]>
Commit | Line | Data |
---|---|---|
1be4afac A |
1 | <?php |
2 | ||
3 | /** | |
4 | * Plugin Markdown. | |
5 | * | |
6 | * Shaare's descriptions are parsed with Markdown. | |
7 | */ | |
8 | ||
3ce20d9e A |
9 | /* |
10 | * If this tag is used on a shaare, the description won't be processed by Parsedown. | |
3ce20d9e | 11 | */ |
8c4e6018 | 12 | define('NO_MD_TAG', 'nomarkdown'); |
3ce20d9e | 13 | |
1be4afac A |
14 | /** |
15 | * Parse linklist descriptions. | |
16 | * | |
e0376101 A |
17 | * @param array $data linklist data. |
18 | * @param ConfigManager $conf instance. | |
1be4afac A |
19 | * |
20 | * @return mixed linklist data parsed in markdown (and converted to HTML). | |
21 | */ | |
e0376101 | 22 | function hook_markdown_render_linklist($data, $conf) |
1be4afac A |
23 | { |
24 | foreach ($data['links'] as &$value) { | |
3ce20d9e | 25 | if (!empty($value['tags']) && noMarkdownTag($value['tags'])) { |
266e3fe5 | 26 | $value = stripNoMarkdownTag($value); |
3ce20d9e A |
27 | continue; |
28 | } | |
86ceea05 A |
29 | $value['description'] = process_markdown( |
30 | $value['description'], | |
31 | $conf->get('security.markdown_escape', true), | |
32 | $conf->get('security.allowed_protocols') | |
33 | ); | |
1be4afac | 34 | } |
1be4afac A |
35 | return $data; |
36 | } | |
37 | ||
635d38c2 A |
38 | /** |
39 | * Parse feed linklist descriptions. | |
40 | * | |
41 | * @param array $data linklist data. | |
e0376101 | 42 | * @param ConfigManager $conf instance. |
635d38c2 A |
43 | * |
44 | * @return mixed linklist data parsed in markdown (and converted to HTML). | |
45 | */ | |
e0376101 | 46 | function hook_markdown_render_feed($data, $conf) |
635d38c2 A |
47 | { |
48 | foreach ($data['links'] as &$value) { | |
49 | if (!empty($value['tags']) && noMarkdownTag($value['tags'])) { | |
266e3fe5 | 50 | $value = stripNoMarkdownTag($value); |
635d38c2 A |
51 | continue; |
52 | } | |
86ceea05 A |
53 | $value['description'] = process_markdown( |
54 | $value['description'], | |
55 | $conf->get('security.markdown_escape', true), | |
56 | $conf->get('security.allowed_protocols') | |
57 | ); | |
635d38c2 A |
58 | } |
59 | ||
60 | return $data; | |
61 | } | |
62 | ||
1be4afac A |
63 | /** |
64 | * Parse daily descriptions. | |
65 | * | |
e0376101 A |
66 | * @param array $data daily data. |
67 | * @param ConfigManager $conf instance. | |
1be4afac A |
68 | * |
69 | * @return mixed daily data parsed in markdown (and converted to HTML). | |
70 | */ | |
e0376101 | 71 | function hook_markdown_render_daily($data, $conf) |
1be4afac A |
72 | { |
73 | // Manipulate columns data | |
74 | foreach ($data['cols'] as &$value) { | |
75 | foreach ($value as &$value2) { | |
3ce20d9e | 76 | if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) { |
266e3fe5 | 77 | $value2 = stripNoMarkdownTag($value2); |
3ce20d9e A |
78 | continue; |
79 | } | |
e0376101 A |
80 | $value2['formatedDescription'] = process_markdown( |
81 | $value2['formatedDescription'], | |
86ceea05 A |
82 | $conf->get('security.markdown_escape', true), |
83 | $conf->get('security.allowed_protocols') | |
e0376101 | 84 | ); |
1be4afac A |
85 | } |
86 | } | |
87 | ||
88 | return $data; | |
89 | } | |
90 | ||
3ce20d9e A |
91 | /** |
92 | * Check if noMarkdown is set in tags. | |
93 | * | |
94 | * @param string $tags tag list | |
95 | * | |
96 | * @return bool true if markdown should be disabled on this link. | |
97 | */ | |
98 | function noMarkdownTag($tags) | |
99 | { | |
266e3fe5 | 100 | return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags); |
3ce20d9e A |
101 | } |
102 | ||
8c4e6018 A |
103 | /** |
104 | * Remove the no-markdown meta tag so it won't be displayed. | |
105 | * | |
266e3fe5 | 106 | * @param array $link Link data. |
8c4e6018 | 107 | * |
266e3fe5 | 108 | * @return array Updated link without no markdown tag. |
8c4e6018 | 109 | */ |
266e3fe5 | 110 | function stripNoMarkdownTag($link) |
8c4e6018 | 111 | { |
266e3fe5 A |
