X-Git-Url: https://git.lyx.org/gitweb/?a=blobdiff_plain;f=src%2FConverter.cpp;h=6057ccd78c9fce6312754ef64b8142c288236543;hb=2de30c62f8d671a8c8d4d52a6a7310e2c5ca84de;hp=a2e5e9be4938d50760f818528af4a11c46d93fb6;hpb=244de5d2c10a990828eafdd72283fc87742dc133;p=lyx.git diff --git a/src/Converter.cpp b/src/Converter.cpp index a2e5e9be49..6057ccd78c 100644 --- a/src/Converter.cpp +++ b/src/Converter.cpp @@ -23,6 +23,7 @@ #include "LaTeX.h" #include "LyXRC.h" #include "Mover.h" +#include "Session.h" #include "frontends/alert.h" @@ -282,40 +283,48 @@ bool Converters::checkAuth(Converter const & conv, string const & doc_fname) { if (!conv.need_auth()) return true; + const docstring security_warning = bformat( + _("

The requested operation requires the use of a converter from " + "%2$s to %3$s:

" + "

%1$s

" + "

This external program can execute arbitrary commands on your " + "system, including dangerous ones, if instructed to do so by a " + "maliciously crafted .lyx document.

"), + from_utf8(conv.command()), from_utf8(conv.from()), + from_utf8(conv.to())); if (lyxrc.use_converter_needauth_forbidden) { frontend::Alert::warning( - _("Potentially harmful external converters disabled"), - _("Requested operation needs use of a potentially harmful external converter program," - "which is forbidden by default.\nThese converters are tagged by the 'needauth' option. " - "In order to unlock execution of these converters,\nplease, go to " - "Preferences->File Handling->Converters and uncheck " - "Security->Forbid needauth converters."), true); + _("An external converter is disabled for security reasons"), + security_warning + _( + "

Your current settings forbid its execution.

" + "

(To change this setting, go to Preferences ▹ File " + "Handling ▹ Converters and uncheck Security ▹ " + "Forbid needauth converters.)"), false); return false; } if (!lyxrc.use_converter_needauth) return true; - static const docstring security_title = _("Launch of external converter needs user authorization"); - static const char security_warning[] = "LyX is about to run converter '%1$s' which is launching an external program " - "that normally acts as a picture/format converter. However, this external program is known to be able to " - "execute arbitrary actions on the system on behalf of the user, including dangerous ones such as deleting " - "files, if instructed to do so by a maliciously crafted .lyx document.\n\nWould you like to run the converter?\n\n" - "ANSWER RUN ONLY IF YOU TRUST THE ORIGIN/SENDER OF THE LYX DOCUMENT!"; + static const docstring security_title = + _("An external converter requires your authorization"); int choice; + const docstring security_warning2 = security_warning + + _("

Would you like to run this converter?

" + "

Only run if you trust the origin/sender of the LyX " + "document!

"); if (!doc_fname.empty()) { LYXERR(Debug::FILES, "looking up: " << doc_fname); - if (auth_files_.find(doc_fname) == auth_files_.end()) { - choice = frontend::Alert::prompt(security_title, - bformat(_(security_warning), from_utf8(conv.command())), - 0, 0, _("Do &NOT run"), _("&Run"), _("&Always run for this document")); + std::set & auth_files = theSession().authFiles().authFiles(); + if (auth_files.find(doc_fname) == auth_files.end()) { + choice = frontend::Alert::prompt(security_title, security_warning2, + 0, 0, _("Do ¬ run"), _("&Run"), _("&Always run for this document")); if (choice == 2) - auth_files_.insert(doc_fname); + auth_files.insert(doc_fname); } else { choice = 1; } } else { - choice = frontend::Alert::prompt(security_title, - bformat(_(security_warning), from_utf8(conv.command())), - 0, 0, _("Do &NOT run"), _("&Run")); + choice = frontend::Alert::prompt(security_title, security_warning2, + 0, 0, _("Do ¬ run"), _("&Run")); } return choice != 0; } @@ -448,7 +457,7 @@ bool Converters::convert(Buffer const * buffer, "tmpfile.out")); } - if (!checkAuth(conv, buffer->absFileName())) + if (!checkAuth(conv, buffer ? buffer->absFileName() : string())) return false; if (conv.latex()) {