]> git.immae.eu Git - github/shaarli/Shaarli.git/blob - plugins/markdown/markdown.php
projects / github / shaarli / Shaarli.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Travis: switch to Ubuntu Trusty build environment
[github/shaarli/Shaarli.git] / plugins / markdown / markdown.php
1 <?php
2
3 /**
4 * Plugin Markdown.
5 *
6 * Shaare's descriptions are parsed with Markdown.
7 */
8
9 /*
10 * If this tag is used on a shaare, the description won't be processed by Parsedown.
11 */
12 define('NO_MD_TAG', 'nomarkdown');
13
14 /**
15 * Parse linklist descriptions.
16 *
17 * @param array $data linklist data.
18 * @param ConfigManager $conf instance.
19 *
20 * @return mixed linklist data parsed in markdown (and converted to HTML).
21 */
22 function hook_markdown_render_linklist($data, $conf)
23 {
24 foreach ($data['links'] as &$value) {
25 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
26 $value = stripNoMarkdownTag($value);
27 continue;
28 }
29 $value['description'] = process_markdown(
30 $value['description'],
31 $conf->get('security.markdown_escape', true),
32 $conf->get('security.allowed_protocols')
33 );
34 }
35 return $data;
36 }
37
38 /**
39 * Parse feed linklist descriptions.
40 *
41 * @param array $data linklist data.
42 * @param ConfigManager $conf instance.
43 *
44 * @return mixed linklist data parsed in markdown (and converted to HTML).
45 */
46 function hook_markdown_render_feed($data, $conf)
47 {
48 foreach ($data['links'] as &$value) {
49 if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
50 $value = stripNoMarkdownTag($value);
51 continue;
52 }
53 $value['description'] = process_markdown(
54 $value['description'],
55 $conf->get('security.markdown_escape', true),
56 $conf->get('security.allowed_protocols')
57 );
58 }
59
60 return $data;
61 }
62
63 /**
64 * Parse daily descriptions.
65 *
66 * @param array $data daily data.
67 * @param ConfigManager $conf instance.
68 *
69 * @return mixed daily data parsed in markdown (and converted to HTML).
70 */
71 function hook_markdown_render_daily($data, $conf)
72 {
73 // Manipulate columns data
74 foreach ($data['cols'] as &$value) {
75 foreach ($value as &$value2) {
76 if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
77 $value2 = stripNoMarkdownTag($value2);
78 continue;
79 }
80 $value2['formatedDescription'] = process_markdown(
81 $value2['formatedDescription'],
82 $conf->get('security.markdown_escape', true),
83 $conf->get('security.allowed_protocols')
84 );
85 }
86 }
87
88 return $data;
89 }
90
91 /**
92 * Check if noMarkdown is set in tags.
93 *
94 * @param string $tags tag list
95 *
96 * @return bool true if markdown should be disabled on this link.
97 */
98 function noMarkdownTag($tags)
99 {
100 return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
101 }
102
103 /**
104 * Remove the no-markdown meta tag so it won't be displayed.
105 *
106 * @param array $link Link data.
107 *
108 * @return array Updated link without no markdown tag.
109 */
110 function stripNoMarkdownTag($link)
111 {
112 if (! empty($link['taglist'])) {
113 $offset = array_search(NO_MD_TAG, $link['taglist']);
114 if ($offset !== false) {
115 unset($link['taglist'][$offset]);
116 }
117 }
118
119 if (!empty($link['tags'])) {
120 str_replace(NO_MD_TAG, '', $link['tags']);
121 }
122
123 return $link;
124 }
125
126 /**
127 * When link list is displayed, include markdown CSS.
128 *
129 * @param array $data includes data.
130 *
131 * @return mixed - includes data with markdown CSS file added.
132 */
133 function hook_markdown_render_includes($data)
134 {
135 if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
136 || $data['_PAGE_'] == Router::$PAGE_DAILY
137 || $data['_PAGE_'] == Router::$PAGE_EDITLINK
138 ) {
139
140 $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
141 }
142
143 return $data;
144 }
145
146 /**
147 * Hook render_editlink.
148 * Adds an help link to markdown syntax.
149 *
150 * @param array $data data passed to plugin
151 *
152 * @return array altered $data.
153 */
154 function hook_markdown_render_editlink($data)
155 {
156 // Load help HTML into a string
157 $data['edit_link_plugin'][] = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
158
159 // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
160 if (! in_array(NO_MD_TAG, $data['tags'])) {
161 $data['tags'][NO_MD_TAG] = 0;
162 }
163
164 return $data;
165 }
166
167
168 /**
169 * Remove HTML links auto generated by Shaarli core system.
