Re: LilyPond in a CMS [was: Re: Defining custom symbols]
good to know, thanks. On 15 April 2018 at 13:06, Urs Liska wrote: > > > Am 15. April 2018 13:47:43 MESZ schrieb Simon Albrecht < > simon.albre...@mail.de>: > >On 15.04.2018 13:25, Robert Hickman wrote: > >> |Is it sufficient to concatenate the symbol file at the beginning of > >> the user code?| > > > >\include does exactly that: read the contents of the included file > >verbatim. > > That means: yes, you can prohibit the use of \include and instead include > some (safe) code before it even reaches LilyPond. > > Urs > > > > >Best, Simon > > > >___ > >lilypond-user mailing list > >lilypond-user@gnu.org > >https://lists.gnu.org/mailman/listinfo/lilypond-user > ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: LilyPond in a CMS [was: Re: Defining custom symbols]
Am 15. April 2018 13:47:43 MESZ schrieb Simon Albrecht : >On 15.04.2018 13:25, Robert Hickman wrote: >> |Is it sufficient to concatenate the symbol file at the beginning of >> the user code?| > >\include does exactly that: read the contents of the included file >verbatim. That means: yes, you can prohibit the use of \include and instead include some (safe) code before it even reaches LilyPond. Urs > >Best, Simon > >___ >lilypond-user mailing list >lilypond-user@gnu.org >https://lists.gnu.org/mailman/listinfo/lilypond-user ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: LilyPond in a CMS [was: Re: Defining custom symbols]
On 15.04.2018 13:25, Robert Hickman wrote: |Is it sufficient to concatenate the symbol file at the beginning of the user code?| \include does exactly that: read the contents of the included file verbatim. Best, Simon ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: LilyPond in a CMS [was: Re: Defining custom symbols]
Thanks, -dsafe looks like the simplest to use but 'In addition, safe mode disallows \include' which I need to use the symbol file. Is it sufficient to concatenate the symbol file at the beginning of the user code? On 15 April 2018 at 11:45, Malte Meyn wrote: > > > Am 15.04.2018 um 12:41 schrieb Robert Hickman: > >> Second thought: (see my previous, sorry about double posting). >> >> What are the risks of integrating lillypond into a CMS from a security >> perspective, does it allow you to run shell commands for instance? I will >> not be exposing this publicly, just to the admin interface only I use. I >> like to know what exploits anything I use could expose howeaver. >> > > Have a look at the options --jail and -dsafe at > http://lilypond.org/doc/v2.19/Documentation/usage-big-page.html > > ___ > lilypond-user mailing list > lilypond-user@gnu.org > https://lists.gnu.org/mailman/listinfo/lilypond-user > ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
LilyPond in a CMS [was: Re: Defining custom symbols]
Am 15.04.2018 um 12:41 schrieb Robert Hickman: Second thought: (see my previous, sorry about double posting). What are the risks of integrating lillypond into a CMS from a security perspective, does it allow you to run shell commands for instance? I will not be exposing this publicly, just to the admin interface only I use. I like to know what exploits anything I use could expose howeaver. Have a look at the options --jail and -dsafe at http://lilypond.org/doc/v2.19/Documentation/usage-big-page.html ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user