[github/shaarli/Shaarli.git] / plugins / markdown / markdown.php

<?php

/**
 * Plugin Markdown.
 *
 * Shaare's descriptions are parsed with Markdown.
 */

use Shaarli\Config\ConfigManager;

/*
 * If this tag is used on a shaare, the description won't be processed by Parsedown.
 */
define('NO_MD_TAG', 'nomarkdown');

/**
 * Parse linklist descriptions.
 *
 * @param array         $data linklist data.
 * @param ConfigManager $conf instance.
 *
 * @return mixed linklist data parsed in markdown (and converted to HTML).
 */
function hook_markdown_render_linklist($data, $conf)
{
    foreach ($data['links'] as &$value) {
        if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
            $value = stripNoMarkdownTag($value);
            continue;
        }
        $value['description'] = process_markdown(
            $value['description'],
            $conf->get('security.markdown_escape', true),
            $conf->get('security.allowed_protocols')
        );
    }
    return $data;
}

/**
 * Parse feed linklist descriptions.
 *
 * @param array $data linklist data.
 * @param ConfigManager $conf instance.
 *
 * @return mixed linklist data parsed in markdown (and converted to HTML).
 */
function hook_markdown_render_feed($data, $conf)
{
    foreach ($data['links'] as &$value) {
        if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
            $value = stripNoMarkdownTag($value);
            continue;
        }
        $value['description'] = reverse_feed_permalink($value['description']);
        $value['description'] = process_markdown(
            $value['description'],
            $conf->get('security.markdown_escape', true),
            $conf->get('security.allowed_protocols')
        );
    }

    return $data;
}

/**
 * Parse daily descriptions.
 *
 * @param array         $data daily data.
 * @param ConfigManager $conf instance.
 *
 * @return mixed daily data parsed in markdown (and converted to HTML).
 */
function hook_markdown_render_daily($data, $conf)
{
    //var_dump($data);die;
    // Manipulate columns data
    foreach ($data['linksToDisplay'] as &$value) {
        if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
            $value = stripNoMarkdownTag($value);
            continue;
        }
        $value['formatedDescription'] = process_markdown(
            $value['formatedDescription'],
            $conf->get('security.markdown_escape', true),
            $conf->get('security.allowed_protocols')
        );
    }

    return $data;
}

/**
 * Check if noMarkdown is set in tags.
 *
 * @param string $tags tag list
 *
 * @return bool true if markdown should be disabled on this link.
 */
function noMarkdownTag($tags)
{
    return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
}

/**
 * Remove the no-markdown meta tag so it won't be displayed.
 *
 * @param array $link Link data.
 *
 * @return array Updated link without no markdown tag.
 */
function stripNoMarkdownTag($link)
{
    if (! empty($link['taglist'])) {
        $offset = array_search(NO_MD_TAG, $link['taglist']);
        if ($offset !== false) {
            unset($link['taglist'][$offset]);
        }
    }

    if (!empty($link['tags'])) {
        str_replace(NO_MD_TAG, '', $link['tags']);
    }

    return $link;
}

/**
 * When link list is displayed, include markdown CSS.
 *
 * @param array $data includes data.
 *
 * @return mixed - includes data with markdown CSS file added.
 */
function hook_markdown_render_includes($data)
{
    if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
        || $data['_PAGE_'] == Router::$PAGE_DAILY
        || $data['_PAGE_'] == Router::$PAGE_EDITLINK
    ) {

        $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
    }

    return $data;
}

/**
 * Hook render_editlink.
 * Adds an help link to markdown syntax.
 *
 * @param array $data data passed to plugin
 *
 * @return array altered $data.
 */
function hook_markdown_render_editlink($data)
{
    // Load help HTML into a string
    $txt = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
    $translations = [
        t('Description will be rendered with'),
        t('Markdown syntax documentation'),
        t('Markdown syntax'),
    ];
    $data['edit_link_plugin'][] = vsprintf($txt, $translations);
    // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
    if (! in_array(NO_MD_TAG, $data['tags'])) {
        $data['tags'][NO_MD_TAG] = 0;
    }

    return $data;
}


/**
 * Remove HTML links auto generated by Shaarli core system.
 * Keeps HREF attributes.
 *
 * @param string $description input description text.
 *
 * @return string $description without HTML links.
 */
function reverse_text2clickable($description)
{
    $descriptionLines = explode(PHP_EOL, $description);
    $descriptionOut = '';
    $codeBlockOn = false;
    $lineCount = 0;

    foreach ($descriptionLines as $descriptionLine) {
        // Detect line of code: starting with 4 spaces,
        // except lists which can start with +/*/- or `2.` after spaces.
        $codeLineOn = preg_match('/^    +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
        // Detect and toggle block of code
        if (!$codeBlockOn) {
            $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
        }
        elseif (preg_match('/^```/', $descriptionLine) > 0) {
            $codeBlockOn = false;
        }

