Closed verybigelephants closed 6 months ago
This is just a Dompdf wrapper! I understand that this package is just a Laravel wrapper for https://github.com/dompdf/dompdf Any issues with PDF rendering, CSS that is not applied correctly, aligning/fonts/characters/images/html etc that are not directly related to this package, should be reported there. When having doubts, please try to reproduce the issue with just dompdf. If it's also present there, do not open an issue here please.
oh damn i thought dompf is rendering engine and this is a wrapper functionality, my bad
This is just a Dompdf wrapper! I understand that this package is just a Laravel wrapper for https://github.com/dompdf/dompdf Any issues with PDF rendering, CSS that is not applied correctly, aligning/fonts/characters etc that are not directly related to this package, should be reported there. When having doubts, please try to reproduce the issue with just dompdf. If it's also present there, do not open an issue here please.
Describe the bug
dompdf/src/Img/Cache.php
methodresolve_url
tries to validate paths. however, it usesdompdf/src/Helpers.php
'sbuild_url
method and on line 115 there is this nasty bug$filepath = realpath($ret);
where realpath will unwrap any symlink into actual full path, (like when you symlink a mounted extra disk space from/mnt/
to hold all of your images for example)then, the
resolve_url
continues to check the rules inand then of course it's throwing an error message, saying
The file could not be found under the paths specified by Options::chroot.
because the unwrapped symlink may be outside of the website's allowed directory, even though it is fully valid path accessible by the rest of the appliationTo Reproduce Steps to reproduce the behavior:
<img src="/home/www/somedomain.com/public/media/id/something.jpg"/>
where/home/www/somedomain.com/public/media
is a symlink to a directory outside/home/www/somedomain.com/
Expected behavior not unwrapping the symlink into real path, thus failing the rule for allowed directories