X-Git-Url: https://git.lyx.org/gitweb/?a=blobdiff_plain;f=src%2FConverter.cpp;h=664a4bb7180a32fe615384c8a584d277c48b0a99;hb=63c1979401271381e7667f8e55a018a728788aaa;hp=489f5df439b62da275bf54f2265bad1b3313b337;hpb=e30f3d76d2bee0011ceaeb5f0cc221156458cbad;p=lyx.git
diff --git a/src/Converter.cpp b/src/Converter.cpp
index 489f5df439..664a4bb718 100644
--- a/src/Converter.cpp
+++ b/src/Converter.cpp
@@ -19,14 +19,18 @@
#include "Encoding.h"
#include "ErrorList.h"
#include "Format.h"
+#include "InsetList.h"
#include "Language.h"
#include "LaTeX.h"
#include "LyXRC.h"
#include "Mover.h"
+#include "ParagraphList.h"
#include "Session.h"
#include "frontends/alert.h"
+#include "insets/InsetInclude.h"
+
#include "support/debug.h"
#include "support/FileNameList.h"
#include "support/filetools.h"
@@ -279,20 +283,52 @@ OutputParams::FLAVOR Converters::getFlavor(Graph::EdgePath const & path,
}
-bool Converters::checkAuth(Converter const & conv, string const & doc_fname)
+bool Converters::checkAuth(Converter const & conv, string const & doc_fname,
+ bool use_shell_escape)
{
- if (!conv.need_auth())
+ string conv_command = conv.command();
+ bool const has_shell_escape = contains(conv_command, "-shell-escape")
+ || contains(conv_command, "-enable-write18");
+ if (conv.latex() && has_shell_escape && !use_shell_escape) {
+ docstring const shellescape_warning =
+ bformat(_("The following LaTeX backend has been "
+ "configured to allow execution of external programs "
+ "for any document:
"
+ "%1$s
"
+ "This is a dangerous configuration. Please, "
+ "consider using the support offered by LyX for "
+ "allowing this privilege only to documents that "
+ "actually need it, instead.
"),
+ from_utf8(conv_command));
+ frontend::Alert::error(_("Security Warning"),
+ shellescape_warning , false);
+ } else if (!conv.latex())
+ use_shell_escape = false;
+ if (!conv.need_auth() && !use_shell_escape)
return true;
- const docstring security_warning = bformat(
- _("The requested operation requires the use of a converter from "
- "%2$s to %3$s:
"
+ size_t const token_pos = conv_command.find("$$");
+ bool const has_token = token_pos != string::npos;
+ string const command = use_shell_escape && !has_shell_escape
+ ? (has_token ? conv_command.insert(token_pos, "-shell-escape ")
+ : conv_command.append(" -shell-escape"))
+ : conv_command;
+ docstring const security_warning = (use_shell_escape
+ ? bformat(_("The following LaTeX backend has been requested "
+ "to allow execution of external programs:
"
+ "%1$s
"
+ "The external programs can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.
"),
+ from_utf8(command))
+ : bformat(_("The requested operation requires the use of a "
+ "converter from %2$s to %3$s:
"
"%1$s
"
- "This external program can execute arbitrary commands on your "
- "system, including dangerous ones, if instructed to do so by a "
- "maliciously crafted .lyx document.
"),
- from_utf8(conv.command()), from_utf8(conv.from()),
- from_utf8(conv.to()));
- if (lyxrc.use_converter_needauth_forbidden) {
+ "This external program can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.
"),
+ from_utf8(command), from_utf8(conv.from()),
+ from_utf8(conv.to())));
+ if (lyxrc.use_converter_needauth_forbidden && !use_shell_escape) {
frontend::Alert::error(
_("An external converter is disabled for security reasons"),
security_warning + _(
@@ -302,29 +338,47 @@ bool Converters::checkAuth(Converter const & conv, string const & doc_fname)
"Forbid needauth converters.)"), false);
return false;
}
- if (!lyxrc.use_converter_needauth)
+ if (!lyxrc.use_converter_needauth && !use_shell_escape)
return true;
- static const docstring security_title =
- _("An external converter requires your authorization");
+ docstring const security_title = use_shell_escape
+ ? _("A LaTeX backend requires your authorization")
+ : _("An external converter requires your authorization");
int choice;
- const docstring security_warning2 = security_warning +
- _("Would you like to run this converter?
"
- "Only run if you trust the origin/sender of the LyX "
- "document!
");
+ docstring const security_warning2 = security_warning + (use_shell_escape
+ ? _("Should LaTeX backends be allowed to run external "
+ "programs?
