Port of revision 470623:

applies baseURL patch

svn path=/trunk/KDE/kdegraphics/kviewshell/plugins/dvi/; revision=470653

dviRenderer.cpp

@@ -4,7 +4,7 @@
 // Class for rendering TeX DVI files.
 // Part of KDVI- A previewer for TeX DVI files.
 //
-// (C) 2001-2004 Stefan Kebekus
+// (C) 2001-2005 Stefan Kebekus
 // Distributed under the GPL
 //
 
@@ -412,7 +412,7 @@ bool dviRenderer::isValidFile(const QString& filename) const
 }
 
 
-bool dviRenderer::setFile(const QString &fname)
+bool dviRenderer::setFile(const QString &fname, const KURL &base)
 {
 #ifdef DEBUG_DVIRENDERER
   kdDebug(4300) << "dviRenderer::setFile( fname='" << fname << "', ref='" << ref << "', sourceMarker=" << sourceMarker << " )" << endl;
@@ -481,7 +481,7 @@ bool dviRenderer::setFile(const QString &fname)
   numPages = dviFile->total_pages;
   info->setDVIData(dviFile);
   _isModified = false;
-
+  baseURL = base;
   
   font_pool.setExtraSearchPath( fi.dirPath(true) );
   font_pool.setCMperDVIunit( dviFile->getCmPerDVIunit() );
@@ -491,24 +491,15 @@ bool dviRenderer::setFile(const QString &fname)
   // PostScriptHeaderString.
   PS_interface->clear();
   
-  // Files that reside under "tmp" or under the "data" resource are most
-  // likely remote files. We limit the files they are able to read to
-  // the directory they are in in order to limit the possibilities of a
-  // denial of service attack.
-  bool restrictIncludePath = true;
-  QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null);
-  if (!filename.startsWith(tmp)) {
-    tmp = KGlobal::dirs()->saveLocation("data", QString::null);
-    if (!filename.startsWith(tmp))
-      restrictIncludePath = false;
-  }
-  
+  // If the DVI file comes from a remote URL (e.g. downloaded from a
+  // web server), we limit the PostScript files that can be accessed
+  // by this file to the download directory, in order to limit the
+  // possibilities of a denial of service attack.
   QString includePath;
-  if (restrictIncludePath) {
+  if (!baseURL.isLocalFile()) {
     includePath = filename;
     includePath.truncate(includePath.lastIndexOf('/'));
   }
-  
   PS_interface->setIncludePath(includePath);
   
   // We will also generate a list of hyperlink-anchors and source-file

dviRenderer.h

@@ -5,7 +5,7 @@
 // Class for rendering TeX DVI files.
 // Part of KDVI- A previewer for TeX DVI files.
 //
-// (C) 2001-2004 Stefan Kebekus. Distributed under the GPL.
+// (C) 2001-2005 Stefan Kebekus. Distributed under the GPL.
 
 #ifndef _dvirenderer_h_
 #define _dvirenderer_h_
@@ -20,6 +20,8 @@
 #include <Q3ValueVector>
 #include <QTimer>
 
+#include <kurl.h>
+
 class Anchor;
 class DocumentWidget;
 class dvifile;
@@ -90,7 +92,7 @@ public:
   dviRenderer(QWidget *parent);
   ~dviRenderer();
 
-  virtual bool	setFile(const QString &fname);
+  virtual bool	setFile(const QString &fname, const KURL &base);
 
   dvifile* dviFile;
 
@@ -159,6 +161,12 @@ private slots:
   void          showThatSourceInformationIsPresent();
 
 private:
+  /** URL to the DVI file
+
+  This field is initialized by the setFile() method. See the
+  explanation there.  */
+  KURL baseURL;
+
   /** This method parses a color specification of type "gray 0.5", "rgb
       0.5 0.7 1.0", "hsb ...", "cmyk .." or "PineGreen". See the source
       code for details. */

dviRenderer_prescan.cpp

@@ -74,7 +74,7 @@ void dviRenderer::prescan_embedPS(char *cp, Q_UINT8 *beginningOfSpecialCommand)
     EPSfilename = EPSfilename.mid(1,EPSfilename.length()-2);
 
   // Now locate the Gfx file on the hard disk...
-  EPSfilename = ghostscript_interface::locateEPSfile(EPSfilename, dviFile);
+  EPSfilename = ghostscript_interface::locateEPSfile(EPSfilename, baseURL);
 
