From 54d0812500fac303dcaac04107ac5d752a0a5f0c Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Tue, 25 Dec 2007 11:42:45 +0000
Subject: [PATCH] MDL-11561 tex debug leaking sensitive info; merged from
 MOODLE_19_STABLE

---
 filter/tex/texdebug.php | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/filter/tex/texdebug.php b/filter/tex/texdebug.php
index b4426df9fe..fdb2d839e7 100644
--- a/filter/tex/texdebug.php
+++ b/filter/tex/texdebug.php
@@ -82,7 +82,11 @@
 
     // Action: Show Tex command line output
     if ($action=='ShowOutputTex') {
-        TexOutput($texexp);
+        if (debugging()) {
+            TexOutput($texexp);
+        } else {
+            echo "Can not output detailed information due to security concerns, please turn on debug mode first.";
+        }
         exit;
     }
 
@@ -140,7 +144,7 @@
         if (file_exists($pathname)) {
             send_file($pathname, $image);
 
-        } else {
+        } else if (debugging()) {
             $ecmd = "$cmd 2>&1";
             echo `$ecmd` . "<br />\n";
             echo "The shell command<br />$cmd<br />returned status = $status<br />\n";
@@ -166,6 +170,8 @@
                 echo "mimetex executable $commandpath not found!<br />";
             }
             echo "Image not found!";
+        } else {
+            echo "Can not output detailed information due to security concerns, please turn on debug mode first.";
         }
     }
 
@@ -284,18 +290,18 @@
             </center>
            <p>The following tests are available:</p>
            <ol>
-           <li><input type="radio" name="action" value="ShowDB" />
-               See the cache_filters database entry for this expression (if any).</li>
-           <li><input type="radio" name="DeleteDB" value="DeleteDB" />
-               Delete the cache_filters database entry for this expression (if any).</li>
-           <li><input type="radio" name="action" value="ShowImageMimetex" />
-               Show a graphic image of the algebraic expression rendered with mimetex.</li>
-           <li><input type="radio" name="action" value="ShowImageTex" />
-               Show a graphic image of the algebraic expression rendered with Tex/Ghostscript.</li>
-           <li><input type="radio" name="action" value="ShowOutputTex" />
-               Show command execution output from the algebraic expression rendered with Tex/Ghostscript.</li>
-           <li><input type="radio" name="action" value="SlashArguments" />
-               Check slasharguments setting.</li>
+           <li><input type="radio" name="action" value="ShowDB" id="ShowDB" />
+               <label for="ShowDB">See the cache_filters database entry for this expression (if any).</label></li>
+           <li><input type="radio" name="DeleteDB" value="DeleteDB" id="DeleteDB" />
+               <label for="DeleteDB">Delete the cache_filters database entry for this expression (if any).</label></li>
+           <li><input type="radio" name="action" value="ShowImageMimetex" id="ShowImageMimetex  checked="checked" />
+               <label for="ShowImageMimetex">Show a graphic image of the algebraic expression rendered with mimetex.</label></li>
+           <li><input type="radio" name="action" value="ShowImageTex" id="ShowImageTex" />
+               <label for="ShowImageTex">Show a graphic image of the algebraic expression rendered with Tex/Ghostscript.</label></li>
+           <li><input type="radio" name="action" value="ShowOutputTex" id="ShowOutputTex" />
+               <label for="ShowOutputTex">Show command execution output from the algebraic expression rendered with Tex/Ghostscript.</label></li>
+           <li><input type="radio" name="action" value="SlashArguments" id="SlashArguments" />
+               <label for="SlashArguments">Check slasharguments setting.</label></li>
            </ol>
            <input type="submit" value="Do it!" />
           </form> <br /> <br />
-- 
2.39.5