112 | if (! empty($link['taglist'])) { |
113 | $offset = array_search(NO_MD_TAG, $link['taglist']); | |
114 | if ($offset !== false) { | |
115 | unset($link['taglist'][$offset]); | |
116 | } | |
117 | } | |
118 | ||
119 | if (!empty($link['tags'])) { | |
120 | str_replace(NO_MD_TAG, '', $link['tags']); | |
121 | } | |
122 | ||
123 | return $link; | |
8c4e6018 A |
124 | } |
125 | ||
1be4afac A |
126 | /** |
127 | * When link list is displayed, include markdown CSS. | |
128 | * | |
129 | * @param array $data includes data. | |
130 | * | |
131 | * @return mixed - includes data with markdown CSS file added. | |
132 | */ | |
133 | function hook_markdown_render_includes($data) | |
134 | { | |
135 | if ($data['_PAGE_'] == Router::$PAGE_LINKLIST | |
136 | || $data['_PAGE_'] == Router::$PAGE_DAILY | |
137 | || $data['_PAGE_'] == Router::$PAGE_EDITLINK | |
138 | ) { | |
139 | ||
140 | $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css'; | |
141 | } | |
142 | ||
143 | return $data; | |
144 | } | |
145 | ||
146 | /** | |
147 | * Hook render_editlink. | |
148 | * Adds an help link to markdown syntax. | |
149 | * | |
150 | * @param array $data data passed to plugin | |
151 | * | |
152 | * @return array altered $data. | |
153 | */ | |
154 | function hook_markdown_render_editlink($data) | |
155 | { | |
156 | // Load help HTML into a string | |
157 | $data['edit_link_plugin'][] = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html'); | |
3ce20d9e A |
158 | |
159 | // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion. | |
160 | if (! in_array(NO_MD_TAG, $data['tags'])) { | |
161 | $data['tags'][NO_MD_TAG] = 0; | |
162 | } | |
163 | ||
1be4afac A |
164 | return $data; |
165 | } | |
166 | ||
167 | ||
168 | /** | |
169 | * Remove HTML links auto generated by Shaarli core system. | |
170 | * Keeps HREF attributes. | |
171 | * | |
172 | * @param string $description input description text. | |
173 | * | |
174 | * @return string $description without HTML links. | |
175 | */ | |
176 | function reverse_text2clickable($description) | |
177 | { | |
9ccca401 A |
178 | $descriptionLines = explode(PHP_EOL, $description); |
179 | $descriptionOut = ''; | |
180 | $codeBlockOn = false; | |
181 | $lineCount = 0; | |
182 | ||
183 | foreach ($descriptionLines as $descriptionLine) { | |
c5941f31 A |
184 | // Detect line of code: starting with 4 spaces, |
185 | // except lists which can start with +/*/- or `2.` after spaces. | |
186 | $codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0; | |
9ccca401 A |
187 | // Detect and toggle block of code |
188 | if (!$codeBlockOn) { | |
189 | $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0; | |
190 | } | |
191 | elseif (preg_match('/^```/', $descriptionLine) > 0) { | |
192 | $codeBlockOn = false; | |
193 | } | |
194 | ||
195 | $hashtagTitle = ' title="Hashtag [^"]+"'; | |
196 | // Reverse `inline code` hashtags. | |
197 | $descriptionLine = preg_replace( | |
198 | '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m', | |
199 | '$1$2$3', | |
200 | $descriptionLine | |
201 | ); | |
202 | ||
c5941f31 A |
203 | // Reverse all links in code blocks, only non hashtag elsewhere. |
204 | $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?'; | |
9ccca401 | 205 | $descriptionLine = preg_replace( |
c5941f31 | 206 | '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m', |
9ccca401 A |
207 | '$1', |
208 | $descriptionLine | |
209 | ); | |
210 | ||
211 | $descriptionOut .= $descriptionLine; | |
212 | if ($lineCount++ < count($descriptionLines) - 1) { | |
213 | $descriptionOut .= PHP_EOL; | |
214 | } | |
215 | } | |
216 | return $descriptionOut; | |
1be4afac A |
217 | } |
218 | ||
219 | /** | |
220 | * Remove <br> tag to let markdown handle it. | |
221 | * | |
222 | * @param string $description input description text. | |
223 | * | |
224 | * @return string $description without <br> tags. | |
225 | */ | |
226 | function reverse_nl2br($description) | |
227 | { | |