        $hashtagTitle = ' title="Hashtag [^"]+"';
        // Reverse `inline code` hashtags.
        $descriptionLine = preg_replace(
            '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
            '$1$2$3',
            $descriptionLine
        );

        // Reverse all links in code blocks, only non hashtag elsewhere.
        $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
        $descriptionLine = preg_replace(
            '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
            '$1',
            $descriptionLine
        );

        $descriptionOut .= $descriptionLine;
        if ($lineCount++ < count($descriptionLines) - 1) {
            $descriptionOut .= PHP_EOL;
        }
    }
    return $descriptionOut;
}

/**
 * Remove <br> tag to let markdown handle it.
 *
 * @param string $description input description text.
 *
 * @return string $description without <br> tags.
 */
function reverse_nl2br($description)
{
    return preg_replace('!<br */?>!im', '', $description);
}

/**
 * Remove HTML spaces '&nbsp;' auto generated by Shaarli core system.
 *
 * @param string $description input description text.
 *
 * @return string $description without HTML links.
 */
function reverse_space2nbsp($description)
{
    return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
}

function reverse_feed_permalink($description)
{
    return preg_replace('@&#8212; <a href="([^"]+)" title="[^"]+">(\w+)</a>$@im', '&#8212; [$2]($1)', $description);
}

/**
 * Replace not whitelisted protocols with http:// in given description.
 *
 * @param string $description      input description text.
 * @param array  $allowedProtocols list of allowed protocols.
 *
 * @return string $description without malicious link.
 */
function filter_protocols($description, $allowedProtocols)
{
    return preg_replace_callback(
        '#]\((.*?)\)#is',
        function ($match) use ($allowedProtocols) {
            return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
        },
        $description
    );
}

/**
 * Remove dangerous HTML tags (tags, iframe, etc.).
 * Doesn't affect <code> content (already escaped by Parsedown).
 *
 * @param string $description input description text.
 *
 * @return string given string escaped.
 */
function sanitize_html($description)
{
    $escapeTags = array(
        'script',
        'style',
        'link',
        'iframe',
        'frameset',
        'frame',
    );
    foreach ($escapeTags as $tag) {
        $description = preg_replace_callback(
            '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
            function ($match) { return escape($match[0]); },
            $description);
    }
    $description = preg_replace(
        '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
        '$1',
        $description);
    return $description;
}

/**
 * Render shaare contents through Markdown parser.
 *   1. Remove HTML generated by Shaarli core.
 *   2. Reverse the escape function.
 *   3. Generate markdown descriptions.
 *   4. Sanitize sensible HTML tags for security.
 *   5. Wrap description in 'markdown' CSS class.
 *
 * @param string $description input description text.
 * @param bool   $escape      escape HTML entities
 *
 * @return string HTML processed $description.
 */
function process_markdown($description, $escape = true, $allowedProtocols = [])
{
    $parsedown = new Parsedown();

    $processedDescription = $description;
    $processedDescription = reverse_nl2br($processedDescription);
    $processedDescription = reverse_space2nbsp($processedDescription);
    $processedDescription = reverse_text2clickable($processedDescription);
    $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
    $processedDescription = unescape($processedDescription);
    $processedDescription = $parsedown
        ->setMarkupEscaped($escape)
        ->setBreaksEnabled(true)
        ->text($processedDescription);
    $processedDescription = sanitize_html($processedDescription);

    if(!empty($processedDescription)){
        $processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
    }

