#include "LaTeX.h"
#include "LyXRC.h"
#include "Mover.h"
+#include "Session.h"
#include "frontends/alert.h"
{
if (!conv.need_auth())
return true;
+ const docstring security_warning = bformat(
+ _("<p>The requested operation requires the use of a converter from "
+ "%2$s to %3$s:</p>"
+ "<blockquote><p><tt>%1$s</tt></p></blockquote>"
+ "<p>This external program can execute arbitrary commands on your "
+ "system, including dangerous ones, if instructed to do so by a "
+ "maliciously crafted .lyx document.</p>"),
+ from_utf8(conv.command()), from_utf8(conv.from()),
+ from_utf8(conv.to()));
if (lyxrc.use_converter_needauth_forbidden) {
- frontend::Alert::warning(
- _("Potentially harmful external converters disabled"),
- _("Requested operation needs use of a potentially harmful external converter program,"
- "which is forbidden by default.\nThese converters are tagged by the 'needauth' option. "
- "In order to unlock execution of these converters,\nplease, go to "
- "Preferences->File Handling->Converters and uncheck "
- "Security->Forbid needauth converters."), true);
+ frontend::Alert::error(
+ _("An external converter is disabled for security reasons"),
+ security_warning + _(
+ "<p><b>Your current preference settings forbid its execution.</b></p>"
+ "<p>(To change this setting, go to <i>Preferences ▹ File "
+ "Handling ▹ Converters</i> and uncheck <i>Security ▹ "
+ "Forbid needauth converters</i>.)"), false);
return false;
}
if (!lyxrc.use_converter_needauth)
return true;
- static const docstring security_title = _("Launch of external converter needs user authorization");
- static const char security_warning[] = "LyX is about to run converter '%1$s' which is launching an external program "
- "that normally acts as a picture/format converter. However, this external program is known to be able to "
- "execute arbitrary actions on the system on behalf of the user, including dangerous ones such as deleting "
- "files, if instructed to do so by a maliciously crafted .lyx document.\n\nWould you like to run the converter?\n\n"
- "ANSWER RUN ONLY IF YOU TRUST THE ORIGIN/SENDER OF THE LYX DOCUMENT!";
+ static const docstring security_title =
+ _("An external converter requires your authorization");
int choice;
+ const docstring security_warning2 = security_warning +
+ _("<p>Would you like to run this converter?</p>"
+ "<p><b>Only run if you trust the origin/sender of the LyX "
+ "document!</b></p>");
if (!doc_fname.empty()) {
LYXERR(Debug::FILES, "looking up: " << doc_fname);
- if (auth_files_.find(doc_fname) == auth_files_.end()) {
- choice = frontend::Alert::prompt(security_title,
- bformat(_(security_warning), from_utf8(conv.command())),
- 0, 0, _("Do &NOT run"), _("&Run"), _("&Always run for this document"));
+ std::set<std::string> & auth_files = theSession().authFiles().authFiles();
+ if (auth_files.find(doc_fname) == auth_files.end()) {
+ choice = frontend::Alert::prompt(security_title, security_warning2,
+ 0, 0, _("Do ¬ run"), _("&Run"), _("&Always run for this document"));
if (choice == 2)
- auth_files_.insert(doc_fname);
+ auth_files.insert(doc_fname);
} else {
choice = 1;
}
} else {
- choice = frontend::Alert::prompt(security_title,
- bformat(_(security_warning), from_utf8(conv.command())),
- 0, 0, _("Do &NOT run"), _("&Run"));
+ choice = frontend::Alert::prompt(security_title, security_warning2,
+ 0, 0, _("Do ¬ run"), _("&Run"));
}
return choice != 0;
}
buffer->params().bufferFormat() == "latex"
&& buffer->params().encoding().package() == Encoding::japanese;
runparams.use_indices = buffer->params().use_indices;
- runparams.bibtex_command = (buffer->params().bibtex_command == "default") ?
- string() : buffer->params().bibtex_command;
+ runparams.bibtex_command = buffer->params().bibtexCommand();
runparams.index_command = (buffer->params().index_command == "default") ?
string() : buffer->params().index_command;
runparams.document_language = buffer->params().language->babel();
"tmpfile.out"));
}
- if (!checkAuth(conv, buffer->absFileName()))
+ if (!checkAuth(conv, buffer ? buffer->absFileName() : string()))
return false;
if (conv.latex()) {