|
|
e63ae3a |
--- filter/tex/filter.php.orig 2009/02/17 05:24:35 1.18.4.4
|
|
|
e63ae3a |
+++ filter/tex/filter.php 2009/03/26 19:06:29 1.18.4.5
|
|
|
e63ae3a |
@@ -133,6 +133,16 @@
|
|
|
e63ae3a |
$text = str_replace($matches[0][$i],$replacement,$text);
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
|
|
|
e63ae3a |
+ // TeX blacklist. MDL-18552
|
|
|
e63ae3a |
+ $tex_blacklist = array(
|
|
|
e63ae3a |
+ 'include','def','command','loop','repeat','open','toks','output',
|
|
|
e63ae3a |
+ 'input','catcode','name','^^',
|
|
|
e63ae3a |
+ '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
|
|
|
e63ae3a |
+ '\batchmode','\read','\write','csname','\newhelp','\uppercase',
|
|
|
e63ae3a |
+ '\lowercase','\relax','\aftergroup',
|
|
|
e63ae3a |
+ '\afterassignment','\expandafter','\noexpand','\special'
|
|
|
e63ae3a |
+ );
|
|
|
e63ae3a |
+
|
|
|
e63ae3a |
// <tex> TeX expression </tex>
|
|
|
e63ae3a |
// or <tex alt="My alternative text to be used instead of the TeX form"> TeX expression </tex>
|
|
|
e63ae3a |
// or $$ TeX expression $$
|
|
|
e63ae3a |
@@ -155,6 +165,19 @@
|
|
|
e63ae3a |
$align = "text-top";
|
|
|
e63ae3a |
$texexp = preg_replace('/^align=top /','',$texexp);
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
+ /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552
|
|
|
e63ae3a |
+ $invalidcommands = array();
|
|
|
e63ae3a |
+ foreach($tex_blacklist as $command) {
|
|
|
e63ae3a |
+ if (stristr($texexp, $command)) { /// Found invalid command. Annotate.
|
|
|
e63ae3a |
+ $invalidcommands[] = $command;
|
|
|
e63ae3a |
+ }
|
|
|
e63ae3a |
+ }
|
|
|
e63ae3a |
+ if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element
|
|
|
e63ae3a |
+ $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands));
|
|
|
e63ae3a |
+ $text = str_replace( $matches[0][$i], $invalidstr, $text);
|
|
|
e63ae3a |
+ continue;
|
|
|
e63ae3a |
+ }
|
|
|
e63ae3a |
+ /// Everything is ok, let's process the expression
|
|
|
e63ae3a |
$md5 = md5($texexp);
|
|
|
e63ae3a |
if (! $texcache = get_record("cache_filters","filter","tex", "md5key", $md5)) {
|
|
|
e63ae3a |
$texcache->filter = 'tex';
|