Commits on Mar 6, 2016
  1. Merge branch 'janbok-patch-1' into 'master'

    The MathB application running on server was
    using an older version of the php-markdown library so far. The
    version of the library used on the server was 1.3 and it didn't
        $ head -n 5 php-markdown/
        PHP Markdown
        PHP Markdown Lib 1.3 - 11 Apr 2013
        $ tree php-markdown
        +-- composer.json
        +-- Michelf
        ¦   +-- MarkdownExtra.php
        ¦   +-- Markdown.php
        +-- Readme.php
        1 directory, 6 files
    The updated version of php-mardown library is 1.6. This has more
    source code files and Markdown.php in this version depends on
        $ head -n 5
        PHP Markdown
        PHP Markdown Lib 1.6.0 - 23 Dec 2015
        $ tree Michelf/
        ├── MarkdownExtra.php
        ├── MarkdownInterface.php
        └── Markdown.php
        0 directories, 6 files
    This commit merges the fix for this issue provided by Jan Bok
    and fixes #9.
    committed Mar 6, 2016
Commits on Feb 29, 2016
  1. Update mathbin.php

    Original line causes error on some configurations.
    janbok committed Feb 29, 2016
Commits on Nov 1, 2015
  1. Update blacklisted IP addresses

    Add new IP addresses that were found to be posting spam.
    committed Nov 1, 2015
  2. Do not allow images while rendering at client side

    Images were abused by spammers to post spam. Therefore, do not
    allow image tags.
    committed Nov 1, 2015
  3. For redirections, log redirect URL

    When a new post is made, an HTTP 303 redirect is sent to
    redirect the client to the post. Record the URL to this new post
    in the logs.
    committed Nov 1, 2015
  4. Do not allow image tags; simpler POST URL

    Image tags were being abused by spammers to post spam images.
    The query string '?post' in the POST URL is unnecessary.
    committed Nov 1, 2015
Commits on Dec 1, 2013
  1. Increase top margin of headings in output code

    Add more separation between the heading and the previous section
    in the output code.
    committed Dec 1, 2013
  2. Fix typo in input code example for static preview

    There is a code example for displayed math in the 'Static
    preview setup' section of the file. The terminating $$
    of this code example is missing. Fix it.
    committed Dec 1, 2013
  3. Reset equation numbers on every output code update

    There is an issue in the application that causes the equation
    numbers to increment on every edit. A simple way to reproduce
    this issue is to enter the following code in the input form.
        1 + 1 = 2
    This equation would be numbered (1) initially. Now, for every
    edit made, the number against this equation would keep
    incrementing. This happens because MathJax uses an internal
    equation number counter to number every new equation that is
    rendered unless this counter is reset. Fix this issue by
    resetting the equation numbers on every code update.
    committed Dec 1, 2013
  4. Do not update output sheet when input loses focus

    When an input field loses focus, the output sheet is updated.
    This causes the HTML in the output sheet to be rendered again
    despite no change. Since the output sheet is updated on keyup,
    paste and cut events, the output sheet remains updated with the
    most recent input just before the input field loses focus.
    Therefore, there is no need to update the output sheet again
    just after the input field loses focus.
    committed Dec 1, 2013
  5. Add some margin between output code and date

    When the output sheet contains rendered code that is long enough
    to stretch the end close to the date at the bottom right corner
    of the output sheet, the rendered code and the date appear to be
    too close to each other. Add some separation between the
    rendered code and the date by adding top margin to the date.
    committed Dec 1, 2013
  6. Make static preview an optional feature

    There is no way to opt out of the static preview feature. It
    means that the administrator hosting this application either
    needs to install the packages required for static preview, or
    end up with error logs in the Apache error log file. When a user
    uses the application from a browser with JavaScript disabled, if
    the application doesn't succeed in creating a static preview
    with the help of packages like pandoc, texlive and imagemagick,
    then it would log errors in the Apache error log file.
    Make this feature optional, so that if these packages are not
    installed, the administrator doesn't have to deal with errors
    related to static preview in the logs. This feature would now be
    disabled by default, and enabled if required by the
    Update with information about static preview and the
    steps to enable static preview.
    committed Dec 1, 2013
  7. Add year 2012 to copyright notice

    The copyright notice displays only the year 2013. Display
    2012-2013 instead. Also, move the copyright notice to a separate
    MathB\View method, so that it can be reused while writing custom
    footers in custom views.
    committed Dec 1, 2013
  8. Display newlines in error messages in the preview

    When an error occurs while converting a post to PNG preview,
    the newlines in the error messages are displayed as \n in the
    error message. As a result, the newlines are missing from the
    error message displayed in the PNG image.
    To reproduce the issue, disable JavaScript, create a new post
    with the the following content only.
    Hit the preview button. The following error message would be
        pandoc: Error producing PDF from TeX source.\n! Undefined
        control sequence.\nl.46 \foo\n
    We want to display the following instead.
        pandoc: Error producing PDF from TeX source.
        ! Undefined control sequence.
        l.46 \foo
    Fix this error by joining the output/error lines obtained from
    the execution of the pandoc/convert command with newline
    character instead of the two byte string '\n'.
    committed Dec 1, 2013
  9. Remove rewrite rule for PNG preview from .htaccess

    The .htaccess file has an additional rule to map requests for
    PNG preview files to the application PHP script. Eliminate this
    rule. Instead, let the URLs to request PNG preview files be the
    application home page URL with the hash of the post preview as a
    query parameter appended to the home page URL.
    committed Dec 1, 2013
  10. Remove lib/mathb directory from include path

