The output of texvccheck is not only "checked" but also
rewritten to another form.
(For example $\R$ is transformed to $\mathbb{R}$.)
But the output might not be a valid input for the thexvccheck
part of texvc, like it happened in for the example given in the bug
description.
See also I599c4390da9b8f36d800f379a33ad5ce90f5096c
Bug: 61012
Change-Id: Iae5e350cb78c0e637e574390c586fbdb8dc38496
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.
Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.
Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).
This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.
Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
Many things in MediaWiki (and various on-wiki templates, at least on
enwiki) output error messages wrapped in <strong class="error">. MathJax
parsing all of these (added in I1199cb34) is completely broken.
What appears to have been intended is that MathJax would parse the
errors output by MathRenderer.php. So let's add a "texerror" class to
those and have MathJax look for that class instead.
Bug: 55675
Change-Id: Iaa6c3a892af463f38e6706f9407c6dcb948fe670
- Remove MathMathJax.php, which uses exactly the same output as MathSource.php.
- Make wiki2jax able to handle texvc output as a preview before MathJax rendering.
Change-Id: I1199cb34d555d2a1e57da98857f41a22cfe81df4
* new test for XML type checking function
* check if StrigUtils::isUtf8 exists in core (Thanks to Deyan Ginev for the hint.)
Bug: 50884
Change-Id: I86af95cbecc4b5c9c33fcd3a66a7fb2ccdde0194
* Remove parameters/append that are never outputted by texvc.ml
* Add missing math_output_error to i18n file
* Improve a few qqq descriptions
Change-Id: Iea5139682fbe8389e578549f5f62e5505f4c0b48
Adds a new method isChanged() for determining if a value was changed.
This is done in preparation for a more elaborated caching method that is
handled inside the abstract base class.
Change-Id: Ica15f77d96453d30edd3a117c7185c694ad3691e
* $inputhash is also never used.
* Additional comments.
* allow creation of math renderer without $tex code
Change-Id: I64c181408e8acd16aee7a53a81a176b62a6726b5
This code is never used and will not be used in the future.
Adressing the equation for search will be handled by the
MathSearch extension. There will be a hook function to label
the equations.
Change-Id: Ia2149460134b361fb44f8ad85660793b1951d988
A wfDebugLog() was attempting to concatenate a string with a Blob object
which does not support conversion to a string. Since that was used to
show some hash, display the current string hash instead.
Furthermore the input-hash, which can be calculated from the TeX input
string was displayed, which is not very helpful. The variable hash is
calculated by texvc and can be used to search for the rendered image in
the filesystem.
Change-Id: I9943fd51d3021bf2d62a29f33de0858803763f86
adds two new phpUnitTests for the abstract MathRender class
and another one that test the basic database access.
Therefore the read and write methods have been made changed
from protected to public.
Change-Id: I77a8b0a4dfe7529b5521ead097ac7b518688ef70
Output hash calcuation sometimes fails because of Texvc failure for
example, and $this->hash remains ''. At this time inserting null as
outputhash into database is improper, because that column is NOT NULL.
With this patch an empty string '' is inserted instead, and the if-check
is modified to avoid cases where ->hash exists but evaluates as null
(for example when it's '0000000000...' though it's extremely rare).
Change-Id: I852859f4b151b777c11b743faaed61dfc2c029a7
The call to getRenderer is supposed to be a static method in the same class,
not a global function.
Change-Id: I5d101574b1d67238c6357e154209f2595cb36859
The Math.body file which contains the MathRender class was split in the following way:
- Math.base contains the base class with the database related stuff and provides an abstract interface
- Math.source and Math.MathJax handle the plain tex string output. There are two classes since they
will differntiate in the future I think.
- Math.texvc contains the "old" implementation of png generation with all the file handling related stuff
- Other implementation of math renderer can be added in the same style.
- Cleanup to better follow coding conventions.
- Changed LockManager to 'fsLockManager'
The first attempt restructure the class layout and introduce LaTeXML at the same
time was dropped. Instead this was split up into two phases.
This commit only deals about the restructuring of the math module design.
Change-Id: I9b1d68c4faa8d177d8d0088fa1a5879caed4f1fe