* Shaare's descriptions are parsed with Markdown.
*/
+use Shaarli\Config\ConfigManager;
+
/*
* If this tag is used on a shaare, the description won't be processed by Parsedown.
*/
$value = stripNoMarkdownTag($value);
continue;
}
- $value['description'] = process_markdown($value['description'], $conf->get('security.markdown_escape', true));
+ $value['description_src'] = $value['description'];
+ $value['description'] = process_markdown(
+ $value['description'],
+ $conf->get('security.markdown_escape', true),
+ $conf->get('security.allowed_protocols')
+ );
}
return $data;
}
$value = stripNoMarkdownTag($value);
continue;
}
- $value['description'] = process_markdown($value['description'], $conf->get('security.markdown_escape', true));
+ $value['description'] = reverse_feed_permalink($value['description']);
+ $value['description'] = process_markdown(
+ $value['description'],
+ $conf->get('security.markdown_escape', true),
+ $conf->get('security.allowed_protocols')
+ );
}
return $data;
*/
function hook_markdown_render_daily($data, $conf)
{
+ //var_dump($data);die;
// Manipulate columns data
- foreach ($data['cols'] as &$value) {
- foreach ($value as &$value2) {
- if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
- $value2 = stripNoMarkdownTag($value2);
- continue;
- }
- $value2['formatedDescription'] = process_markdown(
- $value2['formatedDescription'],
- $conf->get('security.markdown_escape', true)
- );
+ foreach ($data['linksToDisplay'] as &$value) {
+ if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
+ $value = stripNoMarkdownTag($value);
+ continue;
}
+ $value['formatedDescription'] = process_markdown(
+ $value['formatedDescription'],
+ $conf->get('security.markdown_escape', true),
+ $conf->get('security.allowed_protocols')
+ );
}
return $data;
|| $data['_PAGE_'] == Router::$PAGE_DAILY
|| $data['_PAGE_'] == Router::$PAGE_EDITLINK
) {
-
+
$data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
}
function hook_markdown_render_editlink($data)
{
// Load help HTML into a string
- $data['edit_link_plugin'][] = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
-
+ $txt = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
+ $translations = [
+ t('Description will be rendered with'),
+ t('Markdown syntax documentation'),
+ t('Markdown syntax'),
+ ];
+ $data['edit_link_plugin'][] = vsprintf($txt, $translations);
// Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
if (! in_array(NO_MD_TAG, $data['tags'])) {
$data['tags'][NO_MD_TAG] = 0;
$descriptionLine
);
+ // Make hashtag links markdown ready, otherwise the links will be ignored with escape set to true
+ if (!$codeBlockOn && !$codeLineOn) {
+ $descriptionLine = preg_replace(
+ '#<a href="([^ ]*)"'. $hashtagTitle .'>([^<]+)</a>#m',
+ '[$2]($1)',
+ $descriptionLine
+ );
+ }
+
$descriptionOut .= $descriptionLine;
if ($lineCount++ < count($descriptionLines) - 1) {
$descriptionOut .= PHP_EOL;
return preg_replace('/(^| ) /m', '$1 ', $description);
}
+function reverse_feed_permalink($description)
+{
+ return preg_replace('@— <a href="([^"]+)" title="[^"]+">(\w+)</a>$@im', '— [$2]($1)', $description);
+}
+
+/**
+ * Replace not whitelisted protocols with http:// in given description.
+ *
+ * @param string $description input description text.
+ * @param array $allowedProtocols list of allowed protocols.
+ *
+ * @return string $description without malicious link.
+ */
+function filter_protocols($description, $allowedProtocols)
+{
+ return preg_replace_callback(
+ '#]\((.*?)\)#is',
+ function ($match) use ($allowedProtocols) {
+ return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
+ },
+ $description
+ );
+}
+
/**
* Remove dangerous HTML tags (tags, iframe, etc.).
* Doesn't affect <code> content (already escaped by Parsedown).
$description);
}
$description = preg_replace(
- '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
+ '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
'$1',
$description);
return $description;
*
* @return string HTML processed $description.
*/
-function process_markdown($description, $escape = true)
+function process_markdown($description, $escape = true, $allowedProtocols = [])
{
$parsedown = new Parsedown();
$processedDescription = reverse_nl2br($processedDescription);
$processedDescription = reverse_space2nbsp($processedDescription);
$processedDescription = reverse_text2clickable($processedDescription);
+ $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
$processedDescription = unescape($processedDescription);
$processedDescription = $parsedown
->setMarkupEscaped($escape)
return $processedDescription;
}
+
+/**
+ * This function is never called, but contains translation calls for GNU gettext extraction.
+ */
+function markdown_dummy_translation()
+{
+ // meta
+ t('Render shaare description with Markdown syntax.<br><strong>Warning</strong>:
+If your shaared descriptions contained HTML tags before enabling the markdown plugin,
+enabling it might break your page.
+See the <a href="https://github.com/shaarli/Shaarli/tree/master/plugins/markdown#html-rendering">README</a>.');
+}
projects / github / shaarli / Shaarli.git / blobdiff