    The lib directory contains the mathb package. The lib/mathb
    directory contains classes. For autoloading classes using
    spl_autoload, the include path should contain the path to the
    directory that contains the packages (directories corresponding
    to namespaces), not the directory that contains the classes.
    Discussion about why lib/mathb was added to the include path and
    why it is being removed is present at
    committed Dec 1, 2013
Commits on Nov 24, 2013
  1. URL to in 'Features' section of README

    Add an introductory paragraph and an URL to in
    the 'Features' section in the file.
    committed Nov 24, 2013
  2. Fix static preview error due to missing PDF

    While converting the input code to PNG image for static preview,
    MathB\Preview is deleting the intermediate PDF too early, after
    running the pandoc command to convert the input code to PDF.
    Therefore, when the convert command runs to convert the PDF to
    PNG, it fails. Fix this by moving the code to delete the PDF
    after the convert command converts the PDF to PNG.
    committed Nov 24, 2013
  3. Add 'Features' section to README

    The 'Features' section in README is meant to enumerate all the
    significant features of this application.
    committed Nov 24, 2013
  4. Display error message in static preview on error

    If an error occurs while converting the input code to PNG image
    for static preview, then create a PNG image to display the error
    that occurred.
    committed Nov 24, 2013
  5. HTML-like paragraphs in static preview

    HTML paragraphs do not have their text indented. There is
    vertical blank space between two paragraphs in HTML. The static
    preview though behaves like the default paragraphs rendered with
    LaTeX.  They do not have any vertical space between them and the
    first line of each paragraph is indented.
    This issue occurs even though \setlength commands have been used
    for \parindent and \parskip in the LaTeX template being used
    with the pandoc command. The \setlength commands occur before
    \begin{document} command, and this seems to be causing an issue
    with the standalone document class. When the \setlength commands
    are moved after the \begin{document} command, this issue is
    committed Nov 24, 2013
  6. Display preview button when JavaScript is disabled

    When JavaScript is disabled, the user cannot see a live preview
    of the rendered code. A preview button can help the user to see
    a static preview (rendered with an image) before he or she saves
    the post. The preview button should be displayed if and only if
    JavaScript is disabled.
    committed Nov 24, 2013
  7. Add system setup details for static preview

    MathB uses tools like pandoc and convert to display static
    preview of the rendered code for clients where JavaScript is
    disabled. These tools need to be installed for static preview to
    work correctly. Add the details about the packages to be
    installed in the README file.
    committed Nov 24, 2013
  8. Merge Charley Peng's changes for relative links

    Merge branch 'local' of
    committed Nov 24, 2013
  9. Relative Links

    Charley-Peng committed Nov 24, 2013
  10. Fixes for Windows

    Charley-Peng committed Nov 24, 2013
Commits on Nov 23, 2013
  1. Use LaTeX template obtained from pandoc

    The pandoc LaTeX template obtained from pandoc 1.11.1 causes
    error while converting a Markdown file containing ordered list
    to PDF. An ordered list from pandoc 1.11.1 when translated to
    LaTeX would like the following.
    However, it is translated to the following LaTeX code in pandoc
    This requires the LaTeX template from pandoc
    committed Nov 23, 2013
  2. Display image preview only for code

    Do not display static preview of title and author's name with
    image. Display these fields with HTML. Display only the static
    preview of rendered code as image.
    committed Nov 23, 2013
  3. Sanitize title and author's name

    The title field is vulnerable to cross-site scripting attack.
    This issue was caused because of an erroneous regular
    expression.  The validate method of Post class rejects any title
    that matches the regex /<\w+>/. Now, this is fine to reject
    title field containing the following script:
    But, it won't reject the following, because \w does not match
        <script type="text/javascript">alert('hi')</script>
    Fix this issue in two ways:
      1. Reject title that matches /<w+/.
      2. Sanitize the HTML that displays title and author's name at
         server-side as well as client-side.
    The second point takes care of sanitizing the HTML at DOM level,
    so that even if an attacker succeeds in injecting script or HTML
    tags not in the whitelist, the DOM sanitizers would still remove
    them before it is displayed on the page.
    committed Nov 23, 2013
  4. Do not output preview image URL tag for empty page

    Having an HTML img tag to display preview image in the home page
    doesn't make sense because there is nothing to display in an
    empty page.
    committed Nov 23, 2013
  5. Fix pandoc and implode usage in MathB\Preview

    The +tex_math_single_backslash extension is not supported in
    pandoc Therefore, using this extension leads to the
    following error:
        pandoc: Unknown reader: markdown+tex_math_single_backslash
    Hence, remove the usage of this extension.
    Fix incorrect usage of implode function.
    committed Nov 23, 2013
  6. Fix exception coding error in MathB\Preview

    When the pandoc fails with an error, the PHP code fails with an error
    due to a code flaw. There is an error in the code that tries to invoke
    RuntimeException as a function, instead of constructing it, due to a
    missing new operator. Fix this flaw.
    committed Nov 23, 2013
  7. Show static preview when JavaScript is disabled

    The static preview is displayed as a PNG image generated from
    the input code. This PNG image is generated using pandoc and
    convert. The image is created on the first requested to the PNG
    preview image, and then cached in a cache directory. For
    subsequent requests, the preview image is picked up from this
    committed Nov 23, 2013
Commits on Nov 22, 2013
  1. Remove unnecessary blank lines

    There are a few unnecessary blank lines in bag.php and
    mathbin.php. Remove them.
    committed Nov 22, 2013
  2. Rename default content directory to mathb-content

    The default content directory is named as mathb-data. Rename
    this to mathb-content.
    committed Nov 22, 2013