From: skodak Date: Tue, 31 Mar 2009 10:03:10 +0000 (+0000) Subject: MDL-18552 different TeX trouble fix X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=c94985efb16cff834cc472c2200a601e1f2950ad;p=moodle.git MDL-18552 different TeX trouble fix --- diff --git a/filter/tex/filter.php b/filter/tex/filter.php index 646d8109d6..01ee633d77 100644 --- a/filter/tex/filter.php +++ b/filter/tex/filter.php @@ -137,16 +137,6 @@ class tex_filter extends filter_base { $text = str_replace($matches[0][$i],$replacement,$text); } - // TeX blacklist. MDL-18552 - $tex_blacklist = array( - 'include','def','command','loop','repeat','open','toks','output', - 'input','catcode','name','^^', - '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode', - '\batchmode','\read','\write','csname','\newhelp','\uppercase', - '\lowercase','\relax','\aftergroup', - '\afterassignment','\expandafter','\noexpand','\special' - ); - // TeX expression // or TeX expression // or $$ TeX expression $$ @@ -169,19 +159,6 @@ class tex_filter extends filter_base { $align = "text-top"; $texexp = preg_replace('/^align=top /','',$texexp); } - /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552 - $invalidcommands = array(); - foreach($tex_blacklist as $command) { - if (stristr($texexp, $command)) { /// Found invalid command. Annotate. - $invalidcommands[] = $command; - } - } - if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element - $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands)); - $text = str_replace( $matches[0][$i], $invalidstr, $text); - continue; - } - /// Everything is ok, let's process the expression $md5 = md5($texexp); if (! $texcache = $DB->get_record("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) { $texcache->filter = 'tex'; diff --git a/filter/tex/latex.php b/filter/tex/latex.php index b476683bda..5386b2b986 100644 --- a/filter/tex/latex.php +++ b/filter/tex/latex.php @@ -44,9 +44,11 @@ * @return string the latex document */ function construct_latex_document( $formula, $fontsize=12 ) { - // $fontsize don't affects to formula's size. $density can change size - global $CFG; + + $formula = tex_sanitize_formula($formula); + + // $fontsize don't affects to formula's size. $density can change size $doc = "\\documentclass[{$fontsize}pt]{article}\n"; $doc .= $CFG->filter_tex_latexpreamble; $doc .= "\\pagestyle{empty}\n"; diff --git a/filter/tex/lib.php b/filter/tex/lib.php index db6405bcd6..8cec92badc 100644 --- a/filter/tex/lib.php +++ b/filter/tex/lib.php @@ -34,8 +34,22 @@ function tex_filter_get_executable($debug=false) { print_error('mimetexisnotexist', 'error'); } +function tex_sanitize_formula($texexp) { + /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain) + $tex_blacklist = array( + 'include','def','command','loop','repeat','open','toks','output', + 'input','catcode','name','^^', + '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode', + '\batchmode','\read','\write','csname','\newhelp','\uppercase', + '\lowercase','\relax','\aftergroup', + '\afterassignment','\expandafter','\noexpand','\special' + ); + + return str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp); +} function tex_filter_get_cmd($pathname, $texexp) { + $texexp = tex_sanitize_formula($texexp); $texexp = escapeshellarg($texexp); $executable = tex_filter_get_executable(false); diff --git a/lang/en_utf8/error.php b/lang/en_utf8/error.php index c37100bc5f..023f984183 100644 --- a/lang/en_utf8/error.php +++ b/lang/en_utf8/error.php @@ -294,7 +294,6 @@ $string['invalidscaleid'] = 'Incorrect scale id'; $string['invalidsesskey'] = 'Incorrect sesskey submitted, form not accepted!'; $string['invalidsection'] = 'Course module record contains invalid section'; $string['invalidshortname'] = 'That\'s an invalid short course name'; -$string['invalidtexcommand'] = 'Forbidden TeX command ($a)'; $string['invalidurl'] = 'Invalid URL'; $string['invaliduser'] = 'Invalid user'; $string['invaliduserid'] = 'Invalid user id'; diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php index 58899768be..4944439624 100644 --- a/lib/db/upgrade.php +++ b/lib/db/upgrade.php @@ -1534,7 +1534,14 @@ WHERE gradeitemid IS NOT NULL AND grademax IS NOT NULL"); /// Main savepoint reached upgrade_main_savepoint($result, 2009032001); } - + + if ($result && $oldversion < 2009033100) { + require_once("$CFG->dirroot/filter/tex/lib.php"); + filter_tex_updatedcallback(null); + /// Main savepoint reached + upgrade_main_savepoint($result, 2009033100); + } + return $result; } diff --git a/version.php b/version.php index 4f2461fe63..0baa74db9a 100644 --- a/version.php +++ b/version.php @@ -6,7 +6,7 @@ // This is compared against the values stored in the database to determine // whether upgrades should be performed (see lib/db/*.php) - $version = 2009033002; // YYYYMMDD = date of the last version bump + $version = 2009033100; // YYYYMMDD = date of the last version bump // XX = daily increments $release = '2.0 dev (Build: 20090331)'; // Human-friendly version name