Commit graph

24 commits

Author SHA1 Message Date
physikerwelt 6a0af8f3b4 Validate TeX input for all renderers, not just texvc
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.

Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.

Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).

This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.

Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
2014-01-22 10:07:27 +00:00
Reedy 9af76a77eb Remove db2 support, core MW did this a while ago
Change-Id: I78124660e7bad31c81726e8723d73ce92af42e4d
2014-01-02 15:13:45 +00:00
Max Semenik 4d68c31de1 Add profiling
Change-Id: I9066f6b2606044412a9b91ca395e841550d7e787
2013-11-18 14:46:00 +04:00
physikerwelt 927340d345 New rendering option LaTeXML
Introduces a new rending option to render TeX to MathML
via LaTeXML.

Bug: 43222
Change-Id: I5d29e219c0d3b907e22ea0bb3b30f000d8a7a9f8
2013-05-26 12:12:51 +00:00
physikerwelt b6faed7363 remove unused code
This code is never used and will not be used in the future.
Adressing the equation for search will be handled by the
MathSearch extension. There will be a hook function to label
the equations.

Change-Id: Ia2149460134b361fb44f8ad85660793b1951d988
2013-04-26 14:17:37 +00:00
Matthew Flaschen aa8a0eaf19 Write cache unless there *is* a cache hit:
Moves writeCache call back to hooks (changed in 9ba4ef269d)
 and makes it unconditional, so only one part of the code decides
whether to write to the cache.

Bug: 45973
Change-Id: I6b387795304ff15c960fcf0f5354a9ac939e1212
2013-03-12 00:38:45 -04:00
Ori Livneh 9ba4ef269d Only update the cache on cache miss
Change I9b1d68c4faa8d177d8d0088fa1a5879caed4f1fe added an indiscriminant call
to writeCache(). I assume that it was supposed to be regulated by the check for
$this->isRecall() (which is a getter for '$this->recall'), but there was no
concomitant change to ensure that recall is set true on cache hits.

My fix does not set recall to true. The style of "pass-by-attribute" is tricky
and should be factored out by a subsequent change. This change moves the call
to writeCache() so that it is only called on cache miss.

Change-Id: I9b690e55001859c97fd40330272791d49ec6de75
2013-02-21 17:39:17 -08:00
Moritz Schubortz c869831f45 Add and register PHP unit tests for MathSource class
This change adds test cases for the MathSource class and registers a
hook for loading these tests. Also adds documentation about how to run
these tests in README.

Change-Id: Ie58a273326e0353dfa4437b3de21a2393adb5a87
2013-02-17 20:23:50 +00:00
Physikerwelt 926db7c3bd Restructuring Math classes
The Math.body file which contains the MathRender class was split in the following way:
- Math.base contains the base class with the database related stuff and provides an abstract interface
- Math.source and Math.MathJax handle the plain tex string output. There are two classes since they
  will differntiate in the future I think.
- Math.texvc contains the "old" implementation of png generation with all the file handling related stuff
- Other implementation of math renderer can be added in the same style.
- Cleanup to better follow coding conventions.
- Changed LockManager to 'fsLockManager'

The first attempt restructure the class layout and introduce LaTeXML at the same
time was dropped. Instead this was split up into two phases.
This commit only deals about the restructuring of the math module design.

Change-Id: I9b1d68c4faa8d177d8d0088fa1a5879caed4f1fe
2013-02-07 20:35:45 -08:00
Siebrand Mazeland 22a09c87d3 Replace remaining wfMsg* call.
Also remove some trailing whitespace.

Change-Id: Ic7a706a894dd07ca638173f2fc6e1695a05f914b
2012-10-04 19:42:13 +02:00
Siebrand Mazeland 7b2b7301e0 Maintenance for Math extension.
* Replace deprecated wfMsg* calls with alternatives.
* Add FIXME for occurrence I don't know how to replace.
* Update some docs.
* Sprinkle a few semi-colons over the JavaScript.

Change-Id: I755a95f8bba48a23ef8c432e232adfaef4caae70
2012-08-31 01:25:48 +02:00
Brion Vibber 829372f32d update copyright notice years for 2012 2012-03-05 22:25:09 +00:00
Brion Vibber 2af7057b05 Set up MathJax as a selectable option in math preferences 2012-03-05 20:34:29 +00:00
Brion Vibber a36b0e04d8 Initial experimental import of MathJax source into Math extension as a client-side rendering supplement to the PNG rendering.
* Pulled in MathJax 1.1 (minus the 112 megabytes of PNG "fonts")
* Pulled in some of <https://en.wikipedia.org/wiki/User:Nageh/mathJax> bits for initialization

This doesn't currently override PNG images, but does replace the text-form if you configure it.
2011-12-06 01:17:35 +00:00
Brion Vibber 1042006fd4 Experimental option $wgMathUseMathJax to have Extension:Math load things via MathJax.
If enabled, by default loads MathJax from a CDN and forces all equations through MathJax when JavaScript is available -- the image or source form gets used only as <noscript> fallback.

