Physikerwelt has uploaded a new change for review.
https://gerrit.wikimedia.org/r/67607
Change subject: (Bug 49169) Draft: Check all tex commands before passing them
to renderer
......................................................................
(Bug 49169) Draft: Check all tex commands before passing them to renderer
This is just the demo that uses the texvc source. It would be
preferrable if the functin would be implemented in php. See the
discussion in the bug report.
Change-Id: I9e4b22b3f08317b7221c4d279e717d18ddb7966b
---
M Math.hooks.php
M Math.php
M MathRenderer.php
3 files changed, 42 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Math
refs/changes/07/67607/1
diff --git a/Math.hooks.php b/Math.hooks.php
index 28798db..c8159c2 100644
--- a/Math.hooks.php
+++ b/Math.hooks.php
@@ -36,13 +36,13 @@
/**
* Callback function for the <math> parser hook.
*
- * @param $content (the LaTeX input)
+ * @param $content the LaTeX input
* @param $attributes
* @param $parser Parser
* @return string
*/
static function mathTagHook( $content, $attributes, $parser ) {
- global $wgContLang, $wgUseMathJax;
+ global $wgContLang, $wgUseMathJax, $wgDisableTexFilter;
if ( trim( $content ) === "" ) { // bug 8372
return "";
}
@@ -50,6 +50,13 @@
$renderer = MathRenderer::getRenderer(
$content, $attributes, $mode
);
+ if (! $wgDisableTexFilter){
+ $checkResult = $renderer->checkTex();
+ if (! ($checkResult === true)){
+ //returns the error message
+ return $checkResult;
+ }
+ }
$renderedMath = $renderer->render();
wfRunHooks( 'MathFormulaRendered',
array(
&$renderer,&$renderedMath,$parser->getTitle()->getArticleID(),
diff --git a/Math.php b/Math.php
index 090039c..feb9d6b 100644
--- a/Math.php
+++ b/Math.php
@@ -121,13 +121,19 @@
/**
* Allows to use LaTeXML as renderer for mathematical equation.
*/
-$wgUseLaTeXML = false;
+$wgUseLaTeXML = true;
/**
* The timeout for the HTTP-Request sent to the LaTeXML to render an equation,
* in seconds.
*/
$wgLaTeXMLTimeout = 240;
+/**
+ * Option to disable the tex filter. If set to true any LaTeX espression is
parsed
+ * this can be a potential security risk. If set to false only a subset of the
tex
+ * commands is allowed. See the wikipedia page Help:Math for details.
+ */
+$wgDisableTexFilter = false;
////////// end of config settings.
diff --git a/MathRenderer.php b/MathRenderer.php
index 8d198bb..7035b93 100644
--- a/MathRenderer.php
+++ b/MathRenderer.php
@@ -47,6 +47,7 @@
protected $storedInDatabase = false;
protected $statusCode = 0;
protected $timestamp;
+ protected $texSecure = false;
/**
* Constructs a base MathRenderer
@@ -485,5 +486,30 @@
$this->changed = true;
$this->statusCode = $statusCode;
}
+
+ /**
+ * Get if the input tex was marked as secure
+ * @return boolean
+ */
+ public function isTexSecure (){
+ return $this->texSecure;
+ }
+
+ public function checkTex(){
+ $this->texSecure = false;
+ //TODO Update tex checking
+
$renderer=self::getRenderer($this->tex,$this->params,MW_MATH_PNG);
+ $texvcResult = $renderer->callTexvc();
+ if( $texvcResult === MathTexvc::MW_TEXVC_SUCCESS) {
+ $this->tex = $renderer->getSecureTex();
+ $this->texSecure = true;
+ wfDebugLog('Math', 'checkTex successful tex is now:
'.$this->tex);
+ return true;
+ } else {
+ wfDebugLog('Math', 'checkTex failed:'.$texvcResult);
+ return $texvcResult;
+ }
+
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/67607
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9e4b22b3f08317b7221c4d279e717d18ddb7966b
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Math
Gerrit-Branch: LaTeXML
Gerrit-Owner: Physikerwelt <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
