anne/lyx_mirror
1
0
Fork 0
mirror of https://git.lyx.org/repos/lyx.git synced 2025-01-13 20:09:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

revert r37459 and add a note to the sources:

Browse Source 
This was no oversight but a security concern. We do not want the LyX document to define arbitrary index and bibtex converters.

git-svn-id: svn://svn.lyx.org/lyx/lyx-devel/trunk@37478 a592a061-630c-0410-9148-cb99ea01b6c8
This commit is contained in:
Jürgen Spitzmüller 2011-02-04 07:37:12 +00:00
parent 839213e389
commit 13739f37d5
2 changed files with 17 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/frontends/qt4/GuiDocument.cpp
View File

@ -1066,7 +1066,8 @@ GuiDocument::GuiDocument(GuiView & lv)
biblioModule->citeStyleCO->addItem(qt_("Author-year"));
biblioModule->citeStyleCO->addItem(qt_("Numerical"));
biblioModule->citeStyleCO->setCurrentIndex(0);
// NOTE: we do not provide "custom" here for security reasons!
biblioModule->bibtexCO->clear();
biblioModule->bibtexCO->addItem(qt_("Default"), QString("default"));
for (set<string>::const_iterator it = lyxrc.bibtex_alternatives.begin();
@ -1074,7 +1075,6 @@ GuiDocument::GuiDocument(GuiView & lv)
QString const command = toqstr(*it).left(toqstr(*it).indexOf(" "));
biblioModule->bibtexCO->addItem(command, command);
}
biblioModule->bibtexCO->addItem(qt_("Custom"), QString("custom"));
// indices
@ -1904,13 +1904,8 @@ void GuiDocument::languagePackageChanged(int i)
void GuiDocument::bibtexChanged(int n)
{
QString const data =
biblioModule->bibtexCO->itemData(n).toString();
biblioModule->bibtexOptionsED->setEnabled(data != "default");
if (data == "custom")
biblioModule->bibtexOptionsLA->setText(qt_("Co&mmand:"));
else
biblioModule->bibtexOptionsLA->setText(qt_("&Options:"));
biblioModule->bibtexOptionsED->setEnabled(
biblioModule->bibtexCO->itemData(n).toString() != "default");
changed();
}
@ -2171,9 +2166,7 @@ void GuiDocument::applyView()
biblioModule->bibtexCO->currentIndex()).toString());
string const bibtex_options =
fromqstr(biblioModule->bibtexOptionsED->text());
if (bibtex_command == "custom")
bp_.bibtex_command = bibtex_options;
else if (bibtex_command == "default" || bibtex_options.empty())
if (bibtex_command == "default" || bibtex_options.empty())
bp_.bibtex_command = bibtex_command;
else
bp_.bibtex_command = bibtex_command + " " + bibtex_options;
@ -2610,12 +2603,12 @@ void GuiDocument::paramsToDialog()
if (bpos != -1) {
biblioModule->bibtexCO->setCurrentIndex(bpos);
biblioModule->bibtexOptionsED->setText(toqstr(options).trimmed());
biblioModule->bibtexOptionsLA->setText(qt_("&Options:"));
} else {
// We reset to default if we do not know the specified compiler
// This is for security reasons
biblioModule->bibtexCO->setCurrentIndex(
biblioModule->bibtexCO->findData(toqstr("custom")));
biblioModule->bibtexOptionsED->setText(toqstr(bp_.bibtex_command));
biblioModule->bibtexOptionsLA->setText(qt_("&Command:"));
biblioModule->bibtexCO->findData(toqstr("default")));
biblioModule->bibtexOptionsED->clear();
}
biblioModule->bibtexOptionsED->setEnabled(
biblioModule->bibtexCO->currentIndex() != 0);

22
src/frontends/qt4/GuiIndices.cpp
View File

@ -52,6 +52,7 @@ GuiIndices::GuiIndices(QWidget * parent)
indicesTW->headerItem()->setText(1, qt_("Label Color"));
indicesTW->setSortingEnabled(true);
// NOTE: we do not provide "custom" here for security reasons!
indexCO->clear();
indexCO->addItem(qt_("Default"), QString("default"));
for (set<string>::const_iterator it = lyxrc.index_alternatives.begin();
@ -59,7 +60,6 @@ GuiIndices::GuiIndices(QWidget * parent)
QString const command = toqstr(*it).left(toqstr(*it).indexOf(" "));
indexCO->addItem(command, command);
}
indexCO->addItem(qt_("Custom"), QString("custom"));
}
void GuiIndices::update(BufferParams const & params)
@ -83,11 +83,11 @@ void GuiIndices::update(BufferParams const & params)
if (pos != -1) {
indexCO->setCurrentIndex(pos);
indexOptionsED->setText(toqstr(options).trimmed());
indexOptionsLA->setText(qt_("&Options:"));
} else {
indexCO->setCurrentIndex(indexCO->findData(toqstr("custom")));
indexOptionsED->setText(toqstr(params.index_command));
indexOptionsLA->setText(qt_("Co&mmand:"));
// We reset to default if we do not know the specified compiler
// This is for security reasons
indexCO->setCurrentIndex(indexCO->findData(toqstr("default")));
indexOptionsED->clear();
}
indexOptionsED->setEnabled(
indexCO->currentIndex() != 0);
@ -146,9 +146,7 @@ void GuiIndices::apply(BufferParams & params) const
fromqstr(indexCO->itemData(
indexCO->currentIndex()).toString());
string const index_options = fromqstr(indexOptionsED->text());
if (index_command == "custom")
params.index_command = index_options;
else if (index_command == "default" || index_options.empty())
if (index_command == "default" || index_options.empty())
params.index_command = index_command;
else
params.index_command = index_command + " " + index_options;
@ -157,12 +155,8 @@ void GuiIndices::apply(BufferParams & params) const
void GuiIndices::on_indexCO_activated(int n)
{
QString const data = indexCO->itemData(n).toString();
indexOptionsED->setEnabled(data != "default");
if (data == "custom")
indexOptionsLA->setText(qt_("Co&mmand:"));
else
indexOptionsLA->setText(qt_("&Options:"));
indexOptionsED->setEnabled(
indexCO->itemData(n).toString() != "default");
changed();
}