MDL-45044 filter_tex: properly escape excutable pathnames for Windows

diff --git a/filter/tex/latex.php b/filter/tex/latex.php
index a79a33e..b56336a 100644 (file)
--- a/filter/tex/latex.php
+++ b/filter/tex/latex.php
@@ -94,6 +94,7 @@
             if (empty($pathlatex)) {
                 return false;
             }
+            $pathlatex = escapeshellarg(trim($pathlatex, " '\""));
 
             $doc = $this->construct_latex_document( $formula, $fontsize );
 
@@ -117,7 +118,7 @@
             }
 
             // run dvips (.dvi to .ps)
-            $pathdvips = get_config('filter_tex', 'pathdvips');
+            $pathdvips = escapeshellarg(trim(get_config('filter_tex', 'pathdvips'), " '\""));
             $command = "{$pathdvips} -E $dvi -o $ps";
             if ($this->execute($command, $log )) {
                 return false;
@@ -129,7 +130,7 @@
             } else {
                 $bg_opt = "";
             }
-            $pathconvert = get_config('filter_tex', 'pathconvert');
+            $pathconvert = escapeshellarg(trim(get_config('filter_tex', 'pathconvert'), " '\""));
             $command = "{$pathconvert} -density $density -trim $bg_opt $ps $img";
             if ($this->execute($command, $log )) {
                 return false;

diff --git a/filter/tex/lib.php b/filter/tex/lib.php
index b77dfae..129ae29 100644 (file)
--- a/filter/tex/lib.php
+++ b/filter/tex/lib.php
@@ -125,8 +125,9 @@ function filter_tex_updatedcallback($name) {
         return;
     }
 
-    $pathdvips = get_config('filter_tex', 'pathdvips');
-    $pathconvert = get_config('filter_tex', 'pathconvert');
+    $pathlatex = trim($pathlatex, " '\"");
+    $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\"");
+    $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\"");
 
     if (!(is_file($pathlatex) && is_executable($pathlatex) &&
           is_file($pathdvips) && is_executable($pathdvips) &&

diff --git a/filter/tex/settings.php b/filter/tex/settings.php
index 6c79a21..00ea31a 100644 (file)
--- a/filter/tex/settings.php
+++ b/filter/tex/settings.php
@@ -50,9 +50,9 @@ if ($ADMIN->fulltree) {
     } else if (PHP_OS=='WINNT' or PHP_OS=='WIN32' or PHP_OS=='Windows') {
         // note: you need Ghostscript installed (standard), miktex (standard)
         // and ImageMagick (install at c:\ImageMagick)
-        $default_filter_tex_pathlatex   = "\"c:\\texmf\\miktex\\bin\\latex.exe\" ";
-        $default_filter_tex_pathdvips   = "\"c:\\texmf\\miktex\\bin\\dvips.exe\" ";
-        $default_filter_tex_pathconvert = "\"c:\\imagemagick\\convert.exe\" ";
+        $default_filter_tex_pathlatex   = "c:\\texmf\\miktex\\bin\\latex.exe";
+        $default_filter_tex_pathdvips   = "c:\\texmf\\miktex\\bin\\dvips.exe";
+        $default_filter_tex_pathconvert = "c:\\imagemagick\\convert.exe";
 
     } else {
         $default_filter_tex_pathlatex   = '';
@@ -60,6 +60,16 @@ if ($ADMIN->fulltree) {
         $default_filter_tex_pathconvert = '';
     }
 
+    $pathlatex = get_config('filter_tex', 'pathlatex');
+    $pathdvips = get_config('filter_tex', 'pathdvips');
+    $pathconvert = get_config('filter_tex', 'pathconvert');
+    if (strrpos($pathlatex . $pathdvips . $pathconvert, '"') or
+            strrpos($pathlatex . $pathdvips . $pathconvert, "'")) {
+        set_config('pathlatex', trim($pathlatex, " '\""), 'filter_tex');
+        set_config('pathdvips', trim($pathdvips, " '\""), 'filter_tex');
+        set_config('pathconvert', trim($pathconvert, " '\""), 'filter_tex');
+    }
+
     $items[] = new admin_setting_configexecutable('filter_tex/pathlatex', get_string('pathlatex', 'filter_tex'), '', $default_filter_tex_pathlatex);
     $items[] = new admin_setting_configexecutable('filter_tex/pathdvips', get_string('pathdvips', 'filter_tex'), '', $default_filter_tex_pathdvips);
     $items[] = new admin_setting_configexecutable('filter_tex/pathconvert', get_string('pathconvert', 'filter_tex'), '', $default_filter_tex_pathconvert);

diff --git a/filter/tex/texdebug.php b/filter/tex/texdebug.php
index c56df3e..37a7bf6 100644 (file)
--- a/filter/tex/texdebug.php
+++ b/filter/tex/texdebug.php
@@ -200,7 +200,7 @@
         // first check if it is likely to work at all
         $output .= "<h3>Checking executables</h3>\n";
         $executables_exist = true;
-        $pathlatex = get_config('filter_tex', 'pathlatex');
+        $pathlatex = trim(get_config('filter_tex', 'pathlatex'), " '\"");
         if (is_file($pathlatex)) {
             $output .= "latex executable ($pathlatex) is readable<br />\n";
         }
@@ -208,7 +208,7 @@
             $executables_exist = false;
             $output .= "<b>Error:</b> latex executable ($pathlatex) is not readable<br />\n";
         }
-        $pathdvips = get_config('filter_tex', 'pathdvips');
+        $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\"");
         if (is_file($pathdvips)) {
             $output .= "dvips executable ($pathdvips) is readable<br />\n";
         }
@@ -216,7 +216,7 @@
             $executables_exist = false;
             $output .= "<b>Error:</b> dvips executable ($pathdvips) is not readable<br />\n";
         }
-        $pathconvert = get_config('filter_tex', 'pathconvert');
+        $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\"");
         if (is_file($pathconvert)) {
             $output .= "convert executable ($pathconvert) is readable<br />\n";
         }
@@ -248,14 +248,17 @@
         chdir($latex->temp_dir);
 
         // step 1: latex command
+        $pathlatex = escapeshellarg($pathlatex);
         $cmd = "$pathlatex --interaction=nonstopmode --halt-on-error $tex";
         $output .= execute($cmd);
 
         // step 2: dvips command
+        $pathdvips = escapeshellarg($pathdvips);
         $cmd = "$pathdvips -E $dvi -o $ps";
         $output .= execute($cmd);
 
         // step 3: convert command
+        $pathconvert = escapeshellarg($pathconvert);
         $cmd = "$pathconvert -density 240 -trim $ps $img ";
         $output .= execute($cmd);