    return $processedDescription;
}

/**
 * This function is never called, but contains translation calls for GNU gettext extraction.
 */
function markdown_dummy_translation()
{
    // meta
    t('Render shaare description with Markdown syntax.<br><strong>Warning</strong>:
If your shaared descriptions contained HTML tags before enabling the markdown plugin,
enabling it might break your page.
See the <a href="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README</a>.');
}
Commit	Line	Data
1be4afac A	1	<?php
	2
	3	/**
	4	* Plugin Markdown.
	5	*
	6	* Shaare's descriptions are parsed with Markdown.
	7	*/
	8
dd6794cf A	9	use Shaarli\Config\ConfigManager;
dd6794cf A	10
3ce20d9e A	11	/*
3ce20d9e A	12	* If this tag is used on a shaare, the description won't be processed by Parsedown.
3ce20d9e	13	*/
8c4e6018	14	define('NO_MD_TAG', 'nomarkdown');
3ce20d9e	15
1be4afac A	16	/**
	17	* Parse linklist descriptions.
	18	*
e0376101 A	19	* @param array $data linklist data.
e0376101 A	20	* @param ConfigManager $conf instance.
1be4afac A	21	*
	22	* @return mixed linklist data parsed in markdown (and converted to HTML).
	23	*/
e0376101	24	function hook_markdown_render_linklist($data, $conf)
1be4afac A	25	{
1be4afac A	26	foreach ($data['links'] as &$value) {
3ce20d9e	27	if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
266e3fe5	28	$value = stripNoMarkdownTag($value);
3ce20d9e A	29	continue;
3ce20d9e A	30	}
86ceea05 A	31	$value['description'] = process_markdown(
	32	$value['description'],
	33	$conf->get('security.markdown_escape', true),
	34	$conf->get('security.allowed_protocols')
	35	);
1be4afac	36	}
1be4afac A	37	return $data;
	38	}
	39
635d38c2 A	40	/**
	41	* Parse feed linklist descriptions.
	42	*
	43	* @param array $data linklist data.
e0376101	44	* @param ConfigManager $conf instance.
635d38c2 A	45	*
	46	* @return mixed linklist data parsed in markdown (and converted to HTML).
	47	*/
e0376101	48	function hook_markdown_render_feed($data, $conf)
635d38c2 A	49	{
	50	foreach ($data['links'] as &$value) {
	51	if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
266e3fe5	52	$value = stripNoMarkdownTag($value);
635d38c2 A	53	continue;
635d38c2 A	54	}
dd6794cf	55	$value['description'] = reverse_feed_permalink($value['description']);
86ceea05 A	56	$value['description'] = process_markdown(
	57	$value['description'],
	58	$conf->get('security.markdown_escape', true),
	59	$conf->get('security.allowed_protocols')
	60	);
635d38c2 A	61	}
	62
	63	return $data;
	64	}
	65
1be4afac A	66	/**
	67	* Parse daily descriptions.
	68	*
e0376101 A	69	* @param array $data daily data.
e0376101 A	70	* @param ConfigManager $conf instance.
1be4afac A	71	*
	72	* @return mixed daily data parsed in markdown (and converted to HTML).
	73	*/
e0376101	74	function hook_markdown_render_daily($data, $conf)
1be4afac	75	{
50142efd	76	//var_dump($data);die;
1be4afac	77	// Manipulate columns data
50142efd	78	foreach ($data['linksToDisplay'] as &$value) {
	79	if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
	80	$value = stripNoMarkdownTag($value);
	81	continue;
1be4afac	82	}
50142efd	83	$value['formatedDescription'] = process_markdown(
	84	$value['formatedDescription'],
	85	$conf->get('security.markdown_escape', true),
	86	$conf->get('security.allowed_protocols')
	87	);
1be4afac A	88	}
	89
	90	return $data;
	91	}
	92
3ce20d9e A	93	/**
	94	* Check if noMarkdown is set in tags.
	95	*
	96	* @param string $tags tag list
	97	*
	98	* @return bool true if markdown should be disabled on this link.
	99	*/
	100	function noMarkdownTag($tags)
	101	{
266e3fe5	102	return preg_match('/(^\|\s)'. NO_MD_TAG .'(\s\|$)/', $tags);
3ce20d9e A	103	}
3ce20d9e A	104
8c4e6018 A	105	/**
	106	* Remove the no-markdown meta tag so it won't be displayed.
	107	*
266e3fe5	108	* @param array $link Link data.
8c4e6018	109	*
266e3fe5	110	* @return array Updated link without no markdown tag.
8c4e6018	111	*/
