plugins/markdown/markdown.php

   1 <?php
   2
   3 /**
   4  * Plugin Markdown.
   5  *
   6  * Shaare's descriptions are parsed with Markdown.
   7  */
   8
   9 /*
  10  * If this tag is used on a shaare, the description won't be processed by Parsedown.
  11  */
  12 define('NO_MD_TAG', 'nomarkdown');
  13
  14 /**
  15  * Parse linklist descriptions.
  16  *
  17  * @param array         $data linklist data.
  18  * @param ConfigManager $conf instance.
  19  *
  20  * @return mixed linklist data parsed in markdown (and converted to HTML).
  21  */
  22 function hook_markdown_render_linklist($data, $conf)
  23 {
  24     foreach ($data['links'] as &$value) {
  25         if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
  26             $value = stripNoMarkdownTag($value);
  27             continue;
  28         }
  29         $value['description'] = process_markdown(
  30             $value['description'],
  31             $conf->get('security.markdown_escape', true),
  32             $conf->get('security.allowed_protocols')
  33         );
  34     }
  35     return $data;
  36 }
  37
  38 /**
  39  * Parse feed linklist descriptions.
  40  *
  41  * @param array $data linklist data.
  42  * @param ConfigManager $conf instance.
  43  *
  44  * @return mixed linklist data parsed in markdown (and converted to HTML).
  45  */
  46 function hook_markdown_render_feed($data, $conf)
  47 {
  48     foreach ($data['links'] as &$value) {
  49         if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
  50             $value = stripNoMarkdownTag($value);
  51             continue;
  52         }
  53         $value['description'] = process_markdown(
  54             $value['description'],
  55             $conf->get('security.markdown_escape', true),
  56             $conf->get('security.allowed_protocols')
  57         );
  58     }
  59
  60     return $data;
  61 }
  62
  63 /**
  64  * Parse daily descriptions.
  65  *
  66  * @param array         $data daily data.
  67  * @param ConfigManager $conf instance.
  68  *
  69  * @return mixed daily data parsed in markdown (and converted to HTML).
  70  */
  71 function hook_markdown_render_daily($data, $conf)
  72 {
  73     // Manipulate columns data
  74     foreach ($data['cols'] as &$value) {
  75         foreach ($value as &$value2) {
  76             if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
  77                 $value2 = stripNoMarkdownTag($value2);
  78                 continue;
  79             }
  80             $value2['formatedDescription'] = process_markdown(
  81                 $value2['formatedDescription'],
  82                 $conf->get('security.markdown_escape', true),
  83                 $conf->get('security.allowed_protocols')
  84             );
  85         }
  86     }
  87
  88     return $data;
  89 }
  90
  91 /**
  92  * Check if noMarkdown is set in tags.
  93  *
  94  * @param string $tags tag list
  95  *
  96  * @return bool true if markdown should be disabled on this link.
  97  */
  98 function noMarkdownTag($tags)
  99 {
 100     return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
 101 }
 102
 103 /**
 104  * Remove the no-markdown meta tag so it won't be displayed.
 105  *
 106  * @param array $link Link data.
 107  *
 108  * @return array Updated link without no markdown tag.
 109  */
 110 function stripNoMarkdownTag($link)
 111 {
 112     if (! empty($link['taglist'])) {
 113         $offset = array_search(NO_MD_TAG, $link['taglist']);
 114         if ($offset !== false) {
 115             unset($link['taglist'][$offset]);
 116         }
 117     }
 118
 119     if (!empty($link['tags'])) {
 120         str_replace(NO_MD_TAG, '', $link['tags']);
 121     }
 122
 123     return $link;
 124 }
 125
 126 /**
 127  * When link list is displayed, include markdown CSS.
 128  *
 129  * @param array $data includes data.
 130  *
 131  * @return mixed - includes data with markdown CSS file added.
 132  */
 133 function hook_markdown_render_includes($data)
 134 {
 135     if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
 136         || $data['_PAGE_'] == Router::$PAGE_DAILY
 137         || $data['_PAGE_'] == Router::$PAGE_EDITLINK
 138     ) {
 139
 140         $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
 141     }
 142
 143     return $data;
 144 }
 145
 146 /**
 147  * Hook render_editlink.
 148  * Adds an help link to markdown syntax.
 149  *
 150  * @param array $data data passed to plugin
 151  *
 152  * @return array altered $data.
 153  */
 154 function hook_markdown_render_editlink($data)
 155 {
 156     // Load help HTML into a string
 157     $txt = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
 158     $translations = [
 159         t('Description will be rendered with'),
 160         t('Markdown syntax documentation'),
 161         t('Markdown syntax'),
 162     ];
 163     $data['edit_link_plugin'][] = vsprintf($txt, $translations);
 164     // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
 165     if (! in_array(NO_MD_TAG, $data['tags'])) {
 166         $data['tags'][NO_MD_TAG] = 0;
 167     }
 168
 169     return $data;
 170 }
 171
 172
 173 /**
 174  * Remove HTML links auto generated by Shaarli core system.
 175  * Keeps HREF attributes.
 176  *
 177  * @param string $description input description text.
 178  *
 179  * @return string $description without HTML links.
