6 * Shaare's descriptions are parsed with Markdown.
9 use Shaarli\Config\ConfigManager
;
12 * If this tag is used on a shaare, the description won't be processed by Parsedown.
14 define('NO_MD_TAG', 'nomarkdown');
17 * Parse linklist descriptions.
19 * @param array $data linklist data.
20 * @param ConfigManager $conf instance.
22 * @return mixed linklist data parsed in markdown (and converted to HTML).
24 function hook_markdown_render_linklist($data, $conf)
26 foreach ($data['links'] as &$value) {
27 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
28 $value = stripNoMarkdownTag($value);
31 $value['description_src'] = $value['description'];
32 $value['description'] = process_markdown(
33 $value['description'],
34 $conf->get('security.markdown_escape', true),
35 $conf->get('security.allowed_protocols')
42 * Parse feed linklist descriptions.
44 * @param array $data linklist data.
45 * @param ConfigManager $conf instance.
47 * @return mixed linklist data parsed in markdown (and converted to HTML).
49 function hook_markdown_render_feed($data, $conf)
51 foreach ($data['links'] as &$value) {
52 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
53 $value = stripNoMarkdownTag($value);
56 $value['description'] = reverse_feed_permalink($value['description']);
57 $value['description'] = process_markdown(
58 $value['description'],
59 $conf->get('security.markdown_escape', true),
60 $conf->get('security.allowed_protocols')
68 * Parse daily descriptions.
70 * @param array $data daily data.
71 * @param ConfigManager $conf instance.
73 * @return mixed daily data parsed in markdown (and converted to HTML).
75 function hook_markdown_render_daily($data, $conf)
77 //var_dump($data);die;
78 // Manipulate columns data
79 foreach ($data['linksToDisplay'] as &$value) {
80 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
81 $value = stripNoMarkdownTag($value);
84 $value['formatedDescription'] = process_markdown(
85 $value['formatedDescription'],
86 $conf->get('security.markdown_escape', true),
87 $conf->get('security.allowed_protocols')
95 * Check if noMarkdown is set in tags.
97 * @param string $tags tag list
99 * @return bool true if markdown should be disabled on this link.
101 function noMarkdownTag($tags)
103 return preg_match('/(^|\s)'. NO_MD_TAG
.'(\s|$)/', $tags);
107 * Remove the no-markdown meta tag so it won't be displayed.
109 * @param array $link Link data.
111 * @return array Updated link without no markdown tag.
113 function stripNoMarkdownTag($link)
115 if (! empty($link['taglist'])) {
116 $offset = array_search(NO_MD_TAG
, $link['taglist']);
117 if ($offset !== false) {
118 unset($link['taglist'][$offset]);
122 if (!empty($link['tags'])) {
123 str_replace(NO_MD_TAG
, '', $link['tags']);
130 * When link list is displayed, include markdown CSS.
132 * @param array $data includes data.
134 * @return mixed - includes data with markdown CSS file added.
136 function hook_markdown_render_includes($data)
138 if ($data['_PAGE_'] == Router
::$PAGE_LINKLIST
139 || $data['_PAGE_'] == Router
::$PAGE_DAILY
140 || $data['_PAGE_'] == Router
::$PAGE_EDITLINK
143 $data['css_files'][] = PluginManager
::$PLUGINS_PATH . '/markdown/markdown.css';
150 * Hook render_editlink.
151 * Adds an help link to markdown syntax.
153 * @param array $data data passed to plugin
155 * @return array altered $data.
157 function hook_markdown_render_editlink($data)
159 // Load help HTML into a string
160 $txt = file_get_contents(PluginManager
::$PLUGINS_PATH .'/markdown/help.html');
162 t('Description will be rendered with'),
163 t('Markdown syntax documentation'),
164 t('Markdown syntax'),
166 $data['edit_link_plugin'][] = vsprintf($txt, $translations);
167 // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
168 if (! in_array(NO_MD_TAG
, $data['tags'])) {
169 $data['tags'][NO_MD_TAG
] = 0;
177 * Remove HTML links auto generated by Shaarli core system.
178 * Keeps HREF attributes.
180 * @param string $description input description text.
182 * @return string $description without HTML links.