228 | return preg_replace('!<br */?>!im', '', $description); | |
229 | } | |
230 | ||
231 | /** | |
232 | * Remove HTML spaces ' ' auto generated by Shaarli core system. | |
233 | * | |
234 | * @param string $description input description text. | |
235 | * | |
236 | * @return string $description without HTML links. | |
237 | */ | |
238 | function reverse_space2nbsp($description) | |
239 | { | |
240 | return preg_replace('/(^| ) /m', '$1 ', $description); | |
241 | } | |
242 | ||
86ceea05 A |
243 | /** |
244 | * Replace not whitelisted protocols with http:// in given description. | |
245 | * | |
246 | * @param string $description input description text. | |
247 | * @param array $allowedProtocols list of allowed protocols. | |
248 | * | |
249 | * @return string $description without malicious link. | |
250 | */ | |
251 | function filter_protocols($description, $allowedProtocols) | |
252 | { | |
253 | return preg_replace_callback( | |
254 | '#]\((.*?)\)#is', | |
255 | function ($match) use ($allowedProtocols) { | |
256 | return ']('. whitelist_protocols($match[1], $allowedProtocols) .')'; | |
257 | }, | |
258 | $description | |
259 | ); | |
260 | } | |
261 | ||
1be4afac | 262 | /** |
2925687e A |
263 | * Remove dangerous HTML tags (tags, iframe, etc.). |
264 | * Doesn't affect <code> content (already escaped by Parsedown). | |
1be4afac A |
265 | * |
266 | * @param string $description input description text. | |
267 | * | |
2925687e | 268 | * @return string given string escaped. |
1be4afac | 269 | */ |
2925687e | 270 | function sanitize_html($description) |
1be4afac | 271 | { |
2925687e A |
272 | $escapeTags = array( |
273 | 'script', | |
274 | 'style', | |
275 | 'link', | |
276 | 'iframe', | |
277 | 'frameset', | |
278 | 'frame', | |
279 | ); | |
280 | foreach ($escapeTags as $tag) { | |
281 | $description = preg_replace_callback( | |
282 | '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is', | |
283 | function ($match) { return escape($match[0]); }, | |
284 | $description); | |
285 | } | |
286 | $description = preg_replace( | |
e0376101 | 287 | '#(<[^>]+)on[a-z]*="?[^ "]*"?#is', |
2925687e A |
288 | '$1', |
289 | $description); | |
290 | return $description; | |
1be4afac A |
291 | } |
292 | ||
293 | /** | |
294 | * Render shaare contents through Markdown parser. | |
295 | * 1. Remove HTML generated by Shaarli core. | |
2925687e A |
296 | * 2. Reverse the escape function. |
297 | * 3. Generate markdown descriptions. | |
298 | * 4. Sanitize sensible HTML tags for security. | |
299 | * 5. Wrap description in 'markdown' CSS class. | |
1be4afac A |
300 | * |
301 | * @param string $description input description text. | |
e0376101 | 302 | * @param bool $escape escape HTML entities |
1be4afac A |
303 | * |
304 | * @return string HTML processed $description. | |
305 | */ | |
86ceea05 | 306 | function process_markdown($description, $escape = true, $allowedProtocols = []) |
1be4afac A |
307 | { |
308 | $parsedown = new Parsedown(); | |
309 | ||
310 | $processedDescription = $description; | |
1be4afac A |
311 | $processedDescription = reverse_nl2br($processedDescription); |
312 | $processedDescription = reverse_space2nbsp($processedDescription); | |
9ccca401 | 313 | $processedDescription = reverse_text2clickable($processedDescription); |
86ceea05 | 314 | $processedDescription = filter_protocols($processedDescription, $allowedProtocols); |
2925687e | 315 | $processedDescription = unescape($processedDescription); |
1be4afac | 316 | $processedDescription = $parsedown |
e0376101 | 317 | ->setMarkupEscaped($escape) |
1be4afac A |
318 | ->setBreaksEnabled(true) |
319 | ->text($processedDescription); | |
2925687e | 320 | $processedDescription = sanitize_html($processedDescription); |
841df2dd | 321 | |
322 | if(!empty($processedDescription)){ | |
323 | $processedDescription = '<div class="markdown">'. $processedDescription . '</div>'; | |
324 | } | |
1be4afac A |
325 | |
326 | return $processedDescription; | |
327 | } |