[tex-k] kpathsea: Illegal fontname `cmr12+50'
Olaf Weber
olaf at infovore.xs4all.nl
Mon Feb 9 21:43:18 CET 2004
Karl Berry writes:
> for (i = 0; base[i]; i++) {
> if (!ISALNUM(base[i])
> + && base[i] != '+'
> && base[i] != '-'
> && base[i] != '_'
> && base[i] != '.'
> This code postdates me, but why bother checking only for specific
> "allowed" characters at all? We should accept anything at the kpathsea
> level (TeX is another problem).
Basically, because the fontnames are fed to shell scripts, which are
intrinsically hard to secure. Especially since these names are
subsequently fed to mf which may in turn do weird things if the wrong
characters are part of the names. Explicitlty "vetting" the
characters here is the easiest way to ensure no unpleasant surprises
occur.
> Oh well, whatever works.
It may not be the best way, but it was the easiest way. :-/
--
Olaf Weber
(This space left blank for technical reasons.)
More information about the tex-k
mailing list