 180  */
 181 function reverse_text2clickable($description)
 182 {
 183     $descriptionLines = explode(PHP_EOL, $description);
 184     $descriptionOut = '';
 185     $codeBlockOn = false;
 186     $lineCount = 0;
 187
 188     foreach ($descriptionLines as $descriptionLine) {
 189         // Detect line of code: starting with 4 spaces,
 190         // except lists which can start with +/*/- or `2.` after spaces.
 191         $codeLineOn = preg_match('/^    +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
 192         // Detect and toggle block of code
 193         if (!$codeBlockOn) {
 194             $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
 195         }
 196         elseif (preg_match('/^```/', $descriptionLine) > 0) {
 197             $codeBlockOn = false;
 198         }
 199
 200         $hashtagTitle = ' title="Hashtag [^"]+"';
 201         // Reverse `inline code` hashtags.
 202         $descriptionLine = preg_replace(
 203             '!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
 204             '$1$2$3',
 205             $descriptionLine
 206         );
 207
 208         // Reverse all links in code blocks, only non hashtag elsewhere.
 209         $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
 210         $descriptionLine = preg_replace(
 211             '#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
 212             '$1',
 213             $descriptionLine
 214         );
 215
 216         $descriptionOut .= $descriptionLine;
 217         if ($lineCount++ < count($descriptionLines) - 1) {
 218             $descriptionOut .= PHP_EOL;
 219         }
 220     }
 221     return $descriptionOut;
 222 }
 223
 224 /**
 225  * Remove <br> tag to let markdown handle it.
 226  *
 227  * @param string $description input description text.
 228  *
 229  * @return string $description without <br> tags.
 230  */
 231 function reverse_nl2br($description)
 232 {
 233     return preg_replace('!<br */?>!im', '', $description);
 234 }
 235
 236 /**
 237  * Remove HTML spaces '&nbsp;' auto generated by Shaarli core system.
 238  *
 239  * @param string $description input description text.
 240  *
 241  * @return string $description without HTML links.
 242  */
 243 function reverse_space2nbsp($description)
 244 {
 245     return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
 246 }
 247
 248 /**
 249  * Replace not whitelisted protocols with http:// in given description.
 250  *
 251  * @param string $description      input description text.
 252  * @param array  $allowedProtocols list of allowed protocols.
 253  *
 254  * @return string $description without malicious link.
 255  */
 256 function filter_protocols($description, $allowedProtocols)
 257 {
 258     return preg_replace_callback(
 259         '#]\((.*?)\)#is',
 260         function ($match) use ($allowedProtocols) {
 261             return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
 262         },
 263         $description
 264     );
 265 }
 266
 267 /**
 268  * Remove dangerous HTML tags (tags, iframe, etc.).
 269  * Doesn't affect <code> content (already escaped by Parsedown).
 270  *
 271  * @param string $description input description text.
 272  *
 273  * @return string given string escaped.
 274  */
 275 function sanitize_html($description)
 276 {
 277     $escapeTags = array(
 278         'script',
 279         'style',
 280         'link',
 281         'iframe',
 282         'frameset',
 283         'frame',
 284     );
 285     foreach ($escapeTags as $tag) {
 286         $description = preg_replace_callback(
 287             '#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
 288             function ($match) { return escape($match[0]); },
 289             $description);
 290     }
 291     $description = preg_replace(
 292         '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
 293         '$1',
 294         $description);
 295     return $description;
 296 }
 297
 298 /**
 299  * Render shaare contents through Markdown parser.
 300  *   1. Remove HTML generated by Shaarli core.
 301  *   2. Reverse the escape function.
 302  *   3. Generate markdown descriptions.
 303  *   4. Sanitize sensible HTML tags for security.
 304  *   5. Wrap description in 'markdown' CSS class.
 305  *
 306  * @param string $description input description text.
 307  * @param bool   $escape      escape HTML entities
 308  *
 309  * @return string HTML processed $description.
 310  */
 311 function process_markdown($description, $escape = true, $allowedProtocols = [])
 312 {
 313     $parsedown = new Parsedown();
 314
 315     $processedDescription = $description;
 316     $processedDescription = reverse_nl2br($processedDescription);
 317     $processedDescription = reverse_space2nbsp($processedDescription);
 318     $processedDescription = reverse_text2clickable($processedDescription);
 319     $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
 320     $processedDescription = unescape($processedDescription);
 321     $processedDescription = $parsedown
 322         ->setMarkupEscaped($escape)
 323         ->setBreaksEnabled(true)
 324         ->text($processedDescription);
 325     $processedDescription = sanitize_html($processedDescription);
 326
 327     if(!empty($processedDescription)){
 328         $processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
 329     }
 330
 331     return $processedDescription;
 332 }
 333
 334 /**
 335  * This function is never called, but contains translation calls for GNU gettext extraction.
 336  */
 337 function markdown_dummy_translation()
 338 {
 339     // meta
 340     t('Render shaare description with Markdown syntax.<br><strong>Warning</strong>:
 341 If your shaared descriptions contained HTML tags before enabling the markdown plugin,
 342 enabling it might break your page.
 343 See the <a href="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README</a>.');
 344 }