From 5e6ce1e8447dc9d53ca7056b7bbb1476a02b7f5a Mon Sep 17 00:00:00 2001
From: nicolaasuni <info@tecnick.com>
Date: Mon, 18 Mar 2024 16:25:58 +0000
Subject: [PATCH] fix backward compatibility issue

---
 CHANGELOG.TXT                        |  2 +-
 VERSION                              |  2 +-
 composer.json                        |  2 +-
 config/tcpdf_config.php              |  8 ++++++++
 examples/config/tcpdf_config_alt.php | 10 +++-------
 include/tcpdf_static.php             |  2 +-
 tcpdf.php                            |  6 +++---
 tcpdf_autoconfig.php                 |  2 +-
 8 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index f03ce224..c01e3010 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -1,4 +1,4 @@
-6.7.0 (2024-03-18)
+6.7.1 (2024-03-18)
 	- Fix security issue.
 	- [BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
 	- New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
diff --git a/VERSION b/VERSION
index f0e13c50..06a76599 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.7.0
+6.7.1
diff --git a/composer.json b/composer.json
index 914c4453..0f71aad3 100644
--- a/composer.json
+++ b/composer.json
@@ -12,7 +12,7 @@
         "barcodes"
     ],
     "homepage": "http://www.tcpdf.org/",
-    "version": "6.7.0",
+    "version": "6.7.1",
     "license": "LGPL-3.0-or-later",
     "authors": [
         {
diff --git a/config/tcpdf_config.php b/config/tcpdf_config.php
index 92317b12..9888a677 100644
--- a/config/tcpdf_config.php
+++ b/config/tcpdf_config.php
@@ -212,6 +212,14 @@
  */
 define('K_TCPDF_CALLS_IN_HTML', false);
 
+/**
+ * List of TCPDF methods that are allowed to be called using HTML syntax.
+ * Note: each method name must end with surrounded with | (pipe) character.
+ * The constant K_TCPDF_CALLS_IN_HTML must be set to true.
+ * IMPORTANT: For security reason, disable this feature if you are allowing user HTML content.
+ */
+define('K_ALLOWED_TCPDF_TAGS', '');
+
 /**
  * If true and PHP version is greater than 5, then the Error() method throw new exception instead of terminating the execution.
  */
diff --git a/examples/config/tcpdf_config_alt.php b/examples/config/tcpdf_config_alt.php
index 65fd5760..ef15ab27 100644
--- a/examples/config/tcpdf_config_alt.php
+++ b/examples/config/tcpdf_config_alt.php
@@ -213,16 +213,12 @@
 define('K_TCPDF_CALLS_IN_HTML', true);
 
 /**
- * List the TCPDF methods that are allowed to be called using HTML syntax.
+ * List of TCPDF methods that are allowed to be called using HTML syntax.
+ * Note: each method name must end with surrounded with | (pipe) character.
  * The constant K_TCPDF_CALLS_IN_HTML must be set to true.
  * IMPORTANT: For security reason, disable this feature if you are allowing user HTML content.
  */
-define('K_ALLOWED_TCPDF_TAGS', array(
-    'AddPage',
-    'Rect',
-    'SetDrawColor',
-    'write1DBarcode',
-));
+define('K_ALLOWED_TCPDF_TAGS', '|AddPage|Rect|SetDrawColor|write1DBarcode|');
 
 /**
  * If true and PHP version is greater than 5, then the Error() method throw new exception instead of terminating the execution.
diff --git a/include/tcpdf_static.php b/include/tcpdf_static.php
index 5e79a649..e8756adc 100644
--- a/include/tcpdf_static.php
+++ b/include/tcpdf_static.php
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
 	 * Current TCPDF version.
 	 * @private static
 	 */
-	private static $tcpdf_version = '6.7.0';
+	private static $tcpdf_version = '6.7.1';
 
 	/**
 	 * String alias for total number of pages.
diff --git a/tcpdf.php b/tcpdf.php
index f192b6b6..bc20dfee 100644
--- a/tcpdf.php
+++ b/tcpdf.php
@@ -1,7 +1,7 @@
 <?php
 //============================================================+
 // File name   : tcpdf.php
-// Version     : 6.7.0
+// Version     : 6.7.1
 // Begin       : 2002-08-03
 // Last Update : 2024-03-18
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
@@ -128,7 +128,7 @@
  * TCPDF project (http://www.tcpdf.org) has been originally derived in 2002 from the Public Domain FPDF class by Olivier Plathey (http://www.fpdf.org), but now is almost entirely rewritten.<br>
  * @package com.tecnick.tcpdf
  * @brief PHP class for generating PDF documents without requiring external extensions.
- * @version 6.7.0
+ * @version 6.7.1
  * @author Nicola Asuni - info@tecnick.com
  * @IgnoreAnnotation("protected")
  * @IgnoreAnnotation("public")
@@ -17240,7 +17240,7 @@ protected function allowedTCPDFtag($method) {
 		if (!defined('K_ALLOWED_TCPDF_TAGS') || empty(K_ALLOWED_TCPDF_TAGS)) {
 			return false;
 		}
-		return in_array($method, K_ALLOWED_TCPDF_TAGS, true);
+		return str_contains(K_ALLOWED_TCPDF_TAGS, '|'.$method.'|');
 	}
 
 	/**
diff --git a/tcpdf_autoconfig.php b/tcpdf_autoconfig.php
index c813863d..2bcfccb8 100644
--- a/tcpdf_autoconfig.php
+++ b/tcpdf_autoconfig.php
@@ -229,7 +229,7 @@
 }
 
 if (!defined('K_ALLOWED_TCPDF_TAGS')) {
-	define('K_ALLOWED_TCPDF_TAGS', array());
+	define('K_ALLOWED_TCPDF_TAGS', '');
 }
 
 if (!defined('K_TCPDF_THROW_EXCEPTION_ERROR')) {