diff --git a/shared/tcpdf/CHANGELOG.TXT b/shared/tcpdf/CHANGELOG.TXT
index 5277d01aa..6c2f132a9 100644
--- a/shared/tcpdf/CHANGELOG.TXT
+++ b/shared/tcpdf/CHANGELOG.TXT
@@ -1,5 +1,10 @@
-6.2.9 (2015-06-18)
-	- 
+6.2.11 (2015-08-02)
+	- Bug #1070 "PNG regression in 6.2.9 (they appear as their alpha channel)" was fixed.
+	- Bug #1069 "Encoded SRC URLs in <img> tags don't work anymore" was fixed.
+
+6.2.10 (2015-07-28)
+	- Minor mod to PNG parsing.
+	- Make dependency on mcrypt optional.
 
 6.2.8 (2015-04-29)
 	- Removed unwanted file.
diff --git a/shared/tcpdf/README.TXT b/shared/tcpdf/README.TXT
index b3a4a8bc5..19ec8c444 100644
--- a/shared/tcpdf/README.TXT
+++ b/shared/tcpdf/README.TXT
@@ -4,12 +4,13 @@ TCPDF - README
 I WISH TO IMPROVE AND EXPAND TCPDF BUT I NEED YOUR SUPPORT.
 PLEASE MAKE A DONATION:
 http://sourceforge.net/donate/index.php?group_id=128076
+or via PayPal at paypal@tecnick.com
 
 ------------------------------------------------------------
 
 Name: TCPDF
-Version: 6.2.9
-Release date: 2015-06-18
+Version: 6.2.11
+Release date: 2015-08-02
 Author:	Nicola Asuni
 
 Copyright (c) 2002-2015:
@@ -20,6 +21,7 @@ Copyright (c) 2002-2015:
 URLs:
 	http://www.tcpdf.org
 	http://www.sourceforge.net/projects/tcpdf
+	https://github.com/tecnickcom/TCPDF
 
 Description:
 	TCPDF is a PHP class for generating PDF files on-the-fly without requiring external extensions.
diff --git a/shared/tcpdf/include/tcpdf_images.php b/shared/tcpdf/include/tcpdf_images.php
index 40cbe9d62..c2e3c36f9 100644
--- a/shared/tcpdf/include/tcpdf_images.php
+++ b/shared/tcpdf/include/tcpdf_images.php
@@ -297,8 +297,8 @@ public static function _parsepng($file) {
 		$trns = '';
 		$data = '';
 		$icc = false;
+		$n = TCPDF_STATIC::_freadint($f);
 		do {
-			$n = TCPDF_STATIC::_freadint($f);
 			$type = fread($f, 4);
 			if ($type == 'PLTE') {
 				// read palette
@@ -346,6 +346,7 @@ public static function _parsepng($file) {
 			} else {
 				TCPDF_STATIC::rfread($f, $n + 4);
 			}
+			$n = TCPDF_STATIC::_freadint($f);
 		} while ($n);
 		if (($colspace == 'Indexed') AND (empty($pal))) {
 			// Missing palette
diff --git a/shared/tcpdf/include/tcpdf_static.php b/shared/tcpdf/include/tcpdf_static.php
index 4ab18b6c4..8c66abce1 100644
--- a/shared/tcpdf/include/tcpdf_static.php
+++ b/shared/tcpdf/include/tcpdf_static.php
@@ -55,7 +55,7 @@ class TCPDF_STATIC {
 	 * Current TCPDF version.
 	 * @private static
 	 */
-	private static $tcpdf_version = '6.2.9';
+	private static $tcpdf_version = '6.2.11';
 
 	/**
 	 * String alias for total number of pages.
@@ -1024,7 +1024,7 @@ public static function rfread($handle, $length) {
 			return false;
 		}
 		$rest = ($length - strlen($data));
-		if ($rest > 0) {
+		if (($rest > 0) && !feof($handle)) {
 			$data .= self::rfread($handle, $rest);
 		}
 		return $data;
@@ -1078,7 +1078,7 @@ public static function _md5_16($str) {
 
