- const docstring security_warning = bformat(
- _("<p>The requested operation requires the use of a converter from "
- "%2$s to %3$s:"
- "<blockquote><tt>%1$s</tt></blockquote>"
- "<p>This external program can execute arbitrary commands on your "
- "system, including dangerous ones, if instructed to do so by a "
- "maliciously crafted .lyx document.</p>"),
- from_utf8(conv.command()), from_utf8(conv.from()),
- from_utf8(conv.to()));
- if (lyxrc.use_converter_needauth_forbidden) {
- frontend::Alert::warning(
+ size_t const token_pos = conv_command.find("$$");
+ bool const has_token = token_pos != string::npos;
+ string const command = use_shell_escape && !has_shell_escape
+ ? (has_token ? conv_command.insert(token_pos, "-shell-escape ")
+ : conv_command.append(" -shell-escape"))
+ : conv_command;
+ docstring const security_warning = (use_shell_escape
+ ? bformat(_("<p>The following LaTeX backend has been requested "
+ "to allow execution of external programs:</p>"
+ "<center><p><tt>%1$s</tt></p></center>"
+ "<p>The external programs can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.</p>"),
+ from_utf8(command))
+ : bformat(_("<p>The requested operation requires the use of a "
+ "converter from %2$s to %3$s:</p>"
+ "<blockquote><p><tt>%1$s</tt></p></blockquote>"
+ "<p>This external program can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.</p>"),
+ from_utf8(command), from_utf8(conv.from()),
+ from_utf8(conv.to())));
+ if (lyxrc.use_converter_needauth_forbidden && !use_shell_escape) {
+ frontend::Alert::error(