The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.
Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.
Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).
This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.
Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
This code is never used and will not be used in the future.
Adressing the equation for search will be handled by the
MathSearch extension. There will be a hook function to label
the equations.
Change-Id: Ia2149460134b361fb44f8ad85660793b1951d988
Moves writeCache call back to hooks (changed in 9ba4ef269d)
and makes it unconditional, so only one part of the code decides
whether to write to the cache.
Bug: 45973
Change-Id: I6b387795304ff15c960fcf0f5354a9ac939e1212
Change I9b1d68c4faa8d177d8d0088fa1a5879caed4f1fe added an indiscriminant call
to writeCache(). I assume that it was supposed to be regulated by the check for
$this->isRecall() (which is a getter for '$this->recall'), but there was no
concomitant change to ensure that recall is set true on cache hits.
My fix does not set recall to true. The style of "pass-by-attribute" is tricky
and should be factored out by a subsequent change. This change moves the call
to writeCache() so that it is only called on cache miss.
Change-Id: I9b690e55001859c97fd40330272791d49ec6de75
This change adds test cases for the MathSource class and registers a
hook for loading these tests. Also adds documentation about how to run
these tests in README.
Change-Id: Ie58a273326e0353dfa4437b3de21a2393adb5a87
The Math.body file which contains the MathRender class was split in the following way:
- Math.base contains the base class with the database related stuff and provides an abstract interface
- Math.source and Math.MathJax handle the plain tex string output. There are two classes since they
will differntiate in the future I think.
- Math.texvc contains the "old" implementation of png generation with all the file handling related stuff
- Other implementation of math renderer can be added in the same style.
- Cleanup to better follow coding conventions.
- Changed LockManager to 'fsLockManager'
The first attempt restructure the class layout and introduce LaTeXML at the same
time was dropped. Instead this was split up into two phases.
This commit only deals about the restructuring of the math module design.
Change-Id: I9b1d68c4faa8d177d8d0088fa1a5879caed4f1fe
* Replace deprecated wfMsg* calls with alternatives.
* Add FIXME for occurrence I don't know how to replace.
* Update some docs.
* Sprinkle a few semi-colons over the JavaScript.
Change-Id: I755a95f8bba48a23ef8c432e232adfaef4caae70
* Pulled in MathJax 1.1 (minus the 112 megabytes of PNG "fonts")
* Pulled in some of <https://en.wikipedia.org/wiki/User:Nageh/mathJax> bits for initialization
This doesn't currently override PNG images, but does replace the text-form if you configure it.
If enabled, by default loads MathJax from a CDN and forces all equations through MathJax when JavaScript is available -- the image or source form gets used only as <noscript> fallback.
This has a couple of problems for us:
* if scripts are missing -- such as when viewed via MobileFrontend -- you end up with no math at all, as the <script type="math/tex"> bits get ignored but the <noscript> still hides the images.
* while MathJax is loading things, blank spots on the page may appear and stuff jumps around
* if loading new text in via ajax, it doesn't trigger there
Also using some fairly default config, no idea how appropriate it is. Hoping to get some insight from Nageh who's done some of the MathJax work on Wikipedia so far - <https://en.wikipedia.org/wiki/User_talk:Nageh#MathJax_integration_into_stock_MediaWiki>
MathML mode was so incomplete most people thought it simply didn't work (bug 25646).
HTML modes often rendered poorly (eg req bug 24207 to set default to PNG on some sites)
This may cause regressions in that simple "equations" of just variables that came out as HTML
will now render as PNGs that don't get aligned properly with the text baseline. Fixing this is
covered by bug 32694: <https://bugzilla.wikimedia.org/show_bug.cgi?id=32694> to retrieve the
baseline info from dvipng and position images to fit.
Note that because of the way user options are pulled in to the oarser cache key, some folks
may see cached pages with their old settings until they get redone or they save their prefs
again and have it normalized.
Fixes: Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method MathHooks::onParserTestTables() should not be called statically in /var/www/w/phase3/includes/Hooks.php on line 235
The 'math' table will no longer be created on a default install unless you've explicitly enabled the Math plugin at install time; the usual update.php procedure will add it in.
Postgres, Oracle, MSSQL, and DB2 variants are included -- broken out from the core files -- but have not been tested.
I know there has been some code duplication in parser test infrastructure but could only find one instance of the parser test temporary table setup to remove the 'math' table from (the extension adds it back via the hook). If the phpunit-based runner breaks, please track it down and fix it there too.
* MW_MATH_* constants are now defined in Math extension
* Language::getMathNames() is removed
* mathNames section in message files is removed
* A hardcoded preference override in refreshLinks moved to MaintenanceRefreshLinksInit hook
*coding style tweaks
*documentation
*check for MediaWiki environment in the main setup file
*add extension credits
*add i18n file (only English at the moment); messages from core MessagesEn.php
This is a follow-up to Brion's r85706.
* (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
math conversion after upgrading, obtain the Math extension from SVN or from
http://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
require_once "$IP/extensions/Math/Math.php";
This is an initial stab, and a few things remain to be cleaned up:
* messages need to be moved from core to extension
* MW_MATH_* constants should be moved to the extension from core
* old back-compat math names interfaces using those constants should be removed from message files
* classic edit toolbar's math button should be added from the extension (or else dropped) -- currently there's not a clean hook, but could do it by JS
* couple of things like the 'armourMath' function on Language & LanguageConverter may want to be redone just as an unconditional, if that's simpler.
Setting $wgUseTeX alone will no longer have any affect. The var's still there for the moment as a few bits still need to be fully moved out from core.