From: stronk7 Date: Thu, 26 Mar 2009 19:17:25 +0000 (+0000) Subject: MDL-18552 TeX filter - blacklist unsecure commands + protect texdebug ; merged from... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e42398e40962f80ca3e22453475df5b6e7a5e8ce;p=moodle.git MDL-18552 TeX filter - blacklist unsecure commands + protect texdebug ; merged from 19_STABLE --- diff --git a/filter/tex/filter.php b/filter/tex/filter.php index 01ee633d77..646d8109d6 100644 --- a/filter/tex/filter.php +++ b/filter/tex/filter.php @@ -137,6 +137,16 @@ class tex_filter extends filter_base { $text = str_replace($matches[0][$i],$replacement,$text); } + // TeX blacklist. MDL-18552 + $tex_blacklist = array( + 'include','def','command','loop','repeat','open','toks','output', + 'input','catcode','name','^^', + '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode', + '\batchmode','\read','\write','csname','\newhelp','\uppercase', + '\lowercase','\relax','\aftergroup', + '\afterassignment','\expandafter','\noexpand','\special' + ); + // TeX expression // or TeX expression // or $$ TeX expression $$ @@ -159,6 +169,19 @@ class tex_filter extends filter_base { $align = "text-top"; $texexp = preg_replace('/^align=top /','',$texexp); } + /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552 + $invalidcommands = array(); + foreach($tex_blacklist as $command) { + if (stristr($texexp, $command)) { /// Found invalid command. Annotate. + $invalidcommands[] = $command; + } + } + if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element + $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands)); + $text = str_replace( $matches[0][$i], $invalidstr, $text); + continue; + } + /// Everything is ok, let's process the expression $md5 = md5($texexp); if (! $texcache = $DB->get_record("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) { $texcache->filter = 'tex'; diff --git a/filter/tex/texdebug.php b/filter/tex/texdebug.php index bbeb81f134..917239c681 100644 --- a/filter/tex/texdebug.php +++ b/filter/tex/texdebug.php @@ -3,8 +3,6 @@ // If not, it obtains the corresponding TeX expression from the cache_tex db table // and uses mimeTeX to create the image file - define('NO_MOODLE_COOKIES', true); // Because it interferes with caching - require_once("../../config.php"); if (empty($CFG->textfilters)) { @@ -23,6 +21,9 @@ $action = optional_param('action', '', PARAM_ALPHA); $texexp = optional_param('tex', '', PARAM_RAW); + require_login(); + require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM), $USER->id); /// Required cap to run this. MDL-18552 + $query = urldecode($_SERVER['QUERY_STRING']); error_reporting(E_ALL); $output = '';