<?php if ('post' === strtolower($_SERVER['REQUEST_METHOD'])) { include 'localConfig.php'; // prepare for debug $debug = false; if (file_exists('DEBUG')) { $debug = true; } // DEBUG: output all set variables from $_POST and $_FILES if ($debug) { var_dump($_POST); var_dump($_FILES); echo '================================================== '; } // give input file a name that shouldn't collide with other users $timestamp = microtime(true); if ($_POST['useInputFile'] == "true") { $inputFile = 'input/input' . $timestamp . '.' . $_POST['inputFileExtension']; move_uploaded_file($_FILES['inputFile']['tmp_name'], $inputFile); } else { $inputFile = 'input/input' . $timestamp . '.txt'; // always use a file instead a string from stdin (because of security and special characters like ') file_put_contents($inputFile, $_POST['input']); } // run pandoc in a sandbox, limiting IO operations in readers and writers to reading the files specified on the command line. $command = 'pandoc --sandbox'; // avoid DOS attacks - see https://pandoc.org/chunkedhtml-demo/19-a-note-on-security.html #5 $command .= ' +RTS -M512M -RTS'; // return no styling as this styling is effecting my preview too $command .= ' --css nostyle.css'; // Checkboxes // produce a standalone HTML file with no external dependencies. This option works only with HTML output formats. if ($_POST['standalone'] == "true") {$command .= ' --standalone';} if ($_POST['tableOfContents'] == "true") {$command .= ' --table-of-contents=true';} if ($_POST['numberSections'] == "true") {$command .= ' --number-sections';} if ($_POST['citeproc'] == "true") {$command .= ' --citeproc';} // Selects // text wrapping $command .= ' --wrap=' . $_POST['wrap']; // highlight styling if ($_POST['highlightStyle'] == "none") { $command .= ' --no-highlight'; } else { $command .= ' --highlight-style=' . $_POST['highlightStyle']; // to see the highlighting in preview mode standalone is needed if ($_POST['to'] == "preview" && $_POST['standalone'] == "false") {$command .= ' --standalone';} } // html math rendering switch ($_POST['htmlMathMethod']) { case 'plain': break; case 'gladtex': $command .= ' --gladtex'; break; case 'katex': $command .= ' --katex'; break; case 'mathjax': $command .= ' --mathjax'; break; case 'mathml': $command .= ' --mathml'; break; case 'webtex': $command .= ' --webtex'; break; } $command .= ' --embed-resources=true'; // Input format $command .= ' --from=' . $_POST['from']; // Output format // option 'preview' should be rendered in the gui so use HTML if ($_POST['to'] == "preview") { $command .= ' --to=html5'; // pdf - see https://pandoc.org/MANUAL#context // you need to have context installed - see https://wiki.contextgarden.net/Installation } elseif ($_POST['to'] == "pdf") { $command .= ' --to=context+tagging -V pdfa=3a'; // pdf is only working in standalone mode if ($_POST['standalone'] == "false") {$command .= ' --standalone';} } else { $command .= ' --to=' . $_POST['to']; } // set output file if asked for if ($_POST['useOutputFile'] == "true") { $command .= ' -o output/output' . $timestamp . '.' . $_POST['outputFileExtension']; } // always use a file instead a string from stdin (because of security and special characters like ') $command .= ' ' . $inputFile; // DEBUG: output error messages from cmd line if ($debug) { $command .= ' 2>&1'; } // DEBUG: output the whole command line if ($debug) { echo $command; echo ' '; echo '================================================== '; } // put the path to pandoc temporarily to the servers path // configure the path in localConfig.php putenv("PATH=" . PATH); // execute pandoc $return = shell_exec($command); // delete input file as it is not needed anymore if (file_exists($inputFile)) { unlink($inputFile); } // return result if ($_POST['useOutputFile'] == "false") { // put the output string back to the client echo "$return"; } else { // return the file binary readfile('output/output' . $timestamp . '.' . $_POST['outputFileExtension']); unlink('output/output' . $timestamp . '.' . $_POST['outputFileExtension']); } } ?>