Le 02/05/2018 à 17:12, Scott Kostyshak a écrit :
On Wed, May 02, 2018 at 09:45:41AM +0000, Jean-Marc Lasgouttes wrote:
Le 30/04/2018 à 02:45, Scott Kostyshak a écrit :
I don't think needauth is needed in the above cases. These converters
are just for exporting the code in the .lyx file, not for running that
code. Unless we think there is a way to to trick lyxknitr.R (and e.g.
run arbitrary code). But I don't think this is any different of a
concern than the case of any other converter (e.g. tricking LaTeX or
inkscape or elyxer.py).
Go ahead.
Done in master at 065e37e9. I don't know if we want this in stable. The
patch is very simple, but since it is related to security, I'm not sure
what to suggest.
I really think it is OK, but discussion is welcome, of course.
JMarc
