On Mon, Jul 24, 2017 at 11:05:42PM -0400, Scott Kostyshak wrote:
>
> I think the following is unexpected:
>
> Change a different document setting, e.g., "Synchronize with output".
> The buttons "OK" and "Apply" are enabled. Then click on "Allow running
> external programs". Notice that the "OK" and "Apply" buttons are
> disabled, because the settings were applied. I expected only the "Allow
> running external programs" setting to be instantly applied, and that the
> "Synchronize with output" would only be applied when I click on "OK" or
> "Apply".
Yes, I was aware of this glitch, which is addressed by the attached patch.
> It did feel strange that the "OK" and "Apply" buttons were not enabled
> when checking the "Allow running external programs" checkbox, but I got
> used to it quickly.
This is by design. The checkbox status is not saved in the document but
in the session file, so the document should not be marked as dirty (as
it would be after "OK" or "Apply").
> I wonder if it would be more clear if we append to the current tooltip
> "(this setting is changed applied)".
The attached patch appends "(this setting is always applied immediately)".
> Regarding the message that's displayed when someone manually adds
> -shell-escape to a converter, I think we should point the user to more
> information so that they can learn how to use the built-in LyX feature.
>
> Where is the appropriate place in our documentation for this feature?
>
> Similarly, we should point the user to the relevant information for the
> minted example files.
Yes, many improvements are possible with a more little time at hand.
I am also investigating the possibility of attaching a context menu to
the red icon in the status bar.
--
Enrico
diff --git a/src/Buffer.cpp b/src/Buffer.cpp
index a9cc619060..d7e827fc2a 100644
--- a/src/Buffer.cpp
+++ b/src/Buffer.cpp
@@ -55,6 +55,7 @@
#include "ParagraphParameters.h"
#include "ParIterator.h"
#include "PDFOptions.h"
+#include "Session.h"
#include "SpellChecker.h"
#include "sgml.h"
#include "texstream.h"
@@ -980,6 +981,8 @@ int Buffer::readHeader(Lexer & lex)
errorList.push_back(ErrorItem(_("Document header error"), s));
}
+ params().shell_escape =
theSession().shellescapeFiles().find(absFileName());
+
params().makeDocumentClass();
return unknown_tokens;
diff --git a/src/BufferParams.cpp b/src/BufferParams.cpp
index 22e84778fe..c16c308c21 100644
--- a/src/BufferParams.cpp
+++ b/src/BufferParams.cpp
@@ -459,6 +459,7 @@ BufferParams::BufferParams()
html_css_as_file = false;
display_pixel_ratio = 1.0;
+ shell_escape = false;
output_sync = false;
use_refstyle = true;
use_minted = false;
diff --git a/src/BufferParams.h b/src/BufferParams.h
index c20601e2ac..bc5c10d194 100644
--- a/src/BufferParams.h
+++ b/src/BufferParams.h
@@ -535,6 +535,8 @@ public:
std::string html_latex_end;
///
bool html_css_as_file;
+ /// allow the LaTeX backend to run external programs
+ bool shell_escape;
/// generate output usable for reverse/forward search
bool output_sync;
/// custom LaTeX macro from user instead our own
diff --git a/src/Converter.cpp b/src/Converter.cpp
index 489f5df439..c9bce7f2db 100644
--- a/src/Converter.cpp
+++ b/src/Converter.cpp
@@ -279,20 +279,52 @@ OutputParams::FLAVOR
Converters::getFlavor(Graph::EdgePath const & path,
}
-bool Converters::checkAuth(Converter const & conv, string const & doc_fname)
