From 0be4f2532340763f4da832154634cc63b7413ba2 Mon Sep 17 00:00:00 2001
From: Chris Burgess <chris@giantrobot.co.nz>
Date: Fri, 26 Feb 2016 03:20:41 +1300
Subject: [PATCH 1/6] CRM-18098. Move TCPDF from packages to composer.

---
 composer.json                           |  1 +
 tools/scripts/composer/tcpdf-cleanup.sh | 49 +++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100755 tools/scripts/composer/tcpdf-cleanup.sh

diff --git a/composer.json b/composer.json
index 313fb9837e12..b88df54fe6df 100644
--- a/composer.json
+++ b/composer.json
@@ -13,6 +13,7 @@
     "symfony/process": "2.3.*",
     "psr/log": "1.0.0",
     "symfony/finder": "2.3.*",
+    "tecnickcom/tcpdf" : "6.2.*",
     "totten/ca-config": "~13.02",
     "civicrm/civicrm-cxn-rpc": "~0.15.12.04"
   },
diff --git a/tools/scripts/composer/tcpdf-cleanup.sh b/tools/scripts/composer/tcpdf-cleanup.sh
new file mode 100755
index 000000000000..69629f35dc8d
--- /dev/null
+++ b/tools/scripts/composer/tcpdf-cleanup.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+## Cleanup the vendor tree. The main issue here is that civi Civi is
+## deployed as a module inside a CMS, so all its source-code gets published.
+## Some libraries distribute admin tools and sample files which should not
+## be published.
+##
+## This script should be idempotent -- if you rerun it several times, it
+## should always produce the same post-condition.
+
+##############################################################################
+## usage: safe_delete <relpath...>
+function safe_delete() {
+  for file in "$@" ; do
+    if [ -z "$file" ]; then
+      echo "Skip: empty file name"
+    elif [ -e "$file" ]; then
+      rm -rf "$file"
+    fi
+  done
+}
+
+##############################################################################
+## Remove example/CLI scripts. They're not needed and increase the attack-surface.
+safe_delete vendor/tecnickcom/tcpdf/examples
+safe_delete vendor/tecnickcom/tcpdf/tools
+
+## Remove all fonts not included before CRM-18098.
+safe_delete vendor/tecnickcom/tcpdf/fonts/a*
+safe_delete vendor/tecnickcom/tcpdf/fonts/ci*
+safe_delete vendor/tecnickcom/tcpdf/fonts/courierb*
+safe_delete vendor/tecnickcom/tcpdf/fonts/courieri*
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavu-fonts-ttf-2.33
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavusansb*
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavusansc*
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavusanse*
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavusansi*
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavusansm*
+safe_delete vendor/tecnickcom/tcpdf/fonts/dejavuserif*
+safe_delete vendor/tecnickcom/tcpdf/fonts/free*
+safe_delete vendor/tecnickcom/tcpdf/fonts/helveticab*
+safe_delete vendor/tecnickcom/tcpdf/fonts/helveticai*
+safe_delete vendor/tecnickcom/tcpdf/fonts/k*
+safe_delete vendor/tecnickcom/tcpdf/fonts/m*
+safe_delete vendor/tecnickcom/tcpdf/fonts/p*
+safe_delete vendor/tecnickcom/tcpdf/fonts/s*
+safe_delete vendor/tecnickcom/tcpdf/fonts/t*
+safe_delete vendor/tecnickcom/tcpdf/fonts/u*
+safe_delete vendor/tecnickcom/tcpdf/fonts/z*

From 6004b57faa293041f33bb86a4d2ed3044f6cfcdd Mon Sep 17 00:00:00 2001
From: Chris Burgess <chris@giantrobot.co.nz>
Date: Tue, 1 Mar 2016 10:02:37 +1300
Subject: [PATCH 2/6] CRM-18098. Call tcpdf-cleanup.sh from composer.

---
 composer.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/composer.json b/composer.json
index b88df54fe6df..7ebbc9e39564 100644
--- a/composer.json
+++ b/composer.json
@@ -19,10 +19,12 @@
   },
   "scripts": {
     "post-install-cmd": [
-      "bash tools/scripts/composer/dompdf-cleanup.sh"
+      "bash tools/scripts/composer/dompdf-cleanup.sh",
+      "bash tools/scripts/composer/tcpdf-cleanup.sh"
     ],
     "post-update-cmd": [
-      "bash tools/scripts/composer/dompdf-cleanup.sh"
+      "bash tools/scripts/composer/dompdf-cleanup.sh",
+      "bash tools/scripts/composer/tcpdf-cleanup.sh"
     ]
   }
 }

From 66b96e77a048f38680f8f05c9f521403db43967c Mon Sep 17 00:00:00 2001
From: Chris Burgess <chris@giantrobot.co.nz>
Date: Tue, 1 Mar 2016 11:22:04 +1300
Subject: [PATCH 3/6] CRM-18098. Update composer.lock

