6 * Shaare's descriptions are parsed with Markdown.
10 * If this tag is used on a shaare, the description won't be processed by Parsedown.
12 define('NO_MD_TAG', 'nomarkdown');
15 * Parse linklist descriptions.
17 * @param array $data linklist data.
18 * @param ConfigManager $conf instance.
20 * @return mixed linklist data parsed in markdown (and converted to HTML).
22 function hook_markdown_render_linklist($data, $conf)
24 foreach ($data['links'] as &$value) {
25 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
26 $value = stripNoMarkdownTag($value);
29 $value['description'] = process_markdown(
30 $value['description'],
31 $conf->get('security.markdown_escape', true),
32 $conf->get('security.allowed_protocols')
39 * Parse feed linklist descriptions.
41 * @param array $data linklist data.
42 * @param ConfigManager $conf instance.
44 * @return mixed linklist data parsed in markdown (and converted to HTML).
46 function hook_markdown_render_feed($data, $conf)
48 foreach ($data['links'] as &$value) {
49 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
50 $value = stripNoMarkdownTag($value);
53 $value['description'] = process_markdown(
54 $value['description'],
55 $conf->get('security.markdown_escape', true),
56 $conf->get('security.allowed_protocols')
64 * Parse daily descriptions.
66 * @param array $data daily data.
67 * @param ConfigManager $conf instance.
69 * @return mixed daily data parsed in markdown (and converted to HTML).
71 function hook_markdown_render_daily($data, $conf)
73 // Manipulate columns data
74 foreach ($data['cols'] as &$value) {
75 foreach ($value as &$value2) {
76 if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
77 $value2 = stripNoMarkdownTag($value2);
80 $value2['formatedDescription'] = process_markdown(
81 $value2['formatedDescription'],
82 $conf->get('security.markdown_escape', true),
83 $conf->get('security.allowed_protocols')
92 * Check if noMarkdown is set in tags.
94 * @param string $tags tag list
96 * @return bool true if markdown should be disabled on this link.
98 function noMarkdownTag($tags)
100 return preg_match('/(^|\s)'. NO_MD_TAG
.'(\s|$)/', $tags);
104 * Remove the no-markdown meta tag so it won't be displayed.
106 * @param array $link Link data.
108 * @return array Updated link without no markdown tag.
110 function stripNoMarkdownTag($link)
112 if (! empty($link['taglist'])) {
113 $offset = array_search(NO_MD_TAG
, $link['taglist']);
114 if ($offset !== false) {
115 unset($link['taglist'][$offset]);
119 if (!empty($link['tags'])) {
120 str_replace(NO_MD_TAG
, '', $link['tags']);
127 * When link list is displayed, include markdown CSS.
129 * @param array $data includes data.
131 * @return mixed - includes data with markdown CSS file added.
133 function hook_markdown_render_includes($data)
135 if ($data['_PAGE_'] == Router
::$PAGE_LINKLIST
136 || $data['_PAGE_'] == Router
::$PAGE_DAILY
137 || $data['_PAGE_'] == Router
::$PAGE_EDITLINK
140 $data['css_files'][] = PluginManager
::$PLUGINS_PATH . '/markdown/markdown.css';
147 * Hook render_editlink.
148 * Adds an help link to markdown syntax.
150 * @param array $data data passed to plugin
152 * @return array altered $data.
154 function hook_markdown_render_editlink($data)
156 // Load help HTML into a string
157 $txt = file_get_contents(PluginManager
::$PLUGINS_PATH .'/markdown/help.html');
159 t('Description will be rendered with'),
160 t('Markdown syntax documentation'),
161 t('Markdown syntax'),
163 $data['edit_link_plugin'][] = vsprintf($txt, $translations);
164 // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
165 if (! in_array(NO_MD_TAG
, $data['tags'])) {
166 $data['tags'][NO_MD_TAG
] = 0;
174 * Remove HTML links auto generated by Shaarli core system.
175 * Keeps HREF attributes.
