From 5e06eeaa8a374957ee197b23b34811c3d194b02b Mon Sep 17 00:00:00 2001
From: Cody Finegan <cody.finegan@totara.com>
Date: Thu, 28 Mar 2024 09:01:10 +1300
Subject: [PATCH] Patching security fix for dompdf resolving internal urls

---
 src/Helpers.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Helpers.php b/src/Helpers.php
index 8804f32ec..21e652cf9 100644
--- a/src/Helpers.php
+++ b/src/Helpers.php
@@ -899,7 +899,11 @@ public static function getFileContent($uri, $context = null, $offset = 0, $maxle
         // Totara: this must be safe, so allow built-in dompdf resources and pluginfile images only!
         global $CFG;
         $resourcepath = DIRECTORY_SEPARATOR.'dompdf'.DIRECTORY_SEPARATOR.'dompdf'.DIRECTORY_SEPARATOR.'lib'.DIRECTORY_SEPARATOR.'res'.DIRECTORY_SEPARATOR;
-        if (is_file($uri) && strpos(realpath($uri), $resourcepath) !== false) {
+
+        // Totara: dompdf prefixes internal files with file:// which breaks with realpath
+        $realpath = strpos($uri, 'file://') === 0 ? substr($uri, 7) : $uri;
+
+        if (is_file($uri) && strpos(realpath($realpath), $resourcepath) !== false) {
             $data = file_get_contents($uri);
             if ($offset > 0) {
                 $data = substr($data, $offset);