]> git.immae.eu Git - github/shaarli/Shaarli.git/blob - markdown.php
6b4aabf3ae8ad6798ab40bb12ba8b499c7b13609
[github/shaarli/Shaarli.git] / markdown.php
1 <?php
2
3 /**
4 * Plugin Markdown.
5 *
6 * Shaare's descriptions are parsed with Markdown.
7 */
8
9 /*
10 * If this tag is used on a shaare, the description won't be processed by Parsedown.
11 */
12 define('NO_MD_TAG', 'nomarkdown');
13
14 /**
15 * Parse linklist descriptions.
16 *
17 * @param array $data linklist data.
18 * @param ConfigManager $conf instance.
19 *
20 * @return mixed linklist data parsed in markdown (and converted to HTML).
21 */
22 function hook_markdown_render_linklist($data, $conf)
23 {
24 foreach ($data['links'] as &$value) {
25 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
26 $value = stripNoMarkdownTag($value);
27 continue;
28 }
29 $value['description'] = process_markdown(
30 $value['description'],
31 $conf->get('security.markdown_escape', true),
32 $conf->get('security.allowed_protocols')
33 );
34 }
35 return $data;
36 }
37
38 /**
39 * Parse feed linklist descriptions.
40 *
41 * @param array $data linklist data.
42 * @param ConfigManager $conf instance.
43 *
44 * @return mixed linklist data parsed in markdown (and converted to HTML).
45 */
46 function hook_markdown_render_feed($data, $conf)
47 {
48 foreach ($data['links'] as &$value) {
49 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
50 $value = stripNoMarkdownTag($value);
51 continue;
52 }
53 $value['description'] = process_markdown(
54 $value['description'],
55 $conf->get('security.markdown_escape', true),
56 $conf->get('security.allowed_protocols')
57 );
58 }
59
60 return $data;
61 }
62
63 /**
64 * Parse daily descriptions.
65 *
66 * @param array $data daily data.
67 * @param ConfigManager $conf instance.
68 *
69 * @return mixed daily data parsed in markdown (and converted to HTML).
70 */
71 function hook_markdown_render_daily($data, $conf)
72 {
73 //var_dump($data);die;
74 // Manipulate columns data
75 foreach ($data['linksToDisplay'] as &$value) {
76 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
77 $value = stripNoMarkdownTag($value);
78 continue;
79 }
80 $value['formatedDescription'] = process_markdown(
81 $value['formatedDescription'],
82 $conf->get('security.markdown_escape', true),
83 $conf->get('security.allowed_protocols')
84 );
85 }
86
87 return $data;
88 }
89
90 /**
91 * Check if noMarkdown is set in tags.
92 *
93 * @param string $tags tag list
94 *
95 * @return bool true if markdown should be disabled on this link.
96 */
97 function noMarkdownTag($tags)
98 {
99 return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
100 }
101
102 /**
103 * Remove the no-markdown meta tag so it won't be displayed.
104 *
105 * @param array $link Link data.
106 *
107 * @return array Updated link without no markdown tag.
108 */
109 function stripNoMarkdownTag($link)
110 {
111 if (! empty($link['taglist'])) {
112 $offset = array_search(NO_MD_TAG, $link['taglist']);
113 if ($offset !== false) {
114 unset($link['taglist'][$offset]);
115 }
116 }
117
118 if (!empty($link['tags'])) {
119 str_replace(NO_MD_TAG, '', $link['tags']);
120 }
121
122 return $link;
123 }
124
125 /**
126 * When link list is displayed, include markdown CSS.
127 *
128 * @param array $data includes data.
129 *
130 * @return mixed - includes data with markdown CSS file added.
131 */
132 function hook_markdown_render_includes($data)
133 {
134 if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
135 || $data['_PAGE_'] == Router::$PAGE_DAILY
136 || $data['_PAGE_'] == Router::$PAGE_EDITLINK
137 ) {
138
139 $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
140 }
141
142 return $data;
143 }
144
145 /**
146 * Hook render_editlink.
147 * Adds an help link to markdown syntax.
148 *
149 * @param array $data data passed to plugin
150 *
151 * @return array altered $data.
152 */
153 function hook_markdown_render_editlink($data)
154 {
155 // Load help HTML into a string
156 $txt = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
157 $translations = [
158 t('Description will be rendered with'),
159 t('Markdown syntax documentation'),
160 t('Markdown syntax'),
161 ];
162 $data['edit_link_plugin'][] = vsprintf($txt, $translations);
163 // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
164 if (! in_array(NO_MD_TAG, $data['tags'])) {
165 $data['tags'][NO_MD_TAG] = 0;
166 }
167
168 return $data;
169 }
170
171
172 /**
173 * Remove HTML links auto generated by Shaarli core system.
174 * Keeps HREF attributes.