+bool Converters::checkAuth(Converter const & conv, string const & doc_fname,
+ bool use_shell_escape)
{
- if (!conv.need_auth())
+ string conv_command = conv.command();
+ bool const has_shell_escape = contains(conv_command, "-shell-escape")
+ || contains(conv_command, "-enable-write18");
+ if (conv.latex() && has_shell_escape && !use_shell_escape) {
+ docstring const shellescape_warning =
+ bformat(_("<p>The following LaTeX backend has been "
+ "configured to allow execution of external programs "
+ "for any document:</p>"
+ "<center><p><tt>%1$s</tt></p></center>"
+ "<p>This is a dangerous configuration. Please, "
+ "consider using the support offered by LyX for "
+ "allowing this privilege only to documents that "
+ "actually need it, instead.</p>"),
+ from_utf8(conv_command));
+ frontend::Alert::error(_("Security Warning"),
+ shellescape_warning , false);
+ } else if (!conv.latex())
+ use_shell_escape = false;
+ if (!conv.need_auth() && !use_shell_escape)
return true;
- const docstring security_warning = bformat(
- _("<p>The requested operation requires the use of a converter
from "
- "%2$s to %3$s:</p>"
+ size_t const token_pos = conv_command.find("$$");
+ bool const has_token = token_pos != string::npos;
+ string const command = use_shell_escape && !has_shell_escape
+ ? (has_token ? conv_command.insert(token_pos, "-shell-escape ")
+ : conv_command.append(" -shell-escape"))
+ : conv_command;
+ docstring const security_warning = (use_shell_escape
+ ? bformat(_("<p>The following LaTeX backend has been requested "
+ "to allow execution of external programs:</p>"
+ "<center><p><tt>%1$s</tt></p></center>"
+ "<p>The external programs can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.</p>"),
+ from_utf8(command))
+ : bformat(_("<p>The requested operation requires the use of a "
+ "converter from %2$s to %3$s:</p>"
"<blockquote><p><tt>%1$s</tt></p></blockquote>"
- "<p>This external program can execute arbitrary commands on
your "
- "system, including dangerous ones, if instructed to do so by a "
- "maliciously crafted .lyx document.</p>"),
- from_utf8(conv.command()), from_utf8(conv.from()),
- from_utf8(conv.to()));
- if (lyxrc.use_converter_needauth_forbidden) {
+ "<p>This external program can execute arbitrary commands on "
+ "your system, including dangerous ones, if instructed to do "
+ "so by a maliciously crafted LyX document.</p>"),
+ from_utf8(command), from_utf8(conv.from()),
+ from_utf8(conv.to())));
+ if (lyxrc.use_converter_needauth_forbidden && !use_shell_escape) {
frontend::Alert::error(
_("An external converter is disabled for security reasons"),
security_warning + _(
@@ -302,29 +334,47 @@ bool Converters::checkAuth(Converter const & conv, string
const & doc_fname)
"Forbid needauth converters</i>.)"), false);
return false;
}
- if (!lyxrc.use_converter_needauth)
+ if (!lyxrc.use_converter_needauth && !use_shell_escape)
return true;
- static const docstring security_title =
- _("An external converter requires your authorization");
+ docstring const security_title = use_shell_escape
+ ? _("A LaTeX backend requires your authorization")
+ : _("An external converter requires your authorization");
int choice;
- const docstring security_warning2 = security_warning +
- _("<p>Would you like to run this converter?</p>"
- "<p><b>Only run if you trust the origin/sender of the LyX "
