MDL-17207 filter/tex reverting removal of $pathname in

http://cvs.moodle.org/moodle/filter/tex/texed.php?r1=1.8&r2=1.7

This fixes a security problem only triggered with register_globals ON and magic_quotes_gpc OFF which is a very uncommon case

diff --git a/filter/tex/texed.php b/filter/tex/texed.php
index 3a40ba1cc8185bd5101f39f6d574e0be9b8b4bff..3ac929a299cd70204e8d3eedbc27f76cb63dd589 100644 (file)
--- a/filter/tex/texed.php
+++ b/filter/tex/texed.php
@@ -31,10 +31,12 @@
         $texexp = str_replace('&lt;','<',$texexp);
         $texexp = str_replace('&gt;','>',$texexp);
         $texexp = preg_replace('!\r\n?!',' ',$texexp);
+        $pathname = "$CFG->dataroot/filter/tex/$image";
         $cmd = tex_filter_get_cmd($pathname, $texexp);
         system($cmd, $status);
 
         if (file_exists($pathname)) {
+            require_once($CFG->libdir . '/filelib.php');
             send_file($pathname, $image);
         } else {
             echo "Image not found!";