minted
minted copied to clipboard
Shell commands get executed in ```\inputminted``` filename
As the title suggests shell commands can get executed in the filename argument of the \inputminted
command.
\documentclass[10pt, a4paper]{article}
\usepackage[utf8]{inputenc}
\usepackage{minted}
\begin{document}
\inputminted{text}{file.txt; touch file2.txt}
\end{document}
Here this example will load file.txt
for inclusion in minted, but will also create a new file: file2.txt
.
Thanks -- Skipp1
I see two sub-problems in \inputminted{<lang>}{<filename>}
:
- When there's no file named
<filename>
. A simple\IfFileExists{<filename>}{<true>}{<false>}
should work. - When
<filename>
does exists, but might be wrongly treated byminted
orpygmentize
. For example,touch "file.txt; touch file2.txt"
will create an illy-named filefile.txt;␣touch␣file2.txt
. Thenminted
should wrap the<filename>
in quotes when passing it topygmentize
.
Limitation: Both \IfFileExists
and the simple quoting can't handle filenames with quotation mark(s), for example file "quotes".txt
created by touch '"quotes".txt'
.
diff --git a/source/minted.dtx b/source/minted.dtx
index 7a381d7..2a123a5 100644
--- a/source/minted.dtx
+++ b/source/minted.dtx
@@ -2994,7 +2994,7 @@
\detokenize{for /f "usebackq tokens=*"}\space\@percentchar\detokenize{a in (`kpsewhich}\space\minted@codefile\detokenize{`) do}\space
\fi
\fi
- \MintedPygmentize\space -l #2
+ \MintedPygmentize\space -l "#2"
-f latex -P commandprefix=PYG -F tokenmerge
\minted@optlistcl@g \csname minted@optlistcl@lang\minted@lang\endcsname
\minted@optlistcl@inlines
@@ -3425,7 +3425,9 @@
\minted@configlang{#2}%
\setkeys{minted@opt@cmd}{#1}%
\minted@fvset
- \minted@pygmentize[#3]{#2}%
+ \IfFileExists{#2}
+ {\minted@pygmentize[#3]{#2}}
+ {\PackageError{minted}{No file `\detokenize{#3}'}{}}%
\endgroup}}
% \end{macrocode}
% \end{macro}
Using \ShellEsc
to run pygmentize
has always been somewhat fragile, and this is just the latest example of shell escaping and sanitization issues. The proper fix for this is probably to write all Pygments settings and the file name (or the code for minted
environment/\mintinline
) to a temp file, and create a Python wrapper for Pygments (say minted.py
) that is run with \ShellEsc
and actually does the processing. This way, \ShellEsc
only ever is used with fixed arguments (say minted pyg.temp
). And then all option processing and path handling can be done in a language with proper built-in support for such things. Otherwise we're left trying to do cross-platform shell command escaping in TeX. I've been wanting to do something like this as minted
v3.0 for several years, but my time is limited and I very rarely use minted
myself.