175 *
176 * @param string $description input description text.
177 *
178 * @return string $description without HTML links.
179 */
180 function reverse_text2clickable($description)
181 {
182 $descriptionLines = explode(PHP_EOL, $description);
183 $descriptionOut = '';
184 $codeBlockOn = false;
185 $lineCount = 0;
186
187 foreach ($descriptionLines as $descriptionLine) {
188 // Detect line of code: starting with 4 spaces,
189 // except lists which can start with +/*/- or `2.` after spaces.
190 $codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
191 // Detect and toggle block of code
192 if (!$codeBlockOn) {
193 $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
194 }
195 elseif (preg_match('/^```/', $descriptionLine) > 0) {
196 $codeBlockOn = false;
197 }
198
199 $hashtagTitle = ' title="Hashtag [^"]+"';
200 // Reverse `inline code` hashtags.
201 $descriptionLine = preg_replace(
202 '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
203 '$1$2$3',
204 $descriptionLine
205 );
206
207 // Reverse all links in code blocks, only non hashtag elsewhere.
208 $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
209 $descriptionLine = preg_replace(
210 '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
211 '$1',
212 $descriptionLine
213 );
214
215 $descriptionOut .= $descriptionLine;
216 if ($lineCount++ < count($descriptionLines) - 1) {
217 $descriptionOut .= PHP_EOL;
218 }
219 }
220 return $descriptionOut;
221 }
222
223 /**
224 * Remove <br> tag to let markdown handle it.
225 *
226 * @param string $description input description text.
227 *
228 * @return string $description without <br> tags.
229 */
230 function reverse_nl2br($description)
231 {
232 return preg_replace('!<br */?>!im', '', $description);
233 }
234
235 /**
236 * Remove HTML spaces '&nbsp;' auto generated by Shaarli core system.
237 *
238 * @param string $description input description text.
239 *
240 * @return string $description without HTML links.
241 */
242 function reverse_space2nbsp($description)
243 {
244 return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
245 }
246
247 /**
248 * Replace not whitelisted protocols with http:// in given description.
249 *
250 * @param string $description input description text.
251 * @param array $allowedProtocols list of allowed protocols.
252 *
253 * @return string $description without malicious link.
254 */
255 function filter_protocols($description, $allowedProtocols)
256 {
257 return preg_replace_callback(
258 '#]\((.*?)\)#is',
259 function ($match) use ($allowedProtocols) {
260 return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
261 },
262 $description
263 );
264 }
265
266 /**
267 * Remove dangerous HTML tags (tags, iframe, etc.).
268 * Doesn't affect <code> content (already escaped by Parsedown).
269 *
270 * @param string $description input description text.
271 *
272 * @return string given string escaped.
273 */
274 function sanitize_html($description)
275 {
276 $escapeTags = array(
277 'script',
278 'style',
279 'link',
280 'iframe',
281 'frameset',
282 'frame',
283 );
284 foreach ($escapeTags as $tag) {
285 $description = preg_replace_callback(
286 '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
287 function ($match) { return escape($match[0]); },
288 $description);
289 }
290 $description = preg_replace(
291 '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
292 '$1',
293 $description);
294 return $description;
295 }
296
297 /**
298 * Render shaare contents through Markdown parser.
299 * 1. Remove HTML generated by Shaarli core.
300 * 2. Reverse the escape function.
301 * 3. Generate markdown descriptions.
302 * 4. Sanitize sensible HTML tags for security.
303 * 5. Wrap description in 'markdown' CSS class.
304 *
305 * @param string $description input description text.
306 * @param bool $escape escape HTML entities
307 *
308 * @return string HTML processed $description.
309 */
310 function process_markdown($description, $escape = true, $allowedProtocols = [])
311 {
312 $parsedown = new Parsedown();
313
314 $processedDescription = $description;
315 $processedDescription = reverse_nl2br($processedDescription);
316 $processedDescription = reverse_space2nbsp($processedDescription);
317 $processedDescription = reverse_text2clickable($processedDescription);
318 $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
319 $processedDescription = unescape($processedDescription);
320 $processedDescription = $parsedown
321 ->setMarkupEscaped($escape)
322 ->setBreaksEnabled(true)
323 ->text($processedDescription);
324 $processedDescription = sanitize_html($processedDescription);
325
326 if(!empty($processedDescription)){
327 $processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
328 }
329
330 return $processedDescription;
331 }
332
333 /**
334 * This function is never called, but contains translation calls for GNU gettext extraction.
335 */
336 function markdown_dummy_translation()
337 {
338 // meta
339 t('Render shaare description with Markdown syntax.<br><strong>Warning</strong>:
340 If your shaared descriptions contained HTML tags before enabling the markdown plugin,
341 enabling it might break your page.
342 See the <a href="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README</a>.');
343 }