> > > I found that using command for example..
> > >
> > > plot2d(sin(x), [x, -5, 5], [gnuplot_term, "png size 100000, 100000"])
> > >
> > > in MaximaPHP can cause Maxima to create arbitrarily large file in your server..
> > >
> > > So.. I added the following pairs in the blacklist..
> > >
> > > 'plot2d', '/\bpng\b.*\bsize\b/s'
> > > 'plot3d', '/\bpng\b.*\bsize\b/s'
> > >
> > > Maybe there are another such holes.. so please be careful if you use
> > > MaximaPHP in your server.
> > >
Nice project.
I think package 'draw' can be of some help here. The user designs his
plot by means of a new syntax, which is parsed by the package, and then
translated to gnuplot code. As far as he can't write directly in the
gnuplot syntax, the system should be safer.
But there is an option called 'user_preamble' to directly introduce
gnuplot code; I added this option for gnuplot experts who want to fine
tune their plots. If I'm not mistaken, this is the unique hole for a
project like yours. Not allowing the use of this option is all you need
to get the system under control (at least, this is what I think; I'm
never sure with this sort of things).
--
Mario Rodriguez Riotorto
www.biomates.net