- "document!</b></p>");
+ docstring const security_warning2 = security_warning + (use_shell_escape
+ ? _("<p>Should LaTeX backends be allowed to run external "
+ "programs?</p><p><b>Allow them only if you trust the "
+ "origin/sender of the LyX document!</b></p>")
+ : _("<p>Would you like to run this converter?</p>"
+ "<p><b>Only run if you trust the origin/sender of the LyX "
+ "document!</b></p>"));
+ docstring const no = use_shell_escape
+ ? _("Do ¬ allow") : _("Do ¬ run");
+ docstring const yes = use_shell_escape ? _("A&llow") : _("&Run");
+ docstring const always = use_shell_escape
+ ? _("&Always allow for this document")
+ : _("&Always run for this document");
if (!doc_fname.empty()) {
LYXERR(Debug::FILES, "looking up: " << doc_fname);
- std::set<std::string> & auth_files =
theSession().authFiles().authFiles();
- if (auth_files.find(doc_fname) == auth_files.end()) {
- choice = frontend::Alert::prompt(security_title,
security_warning2,
- 0, 0, _("Do ¬ run"), _("&Run"), _("&Always
run for this document"));
- if (choice == 2)
- auth_files.insert(doc_fname);
+ bool authorized = use_shell_escape
+ ? theSession().shellescapeFiles().findAuth(doc_fname)
+ : theSession().authFiles().find(doc_fname);
+ if (!authorized) {
+ choice = frontend::Alert::prompt(security_title,
+ security_warning2,
+ 0, 0, no, yes, always);
+ if (choice == 2) {
+ if (use_shell_escape)
+
theSession().shellescapeFiles().insert(doc_fname, true);
+ else
+
theSession().authFiles().insert(doc_fname);
+ }
} else {
choice = 1;
}
} else {
- choice = frontend::Alert::prompt(security_title,
security_warning2,
- 0, 0, _("Do ¬ run"), _("&Run"));
+ choice = frontend::Alert::prompt(security_title,
+ security_warning2,
+ 0, 0, no, yes);
}
return choice != 0;
}
@@ -459,7 +509,8 @@ bool Converters::convert(Buffer const * buffer,
"tmpfile.out"));
}
- if (!checkAuth(conv, buffer ? buffer->absFileName() : string()))
+ if (!checkAuth(conv, buffer ? buffer->absFileName() : string(),
+ buffer && buffer->params().shell_escape))
return false;
if (conv.latex()) {
@@ -470,6 +521,9 @@ bool Converters::convert(Buffer const * buffer,
command = subst(command, token_from, "");
command = subst(command, token_latex_encoding,
buffer->params().encoding().latexName());
+ if (buffer->params().shell_escape
+ && !contains(command, "-shell-escape"))
+ command += " -shell-escape ";
LYXERR(Debug::FILES, "Running " << command);
if (!runLaTeX(*buffer, command, runparams, errorList))
return false;
diff --git a/src/Converter.h b/src/Converter.h
index da3136a69c..8f63aba512 100644
--- a/src/Converter.h
+++ b/src/Converter.h
@@ -193,8 +193,14 @@ public:
/// able to execute arbitrary code, tagged with the 'needauth' option,
/// authorization is: always denied if
lyxrc.use_converter_needauth_forbidden
/// is enabled; always allowed if the lyxrc.use_converter_needauth
- /// is disabled; user is prompted otherwise
- bool checkAuth(Converter const & conv, std::string const & doc_fname);
+ /// is disabled; user is prompted otherwise.
+ /// However, if use_shell_escape is true and a LaTeX backend is
+ /// going to be executed, both lyxrc.use_converter_needauth and
+ /// lyxrc.use_converter_needauth_forbidden are ignored, because in
+ /// this case the backend has to be executed and LyX will add the
+ /// -shell-escape option, so that user consent is always needed.