This has a couple of problems for us:
* if scripts are missing -- such as when viewed via MobileFrontend -- you end up with no math at all, as the <script type="math/tex"> bits get ignored but the <noscript> still hides the images.
* while MathJax is loading things, blank spots on the page may appear and stuff jumps around
* if loading new text in via ajax, it doesn't trigger there

Also using some fairly default config, no idea how appropriate it is. Hoping to get some insight from Nageh who's done some of the MathJax work on Wikipedia so far - <https://en.wikipedia.org/wiki/User_talk:Nageh#MathJax_integration_into_stock_MediaWiki>
2011-11-29 00:37:13 +00:00
Brion Vibber 09679f2f39 Disable the partial HTML and MathML rendering options for Math extension.
MathML mode was so incomplete most people thought it simply didn't work (bug 25646).
HTML modes often rendered poorly (eg req bug 24207 to set default to PNG on some sites)

This may cause regressions in that simple "equations" of just variables that came out as HTML
will now render as PNGs that don't get aligned properly with the text baseline. Fixing this is
covered by bug 32694: <https://bugzilla.wikimedia.org/show_bug.cgi?id=32694> to retrieve the
baseline info from dvipng and position images to fit.

Note that because of the way user options are pulled in to the oarser cache key, some folks
may see cached pages with their old settings until they get redone or they save their prefs
again and have it normalized.
2011-11-28 22:30:33 +00:00
Brion Vibber 6d5b5679fd Followup r97001: fix for Math parser tests image URLs
Setting $wgMathPath to a fixed value during parser test runs so the values are predictable.
2011-09-13 21:03:38 +00:00
Sam Reed 0af538dbbe Improve documentation, remove unused global 2011-07-17 21:11:24 +00:00
Chad Horohoe 2d20c56bb7 Get rid of addNewExtension()/getNewExtensions() method of adding new extensions (added in r81266). Since r85021, this isn't necessary because we run old updates like we should. Fix the 3 extensions using it. Reverts most of r81266, all of r84868, tiny part of r86741. Also ping r89653 which is what caused me to look at this again. 2011-06-07 17:33:34 +00:00
Brian Wolff b75a2171f1 Make the onParserTestTables method static, since the hook is called statically.
Fixes: Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method MathHooks::onParserTestTables() should not be called statically in /var/www/w/phase3/includes/Hooks.php on line 235
2011-05-23 17:05:39 +00:00
Brion Vibber d61409f974 Breaking the 'math' table setup out to Math extension. Should be the last main step in extension-ification of the math options!
The 'math' table will no longer be created on a default install unless you've explicitly enabled the Math plugin at install time; the usual update.php procedure will add it in.

Postgres, Oracle, MSSQL, and DB2 variants are included -- broken out from the core files -- but have not been tested.

I know there has been some code duplication in parser test infrastructure but could only find one instance of the parser test temporary table setup to remove the 'math' table from (the extension adds it back via the hook). If the phpunit-based runner breaks, please track it down and fix it there too.
2011-04-22 21:37:16 +00:00
Brion Vibber 9a767a671a Followup to r85706 and friends: now that Math messages have been moved to extension, move out the settings list and constants.
* MW_MATH_* constants are now defined in Math extension
* Language::getMathNames() is removed
* mathNames section in message files is removed
* A hardcoded preference override in refreshLinks moved to MaintenanceRefreshLinksInit hook
2011-04-09 19:57:35 +00:00
Jack Phoenix e0b832c637 Math extension:
*coding style tweaks
*documentation
*check for MediaWiki environment in the main setup file
*add extension credits
*add i18n file (only English at the moment); messages from core MessagesEn.php

This is a follow-up to Brion's r85706.
2011-04-09 15:13:22 +00:00
Brion Vibber c4d9349786 Initial stab at breaking math/texvc out to Math extension.
* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
  math conversion after upgrading, obtain the Math extension from SVN or from
  http://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
  require_once "$IP/extensions/Math/Math.php";

This is an initial stab, and a few things remain to be cleaned up:
* messages need to be moved from core to extension
* MW_MATH_* constants should be moved to the extension from core
* old back-compat math names interfaces using those constants should be removed from message files
* classic edit toolbar's math button should be added from the extension (or else dropped) -- currently there's not a clean hook, but could do it by JS
* couple of things like the 'armourMath' function on Language & LanguageConverter may want to be redone just as an unconditional, if that's simpler.

Setting $wgUseTeX alone will no longer have any affect. The var's still there for the moment as a few bits still need to be fully moved out from core.
2011-04-09 00:39:40 +00:00