f2ca6e 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
 
 * **category**    Library
 * **author**      Nicola Asuni <info@tecnick.com>
-* **copyright**   2002-2024 Nicola Asuni - Tecnick.com LTD
+* **copyright**   2002-2025 Nicola Asuni - Tecnick.com LTD
 * **license**     http://www.gnu.org/copyleft/lesser.html GNU-LGPL v3 (see LICENSE.TXT)
 * **link**        http://www.tcpdf.org
 * **source**      https://github.com/tecnickcom/TCPDF
diff --git a/VERSION b/VERSION
index e029aa99..5f6c0863 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.8.0
+6.8.1
diff --git a/composer.json b/composer.json
index b0db2889..47d211e8 100644
--- a/composer.json
+++ b/composer.json
@@ -12,7 +12,7 @@
         "barcodes"
     ],
     "homepage": "http://www.tcpdf.org/",
-    "version": "6.8.0",
+    "version": "6.8.1",
     "license": "LGPL-3.0-or-later",
     "authors": [
         {
diff --git a/include/tcpdf_fonts.php b/include/tcpdf_fonts.php
index 4973b285..fbe7009c 100644
--- a/include/tcpdf_fonts.php
+++ b/include/tcpdf_fonts.php
@@ -7,7 +7,7 @@
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
-// Copyright (C) 2008-2024 Nicola Asuni - Tecnick.com LTD
+// Copyright (C) 2008-2025 Nicola Asuni - Tecnick.com LTD
 //
 // This file is part of TCPDF software library.
 //
diff --git a/include/tcpdf_static.php b/include/tcpdf_static.php
index 2e18d9c7..bfd28e2b 100644
--- a/include/tcpdf_static.php
+++ b/include/tcpdf_static.php
@@ -7,7 +7,7 @@
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
-// Copyright (C) 2002-2024 Nicola Asuni - Tecnick.com LTD
+// Copyright (C) 2002-2025 Nicola Asuni - Tecnick.com LTD
 //
 // This file is part of TCPDF software library.
 //
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
 	 * Current TCPDF version.
 	 * @private static
 	 */
-	private static $tcpdf_version = '6.8.0';
+	private static $tcpdf_version = '6.8.1';
 
 	/**
 	 * String alias for total number of pages.
diff --git a/tcpdf.php b/tcpdf.php
index 7d967234..156dc37d 100644
--- a/tcpdf.php
+++ b/tcpdf.php
@@ -1,13 +1,13 @@
 <?php
 //============================================================+
 // File name   : tcpdf.php
-// Version     : 6.8.0
+// Version     : 6.8.1
 // Begin       : 2002-08-03
 // Last Update : 2024-12-23
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
 // License     : GNU-LGPL v3 (http://www.gnu.org/copyleft/lesser.html)
 // -------------------------------------------------------------------
-// Copyright (C) 2002-2024 Nicola Asuni - Tecnick.com LTD
+// Copyright (C) 2002-2025 Nicola Asuni - Tecnick.com LTD
 //
 // This file is part of TCPDF software library.
 //
@@ -104,7 +104,7 @@
  * Tools to encode your unicode fonts are on fonts/utils directory.</p>
  * @package com.tecnick.tcpdf
  * @author Nicola Asuni
- * @version 6.8.0
+ * @version 6.8.1
  */
 
 // TCPDF configuration
@@ -128,7 +128,7 @@
  * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
  * @package com.tecnick.tcpdf
  * @brief PHP class for generating PDF documents without requiring external extensions.
- * @version 6.8.0
+ * @version 6.8.1
  * @author Nicola Asuni - info@tecnick.com
  * @IgnoreAnnotation("protected")
  * @IgnoreAnnotation("public")
@@ -24467,6 +24467,10 @@ protected function startSVGElementHandler($parser, $name, $attribs, $ctm=array()
 						$img = '@'.base64_decode(substr($img, strlen($m[0])));
 					} else {
 						// fix image path
+						if (strpos($img, '../') !== false) {
+							// accessing parent folders is not allowed
+							break;
+						}
 						if (!TCPDF_STATIC::empty_string($this->svgdir) AND (($img[0] == '.') OR (basename($img) == $img))) {
 							// replace relative path with full server path
 							$img = $this->svgdir.'/'.$img;