From 13739f37d5208e87e97c44ef2eeba35807ddb9c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20Spitzm=C3=BCller?= Date: Fri, 4 Feb 2011 07:37:12 +0000 Subject: [PATCH] revert r37459 and add a note to the sources: This was no oversight but a security concern. We do not want the LyX document to define arbitrary index and bibtex converters. git-svn-id: svn://svn.lyx.org/lyx/lyx-devel/trunk@37478 a592a061-630c-0410-9148-cb99ea01b6c8 --- src/frontends/qt4/GuiDocument.cpp | 25 +++++++++---------------- src/frontends/qt4/GuiIndices.cpp | 22 ++++++++-------------- 2 files changed, 17 insertions(+), 30 deletions(-) diff --git a/src/frontends/qt4/GuiDocument.cpp b/src/frontends/qt4/GuiDocument.cpp index 3fa13ebc3a..01389e9b38 100644 --- a/src/frontends/qt4/GuiDocument.cpp +++ b/src/frontends/qt4/GuiDocument.cpp @@ -1066,7 +1066,8 @@ GuiDocument::GuiDocument(GuiView & lv) biblioModule->citeStyleCO->addItem(qt_("Author-year")); biblioModule->citeStyleCO->addItem(qt_("Numerical")); biblioModule->citeStyleCO->setCurrentIndex(0); - + + // NOTE: we do not provide "custom" here for security reasons! biblioModule->bibtexCO->clear(); biblioModule->bibtexCO->addItem(qt_("Default"), QString("default")); for (set::const_iterator it = lyxrc.bibtex_alternatives.begin(); @@ -1074,7 +1075,6 @@ GuiDocument::GuiDocument(GuiView & lv) QString const command = toqstr(*it).left(toqstr(*it).indexOf(" ")); biblioModule->bibtexCO->addItem(command, command); } - biblioModule->bibtexCO->addItem(qt_("Custom"), QString("custom")); // indices @@ -1904,13 +1904,8 @@ void GuiDocument::languagePackageChanged(int i) void GuiDocument::bibtexChanged(int n) { - QString const data = - biblioModule->bibtexCO->itemData(n).toString(); - biblioModule->bibtexOptionsED->setEnabled(data != "default"); - if (data == "custom") - biblioModule->bibtexOptionsLA->setText(qt_("Co&mmand:")); - else - biblioModule->bibtexOptionsLA->setText(qt_("&Options:")); + biblioModule->bibtexOptionsED->setEnabled( + biblioModule->bibtexCO->itemData(n).toString() != "default"); changed(); } @@ -2171,9 +2166,7 @@ void GuiDocument::applyView() biblioModule->bibtexCO->currentIndex()).toString()); string const bibtex_options = fromqstr(biblioModule->bibtexOptionsED->text()); - if (bibtex_command == "custom") - bp_.bibtex_command = bibtex_options; - else if (bibtex_command == "default" || bibtex_options.empty()) + if (bibtex_command == "default" || bibtex_options.empty()) bp_.bibtex_command = bibtex_command; else bp_.bibtex_command = bibtex_command + " " + bibtex_options; @@ -2610,12 +2603,12 @@ void GuiDocument::paramsToDialog() if (bpos != -1) { biblioModule->bibtexCO->setCurrentIndex(bpos); biblioModule->bibtexOptionsED->setText(toqstr(options).trimmed()); - biblioModule->bibtexOptionsLA->setText(qt_("&Options:")); } else { + // We reset to default if we do not know the specified compiler + // This is for security reasons biblioModule->bibtexCO->setCurrentIndex( - biblioModule->bibtexCO->findData(toqstr("custom"))); - biblioModule->bibtexOptionsED->setText(toqstr(bp_.bibtex_command)); - biblioModule->bibtexOptionsLA->setText(qt_("&Command:")); + biblioModule->bibtexCO->findData(toqstr("default"))); + biblioModule->bibtexOptionsED->clear(); } biblioModule->bibtexOptionsED->setEnabled( biblioModule->bibtexCO->currentIndex() != 0); diff --git a/src/frontends/qt4/GuiIndices.cpp b/src/frontends/qt4/GuiIndices.cpp index a83ed88d25..7c21e70acb 100644 --- a/src/frontends/qt4/GuiIndices.cpp +++ b/src/frontends/qt4/GuiIndices.cpp @@ -52,6 +52,7 @@ GuiIndices::GuiIndices(QWidget * parent) indicesTW->headerItem()->setText(1, qt_("Label Color")); indicesTW->setSortingEnabled(true); + // NOTE: we do not provide "custom" here for security reasons! indexCO->clear(); indexCO->addItem(qt_("Default"), QString("default")); for (set::const_iterator it = lyxrc.index_alternatives.begin(); @@ -59,7 +60,6 @@ GuiIndices::GuiIndices(QWidget * parent) QString const command = toqstr(*it).left(toqstr(*it).indexOf(" ")); indexCO->addItem(command, command); } - indexCO->addItem(qt_("Custom"), QString("custom")); } void GuiIndices::update(BufferParams const & params) @@ -83,11 +83,11 @@ void GuiIndices::update(BufferParams const & params) if (pos != -1) { indexCO->setCurrentIndex(pos); indexOptionsED->setText(toqstr(options).trimmed()); - indexOptionsLA->setText(qt_("&Options:")); } else { - indexCO->setCurrentIndex(indexCO->findData(toqstr("custom"))); - indexOptionsED->setText(toqstr(params.index_command)); - indexOptionsLA->setText(qt_("Co&mmand:")); + // We reset to default if we do not know the specified compiler + // This is for security reasons + indexCO->setCurrentIndex(indexCO->findData(toqstr("default"))); + indexOptionsED->clear(); } indexOptionsED->setEnabled( indexCO->currentIndex() != 0); @@ -146,9 +146,7 @@ void GuiIndices::apply(BufferParams & params) const fromqstr(indexCO->itemData( indexCO->currentIndex()).toString()); string const index_options = fromqstr(indexOptionsED->text()); - if (index_command == "custom") - params.index_command = index_options; - else if (index_command == "default" || index_options.empty()) + if (index_command == "default" || index_options.empty()) params.index_command = index_command; else params.index_command = index_command + " " + index_options; @@ -157,12 +155,8 @@ void GuiIndices::apply(BufferParams & params) const void GuiIndices::on_indexCO_activated(int n) { - QString const data = indexCO->itemData(n).toString(); - indexOptionsED->setEnabled(data != "default"); - if (data == "custom") - indexOptionsLA->setText(qt_("Co&mmand:")); - else - indexOptionsLA->setText(qt_("&Options:")); + indexOptionsED->setEnabled( + indexCO->itemData(n).toString() != "default"); changed(); }