GitHub/Anki
1
0
Fork 0
mirror of https://github.com/ankitects/anki.git synced 2025-09-19 06:22:22 -04:00
Code Issues Projects Releases Packages 1 Wiki Activity Actions

Merge pull request #107 from a-ludi/master

Browse source 
Bad LaTeX commands
This commit is contained in:
Damien Elmes 2015-08-11 19:05:02 +10:00
commit 97b858edd8
2 changed files with 64 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
anki/latex.py
View file

@ -78,9 +78,12 @@ def _buildImg(col, latex, fname, model):
latex = latex.encode("utf8") latex = latex.encode("utf8")
# it's only really secure if run in a jail, but these are the most common # it's only really secure if run in a jail, but these are the most common
tmplatex = latex.replace("\\includegraphics", "") tmplatex = latex.replace("\\includegraphics", "")
for bad in ("write18", "\\readline", "\\input", "\\include", "\\catcode", for bad in ("\\write18", "\\readline", "\\input", "\\include",
"\\openout", "\\write", "\\loop", "\\def", "\\shipout"): "\\catcode", "\\openout", "\\write", "\\loop",
if bad in tmplatex: "\\def", "\\shipout"):
# don't mind if the sequence is only part of a command
bad_re = "\\" + bad + "[^a-zA-Z]"
if re.search(bad_re, tmplatex):
return _("""\ return _("""\
For security reasons, '%s' is not allowed on cards. You can still use \ For security reasons, '%s' is not allowed on cards. You can still use \
it by placing the command in a different package, and importing that \ it by placing the command in a different package, and importing that \

58
tests/test_latex.py
View file

@ -53,3 +53,61 @@ def test_latex():
assert len(os.listdir(d.media.dir())) == 2 assert len(os.listdir(d.media.dir())) == 2
assert stripHTML(f.cards()[0].q()) == "[latex]foo[/latex]" assert stripHTML(f.cards()[0].q()) == "[latex]foo[/latex]"
assert ".png" in oldcard.q() assert ".png" in oldcard.q()
# turn it on again so other test don't suffer
anki.latex.build = True
def test_bad_latex_command_write18():
(result, msg) = _test_includes_bad_command("\\write18")
assert result, msg
def test_bad_latex_command_readline():
(result, msg) = _test_includes_bad_command("\\readline")
assert result, msg
def test_bad_latex_command_input():
(result, msg) = _test_includes_bad_command("\\input")
assert result, msg
def test_bad_latex_command_include():
(result, msg) = _test_includes_bad_command("\\include")
assert result, msg
def test_bad_latex_command_catcode():
(result, msg) = _test_includes_bad_command("\\catcode")
assert result, msg
def test_bad_latex_command_openout():
(result, msg) = _test_includes_bad_command("\\openout")
assert result, msg
def test_bad_latex_command_write():
(result, msg) = _test_includes_bad_command("\\write")
assert result, msg
def test_bad_latex_command_loop():
(result, msg) = _test_includes_bad_command("\\loop")
assert result, msg
def test_bad_latex_command_def():
(result, msg) = _test_includes_bad_command("\\def")
assert result, msg
def test_bad_latex_command_shipout():
(result, msg) = _test_includes_bad_command("\\shipout")
assert result, msg
def test_good_latex_command_works():
# inserting commands beginning with a bad name should not raise an error
(result, msg) = _test_includes_bad_command("\\defeq")
assert not result, msg
# normal commands should not either
(result, msg) = _test_includes_bad_command("\\emph")
assert not result, msg
def _test_includes_bad_command(bad):
d = getEmptyCol()
f = d.newNote()
f['Front'] = u'[latex]%s[/latex]' % bad;
d.addNote(f)
q = f.cards()[0].q()
return ("'%s' is not allowed on cards" % bad in q, "Card content: %s" % q)