184 function reverse_text2clickable($description)
186 $descriptionLines = explode(PHP_EOL
, $description);
187 $descriptionOut = '';
188 $codeBlockOn = false;
191 foreach ($descriptionLines as $descriptionLine) {
192 // Detect line of code: starting with 4 spaces,
193 // except lists which can start with +/*/- or `2.` after spaces.
194 $codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
195 // Detect and toggle block of code
197 $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
199 elseif (preg_match('/^```/', $descriptionLine) > 0) {
200 $codeBlockOn = false;
203 $hashtagTitle = ' title="Hashtag [^"]+"';
204 // Reverse `inline code` hashtags.
205 $descriptionLine = preg_replace(
206 '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
211 // Reverse all links in code blocks, only non hashtag elsewhere.
212 $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
213 $descriptionLine = preg_replace(
214 '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
219 // Make hashtag links markdown ready, otherwise the links will be ignored with escape set to true
220 if (!$codeBlockOn && !$codeLineOn) {
221 $descriptionLine = preg_replace(
222 '#<a href="([^ ]*)"'. $hashtagTitle .'>([^<]+)</a>#m',
228 $descriptionOut .= $descriptionLine;
229 if ($lineCount++
< count($descriptionLines) - 1) {
230 $descriptionOut .= PHP_EOL
;
233 return $descriptionOut;
237 * Remove <br> tag to let markdown handle it.
239 * @param string $description input description text.
241 * @return string $description without <br> tags.
243 function reverse_nl2br($description)
245 return preg_replace('!<br */?>!im', '', $description);
249 * Remove HTML spaces ' ' auto generated by Shaarli core system.
251 * @param string $description input description text.
253 * @return string $description without HTML links.
255 function reverse_space2nbsp($description)
257 return preg_replace('/(^| ) /m', '$1 ', $description);
260 function reverse_feed_permalink($description)
262 return preg_replace('@— <a href="([^"]+)" title="[^"]+">(\w+)</a>$@im', '— [$2]($1)', $description);
266 * Replace not whitelisted protocols with http:// in given description.
268 * @param string $description input description text.
269 * @param array $allowedProtocols list of allowed protocols.
271 * @return string $description without malicious link.
273 function filter_protocols($description, $allowedProtocols)
275 return preg_replace_callback(
277 function ($match) use ($allowedProtocols) {
278 return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
285 * Remove dangerous HTML tags (tags, iframe, etc.).
286 * Doesn't affect <code> content (already escaped by Parsedown).
288 * @param string $description input description text.
290 * @return string given string escaped.
292 function sanitize_html($description)
302 foreach ($escapeTags as $tag) {
303 $description = preg_replace_callback(
304 '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
305 function ($match) { return escape($match
[0]); },
308 $description = preg_replace(
309 '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
316 * Render shaare contents through Markdown parser.
317 * 1. Remove HTML generated by Shaarli core.
318 * 2. Reverse the escape function.
319 * 3. Generate markdown descriptions.
320 * 4. Sanitize sensible HTML tags for security.
321 * 5. Wrap description in 'markdown
' CSS class.
323 * @param string $description input description text.
324 * @param bool $escape escape HTML entities
326 * @return string HTML processed $description.
328 function process_markdown($description, $escape = true, $allowedProtocols = [])
330 $parsedown = new Parsedown();
332 $processedDescription = $description;
333 $processedDescription = reverse_nl2br($processedDescription);
334 $processedDescription = reverse_space2nbsp($processedDescription);
335 $processedDescription = reverse_text2clickable($processedDescription);
336 $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
337 $processedDescription = unescape($processedDescription);
338 $processedDescription = $parsedown
339 ->setMarkupEscaped($escape)
340 ->setBreaksEnabled(true)
341 ->text($processedDescription);
342 $processedDescription = sanitize_html($processedDescription);
344 if(!empty($processedDescription)){
345 $processedDescription = '<div
class="markdown">'. $processedDescription . '</div
>';
348 return $processedDescription;
352 * This function is never called, but contains translation calls for GNU gettext extraction.
354 function markdown_dummy_translation()
357 t('Render shaare description with Markdown syntax
.<br
><strong
>Warning
</strong
>:
358 If your shaared descriptions contained HTML tags before enabling the markdown plugin
,
359 enabling it might
break your page
.
360 See the
<a href
="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README
</a
>.');