Blob Blame Raw
--- filter/tex/filter.php.orig
+++ filter/tex/filter.php
@@ -133,16 +133,6 @@ function tex_filter ($courseid, $text) {
         $text = str_replace($matches[0][$i],$replacement,$text);
     }
 
-    // TeX blacklist. MDL-18552
-    $tex_blacklist = array(
-        'include','def','command','loop','repeat','open','toks','output',
-        'input','catcode','name','^^',
-        '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
-        '\batchmode','\read','\write','csname','\newhelp','\uppercase',
-        '\lowercase','\relax','\aftergroup',
-        '\afterassignment','\expandafter','\noexpand','\special'
-    );
-
     // <tex> TeX expression </tex>
     // or <tex alt="My alternative text to be used instead of the TeX form"> TeX expression </tex>
     // or $$ TeX expression $$
@@ -165,19 +155,6 @@ function tex_filter ($courseid, $text) {
           $align = "text-top";
           $texexp = preg_replace('/^align=top /','',$texexp);
         }
-    /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain). MDL-18552
-        $invalidcommands = array();
-        foreach($tex_blacklist as $command) {
-            if (stristr($texexp, $command)) { /// Found invalid command. Annotate.
-                $invalidcommands[] = $command;
-            }
-        }
-        if (!empty($invalidcommands)) { /// Invalid commands found. Output error and continue with next TeX element
-            $invalidstr = get_string('invalidtexcommand', 'error', implode(', ', $invalidcommands));
-            $text = str_replace( $matches[0][$i], $invalidstr, $text);
-            continue;
-        }
-    /// Everything is ok, let's process the expression
         $md5 = md5($texexp);
         if (! $texcache = get_record("cache_filters","filter","tex", "md5key", $md5)) {
             $texcache->filter = 'tex';
--- filter/tex/latex.php.orig
+++ filter/tex/latex.php
@@ -44,9 +44,11 @@
          * @return string the latex document
          */
         function construct_latex_document( $formula, $fontsize=12 ) {
-            // $fontsize don't affects to formula's size. $density can change size
-
             global $CFG;
+
+            $formula = tex_sanitize_formula($formula);
+
+            // $fontsize don't affects to formula's size. $density can change size
             $doc =  "\\documentclass[{$fontsize}pt]{article}\n"; 
             $doc .=  $CFG->filter_tex_latexpreamble;
             $doc .= "\\pagestyle{empty}\n";
--- filter/tex/lib.php.orig
+++ filter/tex/lib.php
@@ -34,8 +34,22 @@ function tex_filter_get_executable($debug=false) {
     error($error_message1);
 }
 
+function tex_sanitize_formula($texexp) {
+    /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)
+    $tex_blacklist = array(
+        'include','def','command','loop','repeat','open','toks','output',
+        'input','catcode','name','^^',
+        '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
+        '\batchmode','\read','\write','csname','\newhelp','\uppercase',
+        '\lowercase','\relax','\aftergroup',
+        '\afterassignment','\expandafter','\noexpand','\special'
+    );
+
+    return  str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp);
+}
 
 function tex_filter_get_cmd($pathname, $texexp) {
+    $texexp = tex_sanitize_formula($texexp);
     $texexp = escapeshellarg($texexp);
     $executable = tex_filter_get_executable(false);
 
--- lib/db/upgrade.php.orig
+++ lib/db/upgrade.php
@@ -3106,6 +3106,13 @@ function xmldb_main_upgrade($oldversion=0) {
         upgrade_main_savepoint($result, 2007101542);
     }
 
+    if ($result && $oldversion < 2007101545.01) {
+        require_once("$CFG->dirroot/filter/tex/lib.php");
+        filter_tex_updatedcallback(null);
+    /// Main savepoint reached
+        upgrade_main_savepoint($result, 2007101545.01);
+    }
+
     return $result;
 }
 
--- version.php.orig
+++ version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-    $version = 2007101540;  // YYYYMMDD      = date of the 1.9 branch (don't change)
+    $version = 2007101545.01;  // YYYYMMDD      = date of the 1.9 branch (don't change)
                             //         X     = release number 1.9.[0,1,2,3,4,5...]
                             //          Y.YY = micro-increments between releases