Christian Ridderstr�m wrote:
> Hi
>
> I thought it might be nice to be able to insert formulas in the wiki
> pages, so I've hacked together something here:
>
> http://www.lyx.org/~chr/wiki/pmwiki.php?pagename=Math.Math
>
> which does something similar to what latex-preview, i.e. this markup
>
> [[$ x = y + z $]]
>
> causes a .tex-file to be created that will contain
>
> $ x = y + z $
>
> and latex then compiles this to produce a .dvi-file that dvipng
> finally converts into a .png-file. (The formulas and images are
> cached for performance reasons).
Anything non-trivial won't compile. You'll need all of the stuff that
comes before \begin{document}.
> Now to my question. I'm guessing that letting arbitrary latex code
> be executed using this mechanism is a *huge* security problem.
> (Well, assuming that the hacker also knows his latex).
>
> Can I filter the latex-code somehow to make it safe enough, i.e. so
> safe that we feel it can be left running on wiki.lyx.org?
I counsel against this. You aren't going to gain much at the expense
of a LOT of admin by you fielding bug reports etc. Just a
distraction, IMO.
That is all orthogonal to the security implications, which presumably
are no larger than the existing ability of any user to
'rm *'.
--
Angus
