From: Tim Otten <totten@civicrm.org>
Date: Sat, 21 May 2016 03:58:26 +0000 (-0700)
Subject: CRM-16898 - Replace debug code in html5lib
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=7c41f184adddeed484f3fee579e355d1a00f0dd9;p=civicrm-core.git

CRM-16898 - Replace debug code in html5lib
---

diff --git a/tools/scripts/composer/dompdf-cleanup.sh b/tools/scripts/composer/dompdf-cleanup.sh
index bc2b2050bc..9ee2e377e2 100755
--- a/tools/scripts/composer/dompdf-cleanup.sh
+++ b/tools/scripts/composer/dompdf-cleanup.sh
@@ -109,6 +109,12 @@ Download the latest version and copy the font files from the lib/fonts directori
 EOREADME
 }
 
+## usage: simple_replace <filename> <old-string> <new-string>
+## This is a bit like 'sed -i', but dumber and more cross-platform.
+function simple_replace() {
+  php -r 'file_put_contents($argv[1], str_replace($argv[2], $argv[3], file_get_contents($argv[1])));' "$@"
+}
+
 ##############################################################################
 ## Remove example/CLI scripts. They're not needed and increase the attack-surface.
 safe_delete vendor/dompdf/dompdf/dompdf.php
@@ -120,3 +126,6 @@ safe_delete vendor/phenx/php-font-lib/www
 safe_delete vendor/dompdf/dompdf/lib/fonts/DejaVu*
 make_font_cache > vendor/dompdf/dompdf/lib/fonts/dompdf_font_family_cache.dist.php
 make_font_readme > vendor/dompdf/dompdf/lib/fonts/README.DejaVuFonts.txt
+
+# Remove debug_print_backtrace(), which can leak system details. Put backtrace in log.
+simple_replace vendor/dompdf/dompdf/lib/html5lib/TreeBuilder.php 'debug_print_backtrace();' 'CRM_Core_Error::backtrace("backTrace", TRUE);'