On Sun, Dec 01, 2002 at 02:00:26AM +0100, Tomasz Wegrzanowski wrote:
Here is first version of TeX rendering extension to Wikipedia. It's not production code yet.
Please comment.
Hello taw,
just looked into your diff. Making HTML-rendering an option is a good idea.
One thing I would strongly propose to change:
function renderMath( $matches ) { ... $pid = popen ("./math/texvc "{$tex}"", "r"); # texvc shouldn't be in cgi-bin
This allows nasty attacks before the TeX-code is validated. Let, for example, $tex be $(find / -type f|xargs rm) Then popen starts a shell to start the program and its parameters are expanded by the shell. A lot of nasty things could be performed this way.
Workaround: a) use a bi-directional proc_open and put the $tex via stdin b) create a file with the md5-hash as filename.
Workaround (a) is currently not available in standard PHP.
Regarding funtions to be provided: \mbox \sum \int \left, \right \infty blackboard letters \sin, \cos, \lim, \log, ...
This OCAML looks funny, I think I will have to dig deeper into it before commenting it :-)
Regards,
JeLuF