- if (lyxrc.use_converter_needauth_forbidden) {
- frontend::Alert::warning(
- _("Potentially harmful external converters disabled"),
- _("Requested operation needs use of a potentially harmful external converter program, "
- "which is forbidden by default.\nThese converters are tagged by the 'needauth' option. "
- "In order to unlock execution of these converters,\nplease, go to "
- "Preferences->File Handling->Converters and uncheck "
- "Security->Forbid needauth converters."), true);
+ size_t const token_pos = conv_command.find("$$");
+ bool const has_token = token_pos != string::npos;
+ string const command = use_shell_escape && !has_shell_escape
+ ? (has_token ? conv_command.insert(token_pos, "-shell-escape ")
+ : conv_command.append(" -shell-escape"))
+ : conv_command;
+ docstring const security_warning = (use_shell_escape
+ ? bformat(_("<p>The following LaTeX backend has been requested "
+ "to allow execution of external programs:</p>"
+ "<center><p><tt>%1$s</tt></p></center>"
+ "<p>The external programs can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.</p>"),
+ from_utf8(command))
+ : bformat(_("<p>The requested operation requires the use of a "
+ "converter from %2$s to %3$s:</p>"
+ "<blockquote><p><tt>%1$s</tt></p></blockquote>"
+ "<p>This external program can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.</p>"),
+ from_utf8(command), from_utf8(conv.from()),
+ from_utf8(conv.to())));
+ if (lyxrc.use_converter_needauth_forbidden && !use_shell_escape) {
+ frontend::Alert::error(
+ _("An external converter is disabled for security reasons"),
+ security_warning + _(
+ "<p><b>Your current preference settings forbid its execution.</b></p>"
+ "<p>(To change this setting, go to <i>Preferences ▹ File "
+ "Handling ▹ Converters</i> and uncheck <i>Security ▹ "
+ "Forbid needauth converters</i>.)"), false);