+ bool checkAuth(Converter const & conv, std::string const & doc_fname,
+ bool use_shell_escape = false);
private:
///
diff --git a/src/Session.cpp b/src/Session.cpp
index f2cb8b4ca0..009bf39cf1 100644
--- a/src/Session.cpp
+++ b/src/Session.cpp
@@ -35,6 +35,7 @@ string const sec_session = "[session info]";
string const sec_toolbars = "[toolbars]";
string const sec_lastcommands = "[last commands]";
string const sec_authfiles = "[auth files]";
+string const sec_shellescape = "[shell escape files]";
} // namespace
@@ -422,6 +423,8 @@ void Session::readFile()
lastCommands().read(is);
else if (tmp == sec_authfiles)
authFiles().read(is);
+ else if (tmp == sec_shellescape)
+ shellescapeFiles().read(is);
else
LYXERR(Debug::INIT, "LyX: Warning: unknown Session
section: " << tmp);
@@ -442,6 +445,7 @@ void Session::writeFile() const
lastCommands().write(os);
bookmarks().write(os);
authFiles().write(os);
+ shellescapeFiles().write(os);
} else
LYXERR(Debug::INIT, "LyX: Warning: unable to save Session: "
<< session_file);
@@ -480,4 +484,97 @@ void AuthFilesSection::write(ostream & os) const
}
+bool AuthFilesSection::find(string const & name) const
+{
+ if (auth_files_.find(name) != auth_files_.end())
+ return true;
+
+ return false;
+}
+
+
+void AuthFilesSection::insert(string const & name)
+{
+ auth_files_.insert(name);
+}
+
+
+void ShellEscapeSection::read(istream & is)
+{
+ string s;
+ do {
+ char c = is.peek();
+ if (c == '[')
+ break;
+ getline(is, s);
+ c = s[0];
+ if (c == 0 || c == '#' || c == ' ' || !FileName::isAbsolute(s))
+ continue;
+
+ // read shellescape files
+ FileName const file(s.substr(0, s.length() - 2));
+ if (file.exists() && !file.isDirectory())
+ shellescape_files_.insert(s);
+ else
+ LYXERR(Debug::INIT, "LyX: Warning: Ignore shellescape
file: " << file);
+ } while (is.good());
+}
+
+
+void ShellEscapeSection::write(ostream & os) const
+{
+ os << '\n' << sec_shellescape << '\n';
+ copy(shellescape_files_.begin(), shellescape_files_.end(),
+ ostream_iterator<std::string>(os, "\n"));
+}
+
+
+bool ShellEscapeSection::find(string const & name) const
+{
+ if (shellescape_files_.find(name + ",0") != shellescape_files_.end())
+ return true;
+
+ return findAuth(name);
+}
+
+
+bool ShellEscapeSection::findAuth(string const & name) const
+{
+ if (shellescape_files_.find(name + ",1") != shellescape_files_.end())
+ return true;
+
+ return false;
+}
+
+
+void ShellEscapeSection::insert(string const & name, bool auth)
+{
+ set<string>::iterator it;
+ string const name0 = name + ",0";
+ string const name1 = name + ",1";
+
+ if (auth) {
+ it = shellescape_files_.find(name0);
+ if (it != shellescape_files_.end())
+ shellescape_files_.erase(it);
+ shellescape_files_.insert(name1);
+ } else {
+ it = shellescape_files_.find(name1);
+ if (it != shellescape_files_.end())
+ shellescape_files_.erase(it);
+ shellescape_files_.insert(name0);
+ }
+}
+
+
+void ShellEscapeSection::remove(string const & name)
+{
+ set<string>::iterator it = shellescape_files_.find(name + ",0");
+ if (it == shellescape_files_.end())
+ it = shellescape_files_.find(name + ",1");
+ if (it != shellescape_files_.end())
+ shellescape_files_.erase(it);
+}
+
+
} // namespace lyx
diff --git a/src/Session.h b/src/Session.h
index 8074b56dd9..31ffee8841 100644
--- a/src/Session.h
+++ b/src/Session.h
@@ -333,7 +333,10 @@ public:
void write(std::ostream & os) const;
///
- std::set<std::string> & authFiles() { return auth_files_; }
+ bool find(std::string const & name) const;
+
+ ///
+ void insert(std::string const & name);
private:
/// set of document files authorized for external conversion
@@ -341,6 +344,36 @@ private:
};
+class ShellEscapeSection : SessionSection
+{
+public:
+ ///
+ explicit ShellEscapeSection() {};
+
+ ///
+ void read(std::istream & is);
+
+ ///
+ void write(std::ostream & os) const;
+
+ ///
+ bool find(std::string const & name) const;
+
+ ///
+ bool findAuth(std::string const & name) const;
+
+ ///
+ void insert(std::string const & name, bool auth = false);
+
+ ///
+ void remove(std::string const & name);
+
+private:
+ /// set of document files authorized for external conversion
+ std::set<std::string> shellescape_files_;
+};
+
+
class Session
{
public:
@@ -373,6 +406,10 @@ public:
AuthFilesSection & authFiles() { return auth_files; }
///
AuthFilesSection const & authFiles() const { return auth_files; }
+ ///
+ ShellEscapeSection & shellescapeFiles() { return shellescape_files; }
+ ///
+ ShellEscapeSection const & shellescapeFiles() const { return
shellescape_files; }
private:
friend class LyX;
@@ -402,6 +439,8 @@ private:
LastCommandsSection last_commands;
///
AuthFilesSection auth_files;
+ ///
+ ShellEscapeSection shellescape_files;
};
/// This is a singleton class. Get the instance.
