MDL-18552 different TeX trouble fix

2025-01-18 05:58:34 +01:00 · 2009-03-31 10:03:10 +00:00 · 2009-03-31 10:03:10 +00:00 · c94985efb1
commit c94985efb1
parent f7631e7397
6 changed files with 27 additions and 28 deletions
--- a/filter/tex/filter.php
+++ b/filter/tex/filter.php
@ -137,16 +137,6 @@ class tex_filter extends filter_base {
            $text = str_replace($matches[0][$i],$replacement,$text);
        }

-        // TeX blacklist. MDL-18552
-        $tex_blacklist = array(
-            'include','def','command','loop','repeat','open','toks','output',
-            'input','catcode','name','^^',
-            '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
-            '\batchmode','\read','\write','csname','\newhelp','\uppercase',
-            '\lowercase','\relax','\aftergroup',
-            '\afterassignment','\expandafter','\noexpand','\special'
-        );
-
        // <tex> TeX expression </tex>
        // or <tex alt="My alternative text to be used instead of the TeX form"> TeX expression </tex>
        // or $$ TeX expression $$
@ -169,19 +159,6 @@ class tex_filter extends filter_base {
              $align = "text-top";
              $texexp = preg_replace('/^align=top /','',$texexp);
            }
-        /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552
-            $invalidcommands = array();
-            foreach($tex_blacklist as $command) {
-                if (stristr($texexp, $command)) { /// Found invalid command. Annotate.
-                    $invalidcommands[] = $command;
-                }
-            }
-            if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element
-                $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands));
-                $text = str_replace( $matches[0][$i], $invalidstr, $text);
-                continue;
-            }
-        /// Everything is ok, let's process the expression
            $md5 = md5($texexp);
            if (! $texcache = $DB->get_record("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) {
                $texcache->filter = 'tex';
--- a/filter/tex/latex.php
+++ b/filter/tex/latex.php
@ -44,9 +44,11 @@
         * @return string the latex document
         */
        function construct_latex_document( $formula, $fontsize=12 ) {
-            // $fontsize don't affects to formula's size. $density can change size
-
            global $CFG;
+
+            $formula = tex_sanitize_formula($formula);
+
+            // $fontsize don't affects to formula's size. $density can change size
            $doc =  "\\documentclass[{$fontsize}pt]{article}\n"; 
            $doc .=  $CFG->filter_tex_latexpreamble;
            $doc .= "\\pagestyle{empty}\n";
--- a/filter/tex/lib.php
+++ b/filter/tex/lib.php
@ -34,8 +34,22 @@ function tex_filter_get_executable($debug=false) {
    print_error('mimetexisnotexist', 'error');
 }

+function tex_sanitize_formula($texexp) {
+    /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)
+    $tex_blacklist = array(
+        'include','def','command','loop','repeat','open','toks','output',
+        'input','catcode','name','^^',
+        '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
+        '\batchmode','\read','\write','csname','\newhelp','\uppercase',
+        '\lowercase','\relax','\aftergroup',
+        '\afterassignment','\expandafter','\noexpand','\special'
+    );
+
+    return  str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp);
+}

 function tex_filter_get_cmd($pathname, $texexp) {
+    $texexp = tex_sanitize_formula($texexp);
    $texexp = escapeshellarg($texexp);
    $executable = tex_filter_get_executable(false);

--- a/lang/en_utf8/error.php
+++ b/lang/en_utf8/error.php
@ -294,7 +294,6 @@ $string['invalidscaleid'] = 'Incorrect scale id';
 $string['invalidsesskey'] = 'Incorrect sesskey submitted, form not accepted!';
 $string['invalidsection'] = 'Course module record contains invalid section';
 $string['invalidshortname'] = 'That\'s an invalid short course name';
-$string['invalidtexcommand'] = 'Forbidden TeX command ($a)';
 $string['invalidurl'] = 'Invalid URL';
 $string['invaliduser'] = 'Invalid user';
 $string['invaliduserid'] = 'Invalid user id';
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@ -1534,7 +1534,14 @@ WHERE gradeitemid IS NOT NULL AND grademax IS NOT NULL");
    /// Main savepoint reached
        upgrade_main_savepoint($result, 2009032001);
    }
-    
+
+    if ($result && $oldversion < 2009033100) {
+        require_once("$CFG->dirroot/filter/tex/lib.php");
+        filter_tex_updatedcallback(null);
+    /// Main savepoint reached
+        upgrade_main_savepoint($result, 2009033100);
+    }
+
    return $result;
 }

--- a/version.php
+++ b/version.php
@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)

-    $version = 2009033002;  // YYYYMMDD   = date of the last version bump
+    $version = 2009033100;  // YYYYMMDD   = date of the last version bump
                            //         XX = daily increments

    $release = '2.0 dev (Build: 20090331)';  // Human-friendly version name