[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tweaking lilypond and mediawiki
|
From: |
Carl D. Sorensen |
|
Subject: |
Re: tweaking lilypond and mediawiki |
|
Date: |
Wed, 25 Feb 2009 17:37:10 -0700 |
On 2/25/09 4:29 PM, "Glen Hein" <address@hidden> wrote:
>
>
> Ah ha!! The trick to getting the <lilybook> images to discard the whitespace
> is to set the tagline to "" in the header. I fixed the rendering on my test
> page. My next hurdle is to get scores with multiple output pages to work.
>
> One thing I had to do was tweak the code that came from MediaWiki. It concerns
> the command line arguments being sent to lilypond. The original is:
>
> $cmd = $wgLilypond .
> " --safe --backend=eps --format=png --header=texidoc " .
> escapeshellarg($lyFile) . " 2>&1";
>
> And here is my version:
>
> $cmd = $wgLilypond .
> " -dbackend=eps --png --header=texidoc " .
> escapeshellarg($lyFile) . " 2>&1";
>
> Are there any other arguments you would recommend for 2.11.65?
>
> I didn't add in the -dbackend=#t argument because I want to use the predefined
> fretboard diagrams. So from a security point-of-view, how bad/dangerous is it
> to have safe disabled for a publicly editted wiki?
>
Why can't you use safe with predefined fretboard diagrams? Is it just
because addPredefinedFretboard isn't a safe function? If so, I think we can
just make addPredefinedFretboard a safe function; I believe it won't accept
arbitrary scheme. But maybe it will take some work.
DON'T PUT LILYPOND UP ON A WIKI WITHOUT USING --safe. It is a *HUGE*
security risk, because you can execute arbitrary scheme code in lilypond to,
for example, erase the hard drive of your system. At least, that's my
opinion.
Thanks,
Carl