Commit graph

2276 commits

Author SHA1 Message Date
physikerwelt 6a0af8f3b4 Validate TeX input for all renderers, not just texvc
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.

Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.

Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).

This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.

Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
2014-01-22 10:07:27 +00:00
Translation updater bot ca14ffab73 Localisation updates from https://translatewiki.net.
Change-Id: I1a5eebad7b99577a2461c6fcb5c5e0ccfbbcad06
2014-01-21 19:51:59 +00:00
physikerwelt abba28949c Fix LaTeXML integration test
The XML attributes in LaTeXML are ordered alphabetically now.

Bug: 60279
Change-Id: Iba810f71a151fa2ae56140557cc902fe1f8c1062
2014-01-21 08:17:49 +00:00
Translation updater bot be1cfd0373 Localisation updates from https://translatewiki.net.
Change-Id: I1aa0625d80671b2822d4379079cf1999c9fd2f6c
2014-01-20 20:24:15 +00:00
Translation updater bot 005b2fff90 Localisation updates from https://translatewiki.net.
Change-Id: I3daade8f386280ed0dee058e117711cebaaea903
2014-01-19 20:16:29 +00:00
Translation updater bot 37e85ec469 Localisation updates from https://translatewiki.net.
Change-Id: I3d0f880fb9d10277448702c2ac3273880bbab570
2014-01-17 20:40:43 +00:00
Translation updater bot d419504b23 Localisation updates from https://translatewiki.net.
Change-Id: Icf563562f630d51bbcd6cd8fc9eba7450e0da999
2014-01-16 23:08:06 +00:00
Brad Jorsch 2b8534793f MathJax must not process every <strong class="error">
Many things in MediaWiki (and various on-wiki templates, at least on
enwiki) output error messages wrapped in <strong class="error">. MathJax
parsing all of these (added in I1199cb34) is completely broken.

What appears to have been intended is that MathJax would parse the
errors output by MathRenderer.php. So let's add a "texerror" class to
those and have MathJax look for that class instead.

Bug: 55675
Change-Id: Iaa6c3a892af463f38e6706f9407c6dcb948fe670
2014-01-15 12:05:55 -05:00
Translation updater bot cf8cbfd44b Localisation updates from https://translatewiki.net.
Change-Id: I75735349d80637af9f1b0c259cfaee3f4ba7fc1a
2014-01-11 22:24:14 +00:00
Translation updater bot 430f14a5d5 Localisation updates from https://translatewiki.net.
Change-Id: Iebef6dc1e822dc0ad1ceb1196000f85154dfe001
2014-01-10 22:45:41 +00:00
Translation updater bot 8bf576428b Localisation updates from https://translatewiki.net.
Change-Id: I23f1c7848e9388af6002aa150b19c6a479093992
2014-01-03 20:40:50 +00:00
Reedy 9af76a77eb Remove db2 support, core MW did this a while ago
Change-Id: I78124660e7bad31c81726e8723d73ce92af42e4d
2014-01-02 15:13:45 +00:00
vishnu 0ab1280d6b Fix depreciation warnings in FileBackend construction
Added wikiId and lockManager was changed to an object
Bug: 58615

Change-Id: Id3bdc7e6bc3951db4753553da03193783f0bd7c8
2013-12-27 23:27:32 +05:30
Aaron Schulz f0f19007c5 Buffer png writes and flush them all at once
* This should half the time to render pages with many formulas

bug: 56769
Change-Id: I5edf979c31fe12098eba1d1df52c9cd3251bd115
2013-12-27 10:42:27 +00:00
Translation updater bot 48669ebbdc Localisation updates from https://translatewiki.net.
Change-Id: I5d57ac9741951158cc165ce7ae77807f69f1793a
2013-12-26 19:36:40 +00:00
Translation updater bot 11f20d7684 Localisation updates from https://translatewiki.net.
Change-Id: Idd1e6b747eb6d7a528f92c840ee20f08861469f6
2013-12-23 20:48:45 +00:00
Translation updater bot 694a51f6ec Localisation updates from https://translatewiki.net.
Change-Id: I8cd256cbbfbd01f7033c2a68de30f8fb55249e17
2013-12-22 20:31:29 +00:00
Physikerwelt 208d597d94 Merge "Breakdown of texvc" 2013-12-17 08:12:30 +00:00
Translation updater bot 60ef4e5460 Localisation updates from https://translatewiki.net.
Change-Id: Id8612fb3067e5c44698cfb0a64640179d7e577c0
2013-12-15 20:56:22 +00:00
Physikerwelt 4c9dc2f08e Breakdown of texvc
texvc had several tasks in the past:

