Parent Directory
| 
Revision Log
restrict PG access to ImageGenerator object using RestrictedClosureClass (prevents problem code from monkeying with paths, viewing passwords, calling methods other than add() and other bad stuff)
1 ################################################################################ 2 # WeBWorK Online Homework Delivery System 3 # Copyright © 2000-2006 The WeBWorK Project, http://openwebwork.sf.net/ 4 # $CVSHeader: webwork2/lib/WeBWorK/PG.pm,v 1.67 2006/08/17 23:54:09 dpvc Exp $ 5 # 6 # This program is free software; you can redistribute it and/or modify it under 7 # the terms of either: (a) the GNU General Public License as published by the 8 # Free Software Foundation; either version 2, or (at your option) any later 9 # version, or (b) the "Artistic License" which comes with this package. 10 # 11 # This program is distributed in the hope that it will be useful, but WITHOUT 12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 # FOR A PARTICULAR PURPOSE. See either the GNU General Public License or the 14 # Artistic License for more details. 15 ################################################################################ 16 17 package WeBWorK::PG; 18 19 =head1 NAME 20 21 WeBWorK::PG - Invoke one of several PG rendering methods using an easy-to-use 22 API. 23 24 =cut 25 26 use strict; 27 use warnings; 28 use WeBWorK::PG::ImageGenerator; 29 use WeBWorK::Utils qw(runtime_use formatDateTime makeTempDirectory); 30 use WeBWorK::Utils::RestrictedClosureClass; 31 32 use constant DISPLAY_MODES => { 33 # display name # mode name 34 tex => "TeX", 35 plainText => "HTML", 36 formattedText => "HTML_tth", 37 images => "HTML_dpng", 38 jsMath => "HTML_jsMath", 39 asciimath => "HTML_asciimath", 40 LaTeXMathML => "HTML_LaTeXMathML", 41 }; 42 43 sub new { 44 shift; # throw away invocant -- we don't need it 45 my ($ce, $user, $key, $set, $problem, $psvn, $formFields, 46 $translationOptions) = @_; 47 48 my $renderer = $ce->{pg}->{renderer}; 49 50 runtime_use $renderer; 51 52 return $renderer->new(@_); 53 } 54 55 sub defineProblemEnvir { 56 my ( 57 $self, 58 $ce, 59 $user, 60 $key, 61 $set, 62 $problem, 63 $psvn, 64 $formFields, 65 $options, 66 $extras, 67 ) = @_; 68 69 my %envir; 70 71 # ---------------------------------------------------------------------- 72 73 # PG environment variables 74 # from docs/pglanguage/pgreference/environmentvariables as of 06/25/2002 75 # any changes are noted by "ADDED:" or "REMOVED:" 76 77 # Vital state information 78 # ADDED: displayModeFailover, displayHintsQ, displaySolutionsQ, 79 # refreshMath2img, texDisposition 80 81 $envir{psvn} = $set->psvn; 82 $envir{psvnNumber} = $envir{psvn}; 83 $envir{probNum} = $problem->problem_id; 84 $envir{questionNumber} = $envir{probNum}; 85 $envir{fileName} = $problem->source_file; 86 $envir{probFileName} = $envir{fileName}; 87 $envir{problemSeed} = $problem->problem_seed; 88 $envir{displayMode} = translateDisplayModeNames($options->{displayMode}); 89 $envir{languageMode} = $envir{displayMode}; 90 $envir{outputMode} = $envir{displayMode}; 91 $envir{displayHintsQ} = $options->{showHints}; 92 $envir{displaySolutionsQ} = $options->{showSolutions}; 93 $envir{texDisposition} = "pdf"; # in webwork2, we use pdflatex 94 95 # Problem Information 96 # ADDED: courseName, formatedDueDate 97 98 $envir{openDate} = $set->open_date; 99 $envir{formattedOpenDate} = formatDateTime($envir{openDate}, $ce->{siteDefaults}{timezone}); 100 $envir{dueDate} = $set->due_date; 101 $envir{formattedDueDate} = formatDateTime($envir{dueDate}, $ce->{siteDefaults}{timezone}); 102 $envir{formatedDueDate} = $envir{formattedDueDate}; # typo in many header files 103 $envir{answerDate} = $set->answer_date; 104 $envir{formattedAnswerDate} = formatDateTime($envir{answerDate}, $ce->{siteDefaults}{timezone}); 105 $envir{numOfAttempts} = ($problem->num_correct || 0) + ($problem->num_incorrect || 0); 106 $envir{problemValue} = $problem->value; 107 $envir{sessionKey} = $key; 108 $envir{courseName} = $ce->{courseName}; 109 110 # Student Information 111 # ADDED: studentID 112 113 $envir{sectionName} = $user->section; 114 $envir{sectionNumber} = $envir{sectionName}; 115 $envir{recitationName} = $user->recitation; 116 $envir{recitationNumber} = $envir{recitationName}; 117 $envir{setNumber} = $set->set_id; 118 $envir{studentLogin} = $user->user_id; 119 $envir{studentName} = $user->first_name . " " . $user->last_name; 120 $envir{studentID} = $user->student_id; 121 122 # Answer Information 123 # REMOVED: refSubmittedAnswers 124 125 $envir{inputs_ref} = $formFields; 126 127 # External Programs 128 # ADDED: externalLaTeXPath, externalDvipngPath, 129 # externalGif2EpsPath, externalPng2EpsPath 130 131 $envir{externalTTHPath} = $ce->{externalPrograms}->{tth}; 132 $envir{externalLaTeXPath} = $ce->{externalPrograms}->{latex}; 133 $envir{externalDvipngPath} = $ce->{externalPrograms}->{dvipng}; 134 $envir{externalGif2EpsPath} = $ce->{externalPrograms}->{gif2eps}; 135 $envir{externalPng2EpsPath} = $ce->{externalPrograms}->{png2eps}; 136 $envir{externalGif2PngPath} = $ce->{externalPrograms}->{gif2png}; 137 $envir{externalCheckUrl} = $ce->{externalPrograms}->{checkurl}; 138 # Directories and URLs 139 # REMOVED: courseName 140 # ADDED: dvipngTempDir 141 # ADDED: jsMathURL 142 # ADDED: asciimathURL 143 # ADDED: macrosPath 144 # REMOVED: macrosDirectory, courseScriptsDirectory 145 # ADDED: LaTeXMathML 146 147 $envir{cgiDirectory} = undef; 148 $envir{cgiURL} = undef; 149 $envir{classDirectory} = undef; 150 $envir{macrosPath} = $ce->{pg}->{directories}{macrosPath}; 151 $envir{appletPath} = $ce->{pg}->{directories}{appletPath}; 152 $envir{pgDirectories} = $ce->{pg}->{directories}; 153 $envir{htmlDirectory} = $ce->{courseDirs}->{html}."/"; 154 $envir{htmlURL} = $ce->{courseURLs}->{html}."/"; 155 $envir{templateDirectory} = $ce->{courseDirs}->{templates}."/"; 156 $envir{tempDirectory} = $ce->{courseDirs}->{html_temp}."/"; 157 $envir{tempURL} = $ce->{courseURLs}->{html_temp}."/"; 158 $envir{scriptDirectory} = undef; 159 $envir{webworkDocsURL} = $ce->{webworkURLs}->{docs}."/"; 160 $envir{localHelpURL} = $ce->{webworkURLs}->{local_help}."/"; 161 $envir{jsMathURL} = $ce->{webworkURLs}->{jsMath}; 162 $envir{asciimathURL} = $ce->{webworkURLs}->{asciimath}; 163 $envir{LaTeXMathMLURL} = $ce->{webworkURLs}->{LaTeXMathML}; 164 $envir{server_root_url} = $ce->{apache_root_url}; 165 166 # Information for sending mail 167 168 $envir{mailSmtpServer} = $ce->{mail}->{smtpServer}; 169 $envir{mailSmtpSender} = $ce->{mail}->{smtpSender}; 170 $envir{ALLOW_MAIL_TO} = $ce->{mail}->{allowedRecipients}; 171 172 # Default values for evaluating answers 173 174 my $ansEvalDefaults = $ce->{pg}->{ansEvalDefaults}; 175 $envir{$_} = $ansEvalDefaults->{$_} foreach (keys %$ansEvalDefaults); 176 177 # ---------------------------------------------------------------------- 178 179 # ADDED: ImageGenerator for images mode 180 if (defined $extras->{image_generator}) { 181 $envir{imagegen} = $extras->{image_generator}; 182 # only allow access to the add() method 183 $envir{imagegen} = new WeBWorK::Utils::RestrictedClosureClass($extras->{image_generator}, "add"); 184 } 185 186 # ADDED: jsMath options 187 $envir{jsMath} = {%{$ce->{pg}{displayModeOptions}{jsMath}}}; 188 189 # Other things... 