$text = str_replace($matches[0][$i],$replacement,$text);
}
- // TeX blacklist. MDL-18552
- $tex_blacklist = array(
- 'include','def','command','loop','repeat','open','toks','output',
- 'input','catcode','name','^^',
- '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
- '\batchmode','\read','\write','csname','\newhelp','\uppercase',
- '\lowercase','\relax','\aftergroup',
- '\afterassignment','\expandafter','\noexpand','\special'
- );
-
// <tex> TeX expression </tex>
// or <tex alt="My alternative text to be used instead of the TeX form"> TeX expression </tex>
// or $$ TeX expression $$
$align = "text-top";
$texexp = preg_replace('/^align=top /','',$texexp);
}
- /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552
- $invalidcommands = array();
- foreach($tex_blacklist as $command) {
- if (stristr($texexp, $command)) { /// Found invalid command. Annotate.
- $invalidcommands[] = $command;
- }
- }
- if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element
- $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands));
- $text = str_replace( $matches[0][$i], $invalidstr, $text);
- continue;
- }
- /// Everything is ok, let's process the expression
$md5 = md5($texexp);
if (! $texcache = $DB->get_record("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) {
$texcache->filter = 'tex';
* @return string the latex document
*/
function construct_latex_document( $formula, $fontsize=12 ) {
- // $fontsize don't affects to formula's size. $density can change size
-
global $CFG;
+
+ $formula = tex_sanitize_formula($formula);
+
+ // $fontsize don't affects to formula's size. $density can change size
$doc = "\\documentclass[{$fontsize}pt]{article}\n";
$doc .= $CFG->filter_tex_latexpreamble;
$doc .= "\\pagestyle{empty}\n";
print_error('mimetexisnotexist', 'error');
}
+function tex_sanitize_formula($texexp) {
+ /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)
+ $tex_blacklist = array(
+ 'include','def','command','loop','repeat','open','toks','output',
+ 'input','catcode','name','^^',
+ '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
+ '\batchmode','\read','\write','csname','\newhelp','\uppercase',
+ '\lowercase','\relax','\aftergroup',
+ '\afterassignment','\expandafter','\noexpand','\special'
+ );
+
+ return str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp);
+}
function tex_filter_get_cmd($pathname, $texexp) {
+ $texexp = tex_sanitize_formula($texexp);
$texexp = escapeshellarg($texexp);
$executable = tex_filter_get_executable(false);
$string['invalidsesskey'] = 'Incorrect sesskey submitted, form not accepted!';
$string['invalidsection'] = 'Course module record contains invalid section';
$string['invalidshortname'] = 'That\'s an invalid short course name';
-$string['invalidtexcommand'] = 'Forbidden TeX command ($a)';
$string['invalidurl'] = 'Invalid URL';
$string['invaliduser'] = 'Invalid user';
$string['invaliduserid'] = 'Invalid user id';
/// Main savepoint reached
upgrade_main_savepoint($result, 2009032001);
}
-
+
+ if ($result && $oldversion < 2009033100) {
+ require_once("$CFG->dirroot/filter/tex/lib.php");
+ filter_tex_updatedcallback(null);
+ /// Main savepoint reached
+ upgrade_main_savepoint($result, 2009033100);
+ }
+
return $result;
}
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2009033002; // YYYYMMDD = date of the last version bump
+ $version = 2009033100; // YYYYMMDD = date of the last version bump
// XX = daily increments
$release = '2.0 dev (Build: 20090331)'; // Human-friendly version name
projects / moodle.git / commitdiff