Merge pull request #505 from AOEpeople/bugfix/#265201-security-issues

Bugfix/#265201 security issues
AOEpeople · Aug 13, 2024 · edba528 · edba528
2 parents 272c1d7 + f03f27c
commit edba528
Show file tree

Hide file tree

Showing 9 changed files with 470 additions and 616 deletions.
diff --git a/composer.json b/composer.json
@@ -30,7 +30,6 @@
     "psr/container": "^1.0",
     "psr/link": "^1.0",
     "psr/log": "^1|^2",
-    "qipsius/tcpdf-bundle": "^2.0",
     "stof/doctrine-extensions-bundle": "^1.6",
     "symfony/asset": "^6.4",
     "symfony/config": "^6.4",

diff --git a/composer.lock b/composer.lock
diff --git a/config/bundles.php b/config/bundles.php
@@ -12,7 +12,6 @@
     App\Mealz\MealBundle\MealzMealBundle::class => ['all' => true],
     App\Mealz\UserBundle\MealzUserBundle::class => ['all' => true],
     App\Mealz\AccountingBundle\MealzAccountingBundle::class => ['all' => true],
-    Qipsius\TCPDFBundle\QipsiusTCPDFBundle::class => ['all' => true],
     Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
     Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
     Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true, 'staging' => true],

diff --git a/config/services.yaml b/config/services.yaml
@@ -224,8 +224,6 @@ services:
       <<: *mm_service_args
       $webhookURL: '%app.notifier.mattermost.weekly_menu.webhook_url%'
 
-  Qipsius\TCPDFBundle\Controller\TCPDFController: '@qipsius.tcpdf'
-
   App\Mealz\MealBundle\Service\CombinedMealService:
     arguments:
       $combinedPrice: '%mealz.meal.combined.price%'

diff --git a/src/Mealz/AccountingBundle/Controller/AccountingBookController.php b/src/Mealz/AccountingBundle/Controller/AccountingBookController.php
@@ -8,12 +8,9 @@
 use App\Mealz\MealBundle\Controller\BaseController;
 use DateTime;
 use Exception;
-use Qipsius\TCPDFBundle\Controller\TCPDFController;
-use ReflectionException;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Http\Attribute\IsGranted;
-use Symfony\Contracts\Translation\TranslatorInterface;
 
 #[IsGranted('ROLE_KITCHEN_STAFF')]
 class AccountingBookController extends BaseController
@@ -97,61 +94,4 @@ public function listAllTransactions(?string $dateRange, TransactionRepositoryInt
 
         return new JsonResponse($response, Response::HTTP_OK);
     }
-
-    /**
-     * Export transaction table as PDF for finance staff.
-     *
-     * @throws ReflectionException
-     * @throws Exception
-     */
-    public function exportPDF(
-        ?string $dateRange,
-        TCPDFController $pdfGen,
-        TransactionRepositoryInterface $transactionRepo,
-        TranslatorInterface $translator
-    ): Response {
-        // Get date range set with date range picker by user
-        $dateRange = str_replace('-', '/', $dateRange);
-        $dateRangeArray = explode('&', $dateRange);
-        $minDate = new DateTime($dateRangeArray[0]);
-        $maxDate = new DateTime($dateRangeArray[1]);
-
-        $heading = $minDate->format('d.m.') . ' - ' . $maxDate->format('d.m.Y');
-        $transactions = $transactionRepo->findAllTransactionsInDateRange($minDate, $maxDate);
-
-        // Create PDF file
-        $pdf = $pdfGen->create(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
-        $pdf->setHeaderData('', 0, '', '', [0, 0, 0], [255, 255, 255]);
-        $pdf->setPrintHeader(false);
-        $pdf->setPrintFooter(false);
-        $pdf->AddPage();
-
-        $filename = $translator->trans('payment.transaction_history.finances.pdf') . '-' . $minDate->format('d.m.Y') . '-' . $maxDate->format('d.m.Y');
-        $pdf->SetTitle($filename);
-
-        $cssFile = file_get_contents(__DIR__ . '/../Resources/css/transaction-export.css');
-
-        $includeCSS = '<style>' . $cssFile . '</style>';
-
-        $html = $this->renderView('MealzAccountingBundle:Accounting/Finance:print_finances.html.twig', [
-            'headingFirst' => null,
-            'heading' => $heading,
-            'transactionsFirst' => null,
-            'transactions' => $transactions,
-            'minDate' => $minDate->format('m/d/Y'),
-            'maxDate' => $maxDate->format('m/d/Y'),
-        ]);
-
-        $pdf->writeHTML($includeCSS . $html);
-
-        $content = $pdf->Output($filename . '.pdf', 'S');
-        $now = gmdate('D, d M Y H:i:s') . ' GMT';
-
-        return new Response($content, Response::HTTP_OK, [
-            'Content-Type' => 'application/pdf',
-            'Expires' => $now,
-            'Last-Modified' => $now,
-            'Content-Disposition' => 'inline; filename="' . basename($filename) . '"',
-        ]);
-    }
 }
diff --git a/src/Mealz/AccountingBundle/Resources/config/routing.yml b/src/Mealz/AccountingBundle/Resources/config/routing.yml
@@ -16,10 +16,6 @@ mealz_accounting_accounting_book_finance:
     path: /api/accounting/book/finance/list/{dateRange}
     defaults: { _controller: App\Mealz\AccountingBundle\Controller\AccountingBookController::listAllTransactions, dateRange: null }
 
-mealz_accounting_accounting_book_finance_export:
-    path: /api/accounting/book/finance/export/{dateRange}
-    defaults: { _controller: App\Mealz\AccountingBundle\Controller\AccountingBookController::exportPDF, dateRange: null }
-
 mealz_accounting_api_costs:
     path: /api/costs
     defaults: { _controller: App\Mealz\AccountingBundle\Controller\CostSheetController::list }

diff --git a/src/Mealz/AccountingBundle/Resources/css/transaction-export.css b/src/Mealz/AccountingBundle/Resources/css/transaction-export.css
diff --git a/symfony.lock b/symfony.lock
@@ -218,9 +218,6 @@
     "psr/log": {
         "version": "1.1.4"
     },
-    "qipsius/tcpdf-bundle": {
-        "version": "2.0.2"
-    },
     "sebastian/cli-parser": {
         "version": "1.0.1"
     },
@@ -573,9 +570,6 @@
     "symfony/yaml": {
         "version": "v5.3.6"
     },
-    "tecnickcom/tcpdf": {
-        "version": "6.2.26"
-    },
     "twig/twig": {
         "version": "v1.44.4"
     },