[LON-CAPA-cvs] cvs: loncom /interface printout.pl

raeburn raeburn at source.lon-capa.org
Sun Nov 12 10:41:45 EST 2017 

raeburn		Sun Nov 12 15:41:45 2017 EDT

  Modified files:              
    /loncom/interface	printout.pl 
  Log:
  - Untaint system() calls by forcing list processing mode.
  
  
Index: loncom/interface/printout.pl
diff -u loncom/interface/printout.pl:1.164 loncom/interface/printout.pl:1.165
--- loncom/interface/printout.pl:1.164	Sun Jan 29 23:53:55 2017
+++ loncom/interface/printout.pl	Sun Nov 12 15:41:45 2017
@@ -1,7 +1,7 @@
 #!/usr/bin/perl
 # CGI-script to run LaTeX, dvips, ps2ps, ps2pdf etc.
 #
-# $Id: printout.pl,v 1.164 2017/01/29 23:53:55 raeburn Exp $
+# $Id: printout.pl,v 1.165 2017/11/12 15:41:45 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -980,18 +980,29 @@
 	    $eps_f = $perlvar{'lonPrtDir'}.'/'.$eps_f;
 
 	    &debug("Converting pdf $not_eps to postscript: $eps_f");
-	    system("pdftops $not_eps $eps_f");
-	    $pdfs_converted++;	# Need to fix ps in last pass.
+            my @args = ('pdftops',$not_eps,$eps_f);
+            system({$args[0]} @args); # Indirect object forces list processing mode.
+                                      # See perlfunc documentation for exec().
+            if ($? and $advanced_role) {
+                print '<p class="LC_warning">'
+                     .&mt('An error occurred during the conversion of [_1] to postscript.',
+                          '<span class="LC_filename">'.$prettyname.'</span>')
+                     .'</p>';
+            } else {
+                $pdfs_converted++; # Need to fix ps in last pass.
+            }
 	} else {
-	    system("convert $not_eps $eps_f");
-        if($? and $advanced_role){
-            print '<p class="LC_warning">'
-                 .&mt('An error occurred during the conversion of [_1].',
+            my @args = ('convert',$not_eps,$eps_f);
+            system({$args[0]} @args); # Indirect object forces list processing mode.
+                                      # See perlfunc documentation for exec().
+            if ($? and $advanced_role) {
+                print '<p class="LC_warning">'
+                     .&mt('An error occurred during the conversion of [_1].',
                           '<span class="LC_filename">'.$prettyname.'</span>')
-                 .'<br />'
-                 .&mt('If possible try to save this image using different settings and republish it.')
-                 .'</p>';
-        }
+                     .'<br />'
+                     .&mt('If possible try to save this image using different settings and republish it.')
+                     .'</p>';
+            }
 	}
 
 	if (not -e $eps_f) {

More information about the LON-CAPA-cvs mailing list