diff --git a/src/frontends/qt4/ButtonPolicy.cpp
b/src/frontends/qt4/ButtonPolicy.cpp
index 1866a3c2ca..b151b065a8 100644
--- a/src/frontends/qt4/ButtonPolicy.cpp
+++ b/src/frontends/qt4/ButtonPolicy.cpp
@@ -398,6 +398,7 @@ void ButtonPolicy::Private::initNoRepeatedApplyReadOnly()
state_machine_[INITIAL][SMI_VALID] = VALID;
state_machine_[INITIAL][SMI_INVALID] = INVALID;
state_machine_[INITIAL][SMI_READ_ONLY] = RO_INITIAL;
+ state_machine_[INITIAL][SMI_APPLY] = INITIAL;
// State::VALID
state_machine_[VALID][SMI_VALID] = VALID;
state_machine_[VALID][SMI_READ_WRITE] = VALID;
diff --git a/src/frontends/qt4/GuiDocument.cpp
b/src/frontends/qt4/GuiDocument.cpp
index e8d66ec3a3..926f31ba82 100644
--- a/src/frontends/qt4/GuiDocument.cpp
+++ b/src/frontends/qt4/GuiDocument.cpp
@@ -50,6 +50,7 @@
#include "OutputParams.h"
#include "PDFOptions.h"
#include "qt_helpers.h"
+#include "Session.h"
#include "Spacing.h"
#include "TextClass.h"
#include "Undo.h"
@@ -792,6 +793,8 @@ GuiDocument::GuiDocument(GuiView & lv)
connect(outputModule->mathoutCB, SIGNAL(currentIndexChanged(int)),
this, SLOT(change_adaptor()));
+ connect(outputModule->shellescapeCB, SIGNAL(stateChanged(int)),
+ this, SLOT(shellescapeChanged()));
connect(outputModule->outputsyncCB, SIGNAL(clicked()),
this, SLOT(change_adaptor()));
connect(outputModule->synccustomCB, SIGNAL(editTextChanged(QString)),
@@ -1537,6 +1540,23 @@ void GuiDocument::change_adaptor()
}
+void GuiDocument::shellescapeChanged()
+{
+ // This is treated specially as the change is automatically applied
+ // and the document isn't marked as dirty. Visual feedback is given
+ // by the appearance/disappearance of a red icon in the status bar.