 	/**
 	 * Returns the input text exrypted using AES algorithm and the specified key.
-	 * This method requires mcrypt.
+	 * This method requires openssl or mcrypt. Text is padded to 16bytes blocks
 	 * @param $key (string) encryption key
 	 * @param $text (String) input text to be encrypted
 	 * @return String encrypted text
@@ -1090,12 +1090,38 @@ public static function _AES($key, $text) {
 		// padding (RFC 2898, PKCS #5: Password-Based Cryptography Specification Version 2.0)
 		$padding = 16 - (strlen($text) % 16);
 		$text .= str_repeat(chr($padding), $padding);
+		if (extension_loaded('openssl')) {
+			$iv = openssl_random_pseudo_bytes (openssl_cipher_iv_length('aes-256-cbc'));
+			$text = openssl_encrypt($text, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+			return $iv.substr($text, 0, -16);
+		}
 		$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
 		$text = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_CBC, $iv);
 		$text = $iv.$text;
 		return $text;
 	}
 
+	/**
+	 * Returns the input text exrypted using AES algorithm and the specified key.
+	 * This method requires openssl or mcrypt. Text is not padded
+	 * @param $key (string) encryption key
+	 * @param $text (String) input text to be encrypted
+	 * @return String encrypted text
+	 * @author Nicola Asuni
+	 * @since TODO
+	 * @public static
+	 */
+	public static function _AESnopad($key, $text) {
+		if (extension_loaded('openssl')) {
+			$iv = str_repeat("\x00", openssl_cipher_iv_length('aes-256-cbc'));
+			$text = openssl_encrypt($text, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+			return substr($text, 0, -16);
+		}
+		$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
+		$text = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_CBC, $iv);
+		return $text;
+	}
+
 	/**
 	 * Returns the input text encrypted using RC4 algorithm and the specified key.
 	 * RC4 is the standard encryption algorithm used in PDF format
@@ -2450,77 +2476,90 @@ public static function fopenLocal($filename, $mode) {
 	 * @public static
 	 */
 	public static function fileGetContents($file) {
-		//$file = html_entity_decode($file);
-		// array of possible alternative paths/URLs
 		$alt = array($file);
-		// replace URL relative path with full real server path
+		//
 		if ((strlen($file) > 1)
-			AND ($file[0] == '/')
-			AND ($file[1] != '/')
-			AND !empty($_SERVER['DOCUMENT_ROOT'])
-			AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
-			$findroot = strpos($file, $_SERVER['DOCUMENT_ROOT']);
-			if (($findroot === false) OR ($findroot > 1)) {
-				if (substr($_SERVER['DOCUMENT_ROOT'], -1) == '/') {
-					$tmp = substr($_SERVER['DOCUMENT_ROOT'], 0, -1).$file;
-				} else {
-					$tmp = $_SERVER['DOCUMENT_ROOT'].$file;
-				}
-				$alt[] = htmlspecialchars_decode(urldecode($tmp));
-			}
-		}
-		// URL mode
+		    && ($file[0] === '/')
+		    && ($file[1] !== '/')
+		    && !empty($_SERVER['DOCUMENT_ROOT'])
+		    && ($_SERVER['DOCUMENT_ROOT'] !== '/')
+		) {
+		    $findroot = strpos($file, $_SERVER['DOCUMENT_ROOT']);
+		    if (($findroot === false) || ($findroot > 1)) {
+			$alt[] = htmlspecialchars_decode(urldecode($_SERVER['DOCUMENT_ROOT'].$file));
+		    }
+		}
+		//
+		$protocol = 'http';
+		if (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+		    $protocol .= 's';
+		}
+		//
 		$url = $file;
-		// check for missing protocol
-		if (preg_match('%^/{2}%', $url)) {
-			if (preg_match('%^([^:]+:)//%i', K_PATH_URL, $match)) {
-				$url = $match[1].str_replace(' ', '%20', $url);
-				$alt[] = $url;
+		if (preg_match('%^//%', $url) && !empty($_SERVER['HTTP_HOST'])) {
