Having had more of a look through the Template-Latex code I plan to make
(at least) two releases in the next couple of weeks.
The first release will remove the 'latex', 'pdflatex' and 'dvips'
parameters from the filter interface. These parameters allow absolute
program pathnames to be specified in template code and to my mind
represent a security risk. Currently the code builds command lines that
are executed with system(), using either the paths configured when the
module was installed (defaulting to "/usr/bin/latex", etc) or paths
specified as arguments to the FILTER directive. The current code does
no sanity checking of the paths, so there is nothing to stop a malicious
template specifying something like "FILTER latex(latex => 'rm -rf
/home')". It should still be possible though to set up these paths from
perl code as configuration items when TT2 is invoked. I hope to make
this first release sometime next week.
Please let me know if you have any issues with this change.
The second release will follow a week or two later and will add
functionality to run "bibtex" and "makeindex" on the latex code if the
plugin detects that that is necessary, plus the plugin will re-run
"latex" (or "pdflatex") if it detects that there are unresolved labels.
I will provide an option to turn off this behaviour, so that the plugin
just runs "latex" a specified number of times: e.g. once, twice (needed
if there are forward references or a table of contents) or three times
(e.g. if there are forward references and a table of contents)
irrespective of whether that leaves unresolved labels. I will refine
this proposal and post it when I make the first release. If you have
any comments on this let me know.
I also have in mind to add options to explicitly specify the temporary
directory in which the latex commands are run and to suppress the
subsequent removal of this directory. This would primarily be for
testing and debugging and the options would not be exposed as FILTER
parameters at the template level.
Regards
Andrew
--
Andrew Ford, Director Pauntley Prints / Ford & Mason Ltd
[EMAIL PROTECTED] South Wing Compton House
pauntley-prints.co.uk Compton Green, Redmarley Tel: +44 1531 829900
ford-mason.co.uk Gloucester GL19 3JB Fax: +44 1531 829901
refcards.com cronolog.org Great Britain Mobile: +44 7785 258278
_______________________________________________
templates mailing list
[email protected]
http://lists.template-toolkit.org/mailman/listinfo/templates