170 * Keeps HREF attributes.
171 *
172 * @param string $description input description text.
173 *
174 * @return string $description without HTML links.
175 */
176 function reverse_text2clickable($description)
177 {
178 $descriptionLines = explode(PHP_EOL, $description);
179 $descriptionOut = '';
180 $codeBlockOn = false;
181 $lineCount = 0;
182
183 foreach ($descriptionLines as $descriptionLine) {
184 // Detect line of code: starting with 4 spaces,
185 // except lists which can start with +/*/- or `2.` after spaces.
186 $codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
187 // Detect and toggle block of code
188 if (!$codeBlockOn) {
189 $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
190 }
191 elseif (preg_match('/^```/', $descriptionLine) > 0) {
192 $codeBlockOn = false;
193 }
194
195 $hashtagTitle = ' title="Hashtag [^"]+"';
196 // Reverse `inline code` hashtags.
197 $descriptionLine = preg_replace(
198 '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
199 '$1$2$3',
200 $descriptionLine
201 );
202
203 // Reverse all links in code blocks, only non hashtag elsewhere.
204 $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
205 $descriptionLine = preg_replace(
206 '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
207 '$1',
208 $descriptionLine
209 );
210
211 $descriptionOut .= $descriptionLine;
212 if ($lineCount++ < count($descriptionLines) - 1) {
213 $descriptionOut .= PHP_EOL;
214 }
215 }
216 return $descriptionOut;
217 }
218
219 /**
220 * Remove <br> tag to let markdown handle it.
221 *
222 * @param string $description input description text.
223 *
224 * @return string $description without <br> tags.
225 */
226 function reverse_nl2br($description)
227 {
228 return preg_replace('!<br */?>!im', '', $description);
229 }
230
231 /**
232 * Remove HTML spaces '&nbsp;' auto generated by Shaarli core system.
233 *
234 * @param string $description input description text.
235 *
236 * @return string $description without HTML links.
237 */
238 function reverse_space2nbsp($description)
239 {
240 return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
241 }
242
243 /**
244 * Replace not whitelisted protocols with http:// in given description.
245 *
246 * @param string $description input description text.
247 * @param array $allowedProtocols list of allowed protocols.
248 *
249 * @return string $description without malicious link.
250 */
251 function filter_protocols($description, $allowedProtocols)
252 {
253 return preg_replace_callback(
254 '#]\((.*?)\)#is',
255 function ($match) use ($allowedProtocols) {
256 return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
257 },
258 $description
259 );
260 }
261
262 /**
263 * Remove dangerous HTML tags (tags, iframe, etc.).
264 * Doesn't affect <code> content (already escaped by Parsedown).
265 *
266 * @param string $description input description text.
267 *
268 * @return string given string escaped.
269 */
270 function sanitize_html($description)
271 {
272 $escapeTags = array(
273 'script',
274 'style',
275 'link',
276 'iframe',
277 'frameset',
278 'frame',
279 );
280 foreach ($escapeTags as $tag) {
281 $description = preg_replace_callback(
282 '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
283 function ($match) { return escape($match[0]); },
284 $description);
285 }
286 $description = preg_replace(
287 '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
288 '$1',
289 $description);
290 return $description;
291 }
292
293 /**
294 * Render shaare contents through Markdown parser.
295 * 1. Remove HTML generated by Shaarli core.
296 * 2. Reverse the escape function.
297 * 3. Generate markdown descriptions.
298 * 4. Sanitize sensible HTML tags for security.
299 * 5. Wrap description in 'markdown' CSS class.
300 *
301 * @param string $description input description text.
302 * @param bool $escape escape HTML entities
303 *
304 * @return string HTML processed $description.
305 */
306 function process_markdown($description, $escape = true, $allowedProtocols = [])
307 {
308 $parsedown = new Parsedown();
309
310 $processedDescription = $description;
311 $processedDescription = reverse_nl2br($processedDescription);
312 $processedDescription = reverse_space2nbsp($processedDescription);
313 $processedDescription = reverse_text2clickable($processedDescription);
314 $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
315 $processedDescription = unescape($processedDescription);
316 $processedDescription = $parsedown
317 ->setMarkupEscaped($escape)
318 ->setBreaksEnabled(true)
319 ->text($processedDescription);
320 $processedDescription = sanitize_html($processedDescription);
321
322 if(!empty($processedDescription)){
323 $processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
324 }
325
326 return $processedDescription;
327 }
The personal, minimalist, super-fast, database free, bookmarking service - community repo