Please fix

Hi there,

We’re using original TCPDF library in Tickera and the code could be compared here https://sourceforge.net/projects/tcpdf/files/

What the VaultPress scanner actually spotted are things like these bellow and you can see the decoded results here for instance http://ddecode.com/hexdecoder/?results=bcace881138d3437ef89d9b932d53c8b

As you can see, result of this particular one is “Powered by TCPDF (www.tcpdf.org)” which is certainly not a malicious code 😉

tcpdf_static.php:
/**
* Encryption padding string.
* @public static
*/
public static $enc_padding = “\x28\xBF\x4E\x5E\x4E\x75\x8A\x41\x64\x00\x4E\x56\xFF\xFA\x01\x08\x2E\x2E\x00\xB6\xD0\x68\x3E\x80\x2F\x0C\xA9\xFE\x64\x53\x69\x7A”;

tcpdf.php:

public function Close() {
…
$msg = “\x50\x6f\x77\x65\x72\x65\x64\x20\x62\x79\x20\x54\x43\x50\x44\x46\x20\x28\x77\x77\x77\x2e\x74\x63\x70\x64\x66\x2e\x6f\x72\x67\x29”;
…

}
tcpdf_parser.php:

/**
* Decode the Cross-Reference section
* @param $startxref (int) Offset at which the xref section starts (position of the ‘xref’ keyword).
* @param $xref (array) Previous xref array (if any).
* @return Array containing xref and trailer data.
* @protected
* @since 1.0.000 (2011-06-20)
*/
protected function decodeXref( $startxref, $xref = array() ) {
$startxref += 4; // 4 is the lenght of the word ‘xref’
// skip initial white space chars: \x00 null (NUL), \x09 horizontal tab (HT), \x0A line feed (LF), \x0C form feed (FF), \x0D carriage return (CR), \x20 space (SP)
$offset = $startxref + strspn( $this->pdfdata, “\x00\x09\x0a\x0c\x0d\x20”, $startxref );
// initialize object number
$obj_num = 0;
// search for cross-reference entries or subsection
….

I hope it helps. Please consider changing a rating to 5 stars.

Thanks a lot!

Marko,
Tickera Team