+ bp_.shell_escape = outputModule->shellescapeCB->isChecked();
+ if (!bp_.shell_escape)
+ theSession().shellescapeFiles().remove(buffer().absFileName());
+ else if (!theSession().shellescapeFiles().find(buffer().absFileName()))
+ theSession().shellescapeFiles().insert(buffer().absFileName());
+ Buffer & buf = const_cast<Buffer &>(buffer());
+ buf.params().shell_escape = bp_.shell_escape;
+ BufferView * bv = const_cast<BufferView *>(bufferview());
+ bv->processUpdateFlags(Update::Force);
+}
+
+
void GuiDocument::includeonlyClicked(QTreeWidgetItem * item, int)
{
if (item == 0)
@@ -3115,6 +3135,8 @@ void GuiDocument::applyView()
bool const nontexfonts = fontModule->osFontsCB->isChecked();
bp_.useNonTeXFonts = nontexfonts;
+ bp_.shell_escape = outputModule->shellescapeCB->isChecked();
+
bp_.output_sync = outputModule->outputsyncCB->isChecked();
bp_.output_sync_macro =
fromqstr(outputModule->synccustomCB->currentText());
@@ -3733,6 +3755,7 @@ void GuiDocument::paramsToDialog()
index = 0;
outputModule->defaultFormatCO->setCurrentIndex(index);
+ outputModule->shellescapeCB->setChecked(bp_.shell_escape);
outputModule->outputsyncCB->setChecked(bp_.output_sync);
outputModule->synccustomCB->setEditText(toqstr(bp_.output_sync_macro));
diff --git a/src/frontends/qt4/GuiDocument.h b/src/frontends/qt4/GuiDocument.h
index 2d0fc88822..5efde8eee3 100644
--- a/src/frontends/qt4/GuiDocument.h
+++ b/src/frontends/qt4/GuiDocument.h
@@ -90,6 +90,7 @@ public Q_SLOTS:
private Q_SLOTS:
void updateNumbering();
void change_adaptor();
+ void shellescapeChanged();
void includeonlyClicked(QTreeWidgetItem * item, int);
void setListingsMessage();
void listingsPackageChanged(int);
diff --git a/src/frontends/qt4/GuiView.cpp b/src/frontends/qt4/GuiView.cpp
index d2e3ed9f27..4bbcd06ec1 100644
--- a/src/frontends/qt4/GuiView.cpp
+++ b/src/frontends/qt4/GuiView.cpp
@@ -577,9 +577,18 @@ GuiView::GuiView(int id)
busylabel, SLOT(hide()));
QFontMetrics const fm(statusBar()->fontMetrics());
- int const roheight = max(int(d.normalIconSize), fm.height());
- QSize const rosize(roheight, roheight);
- QPixmap readonly = QIcon(getPixmap("images/", "emblem-readonly",
"svgz,png")).pixmap(rosize);
+ int const iconheight = max(int(d.normalIconSize), fm.height());
+ QSize const iconsize(iconheight, iconheight);
+
+ QPixmap shellescape = QIcon(getPixmap("images/", "emblem-shellescape",
"svgz,png")).pixmap(iconsize);
+ shell_escape_ = new QLabel(statusBar());
+ shell_escape_->setPixmap(shellescape);
+ shell_escape_->setScaledContents(true);
+ shell_escape_->setAlignment(Qt::AlignCenter);
+ shell_escape_->hide();
+ statusBar()->addPermanentWidget(shell_escape_);
+
+ QPixmap readonly = QIcon(getPixmap("images/", "emblem-readonly",
"svgz,png")).pixmap(iconsize);
read_only_ = new QLabel(statusBar());
read_only_->setPixmap(readonly);
read_only_->setScaledContents(true);
@@ -1160,6 +1169,11 @@ void GuiView::updateWindowTitle(GuiWorkArea * wa)
// Tell Qt whether the current document is changed
setWindowModified(!buf.isClean());
+ if (buf.params().shell_escape)
+ shell_escape_->show();
+ else
+ shell_escape_->hide();
+
if (buf.hasReadonlyFlag())
read_only_->show();
else
diff --git a/src/frontends/qt4/GuiView.h b/src/frontends/qt4/GuiView.h
index 998fcc255b..582691aa52 100644
