#!/bin/sh -x

set -e

test -f www/images/logo.png

tee test.svg <<'EOF'
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="200" height="200">
<image height="200" width="200" xlink:href="www/images/logo.png" />
</svg>
EOF

base64 -w0 test.svg > test.svg.base64

tee vuln.php.in <<'EOF'
<?php
error_reporting(E_ALL);
// Include autoloader
include_once( 'dompdf/dompdf_config.inc.php' );
$dompdf = new DOMPDF();

// Include vulnerable objects
include("phar-poc.php");

$dompdf->set_option('enable_remote', true);

// Load HTML content 
$dompdf->load_html('<!DOCTYPE html>
<html lang="fr">
<head>
<title>Page de Test HTML – dompdf, un outil puissant pour convertir de l’HTML vers PDF en PHP</title>
</head>

<body>
<p>
Cette page <em>HTML</em> va être convertie à l’aide de <em>dompdf</em> en <em>PDF</em>
</p>
<img src="data:image/svg+xml;base64,BASE64SVGPLACEHOLDER">
</body>
</html>');

 // Render the HTML as PDF 
$dompdf->render(); 
 
// Output the generated PDF to Browser 
$p=base64_encode($dompdf->output());
echo "$p";
?>
EOF
perl -pe 's/BASE64SVGPLACEHOLDER/`cat test.svg.base64`/ge' < vuln.php.in > vuln.php
cat vuln.php
php vuln.php


exit 0