+			$url = $protocol.':'.str_replace(' ', '%20', $url);
+		}
+		$url = htmlspecialchars_decode($url);
+		$alt[] = $url;
+		//
+		if (preg_match('%^(https?)://%', $url)
+		    && empty($_SERVER['HTTP_HOST'])
+		    && empty($_SERVER['DOCUMENT_ROOT'])
+		) {
+			$urldata = parse_url($url);
+			if (empty($urldata['query'])) {
+				$host = $protocol.'://'.$_SERVER['HTTP_HOST'];
+				if (strpos($url, $host) === 0) {
+				    // convert URL to full server path
+				    $tmp = str_replace($host, $_SERVER['DOCUMENT_ROOT'], $url);
+				    $alt[] = htmlspecialchars_decode(urldecode($tmp));
+				}
 			}
 		}
-		$urldata = @parse_url($url);
-		if (!isset($urldata['query']) OR (strlen($urldata['query']) <= 0)) {
-			if (K_PATH_URL AND (strpos($url, K_PATH_URL) === 0)) {
-				// convert URL to full server path
-				$tmp = str_replace(K_PATH_URL, K_PATH_MAIN, $url);
-				$tmp = htmlspecialchars_decode(urldecode($tmp));
-				$alt[] = $tmp;
+		//
+		if (isset($_SERVER['SCRIPT_URI'])
+		    && !preg_match('%^(https?|ftp)://%', $file)
+		    && !preg_match('%^//%', $file)
+		) {
+		    $urldata = @parse_url($_SERVER['SCRIPT_URI']);
+		    return $urldata['scheme'].'://'.$urldata['host'].(($file[0] == '/') ? '' : '/').$file;
+		}
+		//
+		$alt = array_unique($alt);
+		//var_dump($alt);exit;//DEBUG
+		foreach ($alt as $path) {
+			$ret = @file_get_contents($path);
+			if ($ret !== false) {
+			    return $ret;
 			}
-		}
-		if (isset($_SERVER['SCRIPT_URI'])) {
-			$urldata = @parse_url($_SERVER['SCRIPT_URI']);
-			$alt[] = $urldata['scheme'].'://'.$urldata['host'].(($file[0] == '/') ? '' : '/').$file;
-		}
-		foreach ($alt as $f) {
-			$ret = @file_get_contents($f);
-			if (($ret === FALSE)
-				AND !ini_get('allow_url_fopen')
-				AND function_exists('curl_init')
-				AND preg_match('%^(https?|ftp)://%', $f)) {
+			// try to use CURL for URLs
+			if (!ini_get('allow_url_fopen')
+				&& function_exists('curl_init')
+				&& preg_match('%^(https?|ftp)://%', $path)
+			) {
 				// try to get remote file data using cURL
-				$cs = curl_init(); // curl session
-				curl_setopt($cs, CURLOPT_URL, $f);
-				curl_setopt($cs, CURLOPT_BINARYTRANSFER, true);
-				curl_setopt($cs, CURLOPT_FAILONERROR, true);
-				curl_setopt($cs, CURLOPT_RETURNTRANSFER, true);
-				if ((ini_get('open_basedir') == '') AND (!ini_get('safe_mode'))) {
-					curl_setopt($cs, CURLOPT_FOLLOWLOCATION, true);
+				$crs = curl_init();
+				curl_setopt($crs, CURLOPT_URL, $path);
+				curl_setopt($crs, CURLOPT_BINARYTRANSFER, true);
+				curl_setopt($crs, CURLOPT_FAILONERROR, true);
+				curl_setopt($crs, CURLOPT_RETURNTRANSFER, true);
+				if ((ini_get('open_basedir') == '') && (!ini_get('safe_mode'))) {
+				    curl_setopt($crs, CURLOPT_FOLLOWLOCATION, true);
+				}
+				curl_setopt($crs, CURLOPT_CONNECTTIMEOUT, 5);
+				curl_setopt($crs, CURLOPT_TIMEOUT, 30);
+				curl_setopt($crs, CURLOPT_SSL_VERIFYPEER, false);
+				curl_setopt($crs, CURLOPT_SSL_VERIFYHOST, false);
+				curl_setopt($crs, CURLOPT_USERAGENT, 'tc-lib-file');
+				$ret = curl_exec($crs);
+				curl_close($crs);
+				if ($ret !== false) {
+					return $ret;
 				}
-				curl_setopt($cs, CURLOPT_CONNECTTIMEOUT, 5);
-				curl_setopt($cs, CURLOPT_TIMEOUT, 30);
-				curl_setopt($cs, CURLOPT_SSL_VERIFYPEER, false);
-				curl_setopt($cs, CURLOPT_SSL_VERIFYHOST, false);
-				curl_setopt($cs, CURLOPT_USERAGENT, 'TCPDF');
-				$ret = curl_exec($cs);
-				curl_close($cs);
-			}
-			if ($ret !== FALSE) {
-				break;
 			}
 		}
-		return $ret;
+		return false;
 	}
-
 } // END OF TCPDF_STATIC CLASS
 
