From c39f019849870b48dc1476d397a6f100b142e029 Mon Sep 17 00:00:00 2001
From: mjollnir_ <mjollnir_>
Date: Tue, 11 Nov 2008 18:35:14 +0000
Subject: [PATCH] MDL-17207 filter/tex reverting removal of $pathname in
 http://cvs.moodle.org/moodle/filter/tex/texed.php?r1=1.8&r2=1.7

This fixes a security problem only triggered with register_globals ON and magic_quotes_gpc OFF which is a very uncommon case
---
 filter/tex/texed.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/filter/tex/texed.php b/filter/tex/texed.php
index 3a40ba1cc8..3ac929a299 100644
--- a/filter/tex/texed.php
+++ b/filter/tex/texed.php
@@ -31,10 +31,12 @@
         $texexp = str_replace('&lt;','<',$texexp);
         $texexp = str_replace('&gt;','>',$texexp);
         $texexp = preg_replace('!\r\n?!',' ',$texexp);
+        $pathname = "$CFG->dataroot/filter/tex/$image";
         $cmd = tex_filter_get_cmd($pathname, $texexp);
         system($cmd, $status);
 
         if (file_exists($pathname)) {
+            require_once($CFG->libdir . '/filelib.php');
             send_file($pathname, $image);
         } else {
             echo "Image not found!";
-- 
2.39.5