#include "Format.h"
#include "Language.h"
#include "LaTeX.h"
+#include "LyXRC.h"
#include "Mover.h"
+#include "Session.h"
#include "frontends/alert.h"
#include "support/FileNameList.h"
#include "support/filetools.h"
#include "support/gettext.h"
+#include "support/lassert.h"
#include "support/lstrings.h"
#include "support/os.h"
#include "support/Package.h"
string const & c, string const & l)
: from_(f), to_(t), command_(c), flags_(l),
From_(0), To_(0), latex_(false), xml_(false),
- need_aux_(false), nice_(false)
+ need_aux_(false), nice_(false), need_auth_(false)
{}
parselog_ = flag_value;
else if (flag_name == "nice")
nice_ = true;
+ else if (flag_name == "needauth")
+ need_auth_ = true;
}
if (!result_dir_.empty() && result_file_.empty())
result_file_ = "index." + formats.extension(to_);
}
+bool Converters::checkAuth(Converter const & conv, string const & doc_fname)
+{
+ if (!conv.need_auth())
+ return true;
+ const docstring security_warning = bformat(
+ _("<p>The requested operation requires the use of a converter from "
+ "%2$s to %3$s:</p>"
+ "<blockquote><p><tt>%1$s</tt></p></blockquote>"
+ "<p>This external program can execute arbitrary commands on your "
+ "system, including dangerous ones, if instructed to do so by a "
+ "maliciously crafted .lyx document.</p>"),
+ from_utf8(conv.command()), from_utf8(conv.from()),
+ from_utf8(conv.to()));
+ if (lyxrc.use_converter_needauth_forbidden) {
+ frontend::Alert::warning(
+ _("An external converter is disabled for security reasons"),
+ security_warning + _(
+ "<p>Your current settings forbid its execution.</p>"
+ "<p>(To change this setting, go to <i>Preferences ▹ File "
+ "Handling ▹ Converters</i> and uncheck <i>Security ▹ "
+ "Forbid needauth converters</i>.)"), false);
+ return false;
+ }
+ if (!lyxrc.use_converter_needauth)
+ return true;
+ static const docstring security_title =
+ _("An external converter requires your authorization");
+ int choice;
+ const docstring security_warning2 = security_warning +
+ _("<p>Would you like to run this converter?</p>"
+ "<p><b>Only run if you trust the origin/sender of the LyX "
+ "document!</b></p>");
+ if (!doc_fname.empty()) {
+ LYXERR(Debug::FILES, "looking up: " << doc_fname);
+ std::set<std::string> & auth_files = theSession().authFiles().authFiles();
+ if (auth_files.find(doc_fname) == auth_files.end()) {
+ choice = frontend::Alert::prompt(security_title, security_warning2,
+ 0, 0, _("Do ¬ run"), _("&Run"), _("&Always run for this document"));
+ if (choice == 2)
+ auth_files.insert(doc_fname);
+ } else {
+ choice = 1;
+ }
+ } else {
+ choice = frontend::Alert::prompt(security_title, security_warning2,
+ 0, 0, _("Do ¬ run"), _("&Run"));
+ }
+ return choice != 0;
+}
+
+
bool Converters::convert(Buffer const * buffer,
FileName const & from_file, FileName const & to_file,
FileName const & orig_from,
runparams.flavor = getFlavor(edgepath, buffer);
if (buffer) {
- runparams.use_japanese = buffer->params().bufferFormat() == "platex";
+ runparams.use_japanese =
+ buffer->params().bufferFormat() == "latex"
+ && buffer->params().encoding().package() == Encoding::japanese;
runparams.use_indices = buffer->params().use_indices;
- runparams.bibtex_command = (buffer->params().bibtex_command == "default") ?
- string() : buffer->params().bibtex_command;
+ runparams.bibtex_command = buffer->params().bibtexCommand();
runparams.index_command = (buffer->params().index_command == "default") ?
string() : buffer->params().index_command;
runparams.document_language = buffer->params().language->babel();
"tmpfile.out"));
}
+ if (!checkAuth(conv, buffer ? buffer->absFileName() : string()))
+ return false;
+
if (conv.latex()) {
run_latex = true;
string command = conv.command();
namespace {
class ShowMessage
- : public boost::signals::trackable {
+ : public boost::signals2::trackable {
public:
ShowMessage(Buffer const & b) : buffer_(b) {}
void operator()(docstring const & msg) const { buffer_.message(msg); }
for (; it != end ; ++it) {
int const from = formats.getNumber(it->from());
int const to = formats.getNumber(it->to());
+ LASSERT(from >= 0, continue);
+ LASSERT(to >= 0, continue);
G_.addEdge(from, to);
}
}
-vector<Format const *> const
-Converters::intToFormat(vector<int> const & input)
+FormatList const Converters::intToFormat(vector<int> const & input)
{
- vector<Format const *> result(input.size());
+ FormatList result(input.size());
vector<int>::const_iterator it = input.begin();
vector<int>::const_iterator const end = input.end();
- vector<Format const *>::iterator rit = result.begin();
+ FormatList::iterator rit = result.begin();
for ( ; it != end; ++it, ++rit) {
*rit = &formats.get(*it);
}
}
-vector<Format const *> const
-Converters::getReachableTo(string const & target, bool const clear_visited)
+FormatList const Converters::getReachableTo(string const & target,
+ bool const clear_visited)
{
vector<int> const & reachablesto =
G_.getReachableTo(formats.getNumber(target), clear_visited);
}
-vector<Format const *> const
-Converters::getReachable(string const & from, bool const only_viewable,
- bool const clear_visited, set<string> const & excludes)
+FormatList const Converters::getReachable(string const & from,
+ bool const only_viewable, bool const clear_visited,
+ set<string> const & excludes)
{
set<int> excluded_numbers;
}
-vector<Format const *> Converters::importableFormats()
+FormatList Converters::importableFormats()
{
vector<string> l = loaders();
- vector<Format const *> result = getReachableTo(l[0], true);
+ FormatList result = getReachableTo(l[0], true);
vector<string>::const_iterator it = l.begin() + 1;
vector<string>::const_iterator en = l.end();
for (; it != en; ++it) {
- vector<Format const *> r = getReachableTo(*it, false);
+ FormatList r = getReachableTo(*it, false);
result.insert(result.end(), r.begin(), r.end());
}
return result;
}
-vector<Format const *> Converters::exportableFormats(bool only_viewable)
+FormatList Converters::exportableFormats(bool only_viewable)
{
vector<string> s = savers();
- vector<Format const *> result = getReachable(s[0], only_viewable, true);
+ FormatList result = getReachable(s[0], only_viewable, true);
vector<string>::const_iterator it = s.begin() + 1;
vector<string>::const_iterator en = s.end();
for (; it != en; ++it) {
- vector<Format const *> r =
- getReachable(*it, only_viewable, false);
+ FormatList r = getReachable(*it, only_viewable, false);
result.insert(result.end(), r.begin(), r.end());
}
return result;