X-Git-Url: https://git.lyx.org/gitweb/?a=blobdiff_plain;f=src%2FConverter.cpp;h=104ad0a42c49eea8281ea69da72c5c80ae7d5b33;hb=808339790c94b0bffa316efddc7e913bd83c91c7;hp=58e486e67d3dde4b2fe6aad4de2ba1ca2a5f9a96;hpb=014bc7805e8a9eca1096db67b1e9d26e1ff6c7e2;p=lyx.git
diff --git a/src/Converter.cpp b/src/Converter.cpp
index 58e486e67d..104ad0a42c 100644
--- a/src/Converter.cpp
+++ b/src/Converter.cpp
@@ -21,7 +21,9 @@
#include "Format.h"
#include "Language.h"
#include "LaTeX.h"
+#include "LyXRC.h"
#include "Mover.h"
+#include "Session.h"
#include "frontends/alert.h"
@@ -100,7 +102,7 @@ Converter::Converter(string const & f, string const & t,
string const & c, string const & l)
: from_(f), to_(t), command_(c), flags_(l),
From_(0), To_(0), latex_(false), xml_(false),
- need_aux_(false), nice_(false)
+ need_aux_(false), nice_(false), need_auth_(false)
{}
@@ -128,9 +130,11 @@ void Converter::readFlags()
parselog_ = flag_value;
else if (flag_name == "nice")
nice_ = true;
+ else if (flag_name == "needauth")
+ need_auth_ = true;
}
if (!result_dir_.empty() && result_file_.empty())
- result_file_ = "index." + formats.extension(to_);
+ result_file_ = "index." + theFormats().extension(to_);
//if (!contains(command, token_from))
// latex = true;
}
@@ -164,8 +168,8 @@ int Converters::getNumber(string const & from, string const & to) const
void Converters::add(string const & from, string const & to,
string const & command, string const & flags)
{
- formats.add(from);
- formats.add(to);
+ theFormats().add(from);
+ theFormats().add(to);
ConverterList::iterator it = find_if(converterlist_.begin(),
converterlist_.end(),
ConverterEqual(from , to));
@@ -275,6 +279,57 @@ OutputParams::FLAVOR Converters::getFlavor(Graph::EdgePath const & path,
}
+bool Converters::checkAuth(Converter const & conv, string const & doc_fname)
+{
+ if (!conv.need_auth())
+ return true;
+ const docstring security_warning = bformat(
+ _("The requested operation requires the use of a converter from "
+ "%2$s to %3$s:
"
+ "%1$s
"
+ "This external program can execute arbitrary commands on your "
+ "system, including dangerous ones, if instructed to do so by a "
+ "maliciously crafted .lyx document.
"),
+ from_utf8(conv.command()), from_utf8(conv.from()),
+ from_utf8(conv.to()));
+ if (lyxrc.use_converter_needauth_forbidden) {
+ frontend::Alert::error(
+ _("An external converter is disabled for security reasons"),
+ security_warning + _(
+ "Your current preference settings forbid its execution.
"
+ "(To change this setting, go to Preferences ▹ File "
+ "Handling ▹ Converters and uncheck Security ▹ "
+ "Forbid needauth converters.)"), false);
+ return false;
+ }
+ if (!lyxrc.use_converter_needauth)
+ return true;
+ static const docstring security_title =
+ _("An external converter requires your authorization");
+ int choice;
+ const docstring security_warning2 = security_warning +
+ _("
Would you like to run this converter?
"
+ "Only run if you trust the origin/sender of the LyX "
+ "document!
");
+ if (!doc_fname.empty()) {
+ LYXERR(Debug::FILES, "looking up: " << doc_fname);
+ std::set & auth_files = theSession().authFiles().authFiles();
+ if (auth_files.find(doc_fname) == auth_files.end()) {
+ choice = frontend::Alert::prompt(security_title, security_warning2,
+ 0, 0, _("Do ¬ run"), _("&Run"), _("&Always run for this document"));
+ if (choice == 2)
+ auth_files.insert(doc_fname);
+ } else {
+ choice = 1;
+ }
+ } else {
+ choice = frontend::Alert::prompt(security_title, security_warning2,
+ 0, 0, _("Do ¬ run"), _("&Run"));
+ }
+ return choice != 0;
+}
+
+
bool Converters::convert(Buffer const * buffer,
FileName const & from_file, FileName const & to_file,
FileName const & orig_from,
@@ -295,8 +350,8 @@ bool Converters::convert(Buffer const * buffer,
// default one from ImageMagic.
string const from_ext = from_format.empty() ?
getExtension(from_file.absFileName()) :
- formats.extension(from_format);
- string const to_ext = formats.extension(to_format);
+ theFormats().extension(from_format);
+ string const to_ext = theFormats().extension(to_format);
string const command =
os::python() + ' ' +
quoteName(libFileSearch("scripts", "convertDefault.py").toFilesystemEncoding()) +
@@ -343,11 +398,13 @@ bool Converters::convert(Buffer const * buffer,
buffer->params().bufferFormat() == "latex"
&& buffer->params().encoding().package() == Encoding::japanese;
runparams.use_indices = buffer->params().use_indices;
- runparams.bibtex_command = (buffer->params().bibtex_command == "default") ?
