Skip to content
Browse files

MDL-45044 filter_tex: properly escape excutable pathnames for Windows

  • Loading branch information...
1 parent dd02a78 commit 7eac026a02bca0366f9217623bb5e96a1459a73f @dthies dthies committed
Showing with 25 additions and 10 deletions.
  1. +3 −2 filter/tex/latex.php
  2. +3 −2 filter/tex/lib.php
  3. +13 −3 filter/tex/settings.php
  4. +6 −3 filter/tex/texdebug.php
View
5 filter/tex/latex.php
@@ -94,6 +94,7 @@ function render( $formula, $filename, $fontsize=12, $density=240, $background=''
if (empty($pathlatex)) {
return false;
}
+ $pathlatex = escapeshellarg(trim($pathlatex, " '\""));
$doc = $this->construct_latex_document( $formula, $fontsize );
@@ -117,7 +118,7 @@ function render( $formula, $filename, $fontsize=12, $density=240, $background=''
}
// run dvips (.dvi to .ps)
- $pathdvips = get_config('filter_tex', 'pathdvips');
+ $pathdvips = escapeshellarg(trim(get_config('filter_tex', 'pathdvips'), " '\""));
$command = "{$pathdvips} -E $dvi -o $ps";
if ($this->execute($command, $log )) {
return false;
@@ -129,7 +130,7 @@ function render( $formula, $filename, $fontsize=12, $density=240, $background=''
} else {
$bg_opt = "";
}
- $pathconvert = get_config('filter_tex', 'pathconvert');
+ $pathconvert = escapeshellarg(trim(get_config('filter_tex', 'pathconvert'), " '\""));
$command = "{$pathconvert} -density $density -trim $bg_opt $ps $img";
if ($this->execute($command, $log )) {
return false;
View
5 filter/tex/lib.php
@@ -125,8 +125,9 @@ function filter_tex_updatedcallback($name) {
return;
}
- $pathdvips = get_config('filter_tex', 'pathdvips');
- $pathconvert = get_config('filter_tex', 'pathconvert');
+ $pathlatex = trim($pathlatex, " '\"");
+ $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\"");
+ $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\"");
if (!(is_file($pathlatex) && is_executable($pathlatex) &&
is_file($pathdvips) && is_executable($pathdvips) &&
View
16 filter/tex/settings.php
@@ -50,9 +50,9 @@
} else if (PHP_OS=='WINNT' or PHP_OS=='WIN32' or PHP_OS=='Windows') {
// note: you need Ghostscript installed (standard), miktex (standard)
// and ImageMagick (install at c:\ImageMagick)
- $default_filter_tex_pathlatex = "\"c:\\texmf\\miktex\\bin\\latex.exe\" ";
- $default_filter_tex_pathdvips = "\"c:\\texmf\\miktex\\bin\\dvips.exe\" ";
- $default_filter_tex_pathconvert = "\"c:\\imagemagick\\convert.exe\" ";
+ $default_filter_tex_pathlatex = "c:\\texmf\\miktex\\bin\\latex.exe";
+ $default_filter_tex_pathdvips = "c:\\texmf\\miktex\\bin\\dvips.exe";
+ $default_filter_tex_pathconvert = "c:\\imagemagick\\convert.exe";
} else {
$default_filter_tex_pathlatex = '';
@@ -60,6 +60,16 @@
$default_filter_tex_pathconvert = '';
}
+ $pathlatex = get_config('filter_tex', 'pathlatex');
+ $pathdvips = get_config('filter_tex', 'pathdvips');
+ $pathconvert = get_config('filter_tex', 'pathconvert');
+ if (strrpos($pathlatex . $pathdvips . $pathconvert, '"') or
+ strrpos($pathlatex . $pathdvips . $pathconvert, "'")) {
+ set_config('pathlatex', trim($pathlatex, " '\""), 'filter_tex');
+ set_config('pathdvips', trim($pathdvips, " '\""), 'filter_tex');
+ set_config('pathconvert', trim($pathconvert, " '\""), 'filter_tex');
+ }
+
$items[] = new admin_setting_configexecutable('filter_tex/pathlatex', get_string('pathlatex', 'filter_tex'), '', $default_filter_tex_pathlatex);
$items[] = new admin_setting_configexecutable('filter_tex/pathdvips', get_string('pathdvips', 'filter_tex'), '', $default_filter_tex_pathdvips);
$items[] = new admin_setting_configexecutable('filter_tex/pathconvert', get_string('pathconvert', 'filter_tex'), '', $default_filter_tex_pathconvert);
View
9 filter/tex/texdebug.php
@@ -200,7 +200,7 @@ function TexOutput($expression, $graphic=false) {
// first check if it is likely to work at all
$output .= "<h3>Checking executables</h3>\n";
$executables_exist = true;
- $pathlatex = get_config('filter_tex', 'pathlatex');
+ $pathlatex = trim(get_config('filter_tex', 'pathlatex'), " '\"");
if (is_file($pathlatex)) {
$output .= "latex executable ($pathlatex) is readable<br />\n";
}
@@ -208,7 +208,7 @@ function TexOutput($expression, $graphic=false) {
$executables_exist = false;
$output .= "<b>Error:</b> latex executable ($pathlatex) is not readable<br />\n";
}
- $pathdvips = get_config('filter_tex', 'pathdvips');
+ $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\"");
if (is_file($pathdvips)) {
$output .= "dvips executable ($pathdvips) is readable<br />\n";
}
@@ -216,7 +216,7 @@ function TexOutput($expression, $graphic=false) {
$executables_exist = false;
$output .= "<b>Error:</b> dvips executable ($pathdvips) is not readable<br />\n";
}
- $pathconvert = get_config('filter_tex', 'pathconvert');
+ $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\"");
if (is_file($pathconvert)) {
$output .= "convert executable ($pathconvert) is readable<br />\n";
}
@@ -248,14 +248,17 @@ function TexOutput($expression, $graphic=false) {
chdir($latex->temp_dir);
// step 1: latex command
+ $pathlatex = escapeshellarg($pathlatex);
$cmd = "$pathlatex --interaction=nonstopmode --halt-on-error $tex";
$output .= execute($cmd);
// step 2: dvips command
+ $pathdvips = escapeshellarg($pathdvips);
$cmd = "$pathdvips -E $dvi -o $ps";
$output .= execute($cmd);
// step 3: convert command
+ $pathconvert = escapeshellarg($pathconvert);
$cmd = "$pathconvert -density 240 -trim $ps $img ";
$output .= execute($cmd);

0 comments on commit 7eac026

Please sign in to comment.
Something went wrong with that request. Please try again.