1 checking the input
2 convert MediaWiki custom syntax to standard LaTeX
3 run LaTeX
4 convert dvi2png

This change provides a simplified version that performs
only steps 1+2. This is required to avoid security problems
with tools like MathJax, especially if these tools are
run at the server-side.

Bug: 54624
Change-Id: I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa
2013-12-14 18:34:15 +00:00
Translation updater bot 21157ef17f Localisation updates from https://translatewiki.net.
Change-Id: Ia6a51e9f78e5a86fdf8273bff3b8e8d860fd82f5
2013-12-07 01:43:49 +00:00
Translation updater bot a1d08817a9 Localisation updates from https://translatewiki.net.
Change-Id: I6aa7392f58f0e07d7eaf0dab8237a81d250e817d
2013-12-01 19:56:05 +00:00
Translation updater bot 2c62d9a804 Localisation updates from https://translatewiki.net.
Change-Id: Ib3edbeabc5f08faf8f7f12688edd6fa43f7727ad
2013-11-29 19:30:04 +00:00
Translation updater bot b582fc0742 Localisation updates from https://translatewiki.net.
Change-Id: I8419e82dbd6b7e7f11cf99e640cba903871f1c12
2013-11-25 21:16:26 +00:00
Translation updater bot 3a18d3dbe8 Localisation updates from https://translatewiki.net.
Change-Id: Ib00c0e1090ab4bac2617c3d828781bb3471f6559
2013-11-23 10:47:48 +00:00
Translation updater bot 4d7aed88a3 Localisation updates from https://translatewiki.net.
Change-Id: Ieb2367587b96310bb7f960ca15242cfff2c6241b
2013-11-21 20:39:45 +00:00
Max Semenik 4d68c31de1 Add profiling
Change-Id: I9066f6b2606044412a9b91ca395e841550d7e787
2013-11-18 14:46:00 +04:00
Translation updater bot ba36f4a462 Localisation updates from http://translatewiki.net.
Change-Id: I32a75a2b130c5d2c6c45c8df73703f0d84b5b91e
2013-11-12 20:31:21 +00:00
Translation updater bot 873902dd1d Localisation updates from http://translatewiki.net.
Change-Id: I8e73fcf786e980dc63187e68888bc5770c43a220
2013-11-11 20:19:06 +00:00
Translation updater bot ece06b1d11 Localisation updates from http://translatewiki.net.
Change-Id: Iefd1bf188ea42815917461ec62e27d8200879fd6
2013-11-09 19:11:55 +00:00
Translation updater bot b3ad6b91c5 Localisation updates from http://translatewiki.net.
Change-Id: Ie12085223664b598149bd49966f32715dcddf311
2013-10-22 19:19:50 +00:00
Translation updater bot d756e88d3b Localisation updates from http://translatewiki.net.
Change-Id: I27881c6e20bdfcd241ddf2e312ad55486e8c4366
2013-10-20 21:46:13 +00:00
Translation updater bot 122b77febb Localisation updates from http://translatewiki.net.
Change-Id: I6a12960835c1a218a43e18aa5b28c37a674f0a74
2013-10-18 19:20:53 +00:00
Translation updater bot 4542b790ee Localisation updates from http://translatewiki.net.
Change-Id: Ia7d8c61181206abd0aae43b3828d469bde5e8699
2013-10-16 21:44:42 +00:00
Translation updater bot 71dd8dbd9d Merge "Localisation updates from http://translatewiki.net." 2013-10-15 19:41:31 +00:00
Translation updater bot 3c61626a7e Localisation updates from http://translatewiki.net.
Change-Id: I2cb3982e27b7f29a45d0c7b01c917a3866a3ba3b
2013-10-15 19:28:11 +00:00
Ori Livneh 679ce7fe2f Log texvc errors in 'texvc' log channel
This patch adds wfDebugLog() calls for conditions related to texvc invocations.
The logs are grouped under a 'texvc' group, added for this purpose. The reason
for logging into a separate channel is that the Math channel is too verbose for
production use on the Wikimedia cluster.