190 $envir{QUIZ_PREFIX} = $options->{QUIZ_PREFIX}; # used by quizzes 191 $envir{PROBLEM_GRADER_TO_USE} = $ce->{pg}->{options}->{grader}; 192 $envir{PRINT_FILE_NAMES_FOR} = $ce->{pg}->{specialPGEnvironmentVars}->{PRINT_FILE_NAMES_FOR}; 193 194 # ADDED: __files__ 195 # an array for mapping (eval nnn) to filenames in error messages 196 $envir{__files__} = { 197 root => $ce->{webworkDirs}{root}, # used to shorten filenames 198 pg => $ce->{pg}{directories}{root}, # ditto 199 tmpl => $ce->{courseDirs}{templates}, # ditto 200 }; 201 202 # variables for interpreting capa problems and other things to be 203 # seen in a pg file 204 my $specialPGEnvironmentVarHash = $ce->{pg}->{specialPGEnvironmentVars}; 205 for my $SPGEV (keys %{$specialPGEnvironmentVarHash}) { 206 $envir{$SPGEV} = $specialPGEnvironmentVarHash->{$SPGEV}; 207 } 208 209 return \%envir; 210 } 211 212 sub translateDisplayModeNames($) { 213 my $name = shift; 214 return DISPLAY_MODES()->{$name}; 215 } 216 217 sub oldSafetyFilter { 218 my $answer = shift; # accepts one answer and checks it 219 my $submittedAnswer = $answer; 220 $answer = '' unless defined $answer; 221 my ($errorno); 222 $answer =~ tr/\000-\037/ /; 223 # Return if answer field is empty 224 unless ($answer =~ /\S/) { 225 #$errorno = "<BR>No answer was submitted."; 226 $errorno = 0; ## don't report blank answer as error 227 return ($answer,$errorno); 228 } 229 # replace ^ with ** (for exponentiation) 230 # $answer =~ s/\^/**/g; 231 # Return if forbidden characters are found 232 unless ($answer =~ /^[a-zA-Z0-9_\-\+ \t\/@%\*\.\n^\[\]\(\)\,\|]+$/ ) { 233 $answer =~ tr/a-zA-Z0-9_\-\+ \t\/@%\*\.\n^\(\)/#/c; 234 $errorno = "<BR>There are forbidden characters in your answer: $submittedAnswer<BR>"; 235 return ($answer,$errorno); 236 } 237 $errorno = 0; 238 return($answer, $errorno); 239 } 240 241 sub nullSafetyFilter { 242 return shift, 0; # no errors 243 } 244 245 1; 246 247 __END__ 248 249 =head1 SYNOPSIS 250 251 $pg = WeBWorK::PG->new( 252 $ce, # a WeBWorK::CourseEnvironment object 253 $user, # a WeBWorK::DB::Record::User object 254 $sessionKey, 255 $set, # a WeBWorK::DB::Record::UserSet object 256 $problem, # a WeBWorK::DB::Record::UserProblem object 257 $psvn, 258 $formFields # in &WeBWorK::Form::Vars format 259 { # translation options 260 displayMode => "images", # (plainText|formattedText|images) 261 showHints => 1, # (0|1) 262 showSolutions => 0, # (0|1) 263 refreshMath2img => 0, # (0|1) 264 processAnswers => 1, # (0|1) 265 }, 266 ); 267 268 $translator = $pg->{translator}; # WeBWorK::PG::Translator 269 $body = $pg->{body_text}; # text string 270 $header = $pg->{head_text}; # text string 271 $answerHash = $pg->{answers}; # WeBWorK::PG::AnswerHash 272 $result = $pg->{result}; # hash reference 273 $state = $pg->{state}; # hash reference 274 $errors = $pg->{errors}; # text string 275 $warnings = $pg->{warnings}; # text string 276 $flags = $pg->{flags}; # hash reference 277 278 =head1 DESCRIPTION 279 280 WeBWorK::PG is a factory for modules which use the WeBWorK::PG API. Notable 281 modules which use this API (and exist) are WeBWorK::PG::Local and 282 WeBWorK::PG::Remote. The course environment key $pg{renderer} is consulted to 283 determine which render to use. 284 285 =head1 THE WEBWORK::PG API 286 287 Modules which support this API must implement the following method: 288 289 =over 290 291 =item new ENVIRONMENT, USER, KEY, SET, PROBLEM, PSVN, FIELDS, OPTIONS 292 293 The C<new> method creates a translator, initializes it using the parameters 294 specified, translates a PG file, and processes answers. It returns a reference 295 to a blessed hash containing the results of the translation process. 