README latex2image 0.1.2.dev
latex2image renders latex formulae into PNG, and can either be used as a simple
command-line tool or as a web service for rendering latex code on-the-fly. The
web service employs a caching mechanism, thus avoiding to generate graphics for
the same latex formulae more than once.
1 Extract latex2image
Extract the latex2image-XYZ.tar.gz archive to the desired location on your web
server. For the rest of the installation instructions, let us assume that you
installed latex2image like this::
You might need to adjust permissions for the directories tmp and cache.
2 Make latex2image accessible
Assuming that /home/jdoe/example.com is your web root for www.example.com, you
now create a symbolic link to latex2image.php from /home/jdoe/example.com::
ln -s /home/jdoe/latex2image/latex2image.php /home/jdoe/example.com/latex2image.php
3 Test latex2image
Send a request to your web server like this::
The script will prove to be operational if it returns a PNG picture showing a
NOTES ON SECURITY
I do not guarantee for the security of the script, as it might be dangerous
to compile user-provided Latex input on the server. I have written the
tool with the best of my knowledge (any comments welcome):
* explicitly disabled write18 latex commands by feeding latex with the
-no-shell-escape command line option.
* using dvips with the -R2 option
* citing from http://www.pd.infn.it/TeX/doc/html/web2c/web2c_4.html
"TeX can write output files, via the \openout primitive; this opens a
security hole vulnerable to Trojan horse attack: an unwitting user
could run a TeX program that overwrites, say, `~/.rhosts'. (MetaPost
has a write primitive with similar implications). To alleviate this,
there is a configuration variable openout_any, which selects one of
three levels of security. When it is set to `a' (for "any"), no
restrictions are imposed. When it is set to `r' (for "restricted"),
filenames beginning with `.' are disallowed (except `.tex' because
LaTeX needs it). When it is set to `p' (for "paranoid") additional
restrictions are imposed: an absolute filename must refer to a file in
(a subdirectory) of TEXMFOUTPUT, and any attempt to go up a directory
level is forbidden (that is, paths may not contain a `..' component).
The paranoid setting is the default. (For backwards compatibility, `y'
and `1' are synonyms of `a', while `n' and `0' are synonyms for `r'.)"
latex2image relies on this.