Re: [LyX/master] Add accelerator

Mon, 12 Jun 2017 10:38:52 -0700 

On Mon, Jun 12, 2017 at 10:07:55AM +0200, Jürgen Spitzmüller wrote:
> 2017-06-11 19:50 GMT+02:00 Enrico Forestieri <for...@lyx.org>:
> > On Sun, Jun 11, 2017 at 07:23:45PM +0200, Jürgen Spitzmüller wrote:
> > >
> > > As I said, I propose that the user has to explicitly acknowledge a
> > > warning message (with "Do not show again for this document" checkbox)
> > > before the document is processed.
> >
> > Remember that we now have the needsauth (or whatever it is called) option
> > now, so that we could also exploit it.
> >
> 
> Yes, right.

The attached patch does this. It hooks into the needauth machinery and
everytime any latex converter is called to typeset a minted document,
the needauth dialogs are used. It is not needed to explicitly set the
needauth flag and the -shell-escape option is automatically set for the
current latex run. The user can choose to not be bothered by those
questions for this particular document, so that no question is asked
afterwards.

However, I think I have to wait for a nod before applying this patch.

-- 
Enrico

diff --git a/src/Converter.cpp b/src/Converter.cpp
index 6e10b18..a84c535 100644
--- a/src/Converter.cpp
+++ b/src/Converter.cpp
@@ -279,20 +279,29 @@ OutputParams::FLAVOR 
Converters::getFlavor(Graph::EdgePath const & path,
 }
 
 
-bool Converters::checkAuth(Converter const & conv, string const & doc_fname)
+bool Converters::checkAuth(Converter const & conv, string const & doc_fname,
+                          bool use_minted)
 {
-       if (!conv.need_auth())
+       if (!conv.need_auth() && !use_minted)
                return true;
-       const docstring security_warning = bformat(
+       string conv_command = conv.command();
+       bool const has_shell_escape = contains(conv_command, "-shell-escape");
+       size_t const token_pos = conv_command.find("$$");
+       bool const has_token = token_pos != string::npos;
+       string const command = conv.latex() && use_minted && !has_shell_escape
+               ? (has_token ? conv_command.insert(token_pos, "-shell-escape ")
+                            : conv_command.append(" -shell-escape"))
+               : conv_command;
+       docstring const security_warning = bformat(
              _("<p>The requested operation requires the use of a converter 
from "
                "%2$s to %3$s:</p>"
                "<blockquote><p><tt>%1$s</tt></p></blockquote>"
                "<p>This external program can execute arbitrary commands on 
your "
                "system, including dangerous ones, if instructed to do so by a "
                "maliciously crafted .lyx document.</p>"),
-             from_utf8(conv.command()), from_utf8(conv.from()),
+             from_utf8(command), from_utf8(conv.from()),
              from_utf8(conv.to()));
-       if (lyxrc.use_converter_needauth_forbidden) {
+       if (lyxrc.use_converter_needauth_forbidden && !use_minted) {
                frontend::Alert::error(
                    _("An external converter is disabled for security reasons"),
                    security_warning + _(
@@ -302,7 +311,7 @@ bool Converters::checkAuth(Converter const & conv, string 
const & doc_fname)
                    "Forbid needauth converters</i>.)"), false);
                return false;
        }
-       if (!lyxrc.use_converter_needauth)
+       if (!lyxrc.use_converter_needauth && !use_minted)
                return true;
        static const docstring security_title =
                _("An external converter requires your authorization");
@@ -459,7 +468,8 @@ bool Converters::convert(Buffer const * buffer,
                                                   "tmpfile.out"));
                }
 
-               if (!checkAuth(conv, buffer ? buffer->absFileName() : string()))
+               if (!checkAuth(conv, buffer ? buffer->absFileName() : string(),
+                              buffer && buffer->params().use_minted))
                        return false;
 
                if (conv.latex()) {
@@ -470,6 +480,10 @@ bool Converters::convert(Buffer const * buffer,
                        command = subst(command, token_from, "");
                        command = subst(command, token_latex_encoding,
                                        
buffer->params().encoding().latexName());
+                       if (buffer->params().use_minted
+                           && !contains(command, "-shell-escape"))
+                               command += " -shell-escape ";
+
                        LYXERR(Debug::FILES, "Running " << command);
                        if (!runLaTeX(*buffer, command, runparams, errorList))
                                return false;
diff --git a/src/Converter.h b/src/Converter.h
index 1ea7327..297083c 100644
--- a/src/Converter.h
+++ b/src/Converter.h
@@ -194,7 +194,8 @@ public:
        /// authorization is: always denied if 
lyxrc.use_converter_needauth_forbidden
        /// is enabled; always allowed if the lyxrc.use_converter_needauth
        /// is disabled; user is prompted otherwise
-       bool checkAuth(Converter const & conv, std::string const & doc_fname);
+       bool checkAuth(Converter const & conv, std::string const & doc_fname,
+                      bool use_minted = false);
 
 private:
        ///

Reply via email to