New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Harden pgfmathparser against active chars #1221
Conversation
In general, the grabbed token could always be active, so precautions are needed. Signed-off-by: Joseph Wright <joseph.wright@morningstar2.co.uk>
Signed-off-by: Joseph Wright <joseph.wright@morningstar2.co.uk>
0354954
to
9b09656
Compare
Signed-off-by: Joseph Wright <joseph.wright@morningstar2.co.uk>
Looks good, thanks! Could you please add a few tests? |
I'll work on it: the tests I have locally also depend on another patch that's a bit harder to articulate just yet. Later today ... |
% ...or a base prefix... | ||
\expandafter\ifx\csname pgfmath@base@\pgfmath@number\pgfmath@token\endcsname\relax% | ||
\expandafter\ifx\csname pgfmath@base@\expandafter\pgfmath@number\expandafter\string\pgfmath@token\endcsname\relax% |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
\expandafter\ifx\csname pgfmath@base@\expandafter\pgfmath@number\expandafter\string\pgfmath@token\endcsname\relax% | |
\expandafter\ifx\csname pgfmath@base@\pgfmath@number\expandafter\string\pgfmath@token\endcsname\relax% |
It seems the first added \expandafter
is unnecessary.
@@ -509,7 +509,7 @@ | |||
\else% | |||
% ...here, it is a base prefix 0x, 0X, 0b or 0B | |||
\expandafter\let\expandafter\pgfmath@base\expandafter=% | |||
\csname pgfmath@base@\pgfmath@number\pgfmath@token\endcsname% | |||
\csname pgfmath@base@\expandafter\pgfmath@number\expandafter\string\pgfmath@token\endcsname% |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
\csname pgfmath@base@\expandafter\pgfmath@number\expandafter\string\pgfmath@token\endcsname% | |
\csname pgfmath@base@\pgfmath@number\expandafter\string\pgfmath@token\endcsname% |
Signed-off-by: muzimuzhi <muzimuzhi@gmail.com>
Signed-off-by: muzimuzhi <muzimuzhi@gmail.com>
In general, the grabbed token could always be active, so precautions are needed. Here, the places that the grabbed token is tested and those where it's used in a csname are addressed. The tests need \noexpand, the csname usage \string, with appropriate expansion.