--- a/src/frontends/qt4/GuiView.h
+++ b/src/frontends/qt4/GuiView.h
@@ -461,6 +461,8 @@ private:
/// Request to give focus to minibuffer
bool minibuffer_focus_;
+ /// Statusbar widget that shows shell-escape status
+ QLabel * shell_escape_;
/// Statusbar widget that shows read-only status
QLabel * read_only_;
/// Statusbar widget that shows version control status
diff --git a/src/frontends/qt4/GuiWorkArea.cpp
b/src/frontends/qt4/GuiWorkArea.cpp
index 7b46eee74f..f232003ab3 100644
--- a/src/frontends/qt4/GuiWorkArea.cpp
+++ b/src/frontends/qt4/GuiWorkArea.cpp
@@ -250,7 +250,7 @@ GuiWorkArea::Private::Private(GuiWorkArea * parent)
cursor_visible_(false), cursor_(0),
need_resize_(false), schedule_redraw_(false), preedit_lines_(1),
pixel_ratio_(1.0),
- completer_(new GuiCompleter(p, p)), dialog_mode_(false),
+ completer_(new GuiCompleter(p, p)), dialog_mode_(false),
shell_escape_(false),
read_only_(false), clean_(true), externally_modified_(false)
{
}
@@ -1401,11 +1401,13 @@ void GuiWorkArea::updateWindowTitle()
{
Buffer const & buf = bufferView().buffer();
if (buf.fileName() != d->file_name_
+ || buf.params().shell_escape != d->shell_escape_
|| buf.hasReadonlyFlag() != d->read_only_
|| buf.lyxvc().vcstatus() != d->vc_status_
|| buf.isClean() != d->clean_
|| buf.notifiesExternalModification() != d->externally_modified_) {
d->file_name_ = buf.fileName();
+ d->shell_escape_ = buf.params().shell_escape;
d->read_only_ = buf.hasReadonlyFlag();
d->vc_status_ = buf.lyxvc().vcstatus();
d->clean_ = buf.isClean();
diff --git a/src/frontends/qt4/GuiWorkArea_Private.h
b/src/frontends/qt4/GuiWorkArea_Private.h
index a7eea0b1d8..f90b2c71c7 100644
--- a/src/frontends/qt4/GuiWorkArea_Private.h
+++ b/src/frontends/qt4/GuiWorkArea_Private.h
@@ -191,6 +191,8 @@ struct GuiWorkArea::Private
///
support::FileName file_name_;
///
+ bool shell_escape_;
+ ///
bool read_only_;
///
docstring vc_status_;
diff --git a/src/frontends/qt4/ui/OutputUi.ui b/src/frontends/qt4/ui/OutputUi.ui
index 2bcf0f15cb..9e6b2a4c1f 100644
--- a/src/frontends/qt4/ui/OutputUi.ui
+++ b/src/frontends/qt4/ui/OutputUi.ui
@@ -80,7 +80,7 @@
</layout>
</widget>
</item>
- <item row="4" column="0">
+ <item row="5" column="0">
<widget class="QGroupBox" name="savingGB">
<property name="title">
<string>LyX Format</string>
@@ -106,6 +106,16 @@
</widget>
</item>
<item row="1" column="0">
+ <widget class="QCheckBox" name="shellescapeCB">
+ <property name="toolTip">
+ <string>Runs the LaTeX backend with the -shell-escape option (this
setting is always applied immediately)</string>
+ </property>
+ <property name="text">
+ <string>&Allow running external programs</string>
+ </property>
+ </widget>
+ </item>
+ <item row="2" column="0">
<widget class="QGroupBox" name="outputsyncCB">
<property name="toolTip">
<string>Enable forward/reverse search between editor and output (e.g.,
SyncTeX)</string>
@@ -150,7 +160,7 @@
</layout>
</widget>
</item>
- <item row="2" column="0">
+ <item row="3" column="0">
<widget class="QGroupBox" name="xhtmlGB">
<property name="title">
<string>XHTML Output Options</string>
@@ -269,7 +279,7 @@
</layout>
</widget>
</item>
- <item row="5" column="0">
+ <item row="6" column="0">
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