- string() : buffer->params().bibtex_command;
+ runparams.bibtex_command = buffer->params().bibtexCommand();
runparams.index_command = (buffer->params().index_command == "default") ?
string() : buffer->params().index_command;
runparams.document_language = buffer->params().language->babel();
+ runparams.only_childbibs = !buffer->params().useBiblatex()
+ && !buffer->params().useBibtopic()
+ && buffer->params().multibib == "child";
}
// Some converters (e.g. lilypond) can only output files to the
@@ -402,17 +459,24 @@ bool Converters::convert(Buffer const * buffer,
"tmpfile.out"));
}
+ if (!checkAuth(conv, buffer ? buffer->absFileName() : string()))
+ return false;
+
if (conv.latex()) {
+ // We are not importing, we have a buffer
+ LATTEST(buffer);
run_latex = true;
string command = conv.command();
command = subst(command, token_from, "");
- command = subst(command, token_latex_encoding, buffer ?
- buffer->params().encoding().latexName() : string());
+ command = subst(command, token_latex_encoding,
+ buffer->params().encoding().latexName());
LYXERR(Debug::FILES, "Running " << command);
if (!runLaTeX(*buffer, command, runparams, errorList))
return false;
} else {
if (conv.need_aux() && !run_latex) {
+ // We are not importing, we have a buffer
+ LATTEST(buffer);
string command;
switch (runparams.flavor) {
case OutputParams::DVILUATEX:
@@ -701,15 +765,15 @@ bool Converters::runLaTeX(Buffer const & buffer, string const & command,
void Converters::buildGraph()
{
// clear graph's data structures
- G_.init(formats.size());
+ G_.init(theFormats().size());
// each of the converters knows how to convert one format to another
// so, for each of them, we create an arrow on the graph, going from
// the one to the other
ConverterList::iterator it = converterlist_.begin();
ConverterList::iterator const end = converterlist_.end();
for (; it != end ; ++it) {
- int const from = formats.getNumber(it->from());
- int const to = formats.getNumber(it->to());
+ int const from = theFormats().getNumber(it->from());
+ int const to = theFormats().getNumber(it->to());
LASSERT(from >= 0, continue);
LASSERT(to >= 0, continue);
G_.addEdge(from, to);
@@ -725,7 +789,7 @@ FormatList const Converters::intToFormat(vector const & input)
vector::const_iterator const end = input.end();
FormatList::iterator rit = result.begin();
for ( ; it != end; ++it, ++rit) {
- *rit = &formats.get(*it);
+ *rit = &theFormats().get(*it);
}
return result;
}
@@ -735,7 +799,7 @@ FormatList const Converters::getReachableTo(string const & target,
bool const clear_visited)
{
vector const & reachablesto =
- G_.getReachableTo(formats.getNumber(target), clear_visited);
+ G_.getReachableTo(theFormats().getNumber(target), clear_visited);
return intToFormat(reachablesto);
}
@@ -750,10 +814,10 @@ FormatList const Converters::getReachable(string const & from,
set::const_iterator sit = excludes.begin();
set::const_iterator const end = excludes.end();
for (; sit != end; ++sit)
- excluded_numbers.insert(formats.getNumber(*sit));
+ excluded_numbers.insert(theFormats().getNumber(*sit));
vector const & reachables =
- G_.getReachable(formats.getNumber(from),
+ G_.getReachable(theFormats().getNumber(from),
only_viewable,
clear_visited,
excluded_numbers);
@@ -764,15 +828,15 @@ FormatList const Converters::getReachable(string const & from,
bool Converters::isReachable(string const & from, string const & to)
{
- return G_.isReachable(formats.getNumber(from),
- formats.getNumber(to));
+ return G_.isReachable(theFormats().getNumber(from),
+ theFormats().getNumber(to));
}
Graph::EdgePath Converters::getPath(string const & from, string const & to)
{
- return G_.getPath(formats.getNumber(from),
- formats.getNumber(to));
+ return G_.getPath(theFormats().getNumber(from),
+ theFormats().getNumber(to));
}