plugins/markdown/markdown.php

   1 <?php
   2
   3 /**
   4  * Plugin Markdown.
   5  *
   6  * Shaare's descriptions are parsed with Markdown.
   7  */
   8
   9 /*
  10  * If this tag is used on a shaare, the description won't be processed by Parsedown.
  11  */
  12 define('NO_MD_TAG', 'nomarkdown');
  13
  14 /**
  15  * Parse linklist descriptions.
  16  *
  17  * @param array         $data linklist data.
  18  * @param ConfigManager $conf instance.
  19  *
  20  * @return mixed linklist data parsed in markdown (and converted to HTML).
  21  */
  22 function hook_markdown_render_linklist($data, $conf)
  23 {
  24     foreach ($data['links'] as &$value) {
  25         if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
  26             $value = stripNoMarkdownTag($value);
  27             continue;
  28         }
  29         $value['description'] = process_markdown($value['description'], $conf->get('security.markdown_escape', true));
  30     }
  31     return $data;
  32 }
  33
  34 /**
  35  * Parse feed linklist descriptions.
  36  *
  37  * @param array $data linklist data.
  38  * @param ConfigManager $conf instance.
  39  *
  40  * @return mixed linklist data parsed in markdown (and converted to HTML).
  41  */
  42 function hook_markdown_render_feed($data, $conf)
  43 {
  44     foreach ($data['links'] as &$value) {
  45         if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
  46             $value = stripNoMarkdownTag($value);
  47             continue;
  48         }
  49         $value['description'] = process_markdown($value['description'], $conf->get('security.markdown_escape', true));
  50     }
  51
  52     return $data;
  53 }
  54
  55 /**
  56  * Parse daily descriptions.
  57  *
  58  * @param array         $data daily data.
  59  * @param ConfigManager $conf instance.
  60  *
  61  * @return mixed daily data parsed in markdown (and converted to HTML).
  62  */
  63 function hook_markdown_render_daily($data, $conf)
  64 {
  65     // Manipulate columns data
  66     foreach ($data['cols'] as &$value) {
  67         foreach ($value as &$value2) {
  68             if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
  69                 $value2 = stripNoMarkdownTag($value2);
  70                 continue;
  71             }
  72             $value2['formatedDescription'] = process_markdown(
  73                 $value2['formatedDescription'],
  74                 $conf->get('security.markdown_escape', true)
  75             );
  76         }
  77     }
  78
  79     return $data;
  80 }
  81
  82 /**
  83  * Check if noMarkdown is set in tags.
  84  *
  85  * @param string $tags tag list
  86  *
  87  * @return bool true if markdown should be disabled on this link.
  88  */
  89 function noMarkdownTag($tags)
  90 {
  91     return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
  92 }
  93
  94 /**
  95  * Remove the no-markdown meta tag so it won't be displayed.
  96  *
  97  * @param array $link Link data.
  98  *
  99  * @return array Updated link without no markdown tag.
 100  */
 101 function stripNoMarkdownTag($link)
 102 {
 103     if (! empty($link['taglist'])) {
 104         $offset = array_search(NO_MD_TAG, $link['taglist']);
 105         if ($offset !== false) {
 106             unset($link['taglist'][$offset]);
 107         }
 108     }
 109
 110     if (!empty($link['tags'])) {
 111         str_replace(NO_MD_TAG, '', $link['tags']);
 112     }
 113
 114     return $link;
 115 }
 116
 117 /**
 118  * When link list is displayed, include markdown CSS.
 119  *
 120  * @param array $data includes data.
 121  *
 122  * @return mixed - includes data with markdown CSS file added.
 123  */
 124 function hook_markdown_render_includes($data)
 125 {
 126     if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
 127         || $data['_PAGE_'] == Router::$PAGE_DAILY
 128         || $data['_PAGE_'] == Router::$PAGE_EDITLINK
 129     ) {
 130
 131         $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
 132     }
 133
 134     return $data;
 135 }
 136
 137 /**
 138  * Hook render_editlink.
 139  * Adds an help link to markdown syntax.
 140  *
 141  * @param array $data data passed to plugin
 142  *
 143  * @return array altered $data.
 144  */
 145 function hook_markdown_render_editlink($data)
 146 {
 147     // Load help HTML into a string
 148     $data['edit_link_plugin'][] = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
 149
 150     // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
 151     if (! in_array(NO_MD_TAG, $data['tags'])) {
 152         $data['tags'][NO_MD_TAG] = 0;
 153     }
 154
 155     return $data;
 156 }
 157
 158
 159 /**
 160  * Remove HTML links auto generated by Shaarli core system.