Allow them only if you trust the "
+ "origin/sender of the LyX document!
")
+ : _("Would you like to run this converter?
"
+ "Only run if you trust the origin/sender of the LyX "
+ "document!
"));
+ docstring const no = use_shell_escape
+ ? _("Do ¬ allow") : _("Do ¬ run");
+ docstring const yes = use_shell_escape ? _("A&llow") : _("&Run");
+ docstring const always = use_shell_escape
+ ? _("&Always allow for this document")
+ : _("&Always run for this document");
if (!doc_fname.empty()) {
LYXERR(Debug::FILES, "looking up: " << doc_fname);
- std::set & auth_files = theSession().authFiles().authFiles();
- if (auth_files.find(doc_fname) == auth_files.end()) {
- choice = frontend::Alert::prompt(security_title, security_warning2,
- 0, 0, _("Do ¬ run"), _("&Run"), _("&Always run for this document"));
- if (choice == 2)
- auth_files.insert(doc_fname);
+ bool authorized = use_shell_escape
+ ? theSession().shellescapeFiles().findAuth(doc_fname)
+ : theSession().authFiles().find(doc_fname);
+ if (!authorized) {
+ choice = frontend::Alert::prompt(security_title,
+ security_warning2,
+ 0, 0, no, yes, always);
+ if (choice == 2) {
+ if (use_shell_escape)
+ theSession().shellescapeFiles().insert(doc_fname, true);
+ else
+ theSession().authFiles().insert(doc_fname);
+ }
} else {
choice = 1;
}
} else {
- choice = frontend::Alert::prompt(security_title, security_warning2,
- 0, 0, _("Do ¬ run"), _("&Run"));
+ choice = frontend::Alert::prompt(security_title,
+ security_warning2,
+ 0, 0, no, yes);
}
return choice != 0;
}
@@ -395,7 +449,8 @@ bool Converters::convert(Buffer const * buffer,
if (buffer) {
runparams.use_japanese =
- buffer->params().bufferFormat() == "latex"
+ (buffer->params().bufferFormat() == "latex"
+ || suffixIs(buffer->params().bufferFormat(), "-ja"))
&& buffer->params().encoding().package() == Encoding::japanese;
runparams.use_indices = buffer->params().use_indices;
runparams.bibtex_command = buffer->params().bibtexCommand();
@@ -459,7 +514,42 @@ bool Converters::convert(Buffer const * buffer,
"tmpfile.out"));
}
- if (!checkAuth(conv, buffer ? buffer->absFileName() : string()))
+ if (buffer && buffer->params().use_minted
+ && lyxrc.pygmentize_command.empty() && conv.latex()) {
+ bool dowarn = false;
+ // Warn only if listings insets are actually used
+ for (Paragraph const & par : buffer->paragraphs()) {
+ InsetList const & insets = par.insetList();
+ pos_type lstpos = insets.find(LISTINGS_CODE, 0);
+ pos_type incpos = insets.find(INCLUDE_CODE, 0);
+ if (incpos >= 0) {
+ InsetInclude const * include =
+ static_cast
+ (insets.get(incpos));
+ if (include->params().getCmdName() !=
+ "inputminted") {
+ incpos = -1;
+ }
+ }
+ if (lstpos >= 0 || incpos >= 0) {
+ dowarn = true;
+ break;
+ }
+ }
+ if (dowarn) {
+ Alert::warning(_("Pygments driver command not found!"),
+ _("The driver command necessary to use the minted package\n"
+ "(pygmentize) has not been found. Make sure you have\n"
+ "the python-pygments module installed or, if the driver\n"
+ "is named differently, to add the following line to the\n"
+ "document preamble:\n\n"
+ "\\AtBeginDocument{\\renewcommand{\\MintedPygmentize}{driver}}\n\n"
+ "where 'driver' is name of the driver command."));
+ }
+ }
+
+ if (!checkAuth(conv, buffer ? buffer->absFileName() : string(),
+ buffer && buffer->params().shell_escape))
return false;
if (conv.latex()) {
@@ -470,6 +560,9 @@ bool Converters::convert(Buffer const * buffer,
command = subst(command, token_from, "");
command = subst(command, token_latex_encoding,
buffer->params().encoding().latexName());
+ if (buffer->params().shell_escape
+ && !contains(command, "-shell-escape"))
+ command += " -shell-escape ";
LYXERR(Debug::FILES, "Running " << command);
if (!runLaTeX(*buffer, command, runparams, errorList))
return false;