296 297 =back 298 299 =head2 Parameters 300 301 =over 302 303 =item ENVIRONMENT 304 305 a WeBWorK::CourseEnvironment object 306 307 =item USER 308 309 a WeBWorK::User object 310 311 =item KEY 312 313 the session key of the current session 314 315 =item SET 316 317 a WeBWorK::Set object 318 319 =item PROBLEM 320 321 a WeBWorK::DB::Record::UserProblem object. The contents of the source_file 322 field can specify a PG file either by absolute path or path relative to the 323 "templates" directory. I<The caller should remove taint from this value before 324 passing!> 325 326 =item PSVN 327 328 the problem set version number 329 330 =item FIELDS 331 332 a reference to a hash (as returned by &WeBWorK::Form::Vars) containing form 333 fields submitted by a problem processor. The translator will look for fields 334 like "AnSwEr[0-9]" containing submitted student answers. 335 336 =item OPTIONS 337 338 a reference to a hash containing the following data: 339 340 =over 341 342 =item displayMode 343 344 one of "plainText", "formattedText", or "images" 345 346 =item showHints 347 348 boolean, render hints 349 350 =item showSolutions 351 352 boolean, render solutions 353 354 =item refreshMath2img 355 356 boolean, force images created by math2img (in "images" mode) to be recreated, 357 even if the PG source has not been updated. FIXME: remove this option. 358 359 =item processAnswers 360 361 boolean, call answer evaluators and graders 362 363 =back 364 365 =back 366 367 =head2 RETURN VALUE 368 369 The C<new> method returns a blessed hash reference containing the following 370 fields. More information can be found in the documentation for 371 WeBWorK::PG::Translator. 372 373 =over 374 375 =item translator 376 377 The WeBWorK::PG::Translator object used to render the problem. 378 379 =item head_text 380 381 HTML code for the E<lt>headE<gt> block of an resulting web page. Used for 382 JavaScript features. 383 384 =item body_text 385 386 HTML code for the E<lt>bodyE<gt> block of an resulting web page. 387 388 =item answers 389 390 An C<AnswerHash> object containing submitted answers, and results of answer 391 evaluation. 392 393 =item result 394 395 A hash containing the results of grading the problem. 396 397 =item state 398 399 A hash containing the new problem state. 400 401 =item errors 402 403 A string containing any errors encountered while rendering the problem. 404 405 =item warnings 406 407 A string containing any warnings encountered while rendering the problem. 408 409 =item flags 410 411 A hash containing PG_flags (see the Translator docs). 412 413 =back 414 415 =head1 METHODS PROVIDED BY THE BASE CLASS 416 417 The following methods are provided for use by subclasses of WeBWorK::PG. 418 419 =over 420 421 =item defineProblemEnvir ENVIRONMENT, USER, KEY, SET, PROBLEM, PSVN, FIELDS, OPTIONS 422 423 Generate a problem environment hash to pass to the renderer. 424 425 =item translateDisplayModeNames NAME 426 427 NAME contains 428 429 =back 430 431 =head1 AUTHOR 432 433 Written by Sam Hathaway, sh002i (at) math.rochester.edu. 434 435 =cut
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |