bool const has_shell_escape = contains(conv_command, "-shell-escape")
|| contains(conv_command, "-enable-write18");
if (conv.latex() && has_shell_escape && !use_shell_escape) {
+ // Only change font if gui is available otherwise Qt6 crashes
+ string const cmd = use_gui ? "<tt>" + conv_command + "</tt>"
+ : conv_command;
docstring const shellescape_warning =
bformat(_("<p>The following LaTeX backend has been "
"configured to allow execution of external programs "
"for any document:</p>"
- "<center><p><tt>%1$s</tt></p></center>"
+ "<center><p>%1$s</p></center>"
"<p>This is a dangerous configuration. Please, "
"consider using the support offered by LyX for "
"allowing this privilege only to documents that "
"actually need it, instead.</p>"),
- from_utf8(conv_command));
+ from_utf8(cmd));
frontend::Alert::error(_("Security Warning"),
shellescape_warning , false);
} else if (!conv.latex())
? (has_token ? conv_command.insert(token_pos, "-shell-escape ")
: conv_command.append(" -shell-escape"))
: conv_command;
+ // Only change font if gui is available otherwise Qt6 crashes
+ string const cmd = use_gui ? "<tt>" + command + "</tt>" : command;
docstring const security_warning = (use_shell_escape
? bformat(_("<p>The following LaTeX backend has been requested "
"to allow execution of external programs:</p>"
- "<center><p><tt>%1$s</tt></p></center>"
+ "<center><p>%1$s</p></center>"
"<p>The external programs can execute arbitrary commands on "
"your system, including dangerous ones, if instructed to do "
"so by a maliciously crafted LyX document.</p>"),
- from_utf8(command))
+ from_utf8(cmd))
: bformat(_("<p>The requested operation requires the use of a "
"converter from %2$s to %3$s:</p>"
- "<blockquote><p><tt>%1$s</tt></p></blockquote>"
+ "<blockquote><p>%1$s</p></blockquote>"
"<p>This external program can execute arbitrary commands on "
"your system, including dangerous ones, if instructed to do "
"so by a maliciously crafted LyX document.</p>"),
- from_utf8(command), from_utf8(conv.from()),
+ from_utf8(cmd), from_utf8(conv.from()),
from_utf8(conv.to())));
if (lyxrc.use_converter_needauth_forbidden && !use_shell_escape) {
frontend::Alert::error(
to_utf8(makeRelPath(from_utf8(outfile.absFileName()), from_utf8(path)));
string command = conv.command();
+ BufferParams const & bparams = buffer ? buffer->params() : defaultBufferParams();
command = subst(command, token_from, quoteName(infile2));
command = subst(command, token_base, quoteName(from_base));
command = subst(command, token_to, quoteName(outfile2));
command = subst(command, token_path, quoteName(onlyPath(infile.absFileName())));
command = subst(command, token_orig_path, quoteName(onlyPath(orig_from.absFileName())));
command = subst(command, token_orig_from, quoteName(onlyFileName(orig_from.absFileName())));
- command = subst(command, token_textclass,
- buffer ? quoteName(buffer->params().documentClass().name())
- : string());
- command = subst(command, token_modules,
- buffer ? quoteName(buffer->params().getModules().asString())
- : string());
- command = subst(command, token_encoding,
- buffer ? quoteName(buffer->params().encoding().iconvName())
- : string());
+ command = subst(command, token_textclass, quoteName(bparams.documentClass().name()));
+ string modules = bparams.getModules().asString();
+ // FIXME: remove when SystemCall uses QProcess with the list API.
+ // Currently the QProcess parser is not able to encode an
+ // empty argument as ""; work around this by passing a
+ // single comma, that will be interpreted as a list of two
+ // empty module names.
+ if (modules.empty())
+ modules = ",";
+ command = subst(command, token_modules, quoteName(modules));
+ command = subst(command, token_encoding, quoteName(bparams.encoding().iconvName()));
command = subst(command, token_python, os::python());
if (!conv.parselog().empty())