177 * @param string $description input description text.
179 * @return string $description without HTML links.
181 function reverse_text2clickable($description)
183 $descriptionLines = explode(PHP_EOL
, $description);
184 $descriptionOut = '';
185 $codeBlockOn = false;
188 foreach ($descriptionLines as $descriptionLine) {
189 // Detect line of code: starting with 4 spaces,
190 // except lists which can start with +/*/- or `2.` after spaces.
191 $codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
192 // Detect and toggle block of code
194 $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
196 elseif (preg_match('/^```/', $descriptionLine) > 0) {
197 $codeBlockOn = false;
200 $hashtagTitle = ' title="Hashtag [^"]+"';
201 // Reverse `inline code` hashtags.
202 $descriptionLine = preg_replace(
203 '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
208 // Reverse all links in code blocks, only non hashtag elsewhere.
209 $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
210 $descriptionLine = preg_replace(
211 '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
216 $descriptionOut .= $descriptionLine;
217 if ($lineCount++ < count($descriptionLines) - 1) {
218 $descriptionOut .= PHP_EOL;
221 return $descriptionOut;
225 * Remove <br> tag to let markdown handle it.
227 * @param string $description input description text.
229 * @return string $description without <br> tags.
231 function reverse_nl2br($description)
233 return preg_replace('!<br */
?>!im
', '', $description);
237 * Remove HTML spaces ' 
;' auto generated by Shaarli core system.
239 * @param string $description input description text.
241 * @return string $description without HTML links.
243 function reverse_space2nbsp($description)
245 return preg_replace('/(^
| ) 
;/m
', '$1 ', $description);
249 * Replace not whitelisted protocols with http:// in given description.
251 * @param string $description input description text.
252 * @param array $allowedProtocols list of allowed protocols.
254 * @return string $description without malicious link.
256 function filter_protocols($description, $allowedProtocols)
258 return preg_replace_callback(
260 function ($match) use ($allowedProtocols) {
261 return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
268 * Remove dangerous HTML tags (tags, iframe, etc.).
269 * Doesn't affect <code> content (already escaped by Parsedown).
271 * @param string $description input description text.
273 * @return string given string escaped.
275 function sanitize_html($description)
285 foreach ($escapeTags as $tag) {
286 $description = preg_replace_callback(
287 '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
288 function ($match) { return escape($match
[0]); },
291 $description = preg_replace(
292 '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
299 * Render shaare contents through Markdown parser.
300 * 1. Remove HTML generated by Shaarli core.
301 * 2. Reverse the escape function.
302 * 3. Generate markdown descriptions.
303 * 4. Sanitize sensible HTML tags for security.
304 * 5. Wrap description in 'markdown
' CSS class.
306 * @param string $description input description text.
307 * @param bool $escape escape HTML entities
309 * @return string HTML processed $description.
311 function process_markdown($description, $escape = true, $allowedProtocols = [])
313 $parsedown = new Parsedown();
315 $processedDescription = $description;
316 $processedDescription = reverse_nl2br($processedDescription);
317 $processedDescription = reverse_space2nbsp($processedDescription);
318 $processedDescription = reverse_text2clickable($processedDescription);
319 $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
320 $processedDescription = unescape($processedDescription);
321 $processedDescription = $parsedown
322 ->setMarkupEscaped($escape)
323 ->setBreaksEnabled(true)
324 ->text($processedDescription);
325 $processedDescription = sanitize_html($processedDescription);
327 if(!empty($processedDescription)){
328 $processedDescription = '<div
class="markdown">'. $processedDescription . '</div
>';
331 return $processedDescription;
335 * This function is never called, but contains translation calls for GNU gettext extraction.
337 function markdown_dummy_translation()
340 t('Render shaare description with Markdown syntax
.<br
><strong
>Warning
</strong
>:
341 If your shaared descriptions contained HTML tags before enabling the markdown plugin
,
342 enabling it might
break your page
.
343 See the
<a href
="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README
</a
>.');