Commit graph

14 commits

Author SHA1 Message Date
Darian Anthony Patrick a16c563459 Skip shell invocation on large input
Add a sanity check to the math extension that skips shelling out to
texvc if the input is insanely large.

Bug: T129506
Change-Id: I2c7b6561464bddb4c3eab9230fa8168b24adaa37
2017-01-20 15:09:56 -08:00
physikerwelt 6699724d65 Convert all array() syntax to []
Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html

Change-Id: I1d2604e3f246ede58ff8245ba2b940f258d2d80c
2016-04-13 10:18:23 -04:00
paladox df8ad1c799 Add php code sniffer to composer
Add support for php code sniffer

Change-Id: I7dcdd88be4f1f8219f71ab770979284761e09bae
2015-09-23 10:46:14 +01:00
physikerwelt bc52c77d24 Use extension.json, empty PHP entry point
* Use string constants instead of integers
* Derive new names from old via conversion of constant
  naming convention to CamelCase.
* Replace old constant string e.g. 'MW_MATH_ABC_DEF'
  with new string 'abcDef'
* Replace old constant value with new string.
* Tests to demonstrates what is actually done.
* Rename constants

Bug: T106630
Bug: T106631
Bug: T87941
Change-Id: I6d1094ece79e912d9ddbef6681a25196c7a6e801
2015-07-30 22:01:20 +00:00
Kunal Mehta 241800f80d Use namespaced \MediaWiki\Logger\LoggerFactory
Change-Id: I78fca87d87379a694662c1a4ecc42e9401fd4c2c
2015-04-16 07:33:29 +00:00
Bryan Davis 23ff28d71d PSR-3 logging cleanup
* Limit levels to MediaWiki recommended debug, info, warning, error
* Don't add trailing newlines
* Capitalize messages

Change-Id: I211357b1cc014d6bed1717f22e2bf8ebfc4f386f
2015-03-18 12:13:05 -06:00
physikerwelt 5e46586ada Update to PSR-3 logging
Change-Id: I8b61cec606e75a3cf2143b1fa54e5dff2cfa3c7f
2015-03-18 17:26:01 +00:00
Chad Horohoe eab415ef71 Math: tidy up error message handling
- We don't localize errors and debug logs like this, it makes them
  impossible to decipher
- Also remove some 1.21 and below back-compat while we're here

Change-Id: Idb23fe5b434fa9fa3518672d57ec6e5466d005ac
2015-02-19 16:22:46 -08:00
physikerwelt (Moritz Schubotz) afc2353a56 Correct wrong variable name
Change-Id: Iecfa0bfa5861e077d98f7bf06af0e98cda56220b
2015-01-13 19:16:37 +00:00
Ori Livneh 8477a17a09 Fix for fatal caused by static call to MathRenderer::getError
MathRenderer::getError() uses $this, so it should not be called statically.
MathInputCheckTexvc should instead call its convertTexvcError method, which
constructs a MathRenderer object so it can call its getError method.

This code is pretty awful. But this way it won't throw fatal errors all the time.

Change-Id: Ic438b307a3b464651363b4cc16698c7d4320b253
2014-12-08 20:40:23 -08:00
physikerwelt 94b035b26a Coverage tests for the Math extension
* Include generated tests for a better test coverage
of the Math extension.
* Compiles texvc in testsuite (if required)
* Test generator now included
* Replaces the old parser tests
* Fixes whitspace issues

Bug: 61090
Change-Id: Iff7eeb5ee72137492c3f6659e4d4d106e5715586
2014-03-11 15:35:07 +00:00
physikerwelt dcc3f0fd3c Differentiate missing texvccheck from missing texvc
Introduce different error messages for missing texvccheck and
texvc and update the README file.

Bug: 61154
Change-Id: I52f796f181f6a3ab6d65a8e8d89f59d523d5b7b8
2014-02-12 01:38:01 +00:00
Chad Horohoe e0b3883c55 Wrap texvccheck call in PoolCounter
Change-Id: Iae9693d1948bec6dd08473bce3cb704f24338ff8
2014-02-10 09:38:35 -08:00
physikerwelt 6a0af8f3b4 Validate TeX input for all renderers, not just texvc
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.

Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.

Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).

This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.

Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
2014-01-22 10:07:27 +00:00