if (! defined $code && ! length $code) {
error gettext("missing tex code");
}
-
- if (check($code)) {
- return create($code, check_height($height), \%params);
- }
- else {
- error gettext("code includes disallowed latex commands")
- }
+ return create($code, check_height($height), \%params);
}
sub check_height ($) {
my $tmp = eval { create_tmp_dir($digest) };
if (! $@ &&
writefile("$digest.tex", $tmp, $tex) &&
- system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 &&
+ system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 &&
# ensure destination directory exists
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
(($config{teximg_dvipng} &&
return $tmpdir;
}
-sub check ($) {
- # Check if the code is ok
- my $code = shift;
-
- my @badthings = (
- qr/\$\$/,
- qr/\\include/,
- qr/\\includegraphic/,
- qr/\\usepackage/,
- qr/\\newcommand/,
- qr/\\renewcommand/,
- qr/\\def/,
- qr/\\input/,
- qr/\\open/,
- qr/\\loop/,
- qr/\\errorstopmode/,
- qr/\\scrollmode/,
- qr/\\batchmode/,
- qr/\\read/,
- qr/\\write/,
- );
-
- foreach my $thing (@badthings) {
- if ($code =~ m/$thing/ ) {
- return 0;
- }
- }
- return 1;
-}
-
1
ikiwiki (3.1415926) UNRELEASED; urgency=low
+ [ Joey Hess ]
* po: Detect if nowrapi18n can't be passed to po4a, and warn about
the old version, but continue. Closes: #541205
* inline: Avoid use of my $_ as it fails with older perls.
* img: Don't generate new verison of image if it is scaled to be
larger in either dimension.
+ [ Josh Triplett ]
+ * teximg: Replace the insufficient blacklist with the built-in security
+ mechanisms of TeX.
+
-- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400
ikiwiki (3.141592) unstable; urgency=low
t/po is currently failing tests 57 and 59 (and I would like to release
soon..) --[[Joey]]
+> They are failing because of commit cdc3576c8d1e (po: do not inject
+> custom bestlink function when `po_link_to` eq `default`). The test
+> suite changes `$config{po_link_to}`, but the `checkconfig` hook is
+> not re-run. I could manually run it when needed in the test-suite,
+> but this would lead to this function being injected several times,
+> and then `$origsubs{'bestlink'}` to be sometimes set to a wrong
+> value, which would break other parts of the test-suite. The best
+> solution I can think of (apart of reverting this commit or disabling
+> these two tests) is to split the test-suite into 3 parts, depending
+> on the `$config{po_link_to}` setting, either in 3 different `.t`
+> files, or inside the existing one and completely reset the IkiWiki
+> environment at the start of these parts... which I did not manage to
+> achieve in the last 2 hours :/ --[[intrigeri]]
+
Documentation
-------------
--- /dev/null
+with version 3.141592 I get
+<pre>
+HOME=/home/me /usr/bin/perl -Iblib/lib ikiwiki.out -libdir . -dumpsetup ikiwiki.setup
+Failed to load plugin IkiWiki::Plugin::inline: Can't use global $_ in "my" at IkiWiki/Plugin/inline.pm line 198, near "my $_"
+Compilation failed in require at (eval 19) line 2.
+BEGIN failed--compilation aborted at (eval 19) line 2.
+</pre>
+
+perl is 5.8.9
I'd like to have some pages of my wiki to be only viewable by some users.
-I could use htaccess for that, but it would force the users to have 2 authentication mecanisms, so I'd prefer to use openID for that too.
+I could use htaccess for that, but it would force the users to have
+2 authentication mecanisms, so I'd prefer to use openID for that too.
-* I'm thinking of adding a "show" parameter to the cgi script, thanks to a plugin similar to goto.
-* When called, it would check the credential using the session stuff (that I don't understand yet). If not enough, it would serve a 403 error of course.
-* If enough, it would read the file locally on the server side and return this as a content.
+* I'm thinking of adding a "show" parameter to the cgi script, thanks
+ to a plugin similar to goto.
+* When called, it would check the credential using the session stuff
+ (that I don't understand yet).
+* If not enough, it would serve a 403 error of course.
+* If enough, it would read the file locally on the server side and
+ return this as a content.
-Then, I'd have to generate the private page the regular way with ikiwiki, and prevent apache from serving them with an appropriate and much more maintainable htaccess file.
+Then, I'd have to generate the private page the regular way with ikiwiki,
+and prevent apache from serving them with an appropriate and
+much more maintainable htaccess file.
-- [[users/emptty]]
> While I'm sure a plugin could do this, it adds so much scalability cost
> and is so counter to ikiwiki's design.. Have you considered using the
> [[plugins/httpauth]] plugin to unify around htaccess auth? --[[Joey]]
+
+>> I'm not speaking of rendering the pages on demand, but to serve them on demand.
+>> They would still be compiled the regular way;
+>> I'll have another look at [[plugins/httpauth]] but I really like the openID whole idea.
+>> --[[emptty]]
+
+>>> How about
+>>> [mod_auth_openid](http://trac.butterfat.net/public/mod_auth_openid), then?
+>>> A plugin for ikiwiki to serve its own pages is far afield from ikiwiki's roots,
+>>> as Joey pointed out, but might be a neat option to have anyway -- for unifying
+>>> authentication across views and edits, for systems not otherwise running
+>>> web servers, for systems with web servers you don't have access to, and
+>>> doubtless for other purposes. Such a plugin would add quite a bit of flexibility,
+>>> and in that sense (IMO, of course) it'd be in the spirit of ikiwiki. --[[schmonz]]