 //============================================================+
diff --git a/shared/tcpdf/tcpdf.php b/shared/tcpdf/tcpdf.php
index 141283491..6bc504b14 100644
--- a/shared/tcpdf/tcpdf.php
+++ b/shared/tcpdf/tcpdf.php
@@ -1,7 +1,7 @@
 <?php
 //============================================================+
 // File name   : tcpdf.php
-// Version     : 6.2.9
+// Version     : 6.2.11
 // Begin       : 2002-08-03
 // Last Update : 2015-06-18
 // Author      : Nicola Asuni - Tecnick.com LTD - www.tecnick.com - info@tecnick.com
@@ -7026,7 +7026,6 @@ public function Image($file, $x='', $y='', $w=0, $h=0, $type='', $link='', $alig
 					AND (($info === 'pngalpha') OR (isset($info['trns']) AND !empty($info['trns'])))) {
 					return $this->ImagePngAlpha($file, $x, $y, $pixw, $pixh, $w, $h, 'PNG', $link, $align, $resize, $dpi, $palign, $filehash);
 				}
-				$info = false;
 			}
 			if (($info === false) AND function_exists($gdfunction)) {
 				try {
@@ -10633,8 +10632,7 @@ protected function _Uvalue() {
 	 */
 	protected function _UEvalue() {
 		$hashkey = hash('sha256', $this->encryptdata['user_password'].$this->encryptdata['UKS'], true);
-		$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
-		return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $hashkey, $this->encryptdata['key'], MCRYPT_MODE_CBC, $iv);
+		return TCPDF_STATIC::_AESnopad($hashkey, $this->encryptdata['key']);
 	}
 
 	/**
@@ -10684,8 +10682,7 @@ protected function _Ovalue() {
 	 */
 	protected function _OEvalue() {
 		$hashkey = hash('sha256', $this->encryptdata['owner_password'].$this->encryptdata['OKS'].$this->encryptdata['U'], true);
-		$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
-		return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $hashkey, $this->encryptdata['key'], MCRYPT_MODE_CBC, $iv);
+		return TCPDF_STATIC::_AESnopad($hashkey, $this->encryptdata['key']);
 	}
 
 	/**
@@ -10740,8 +10737,7 @@ protected function _generateencryptionkey() {
 				}
 				$perms .= 'adb'; // bytes 9-11
 				$perms .= 'nick'; // bytes 12-15
-				$iv = str_repeat("\x00", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB));
-				$this->encryptdata['perms'] = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->encryptdata['key'], $perms, MCRYPT_MODE_ECB, $iv);
+				$this->encryptdata['perms'] = TCPDF_STATIC::_AESnopad($this->encryptdata['key'], $perms);
 			} else { // RC4-40, RC4-128, AES-128
 				// Pad passwords
 				$this->encryptdata['user_password'] = substr($this->encryptdata['user_password'].TCPDF_STATIC::$enc_padding, 0, 32);
@@ -10859,10 +10855,13 @@ public function SetProtection($permissions=array('print', 'modify', 'copy', 'ann
 			$this->encryptdata['StrF'] = 'StdCF';
 		}
 		if ($mode > 1) { // AES
-			if (!extension_loaded('mcrypt')) {
-				$this->Error('AES encryption requires mcrypt library (http://www.php.net/manual/en/mcrypt.requirements.php).');
+			if (!extension_loaded('openssl') && !extension_loaded('mcrypt')) {
+				$this->Error('AES encryption requires openssl or mcrypt extension (http://www.php.net/manual/en/mcrypt.requirements.php).');
 			}
-			if (mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) === false) {
+			if (extension_loaded('openssl') && !in_array('aes-256-cbc', openssl_get_cipher_methods())) {
+				$this->Error('AES encryption requires openssl/aes-256-cbc cypher.');
+			}
+			if (extension_loaded('mcrypt') && mcrypt_get_cipher_name(MCRYPT_RIJNDAEL_128) === false) {
 				$this->Error('AES encryption requires MCRYPT_RIJNDAEL_128 cypher.');
 			}
 			if (($mode == 3) AND !function_exists('hash')) {