   // If the file is neither a PostScript not a PDF file, we exit here.
   // The graphic file is later read when the page is rendered.
@@ -424,7 +424,7 @@ void dviRenderer::prescan_ParsePSFileSpecial(const QString& cp)
   dviFile->numberOfExternalPSFiles++;  
   
   // Now locate the Gfx file on the hard disk...
-  EPSfilename = ghostscript_interface::locateEPSfile(EPSfilename, dviFile);
+  EPSfilename = ghostscript_interface::locateEPSfile(EPSfilename, baseURL);
 
   // If the EPSfilename really points to a PDF file, convert that file now.
   if (ending == "pdf") {

psgs.cpp

@@ -13,6 +13,7 @@
 #include <kmessagebox.h>
 #include <kprocio.h>
 #include <ktempfile.h>
+#include <kurl.h>
 #include <qdir.h>
 #include <qpainter.h>
 //Added by qt3to4:
@@ -317,29 +318,26 @@ void ghostscript_interface::graphics(const PageNumber& page, double dpi, long ma
 }
 
 
-QString ghostscript_interface::locateEPSfile(const QString &filename, class dvifile *dvi)
+QString ghostscript_interface::locateEPSfile(const QString &filename, const KURL &base)
 {
-  QString EPSfilename(filename);
-
-  if (dvi == 0) {
-    kdError(4300) << "ghostscript_interface::locateEPSfile called with second argument == 0" << endl;
-    return EPSfilename;
-  }
-
-  QFileInfo fi1(dvi->filename);
-  QFileInfo fi2(fi1.dir(),EPSfilename);
-  if (fi2.exists())
-    EPSfilename = fi2.absFilePath();
-  else {
-    // Use kpsewhich to find the eps file.
-    KProcIO proc;
-    proc << "kpsewhich" << EPSfilename;
-    proc.start(KProcess::Block);
-    proc.readln(EPSfilename);
-    EPSfilename = EPSfilename.trimmed();
+  // If the base URL indicates that the DVI file is local, try to find
+  // the graphics file in the directory where the DVI file resides
+  if (base.isLocalFile()) {
+    QString path = base.path();       // -> "/bar/foo.dvi"
+    QFileInfo fi1(path);
+    QFileInfo fi2(fi1.dir(),filename);
+    if (fi2.exists())
+      return fi2.absFilePath();
   }
+  
+  // Otherwise, use kpsewhich to find the eps file.
+  QString EPSfilename;
 
-  return EPSfilename;
+  KProcIO proc;
+  proc << "kpsewhich" << EPSfilename;
+  proc.start(KProcess::Block);
+  proc.readln(EPSfilename);
+  return EPSfilename.trimmed();
 }
 
 #include "psgs.moc"

psgs.h

@@ -68,13 +68,13 @@ public:
   QString  *PostScriptHeaderString;
 
   /** This method tries to find the PostScript file 'filename' in the
-   DVI file's directory, and, if that fails, uses kpsewhich to find
-   the file. If the file is found, the full path (including file name)
-   is returned. Otherwise, the method returns the first
-   argument. TODO: use the DVI file's baseURL, once this is
-   implemented.
+   DVI file's directory (if the base-URL indicates that the DVI file
+   is local), and, if that fails, uses kpsewhich to find the file. If
+   the file is found, the full path (including file name) is
+   returned. Otherwise, the method returns the first argument. TODO:
+   use the DVI file's baseURL, once this is implemented.
   */
-  static  QString locateEPSfile(const QString &filename, class dvifile *dvi);
+  static  QString locateEPSfile(const QString &filename, const KURL &base);
 
 private:
   void                  gs_generate_graphics_file(const PageNumber& page, const QString& filename, long magnification);

special.cpp

@@ -336,7 +336,7 @@ void dviRenderer::epsf_special(const QString& cp)
   if ((EPSfilename.at(0) == '\"') && (EPSfilename.at(EPSfilename.length()-1) == '\"')) {
     EPSfilename = EPSfilename.mid(1,EPSfilename.length()-2);
   }
-  EPSfilename = ghostscript_interface::locateEPSfile(EPSfilename, dviFile);
+  EPSfilename = ghostscript_interface::locateEPSfile(EPSfilename, baseURL);
   
   // Now parse the arguments. 
   int  llx     = 0;