Addressing #10481.
This patch adds the new 'needauth' option for converters launching
external programs that are capable of running arbitrary code on behalf
of the user. These converters won't be run unless the user gives explicit
authorization, which is asked on-demand when the converter is about to
be run (question is not asked if the file is cached and calling the
converter is not needed).
The user prompt has a 3rd button so that he/she's not prompted again
for (any converter over) the same document (identified through
buffer->absFileName()).
Two preference options are added:
lyxrc.use_converter_needauth_forbidden disables any converter with
the 'needauth' option, which is meant to force user to an explicit
action via the preferences pane, before being able to use advanced
converters that can potentially bring security threats;
lyxrc.use_converter_needauth enables prompting the user for 'needauth'
converters, or bypasses the check if not enabled, falling back to the
previous behavior.
So, the first option is for maximum security, the second is for
maximum usability.
Boost.Signals is deprecated. This fixes bug #9943.
The only thing left to do is to rewrite (or get rid of) the boost -mt test
in config/lyxinclude.m4 not to use signals anymore.
Imagemagick detects the inut file format based on contents. Therefore it does
not make sense that we prefix the to be converted file name with the extension
(assuming that the file extension matches the imagemagick format name). This
breaks formats where the extension used by LyX does not match the imagemagick
format name.
build_script() was already threadsafe, since it used a TempFile, and the
counter was basically not needed, but the new solution makes this obvious
and has the additional advantage that TempFile constructs the real output
file, not a dummy without extension which is not needed.
FileName::tempName() created a new temp file name by using qt to create a
temporary file with a unique name, and then deleting that file and returning
the name. This was unsafe, since other processes or even other threads of the
running LyX could create files with the same name between deletion and then
using the temp name.
This is fixed by using the TempFile class instead. As a side effect, a few
cases where the temp files were not deleted after usage were fixed as well.
The only place that is still unsafe is createTmpDir().
This regression was introduced by me at 8b66f9ce. I did not take
into account that a call to a python script containing $$s is embedded
within a separate python script. Thus, when commandPrep() is called it
only sees the call to the outer python script, and does not see the
$$s contained in that python script. It therefore did not substitute
for it. This fix simply calls commandPrep() directly before writing
the embedded command.
Now the replacement is done in startScript(). In addition to making
the code cleaner and more consistent, this commit fixes a bug where
"$$s" was not replaced when "latex=" was specified in the extra flags
of a converter.
Note that the temporary fix at 731b8610 is reverted with this commit.
for possible thread conflicts, of the sort Georg resolved at
6a30211f. I have made static variables const where possible,
and marked cases that looked potentially problematic with the
comment:
// FIXME THREAD
Many of these definitely are vulnerable to concurrent access, such
as the static variables declared at the start of output_latex.cpp.
Suppose, e.g., we were outputting latex and also displaying the
source of a different document.
I'd appreciate it if others could grep for "FIXME THREAD" and see
if some of these are harmless, or what.
When calling the default converter (convert) we pass the format on the
command line. In LyX we have various pdf, pdf2, pdf3, etc. formats all
representing PDF. We need to strip to trailing digit in the format string
otherwise the format is not understood by convert.
each failure.
There are several places I was not sure what to do. These are marked
by comments beginning "LASSERT:" so they can be found easily. At the
moment, they are at:
Author.cpp:105: // LASSERT: What should we do here?
Author.cpp:121: // LASSERT: What should we do here?
Buffer.cpp:4525: // LASSERT: Is it safe to continue here, or should we just return?
Cursor.cpp:345: // LASSERT: Is it safe to continue here, or should we return?
Cursor.cpp:403: // LASSERT: Is it safe to continue here, or should we return?
Cursor.cpp:1143: // LASSERT: There have been several bugs around this code, that seem
CursorSlice.cpp:83: // LASSERT: This should only ever be called from an InsetMath.
CursorSlice.cpp:92: // LASSERT: This should only ever be called from an InsetMath.
LayoutFile.cpp:303: // LASSERT: Why would this fail?
Text.cpp:995: // LASSERT: Is it safe to continue here?
This is already supported in Converters::convert() and needed e.g. for
eps2->eps conversion.
git-svn-id: svn://svn.lyx.org/lyx/lyx-devel/trunk@40649 a592a061-630c-0410-9148-cb99ea01b6c8
Solution: don't use boost::bind for msvc10 (could also be extended to several GCC versions)
git-svn-id: svn://svn.lyx.org/lyx/lyx-devel/trunk@34257 a592a061-630c-0410-9148-cb99ea01b6c8
Now support/* should have no dependencies on src/* anymore.
git-svn-id: svn://svn.lyx.org/lyx/lyx-devel/trunk@21851 a592a061-630c-0410-9148-cb99ea01b6c8
* src/graphics/GraphicsConverter.cpp
(move_file, build_script): convert any path name to the local
encoding directly in the python script.
* src/support/tempname.cpp
(tempName): don't pass local 8bit encoded strings to addName as
it expects them to be utf8 encoded.
* src/ServerSocket.cpp
(ServerSocket::ServerSocket): ditto for setEnv.
git-svn-id: svn://svn.lyx.org/lyx/lyx-devel/trunk@18893 a592a061-630c-0410-9148-cb99ea01b6c8