Don't mind LaTeX commands beginning with bad names

2015-07-30 11:44:47 +02:00 · 2015-07-30 11:44:47 +02:00 · b2cf86b905
commit b2cf86b905
parent 70b7dd88ca
1 changed files with 6 additions and 3 deletions
--- a/anki/latex.py
+++ b/anki/latex.py
@ -78,9 +78,12 @@ def _buildImg(col, latex, fname, model):
    latex = latex.encode("utf8")
    # it's only really secure if run in a jail, but these are the most common
    tmplatex = latex.replace("\\includegraphics", "")
-    for bad in ("write18", "\\readline", "\\input", "\\include", "\\catcode",
-                "\\openout", "\\write", "\\loop", "\\def", "\\shipout"):
-        if bad in tmplatex:
+    for bad in ("write18", "\\\\readline", "\\\\input", "\\\\include",
+                "\\\\catcode", "\\\\openout", "\\\\write", "\\\\loop",
+                "\\\\def", "\\\\shipout"):
+        # don't mind if the sequence is only part of a command
+        bad_re = bad + "[^a-zA-Z]"
+        if re.search(bad_re, tmplatex):
            return _("""\
 For security reasons, '%s' is not allowed on cards. You can still use \
 it by placing the command in a different package, and importing that \