From f0da509835e3b8740c1693216a430dc3195cdb92 Mon Sep 17 00:00:00 2001 From: Daniel Thies Date: Sat, 3 May 2014 02:08:16 +0900 Subject: [PATCH] MDL-45044 filter_tex: properly escape excutable pathnames for Windows --- filter/tex/latex.php | 5 +++-- filter/tex/lib.php | 5 +++-- filter/tex/settings.php | 16 +++++++++++++--- filter/tex/texdebug.php | 9 ++++++--- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/filter/tex/latex.php b/filter/tex/latex.php index a79a33e31cd..b56336aa41a 100644 --- a/filter/tex/latex.php +++ b/filter/tex/latex.php @@ -94,6 +94,7 @@ if (empty($pathlatex)) { return false; } + $pathlatex = escapeshellarg(trim($pathlatex, " '\"")); $doc = $this->construct_latex_document( $formula, $fontsize ); @@ -117,7 +118,7 @@ } // run dvips (.dvi to .ps) - $pathdvips = get_config('filter_tex', 'pathdvips'); + $pathdvips = escapeshellarg(trim(get_config('filter_tex', 'pathdvips'), " '\"")); $command = "{$pathdvips} -E $dvi -o $ps"; if ($this->execute($command, $log )) { return false; @@ -129,7 +130,7 @@ } else { $bg_opt = ""; } - $pathconvert = get_config('filter_tex', 'pathconvert'); + $pathconvert = escapeshellarg(trim(get_config('filter_tex', 'pathconvert'), " '\"")); $command = "{$pathconvert} -density $density -trim $bg_opt $ps $img"; if ($this->execute($command, $log )) { return false; diff --git a/filter/tex/lib.php b/filter/tex/lib.php index b77dfae8a15..129ae29b960 100644 --- a/filter/tex/lib.php +++ b/filter/tex/lib.php @@ -125,8 +125,9 @@ function filter_tex_updatedcallback($name) { return; } - $pathdvips = get_config('filter_tex', 'pathdvips'); - $pathconvert = get_config('filter_tex', 'pathconvert'); + $pathlatex = trim($pathlatex, " '\""); + $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\""); + $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\""); if (!(is_file($pathlatex) && is_executable($pathlatex) && is_file($pathdvips) && is_executable($pathdvips) && diff --git a/filter/tex/settings.php b/filter/tex/settings.php index 6c79a21a296..00ea31a69f1 100644 --- a/filter/tex/settings.php +++ b/filter/tex/settings.php @@ -50,9 +50,9 @@ if ($ADMIN->fulltree) { } else if (PHP_OS=='WINNT' or PHP_OS=='WIN32' or PHP_OS=='Windows') { // note: you need Ghostscript installed (standard), miktex (standard) // and ImageMagick (install at c:\ImageMagick) - $default_filter_tex_pathlatex = "\"c:\\texmf\\miktex\\bin\\latex.exe\" "; - $default_filter_tex_pathdvips = "\"c:\\texmf\\miktex\\bin\\dvips.exe\" "; - $default_filter_tex_pathconvert = "\"c:\\imagemagick\\convert.exe\" "; + $default_filter_tex_pathlatex = "c:\\texmf\\miktex\\bin\\latex.exe"; + $default_filter_tex_pathdvips = "c:\\texmf\\miktex\\bin\\dvips.exe"; + $default_filter_tex_pathconvert = "c:\\imagemagick\\convert.exe"; } else { $default_filter_tex_pathlatex = ''; @@ -60,6 +60,16 @@ if ($ADMIN->fulltree) { $default_filter_tex_pathconvert = ''; } + $pathlatex = get_config('filter_tex', 'pathlatex'); + $pathdvips = get_config('filter_tex', 'pathdvips'); + $pathconvert = get_config('filter_tex', 'pathconvert'); + if (strrpos($pathlatex . $pathdvips . $pathconvert, '"') or + strrpos($pathlatex . $pathdvips . $pathconvert, "'")) { + set_config('pathlatex', trim($pathlatex, " '\""), 'filter_tex'); + set_config('pathdvips', trim($pathdvips, " '\""), 'filter_tex'); + set_config('pathconvert', trim($pathconvert, " '\""), 'filter_tex'); + } + $items[] = new admin_setting_configexecutable('filter_tex/pathlatex', get_string('pathlatex', 'filter_tex'), '', $default_filter_tex_pathlatex); $items[] = new admin_setting_configexecutable('filter_tex/pathdvips', get_string('pathdvips', 'filter_tex'), '', $default_filter_tex_pathdvips); $items[] = new admin_setting_configexecutable('filter_tex/pathconvert', get_string('pathconvert', 'filter_tex'), '', $default_filter_tex_pathconvert); diff --git a/filter/tex/texdebug.php b/filter/tex/texdebug.php index c56df3ea068..37a7bf6dd88 100644 --- a/filter/tex/texdebug.php +++ b/filter/tex/texdebug.php @@ -200,7 +200,7 @@ // first check if it is likely to work at all $output .= "

Checking executables

\n"; $executables_exist = true; - $pathlatex = get_config('filter_tex', 'pathlatex'); + $pathlatex = trim(get_config('filter_tex', 'pathlatex'), " '\""); if (is_file($pathlatex)) { $output .= "latex executable ($pathlatex) is readable
\n"; } @@ -208,7 +208,7 @@ $executables_exist = false; $output .= "Error: latex executable ($pathlatex) is not readable
\n"; } - $pathdvips = get_config('filter_tex', 'pathdvips'); + $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\""); if (is_file($pathdvips)) { $output .= "dvips executable ($pathdvips) is readable
\n"; } @@ -216,7 +216,7 @@ $executables_exist = false; $output .= "Error: dvips executable ($pathdvips) is not readable
\n"; } - $pathconvert = get_config('filter_tex', 'pathconvert'); + $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\""); if (is_file($pathconvert)) { $output .= "convert executable ($pathconvert) is readable
\n"; } @@ -248,14 +248,17 @@ chdir($latex->temp_dir); // step 1: latex command + $pathlatex = escapeshellarg($pathlatex); $cmd = "$pathlatex --interaction=nonstopmode --halt-on-error $tex"; $output .= execute($cmd); // step 2: dvips command + $pathdvips = escapeshellarg($pathdvips); $cmd = "$pathdvips -E $dvi -o $ps"; $output .= execute($cmd); // step 3: convert command + $pathconvert = escapeshellarg($pathconvert); $cmd = "$pathconvert -density 240 -trim $ps $img "; $output .= execute($cmd); -- 2.43.0