 161  * Keeps HREF attributes.
 162  *
 163  * @param string $description input description text.
 164  *
 165  * @return string $description without HTML links.
 166  */
 167 function reverse_text2clickable($description)
 168 {
 169     $descriptionLines = explode(PHP_EOL, $description);
 170     $descriptionOut = '';
 171     $codeBlockOn = false;
 172     $lineCount = 0;
 173
 174     foreach ($descriptionLines as $descriptionLine) {
 175         // Detect line of code: starting with 4 spaces,
 176         // except lists which can start with +/*/- or `2.` after spaces.
 177         $codeLineOn = preg_match('/^    +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
 178         // Detect and toggle block of code
 179         if (!$codeBlockOn) {
 180             $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
 181         }
 182         elseif (preg_match('/^```/', $descriptionLine) > 0) {
 183             $codeBlockOn = false;
 184         }
 185
 186         $hashtagTitle = ' title="Hashtag [^"]+"';
 187         // Reverse `inline code` hashtags.
 188         $descriptionLine = preg_replace(
 189             '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
 190             '$1$2$3',
 191             $descriptionLine
 192         );
 193
 194         // Reverse all links in code blocks, only non hashtag elsewhere.
 195         $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
 196         $descriptionLine = preg_replace(
 197             '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
 198             '$1',
 199             $descriptionLine
 200         );
 201
 202         $descriptionOut .= $descriptionLine;
 203         if ($lineCount++ < count($descriptionLines) - 1) {
 204             $descriptionOut .= PHP_EOL;
 205         }
 206     }
 207     return $descriptionOut;
 208 }
 209
 210 /**
 211  * Remove <br> tag to let markdown handle it.
 212  *
 213  * @param string $description input description text.
 214  *
 215  * @return string $description without <br> tags.
 216  */
 217 function reverse_nl2br($description)
 218 {
 219     return preg_replace('!<br */?>!im', '', $description);
 220 }
 221
 222 /**
 223  * Remove HTML spaces '&nbsp;' auto generated by Shaarli core system.
 224  *
 225  * @param string $description input description text.
 226  *
 227  * @return string $description without HTML links.
 228  */
 229 function reverse_space2nbsp($description)
 230 {
 231     return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
 232 }
 233
 234 /**
 235  * Remove dangerous HTML tags (tags, iframe, etc.).
 236  * Doesn't affect <code> content (already escaped by Parsedown).
 237  *
 238  * @param string $description input description text.
 239  *
 240  * @return string given string escaped.
 241  */
 242 function sanitize_html($description)
 243 {
 244     $escapeTags = array(
 245         'script',
 246         'style',
 247         'link',
 248         'iframe',
 249         'frameset',
 250         'frame',
 251     );
 252     foreach ($escapeTags as $tag) {
 253         $description = preg_replace_callback(
 254             '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
 255             function ($match) { return escape($match[0]); },
 256             $description);
 257     }
 258     $description = preg_replace(
 259         '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
 260         '$1',
 261         $description);
 262     return $description;
 263 }
 264
 265 /**
 266  * Render shaare contents through Markdown parser.
 267  *   1. Remove HTML generated by Shaarli core.
 268  *   2. Reverse the escape function.
 269  *   3. Generate markdown descriptions.
 270  *   4. Sanitize sensible HTML tags for security.
 271  *   5. Wrap description in 'markdown' CSS class.
 272  *
 273  * @param string $description input description text.
 274  * @param bool   $escape      escape HTML entities
 275  *
 276  * @return string HTML processed $description.
 277  */
 278 function process_markdown($description, $escape = true)
 279 {
 280     $parsedown = new Parsedown();
 281
 282     $processedDescription = $description;
 283     $processedDescription = reverse_nl2br($processedDescription);
 284     $processedDescription = reverse_space2nbsp($processedDescription);
 285     $processedDescription = reverse_text2clickable($processedDescription);
 286     $processedDescription = unescape($processedDescription);
 287     $processedDescription = $parsedown
 288         ->setMarkupEscaped($escape)
 289         ->setBreaksEnabled(true)
 290         ->text($processedDescription);
 291     $processedDescription = sanitize_html($processedDescription);
 292
 293     if(!empty($processedDescription)){
 294         $processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
 295     }
 296
 297     return $processedDescription;
 298 }