|
|
e63ae3a |
--- filter/tex/filter.php.orig
|
|
|
e63ae3a |
+++ filter/tex/filter.php
|
|
|
e63ae3a |
@@ -133,16 +133,6 @@ function tex_filter ($courseid, $text) {
|
|
|
e63ae3a |
$text = str_replace($matches[0][$i],$replacement,$text);
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
|
|
|
e63ae3a |
- // TeX blacklist. MDL-18552
|
|
|
e63ae3a |
- $tex_blacklist = array(
|
|
|
e63ae3a |
- 'include','def','command','loop','repeat','open','toks','output',
|
|
|
e63ae3a |
- 'input','catcode','name','^^',
|
|
|
e63ae3a |
- '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
|
|
|
e63ae3a |
- '\batchmode','\read','\write','csname','\newhelp','\uppercase',
|
|
|
e63ae3a |
- '\lowercase','\relax','\aftergroup',
|
|
|
e63ae3a |
- '\afterassignment','\expandafter','\noexpand','\special'
|
|
|
e63ae3a |
- );
|
|
|
e63ae3a |
-
|
|
|
e63ae3a |
// <tex> TeX expression </tex>
|
|
|
e63ae3a |
// or <tex alt="My alternative text to be used instead of the TeX form"> TeX expression </tex>
|
|
|
e63ae3a |
// or $$ TeX expression $$
|
|
|
e63ae3a |
@@ -165,19 +155,6 @@ function tex_filter ($courseid, $text) {
|
|
|
e63ae3a |
$align = "text-top";
|
|
|
e63ae3a |
$texexp = preg_replace('/^align=top /','',$texexp);
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
- /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552
|
|
|
e63ae3a |
- $invalidcommands = array();
|
|
|
e63ae3a |
- foreach($tex_blacklist as $command) {
|
|
|
e63ae3a |
- if (stristr($texexp, $command)) { /// Found invalid command. Annotate.
|
|
|
e63ae3a |
- $invalidcommands[] = $command;
|
|
|
e63ae3a |
- }
|
|
|
e63ae3a |
- }
|
|
|
e63ae3a |
- if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element
|
|
|
e63ae3a |
- $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands));
|
|
|
e63ae3a |
- $text = str_replace( $matches[0][$i], $invalidstr, $text);
|
|
|
e63ae3a |
- continue;
|
|
|
e63ae3a |
- }
|
|
|
e63ae3a |
- /// Everything is ok, let's process the expression
|
|
|
e63ae3a |
$md5 = md5($texexp);
|
|
|
e63ae3a |
if (! $texcache = get_record("cache_filters","filter","tex", "md5key", $md5)) {
|
|
|
e63ae3a |
$texcache->filter = 'tex';
|
|
|
e63ae3a |
--- filter/tex/latex.php.orig
|
|
|
e63ae3a |
+++ filter/tex/latex.php
|
|
|
e63ae3a |
@@ -44,9 +44,11 @@
|
|
|
e63ae3a |
* @return string the latex document
|
|
|
e63ae3a |
*/
|
|
|
e63ae3a |
function construct_latex_document( $formula, $fontsize=12 ) {
|
|
|
e63ae3a |
- // $fontsize don't affects to formula's size. $density can change size
|
|
|
e63ae3a |
-
|
|
|
e63ae3a |
global $CFG;
|
|
|
e63ae3a |
+
|
|
|
e63ae3a |
+ $formula = tex_sanitize_formula($formula);
|
|
|
e63ae3a |
+
|
|
|
e63ae3a |
+ // $fontsize don't affects to formula's size. $density can change size
|
|
|
e63ae3a |
$doc = "\\documentclass[{$fontsize}pt]{article}\n";
|
|
|
e63ae3a |
$doc .= $CFG->filter_tex_latexpreamble;
|
|
|
e63ae3a |
$doc .= "\\pagestyle{empty}\n";
|
|
|
e63ae3a |
--- filter/tex/lib.php.orig
|
|
|
e63ae3a |
+++ filter/tex/lib.php
|
|
|
e63ae3a |
@@ -34,8 +34,22 @@ function tex_filter_get_executable($debug=false) {
|
|
|
e63ae3a |
error($error_message1);
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
|
|
|
e63ae3a |
+function tex_sanitize_formula($texexp) {
|
|
|
e63ae3a |
+ /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)
|
|
|
e63ae3a |
+ $tex_blacklist = array(
|
|
|
e63ae3a |
+ 'include','def','command','loop','repeat','open','toks','output',
|
|
|
e63ae3a |
+ 'input','catcode','name','^^',
|
|
|
e63ae3a |
+ '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
|
|
|
e63ae3a |
+ '\batchmode','\read','\write','csname','\newhelp','\uppercase',
|
|
|
e63ae3a |
+ '\lowercase','\relax','\aftergroup',
|
|
|
e63ae3a |
+ '\afterassignment','\expandafter','\noexpand','\special'
|
|
|
e63ae3a |
+ );
|
|
|
e63ae3a |
+
|
|
|
e63ae3a |
+ return str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp);
|
|
|
e63ae3a |
+}
|
|
|
e63ae3a |
|
|
|
e63ae3a |
function tex_filter_get_cmd($pathname, $texexp) {
|
|
|
e63ae3a |
+ $texexp = tex_sanitize_formula($texexp);
|
|
|
e63ae3a |
$texexp = escapeshellarg($texexp);
|
|
|
e63ae3a |
$executable = tex_filter_get_executable(false);
|
|
|
e63ae3a |
|
|
|
e63ae3a |
--- lib/db/upgrade.php.orig
|
|
|
e63ae3a |
+++ lib/db/upgrade.php
|
|
|
e63ae3a |
@@ -3106,6 +3106,13 @@ function xmldb_main_upgrade($oldversion=0) {
|
|
|
e63ae3a |
upgrade_main_savepoint($result, 2007101542);
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
|
|
|
e63ae3a |
+ if ($result && $oldversion < 2007101545.01) {
|
|
|
e63ae3a |
+ require_once("$CFG->dirroot/filter/tex/lib.php");
|
|
|
e63ae3a |
+ filter_tex_updatedcallback(null);
|
|
|
e63ae3a |
+ /// Main savepoint reached
|
|
|
e63ae3a |
+ upgrade_main_savepoint($result, 2007101545.01);
|
|
|
e63ae3a |
+ }
|
|
|
e63ae3a |
+
|
|
|
e63ae3a |
return $result;
|
|
|
e63ae3a |
}
|
|
|
e63ae3a |
|
|
|
e63ae3a |
--- version.php.orig
|
|
|
e63ae3a |
+++ version.php
|
|
|
e63ae3a |
@@ -6,7 +6,7 @@
|
|
|
e63ae3a |
// This is compared against the values stored in the database to determine
|
|
|
e63ae3a |
// whether upgrades should be performed (see lib/db/*.php)
|
|
|
e63ae3a |
|
|
|
e63ae3a |
- $version = 2007101540; // YYYYMMDD = date of the 1.9 branch (don't change)
|
|
|
e63ae3a |
+ $version = 2007101545.01; // YYYYMMDD = date of the 1.9 branch (don't change)
|
|
|
e63ae3a |
// X = release number 1.9.[0,1,2,3,4,5...]
|
|
|
e63ae3a |
// Y.YY = micro-increments between releases
|
|
|
e63ae3a |
|