Change-Id: I05a17a0230f49f5d698b91617d06b3e3f838b67d
2013-10-14 15:59:21 -07:00
Siebrand Mazeland b6ed9af2bf Update capitalisation
Change-Id: Ic2f0ad045e8451269e74906b43793cec247d76c9
2013-10-14 13:45:44 +02:00
physikerwelt afc50961ab Fix: Add missing xmlns
Change-Id: Id7c92982a914ec26990556662ba971483e58f934
2013-10-13 14:43:37 +00:00
Gabriel Wicke baf038da0d Insert defs into svg element, not before it
Change-Id: Ic8b56b9d0d854d8a58f6e6b063262dbf3525c809
2013-10-12 22:08:27 +00:00
Translation updater bot e4188c37ea Localisation updates from http://translatewiki.net.
Change-Id: Ifddd77072c6ac742ba72efc28bb141c044cc75ef
2013-10-11 19:10:48 +00:00
Gabriel Wicke 6c7f4e3b38 Fix SVG glyphs and make the service more robust
Change-Id: I14d3ca2fdc89f8662b2e823b6c891c79db5bab5a
2013-10-10 14:17:14 -07:00
Translation updater bot fd8da050fb Localisation updates from http://translatewiki.net.
Change-Id: I5368e9390a58cfbdd25b8de532004fbc93c0db8d
2013-10-08 00:56:24 +00:00
Translation updater bot 53d2be951f Localisation updates from http://translatewiki.net.
Change-Id: I90413f8250bb5bf70aa78dc81604e37bc40c648f
2013-10-06 18:39:47 +00:00
Moritz Schubotz 12a45cff1b Adding mathoid as tex to MathML and SVG renderer
Uses nodejs to call phantomjs that renders the
tex input using MathJax and returns a json object
that includes both the SVG and the MathML
representation.

The project was forked from
https://github.com/agrbin/svgtex.

Co-Authored-By: Gabriel Wicke <gwicke@wikimedia.org>
Co-Authored-By: Moritz Schubotz <wiki@physikerwelt.de>
Change-Id: Ie5f24006c3aacd8f61f48ca275acd63a418d7529
2013-10-04 17:03:34 -07:00
Translation updater bot f84a74d643 Localisation updates from http://translatewiki.net.
Change-Id: Icbfe3dc0591eb81b0c4c3d0d897a464c38c6d3e8
2013-10-01 19:04:42 +00:00
Translation updater bot d3e390c67b Localisation updates from http://translatewiki.net.
Change-Id: I675dba0ac600be44535509d364c71d24e37e8063
2013-09-29 20:06:39 +00:00
physikerwelt (Moritz Schubotz) 12b43489ea Expose LaTeXML Settings
Make LaTeXML setting configurable with the new global
variable $wgDefaultLaTeXMLSetting.

PS: This variable can be specified as an array or a
string. If specified as an array, the
 array('a'=>'b','c'=>array('e','f'))
would be transformed to the equivalent setting
 a=b&c=e&c=f
,which is the input format for the LaTeXML daemon.

Change-Id: I2869df27cee83b426c6eb2312306fac9d6203ef2
2013-09-20 17:20:03 +00:00
Reedy 40ba7ff462 Fix comment about Math compnent to report bugs etc
There isn't a texvc component in extensions

Change-Id: I7d868a37142be0d4163ff891f7392887643ead26
2013-09-20 09:13:18 +00:00
physikerwelt (Moritz Schubotz) 1a4f371cf6 Merge advanced database write method
Merge advanced database write capabilities
from the development branch.

Bug 53400

Change-Id: I99973bcf7b3a663eeecda136e32b70c26055dbb8
2013-09-18 17:37:35 -07:00