See Release Notes
Long Term Support Release
<?php // This file is part of Moodle - http://moodle.org/ // // Moodle is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // Moodle is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with Moodle. If not, see <http://www.gnu.org/licenses/>. /** * TeX filter library functions. * * @package filter * @subpackage tex * @copyright 2004 Zbigniew Fiedorowicz fiedorow@math.ohio-state.edu * Originally based on code provided by Bruno Vernier bruno@vsbeducation.ca * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ defined('MOODLE_INTERNAL') || die(); function filter_tex_get_executable($debug=false) { global $CFG; if ((PHP_OS == "WINNT") || (PHP_OS == "WIN32") || (PHP_OS == "Windows")) { return "$CFG->dirroot/filter/tex/mimetex.exe"; } if ($pathmimetex = get_config('filter_tex', 'pathmimetex')) { if (is_executable($pathmimetex)) { return $pathmimetex; } else { print_error('mimetexnotexecutable', 'error'); } } $custom_commandpath = "$CFG->dirroot/filter/tex/mimetex"; if (file_exists($custom_commandpath)) { if (is_executable($custom_commandpath)) { return $custom_commandpath; } else { print_error('mimetexnotexecutable', 'error'); } } switch (PHP_OS) { case "Linux": return "$CFG->dirroot/filter/tex/mimetex.linux"; case "Darwin": return "$CFG->dirroot/filter/tex/mimetex.darwin"; case "FreeBSD": return "$CFG->dirroot/filter/tex/mimetex.freebsd"; } print_error('mimetexisnotexist', 'error'); }< function filter_tex_sanitize_formula($texexp) { < /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)> /** > * Check the formula expression against the list of denied keywords. > * > * List of allowed could be more complete but also harder to maintain. > * > * @param string $texexp Formula expression to check. > * @return string Formula expression with denied keywords replaced with 'forbiddenkeyword'. > */ > function filter_tex_sanitize_formula(string $texexp): string { >$denylist = [ 'include','command','loop','repeat','open','toks','output', 'input','catcode','name','^^', '\def','\edef','\gdef','\xdef', '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode', '\batchmode','\read','\write','csname','\newhelp','\uppercase', '\lowercase','\relax','\aftergroup', '\afterassignment','\expandafter','\noexpand','\special', '\let', '\futurelet','\else','\fi','\chardef','\makeatletter','\afterground', '\noexpand','\line','\mathcode','\item','\section','\mbox','\declarerobustcommand',< '\ExplSyntaxOn',]; $allowlist = ['inputenc']; // Prepare the denylist for regular expression. $denylist = array_map(function($value){ return '/' . preg_quote($value, '/') . '/i'; }, $denylist); // Prepare the allowlist for regular expression. $allowlist = array_map(function($value){ return '/\bforbiddenkeyword_(' . preg_quote($value, '/') . ')\b/i'; }, $allowlist); // First, mangle all denied words. $texexp = preg_replace_callback($denylist, function($matches) { return 'forbiddenkeyword_' . $matches[0]; }, $texexp ); // Then, change back the allowed words. $texexp = preg_replace_callback($allowlist, function($matches) { return $matches[1]; }, $texexp ); return $texexp; } function filter_tex_get_cmd($pathname, $texexp) { $texexp = filter_tex_sanitize_formula($texexp); $texexp = escapeshellarg($texexp); $executable = filter_tex_get_executable(false); if ((PHP_OS == "WINNT") || (PHP_OS == "WIN32") || (PHP_OS == "Windows")) { $executable = str_replace(' ', '^ ', $executable); return "$executable ++ -e \"$pathname\" -- $texexp"; } else { return "\"$executable\" -e \"$pathname\" -- $texexp"; } } /** * Purge all caches when settings changed. */ function filter_tex_updatedcallback($name) { global $CFG, $DB; reset_text_filters_cache(); if (file_exists("$CFG->dataroot/filter/tex")) { remove_dir("$CFG->dataroot/filter/tex"); } if (file_exists("$CFG->dataroot/filter/algebra")) { remove_dir("$CFG->dataroot/filter/algebra"); } if (file_exists("$CFG->tempdir/latex")) { remove_dir("$CFG->tempdir/latex"); } $DB->delete_records('cache_filters', array('filter'=>'tex')); $DB->delete_records('cache_filters', array('filter'=>'algebra')); $pathlatex = get_config('filter_tex', 'pathlatex'); if ($pathlatex === false) { // detailed settings not present yet return; } $pathlatex = trim($pathlatex, " '\""); $pathdvips = trim(get_config('filter_tex', 'pathdvips'), " '\""); $pathconvert = trim(get_config('filter_tex', 'pathconvert'), " '\""); $pathdvisvgm = trim(get_config('filter_tex', 'pathdvisvgm'), " '\""); $supportedformats = array('gif'); if ((is_file($pathlatex) && is_executable($pathlatex)) && (is_file($pathdvips) && is_executable($pathdvips))) { if (is_file($pathconvert) && is_executable($pathconvert)) { $supportedformats[] = 'png'; } if (is_file($pathdvisvgm) && is_executable($pathdvisvgm)) { $supportedformats[] = 'svg'; } } if (!in_array(get_config('filter_tex', 'convertformat'), $supportedformats)) { set_config('convertformat', array_pop($supportedformats), 'filter_tex'); } }