Incorrect file handling for symlinked paths

[verybigelephants]

This is just a Dompdf wrapper! I understand that this package is just a Laravel wrapper for https://github.com/dompdf/dompdf Any issues with PDF rendering, CSS that is not applied correctly, aligning/fonts/characters etc that are not directly related to this package, should be reported there. When having doubts, please try to reproduce the issue with just dompdf. If it's also present there, do not open an issue here please.

Describe the bug dompdf/src/Img/Cache.php method resolve_url tries to validate paths. however, it uses dompdf/src/Helpers.php's build_url method and on line 115 there is this nasty bug $filepath = realpath($ret); where realpath will unwrap any symlink into actual full path, (like when you symlink a mounted extra disk space from /mnt/ to hold all of your images for example)

then, the resolve_url continues to check the rules in

                foreach ($allowed_protocols[$protocol]["rules"] as $rule) {
                    [$result, $message] = $rule($full_url);
                    if (!$result) {
                        throw new ImageException("Error loading $url: $message", E_WARNING);
                    }
                }

and then of course it's throwing an error message, saying The file could not be found under the paths specified by Options::chroot. because the unwrapped symlink may be outside of the website's allowed directory, even though it is fully valid path accessible by the rest of the appliation

To Reproduce Steps to reproduce the behavior:

• Laravel and package version "barryvdh/laravel-dompdf": "^2.0",
• Input HTML/CSS "trying to render any image behind a symlink" like <img src="/home/www/somedomain.com/public/media/id/something.jpg"/> where /home/www/somedomain.com/public/media is a symlink to a directory outside /home/www/somedomain.com/

Expected behavior not unwrapping the symlink into real path, thus failing the rule for allowed directories

[parallels999]

https://github.com/barryvdh/laravel-dompdf/blob/424a223ce80e7afc8bfb6e84449679efe272fbb5/.github/ISSUE_TEMPLATE/bug_report.md?plain=1#L10-L12

This is just a Dompdf wrapper! I understand that this package is just a Laravel wrapper for https://github.com/dompdf/dompdf Any issues with PDF rendering, CSS that is not applied correctly, aligning/fonts/characters/images/html etc that are not directly related to this package, should be reported there. When having doubts, please try to reproduce the issue with just dompdf. If it's also present there, do not open an issue here please.

[verybigelephants]

oh damn i thought dompf is rendering engine and this is a wrapper functionality, my bad

[verybigelephants]