---
 composer.lock | 67 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 65 insertions(+), 2 deletions(-)

diff --git a/composer.lock b/composer.lock
index 4f93b8c0da38..070798ee6442 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "7e720146f800492f4e1dfa0c25d999cf",
-    "content-hash": "10a7a625018128aa86d2cc0023db8116",
+    "hash": "e4049717f3ff5f9f303ea41e24167cd7",
+    "content-hash": "24925810ee175da5ce6472dfa2b8f3bb",
     "packages": [
         {
             "name": "civicrm/civicrm-cxn-rpc",
@@ -465,6 +465,69 @@
             "homepage": "https://symfony.com",
             "time": "2015-05-01 14:06:45"
         },
+        {
+            "name": "tecnickcom/tcpdf",
+            "version": "6.2.12",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/tecnickcom/TCPDF.git",
+                "reference": "2f732eaa91b5665274689b1d40b285a7bacdc37f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/2f732eaa91b5665274689b1d40b285a7bacdc37f",
+                "reference": "2f732eaa91b5665274689b1d40b285a7bacdc37f",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "type": "library",
+            "autoload": {
+                "classmap": [
+                    "fonts",
+                    "config",
+                    "include",
+                    "tcpdf.php",
+                    "tcpdf_parser.php",
+                    "tcpdf_import.php",
+                    "tcpdf_barcodes_1d.php",
+                    "tcpdf_barcodes_2d.php",
+                    "include/tcpdf_colors.php",
+                    "include/tcpdf_filters.php",
+                    "include/tcpdf_font_data.php",
+                    "include/tcpdf_fonts.php",
+                    "include/tcpdf_images.php",
+                    "include/tcpdf_static.php",
+                    "include/barcodes/datamatrix.php",
+                    "include/barcodes/pdf417.php",
+                    "include/barcodes/qrcode.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "LGPLv3"
+            ],
+            "authors": [
+                {
+                    "name": "Nicola Asuni",
+                    "email": "info@tecnick.com",
+                    "homepage": "http://nicolaasuni.tecnick.com"
+                }
+            ],
+            "description": "TCPDF is a PHP class for generating PDF documents and barcodes.",
+            "homepage": "http://www.tcpdf.org/",
+            "keywords": [
+                "PDFD32000-2008",
+                "TCPDF",
+                "barcodes",
+                "datamatrix",
+                "pdf",
+                "pdf417",
+                "qrcode"
+            ],
+            "time": "2015-09-12 10:08:34"
+        },
         {
             "name": "totten/ca-config",
             "version": "v13.02.0",

From ef280e3c5a947cc399d9034be299743e66013d89 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Mon, 29 Feb 2016 17:54:13 -0800
Subject: [PATCH 4/6] CRM-18098 - TCPDF - Remove unnecessary require_once

With CRM-18098, we can use the autoloader.  And the require_once doesn't
work because the file is no longer in the include_path.
---
 CRM/Utils/PDF/Label.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/CRM/Utils/PDF/Label.php b/CRM/Utils/PDF/Label.php
index 38d97a4d422a..d77fe93c5772 100644
--- a/CRM/Utils/PDF/Label.php
+++ b/CRM/Utils/PDF/Label.php
@@ -34,8 +34,6 @@
  *
  */
 
-require_once 'tcpdf/tcpdf.php';
-
 /**
  * Class CRM_Utils_PDF_Label
  */

From f09f0e85579460fc75e41ac225b754b84baf9d00 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Mon, 29 Feb 2016 17:58:18 -0800
Subject: [PATCH 5/6] CRM-18098 - TCPDF - Re-include "Times New Roman"

It was present in `civicrm-packages`, and someone might miss it if we take it away.
---
 tools/scripts/composer/tcpdf-cleanup.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tools/scripts/composer/tcpdf-cleanup.sh b/tools/scripts/composer/tcpdf-cleanup.sh
index 69629f35dc8d..0ef06cab583d 100755
--- a/tools/scripts/composer/tcpdf-cleanup.sh
+++ b/tools/scripts/composer/tcpdf-cleanup.sh
@@ -44,6 +44,5 @@ safe_delete vendor/tecnickcom/tcpdf/fonts/k*
 safe_delete vendor/tecnickcom/tcpdf/fonts/m*
 safe_delete vendor/tecnickcom/tcpdf/fonts/p*
 safe_delete vendor/tecnickcom/tcpdf/fonts/s*
-safe_delete vendor/tecnickcom/tcpdf/fonts/t*
 safe_delete vendor/tecnickcom/tcpdf/fonts/u*
 safe_delete vendor/tecnickcom/tcpdf/fonts/z*

From 69b782545b66b66ce4974bf0fdec317d88e57050 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Mon, 29 Feb 2016 18:24:22 -0800
Subject: [PATCH 6/6] CRM-18098 - composer.json - Add tcpdf to include_path
 (remove me later)

This provides backward-compatibility with extensions that call
`require_once 'tcpdf/tcpdf.php'`.

This notation is deprecated, and we should remove tcpdf from the include-path in the future.
---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index 7ebbc9e39564..35e32382ee11 100644
--- a/composer.json
+++ b/composer.json
@@ -6,6 +6,7 @@
       "Civi\\": [".", "tests/phpunit/"]
     }
   },
+  "include-path": ["vendor/tecnickcom"],
   "require": {
     "dompdf/dompdf" : "0.6.*",
     "symfony/dependency-injection": "2.3.*",