diff options
| author | Joey Hess <joey@gnu.kitenet.net> | 2009-08-29 14:01:03 -0400 |
|---|---|---|
| committer | Joey Hess <joey@gnu.kitenet.net> | 2009-08-29 14:01:03 -0400 |
| commit | 29db15d31cff5e8b59020ad908ea4985e62ff22e (patch) | |
| tree | 3453cc49fcc213f3f998c78923961d2839c71bc0 | |
| parent | 44ce9563a328ecb3b5fa8fd97afa30c3033fca76 (diff) | |
| parent | ef69cb34c355e184b01999cf445793cebc16f0c4 (diff) | |
Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info
| -rw-r--r-- | IkiWiki/Plugin/teximg.pm | 40 | ||||
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | doc/plugins/po.mdwn | 14 | ||||
| -rw-r--r-- | doc/tips/nearlyfreespeech/discussion.mdwn | 9 | ||||
| -rw-r--r-- | doc/todo/Restrict_page_viewing.mdwn | 31 |
5 files changed, 56 insertions, 43 deletions
diff --git a/IkiWiki/Plugin/teximg.pm b/IkiWiki/Plugin/teximg.pm index dba5372b5..f92ed0132 100644 --- a/IkiWiki/Plugin/teximg.pm +++ b/IkiWiki/Plugin/teximg.pm @@ -69,13 +69,7 @@ sub preprocess (@) { if (! defined $code && ! length $code) { error gettext("missing tex code"); } - - if (check($code)) { - return create($code, check_height($height), \%params); - } - else { - error gettext("code includes disallowed latex commands") - } + return create($code, check_height($height), \%params); } sub check_height ($) { @@ -155,7 +149,7 @@ sub gen_image ($$$$) { my $tmp = eval { create_tmp_dir($digest) }; if (! $@ && writefile("$digest.tex", $tmp, $tex) && - system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 && + system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 && # ensure destination directory exists writefile("$imagedir/$digest.png", $config{destdir}, "") && (($config{teximg_dvipng} && @@ -191,34 +185,4 @@ sub create_tmp_dir ($) { return $tmpdir; } -sub check ($) { - # Check if the code is ok - my $code = shift; - - my @badthings = ( - qr/\$\$/, - qr/\\include/, - qr/\\includegraphic/, - qr/\\usepackage/, - qr/\\newcommand/, - qr/\\renewcommand/, - qr/\\def/, - qr/\\input/, - qr/\\open/, - qr/\\loop/, - qr/\\errorstopmode/, - qr/\\scrollmode/, - qr/\\batchmode/, - qr/\\read/, - qr/\\write/, - ); - - foreach my $thing (@badthings) { - if ($code =~ m/$thing/ ) { - return 0; - } - } - return 1; -} - 1 diff --git a/debian/changelog b/debian/changelog index 992692566..a5b07aac1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low + [ Joey Hess ] * po: Detect if nowrapi18n can't be passed to po4a, and warn about the old version, but continue. Closes: #541205 * inline: Avoid use of my $_ as it fails with older perls. @@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low * img: Don't generate new verison of image if it is scaled to be larger in either dimension. + [ Josh Triplett ] + * teximg: Replace the insufficient blacklist with the built-in security + mechanisms of TeX. + -- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400 ikiwiki (3.141592) unstable; urgency=low diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn index 04420c115..9f4cf5564 100644 --- a/doc/plugins/po.mdwn +++ b/doc/plugins/po.mdwn @@ -323,6 +323,20 @@ when building a non-english page? Then the directives would get translated. t/po is currently failing tests 57 and 59 (and I would like to release soon..) --[[Joey]] +> They are failing because of commit cdc3576c8d1e (po: do not inject +> custom bestlink function when `po_link_to` eq `default`). The test +> suite changes `$config{po_link_to}`, but the `checkconfig` hook is +> not re-run. I could manually run it when needed in the test-suite, +> but this would lead to this function being injected several times, +> and then `$origsubs{'bestlink'}` to be sometimes set to a wrong +> value, which would break other parts of the test-suite. The best +> solution