[texworks] read/write from scripts (was: HELP: Integrated Tw LaTeX2e Help dialogue)

Thu Jul 1 07:55:19 CEST 2010

Hi,

you finally convinced me that a TW.readFile() function is probably
useful. And seeing that even without it, scripts can read arbitrary
files from the hard disk (through open/copy/close), it's rather a
convenience function. And it would avoid the bloating of the "recent
documents", something that would otherwise certainly be confusing to
users (and rightly so).

Writing files, on the other hand, is a completely different issue.
Reinhard's example (though *nix-specific, so don't worry if you're a
Windows user and don't understand it) or other malicious attacks could
allow arbitrary file access from remote machines. In general, you can
break a lot on your system if you allow people/scripts to modify
arbitrary files. So for the 0.4 release, I'd vote against any writing
mechanism. There always is the possibility to create a new file, copy
the text you want to save there, and then invoke save(). This, however,
will bring up a save dialog for the user to decide if/where to save.

I'd also like to see an enhanced / more fine-grained system of
permissions (e.g., app-wide defaults, per-script). You may want to allow
a few trusted scripts to access, e.g., the file system commands, but
want to deny this for all other scripts by default. Again, this is
probably a pretty large change to the code, so it won't make it into
0.4. But feel free to open an issue on GC so we don't forget about it.

If we allow writing from scripts, I'd say that we confine it by default
to a "safe" directory, such as the scripts folder. Writing elsewhere
should always prompt the user (possibly with the option to "always
accept for this script"; see above).

Cheers,
Stefan

PS: While writing this, I realized that if ~/.rhosts exists, it can
probably be opened by a script, modified, and saved without asking the
user (since the file already existed, save() doesn't prompt for the
filename or anything). This is not good. Maybe, we shouldn't expose
TWApp::openFile() to scripts (it is a public slot, but I didn't find any
obvious signal that connected to it), but instead provide a wrapper that
does some additional safety checking, or replace it entirely by readFile().