From 6532708ed2bf56eee9e6df36227d3f5cb2426f8c Mon Sep 17 00:00:00 2001
From: Brendan Heywood <brendan@catalyst-au.net>
Date: Fri, 29 Jan 2021 12:33:17 +1100
Subject: [PATCH] MDL-70735 tcpdf: Reduce information disclosure from TCPDF

---
 lib/tcpdf/include/tcpdf_static.php |  2 +-
 lib/tcpdf/readme_moodle.txt        |  6 ++++
 lib/tests/pdflib_test.php          | 45 ++++++++++++++++++++++++++++++
 3 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 lib/tests/pdflib_test.php

diff --git a/lib/tcpdf/include/tcpdf_static.php b/lib/tcpdf/include/tcpdf_static.php
index 0139dbe9bea73..6d7897cf6a81b 100644
--- a/lib/tcpdf/include/tcpdf_static.php
+++ b/lib/tcpdf/include/tcpdf_static.php
@@ -125,7 +125,7 @@ public static function getTCPDFVersion() {
 	 * @public static
 	 */
 	public static function getTCPDFProducer() {
-		return "\x54\x43\x50\x44\x46\x20".self::getTCPDFVersion()."\x20\x28\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x63\x70\x64\x66\x2e\x6f\x72\x67\x29";
+		return "\x54\x43\x50\x44\x46\x20\x28\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x63\x70\x64\x66\x2e\x6f\x72\x67\x29";
 	}
 
 	/**
diff --git a/lib/tcpdf/readme_moodle.txt b/lib/tcpdf/readme_moodle.txt
index c7d88e9ac5158..3b22ec9231c2c 100644
--- a/lib/tcpdf/readme_moodle.txt
+++ b/lib/tcpdf/readme_moodle.txt
@@ -5,12 +5,18 @@ Description of TCPDF library import 6.3.5
 * remove tcpdf_import.php from composer.json
 * remove all fonts that were not already present
 * visit http://127.0.0.1/lib/tests/other/pdflibtestpage.php and view the pdf
+* modify getTCPDFProducer lib/tcpdf/include/tcpdf_static.php to remove the version number
 
 Important
 ---------
 A new version of the libray is being developed @ https://github.com/tecnickcom/tc-lib-pdf . Check periodically when it's ready
 and if it's a drop-in replacement for the legacy tcpdf one.
 
+2021/02/11
+----------
+Reduce PDF metadata disclosure (MDL-70735)
+by Brendan Heywood <brendan@catalyst-au.net>
+
 2020/12/15
 ----------
 Upgrade to tcpdf TCPDF 6.3.5 (MDL-70294)
diff --git a/lib/tests/pdflib_test.php b/lib/tests/pdflib_test.php
new file mode 100644
index 0000000000000..e9a68f8a3e3f4
--- /dev/null
+++ b/lib/tests/pdflib_test.php
@@ -0,0 +1,45 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Tests for PDFlib
+ *
+ * @package    core
+ * @copyright  2021 Brendan Heywood (brendan@catalyst-au.net)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Tests for PDFlib
+ *
+ * @package    core
+ * @copyright  2021 Brendan Heywood (brendan@catalyst-au.net)
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class core_pdflib_testcase extends advanced_testcase {
+
+    public function test_gettcpdf_producer() {
+        global $CFG;
+        require_once($CFG->libdir.'/pdflib.php');
+
+        // This is to reduce the information disclosure in PDF metadata.
+        // If we upgrade TCPDF keep it just the major version.
+        $producer = TCPDF_STATIC::getTCPDFProducer();
+        $this->assertEquals('TCPDF (http://www.tcpdf.org)', $producer);
+    }
+}