[Templates] Plans for Template-Latex

Andrew Ford A.Ford@ford-mason.co.uk
Thu, 01 Jun 2006 09:34:39 +0100 

Having had more of a look through the Template-Latex code I plan to make 
(at least) two releases in the next couple of weeks.

The first release will remove the 'latex', 'pdflatex' and 'dvips' 
parameters from the filter interface.  These parameters allow absolute 
program pathnames to be specified in template code and to my mind 
represent a security risk.  Currently the code builds command lines that 
are executed with system(), using either the paths configured when the 
module was installed (defaulting to "/usr/bin/latex", etc) or paths 
specified as arguments to the FILTER directive.  The current code does 
no sanity checking of the paths, so there is nothing to stop a malicious 
template specifying something like "FILTER latex(latex => 'rm -rf 
/home')".  It should still be possible though to set up these paths from 
perl code as configuration items when TT2 is invoked.  I hope to make 
this first release sometime next week.

Please let me know if you have any issues with this change.

The second release will follow a week or two later and will add 
functionality to run "bibtex" and "makeindex" on the latex code if the 
plugin detects that that is necessary, plus the plugin will re-run 
"latex" (or "pdflatex") if it detects that there are unresolved labels.  
I will provide an option to turn off this behaviour, so that the plugin 
just runs "latex" a specified number of times: e.g. once, twice (needed 
if there are forward references or a table of contents) or three times 
(e.g. if there are forward references and a table of contents) 
irrespective of whether that leaves unresolved labels.  I will refine 
this proposal and post it when I make the first release.  If you have 
any comments on this let me know.

I also have in mind to add options to explicitly specify the temporary 
directory in which the latex commands are run and to suppress the 
subsequent removal of this directory.  This would primarily be for 
testing and debugging and the options would not be exposed as FILTER 
parameters at the template level.

Regards
Andrew

-- 
Andrew Ford,  Director    Pauntley Prints / Ford & Mason Ltd            
A.Ford@ford-mason.co.uk   South Wing Compton House                      
pauntley-prints.co.uk     Compton Green, Redmarley  Tel: +44 1531 829900
ford-mason.co.uk          Gloucester GL19 3JB       Fax: +44 1531 829901
refcards.com cronolog.org Great Britain          Mobile: +44 7785 258278