266e3fe5	112	function stripNoMarkdownTag($link)
8c4e6018	113	{
266e3fe5 A	114	if (! empty($link['taglist'])) {
	115	$offset = array_search(NO_MD_TAG, $link['taglist']);
	116	if ($offset !== false) {
	117	unset($link['taglist'][$offset]);
	118	}
	119	}
	120
	121	if (!empty($link['tags'])) {
	122	str_replace(NO_MD_TAG, '', $link['tags']);
	123	}
	124
	125	return $link;
8c4e6018 A	126	}
8c4e6018 A	127
1be4afac A	128	/**
	129	* When link list is displayed, include markdown CSS.
	130	*
	131	* @param array $data includes data.
	132	*
	133	* @return mixed - includes data with markdown CSS file added.
	134	*/
	135	function hook_markdown_render_includes($data)
	136	{
	137	if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
	138	\|\| $data['_PAGE_'] == Router::$PAGE_DAILY
	139	\|\| $data['_PAGE_'] == Router::$PAGE_EDITLINK
	140	) {
50142efd	141
1be4afac A	142	$data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
	143	}
	144
	145	return $data;
	146	}
	147
	148	/**
	149	* Hook render_editlink.
	150	* Adds an help link to markdown syntax.
	151	*
	152	* @param array $data data passed to plugin
	153	*
	154	* @return array altered $data.
	155	*/
	156	function hook_markdown_render_editlink($data)
	157	{
	158	// Load help HTML into a string
12266213 A	159	$txt = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
	160	$translations = [
	161	t('Description will be rendered with'),
	162	t('Markdown syntax documentation'),
	163	t('Markdown syntax'),
	164	];
	165	$data['edit_link_plugin'][] = vsprintf($txt, $translations);
3ce20d9e A	166	// Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
	167	if (! in_array(NO_MD_TAG, $data['tags'])) {
	168	$data['tags'][NO_MD_TAG] = 0;
	169	}
	170
1be4afac A	171	return $data;
	172	}
	173
	174
	175	/**
	176	* Remove HTML links auto generated by Shaarli core system.
	177	* Keeps HREF attributes.
	178	*
	179	* @param string $description input description text.
	180	*
	181	* @return string $description without HTML links.
	182	*/
	183	function reverse_text2clickable($description)
	184	{
9ccca401 A	185	$descriptionLines = explode(PHP_EOL, $description);
	186	$descriptionOut = '';
	187	$codeBlockOn = false;
	188	$lineCount = 0;
	189
	190	foreach ($descriptionLines as $descriptionLine) {
c5941f31 A	191	// Detect line of code: starting with 4 spaces,
	192	// except lists which can start with +/*/- or `2.` after spaces.
	193	$codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
9ccca401 A	194	// Detect and toggle block of code
	195	if (!$codeBlockOn) {
	196	$codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
	197	}
	198	elseif (preg_match('/^```/', $descriptionLine) > 0) {
	199	$codeBlockOn = false;
	200	}
	201
	202	$hashtagTitle = ' title="Hashtag [^"]+"';
	203	// Reverse `inline code` hashtags.
	204	$descriptionLine = preg_replace(
	205	'!(`[^`\n])<a href="[^ ]"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
	206	'$1$2$3',
	207	$descriptionLine
	208	);
	209
c5941f31 A	210	// Reverse all links in code blocks, only non hashtag elsewhere.
c5941f31 A	211	$hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
9ccca401	212	$descriptionLine = preg_replace(
c5941f31	213	'#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
9ccca401 A	214	'$1',
	215	$descriptionLine
	216	);
	217
	218	$descriptionOut .= $descriptionLine;
	219	if ($lineCount++ < count($descriptionLines) - 1) {
	220	$descriptionOut .= PHP_EOL;
	221	}
	222	}
	223	return $descriptionOut;
1be4afac A	224	}
	225
	226	/**
	227	* Remove <br> tag to let markdown handle it.
	228	*
	229	* @param string $description input description text.
	230	*
	231	* @return string $description without <br> tags.
	232	*/
	233	function reverse_nl2br($description)
	234	{
	235	return preg_replace('!<br */?>!im', '', $description);
	236	}
	237
	238	/**
	239	* Remove HTML spaces ' ' auto generated by Shaarli core system.
	240	*
	241	* @param string $description input description text.
	242	*
