/
README
72 lines (54 loc) · 2.83 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
README latex2image 0.1.2.dev
============================
latex2image renders latex formulae into PNG, and can either be used as a simple
command-line tool or as a web service for rendering latex code on-the-fly. The
web service employs a caching mechanism, thus avoiding to generate graphics for
the same latex formulae more than once.
INSTALLATION
1 Extract latex2image
~~~~~~~~~~~~~~~~~~~~~
Extract the latex2image-XYZ.tar.gz archive to the desired location on your web
server. For the rest of the installation instructions, let us assume that you
installed latex2image like this::
/home/jdoe/latex2image
|- tmp/
|- cache/
|- latex2image
|- latex2image.php
|- template.tex
|- deny.png
You might need to adjust permissions for the directories tmp and cache.
2 Make latex2image accessible
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Assuming that /home/jdoe/example.com is your web root for www.example.com, you
now create a symbolic link to latex2image.php from /home/jdoe/example.com::
ln -s /home/jdoe/latex2image/latex2image.php /home/jdoe/example.com/latex2image.php
3 Test latex2image
~~~~~~~~~~~~~~~~~~
Send a request to your web server like this::
http://www.example.com/latex2image.php?latex=$$\square$$
The script will prove to be operational if it returns a PNG picture showing a
small square.
NOTES ON SECURITY
I do not guarantee for the security of the script, as it might be dangerous
to compile user-provided Latex input on the server. I have written the
tool with the best of my knowledge (any comments welcome):
* explicitly disabled write18 latex commands by feeding latex with the
-no-shell-escape command line option.
* using dvips with the -R2 option
* citing from http://www.pd.infn.it/TeX/doc/html/web2c/web2c_4.html
"TeX can write output files, via the \openout primitive; this opens a
security hole vulnerable to Trojan horse attack: an unwitting user
could run a TeX program that overwrites, say, `~/.rhosts'. (MetaPost
has a write primitive with similar implications). To alleviate this,
there is a configuration variable openout_any, which selects one of
three levels of security. When it is set to `a' (for "any"), no
restrictions are imposed. When it is set to `r' (for "restricted"),
filenames beginning with `.' are disallowed (except `.tex' because
LaTeX needs it). When it is set to `p' (for "paranoid") additional
restrictions are imposed: an absolute filename must refer to a file in
(a subdirectory) of TEXMFOUTPUT, and any attempt to go up a directory
level is forbidden (that is, paths may not contain a `..' component).
The paranoid setting is the default. (For backwards compatibility, `y'
and `1' are synonyms of `a', while `n' and `0' are synonyms for `r'.)"
latex2image relies on this.