I can think of (apart of reverting this commit or disabling +> these two tests) is to split the test-suite into 3 parts, depending +> on the `$config{po_link_to}` setting, either in 3 different `.t` +> files, or inside the existing one and completely reset the IkiWiki +> environment at the start of these parts... which I did not manage to +> achieve in the last 2 hours :/ --[[intrigeri]] + Documentation ------------- diff --git a/doc/tips/nearlyfreespeech/discussion.mdwn b/doc/tips/nearlyfreespeech/discussion.mdwn new file mode 100644 index 000000000..3d4dc732d --- /dev/null +++ b/doc/tips/nearlyfreespeech/discussion.mdwn @@ -0,0 +1,9 @@ +with version 3.141592 I get +<pre> +HOME=/home/me /usr/bin/perl -Iblib/lib ikiwiki.out -libdir . -dumpsetup ikiwiki.setup +Failed to load plugin IkiWiki::Plugin::inline: Can't use global $_ in "my" at IkiWiki/Plugin/inline.pm line 198, near "my $_" +Compilation failed in require at (eval 19) line 2. +BEGIN failed--compilation aborted at (eval 19) line 2. +</pre> + +perl is 5.8.9 diff --git a/doc/todo/Restrict_page_viewing.mdwn b/doc/todo/Restrict_page_viewing.mdwn index ec7b05a51..089d27fff 100644 --- a/doc/todo/Restrict_page_viewing.mdwn +++ b/doc/todo/Restrict_page_viewing.mdwn @@ -1,15 +1,36 @@ I'd like to have some pages of my wiki to be only viewable by some users. -I could use htaccess for that, but it would force the users to have 2 authentication mecanisms, so I'd prefer to use openID for that too. +I could use htaccess for that, but it would force the users to have +2 authentication mecanisms, so I'd prefer to use openID for that too. -* I'm thinking of adding a "show" parameter to the cgi script, thanks to a plugin similar to goto. -* When called, it would check the credential using the session stuff (that I don't understand yet). If not enough, it would serve a 403 error of course. -* If enough, it would read the file locally on the server side and return this as a content. +* I'm thinking of adding a "show" parameter to the cgi script, thanks + to a plugin similar to goto. +* When called, it would check the credential using the session stuff + (that I don't understand yet). +* If not enough, it would serve a 403 error of course. +* If enough, it would read the file locally on the server side and + return this as a content. -Then, I'd have to generate the private page the regular way with ikiwiki, and prevent apache from serving them with an appropriate and much more maintainable htaccess file. +Then, I'd have to generate the private page the regular way with ikiwiki, +and prevent apache from serving them with an appropriate and +much more maintainable htaccess file. -- [[users/emptty]] > While I'm sure a plugin could do this, it adds so much scalability cost > and is so counter to ikiwiki's design.. Have you considered using the > [[plugins/httpauth]] plugin to unify around htaccess auth? --[[Joey]] + +>> I'm not speaking of rendering the pages on demand, but to serve them on demand. +>> They would still be compiled the regular way; +>> I'll have another look at [[plugins/httpauth]] but I really like the openID whole idea. +>> --[[emptty]] + +>>> How about +>>> [mod_auth_openid](http://trac.butterfat.net/public/mod_auth_openid), then? +>>> A plugin for ikiwiki to serve its own pages is far afield from ikiwiki's roots, +>>> as Joey pointed out, but might be a neat option to have anyway -- for unifying +>>> authentication across views and edits, for systems not otherwise running +>>> web servers, for systems with web servers you don't have access to, and +>>> doubtless for other purposes. Such a plugin would add quite a bit of flexibility, +>>> and in that sense (IMO, of course) it'd be in the spirit of ikiwiki. --[[schmonz]] |