	243	* @return string $description without HTML links.
	244	*/
	245	function reverse_space2nbsp($description)
	246	{
	247	return preg_replace('/(^\| ) /m', '$1 ', $description);
	248	}
	249
dd6794cf A	250	function reverse_feed_permalink($description)
	251	{
	252	return preg_replace('@— <a href="([^"]+)" title="[^"]+">(\w+)</a>$@im', '— [$2]($1)', $description);
	253	}
	254
86ceea05 A	255	/**
	256	* Replace not whitelisted protocols with http:// in given description.
	257	*
	258	* @param string $description input description text.
	259	* @param array $allowedProtocols list of allowed protocols.
	260	*
	261	* @return string $description without malicious link.
	262	*/
	263	function filter_protocols($description, $allowedProtocols)
	264	{
	265	return preg_replace_callback(
	266	'#]\((.*?)\)#is',
	267	function ($match) use ($allowedProtocols) {
	268	return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
	269	},
	270	$description
	271	);
	272	}
	273
1be4afac	274	/**
2925687e A	275	* Remove dangerous HTML tags (tags, iframe, etc.).
2925687e A	276	* Doesn't affect <code> content (already escaped by Parsedown).
1be4afac A	277	*
	278	* @param string $description input description text.
	279	*
2925687e	280	* @return string given string escaped.
1be4afac	281	*/
2925687e	282	function sanitize_html($description)
1be4afac	283	{
2925687e A	284	$escapeTags = array(
	285	'script',
	286	'style',
	287	'link',
	288	'iframe',
	289	'frameset',
	290	'frame',
	291	);
	292	foreach ($escapeTags as $tag) {
	293	$description = preg_replace_callback(
	294	'#<\s'. $tag .'[^>]>(.</\s'. $tag .'[^>]*>)?#is',
	295	function ($match) { return escape($match[0]); },
	296	$description);
	297	}
	298	$description = preg_replace(
b525810c	299	'#(<[^>]+\s)on[a-z]="?[^ "]"?#is',
2925687e A	300	'$1',
	301	$description);
	302	return $description;
1be4afac A	303	}
	304
	305	/**
	306	* Render shaare contents through Markdown parser.
	307	* 1. Remove HTML generated by Shaarli core.
2925687e A	308	* 2. Reverse the escape function.
	309	* 3. Generate markdown descriptions.
	310	* 4. Sanitize sensible HTML tags for security.
	311	* 5. Wrap description in 'markdown' CSS class.
1be4afac A	312	*
1be4afac A	313	* @param string $description input description text.
e0376101	314	* @param bool $escape escape HTML entities
1be4afac A	315	*
	316	* @return string HTML processed $description.
	317	*/
86ceea05	318	function process_markdown($description, $escape = true, $allowedProtocols = [])
1be4afac A	319	{
	320	$parsedown = new Parsedown();
	321
	322	$processedDescription = $description;
1be4afac A	323	$processedDescription = reverse_nl2br($processedDescription);
1be4afac A	324	$processedDescription = reverse_space2nbsp($processedDescription);
9ccca401	325	$processedDescription = reverse_text2clickable($processedDescription);
86ceea05	326	$processedDescription = filter_protocols($processedDescription, $allowedProtocols);
2925687e	327	$processedDescription = unescape($processedDescription);
1be4afac	328	$processedDescription = $parsedown
e0376101	329	->setMarkupEscaped($escape)
1be4afac A	330	->setBreaksEnabled(true)
1be4afac A	331	->text($processedDescription);
2925687e	332	$processedDescription = sanitize_html($processedDescription);
841df2dd	333
	334	if(!empty($processedDescription)){
	335	$processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
	336	}
1be4afac A	337
	338	return $processedDescription;
	339	}
12266213 A	340
	341	/**
	342	* This function is never called, but contains translation calls for GNU gettext extraction.
	343	*/
	344	function markdown_dummy_translation()
	345	{
	346	// meta
	347	t('Render shaare description with Markdown syntax.<br><strong>Warning</strong>:
	348	If your shaared descriptions contained HTML tags before enabling the markdown plugin,
	349	enabling it might break your page.
	350	See the <a href="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README</a>.');
	351	}