From cf92b4dd1521241eefc58eaf6dcd202cd83969d8 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 25 May 2019 15:52:27 +0200 Subject: Apply the new system (Bookmark + Service) to the whole code base See https://github.com/shaarli/Shaarli/issues/1307 --- plugins/markdown/README.md | 102 ------------ plugins/markdown/help.html | 5 - plugins/markdown/markdown.css | 173 ------------------- plugins/markdown/markdown.meta | 4 - plugins/markdown/markdown.php | 365 ----------------------------------------- 5 files changed, 649 deletions(-) delete mode 100644 plugins/markdown/README.md delete mode 100644 plugins/markdown/help.html delete mode 100644 plugins/markdown/markdown.css delete mode 100644 plugins/markdown/markdown.meta delete mode 100644 plugins/markdown/markdown.php (limited to 'plugins/markdown') diff --git a/plugins/markdown/README.md b/plugins/markdown/README.md deleted file mode 100644 index bc9427e2..00000000 --- a/plugins/markdown/README.md +++ /dev/null @@ -1,102 +0,0 @@ -## Markdown Shaarli plugin - -Convert all your shaares description to HTML formatted Markdown. - -[Read more about Markdown syntax](http://daringfireball.net/projects/markdown/syntax). - -Markdown processing is done with [Parsedown library](https://github.com/erusev/parsedown). - -### Installation - -As a default plugin, it should already be in `tpl/plugins/` directory. -If not, download and unpack it there. - -The directory structure should look like: - -``` ---- plugins - |--- markdown - |--- help.html - |--- markdown.css - |--- markdown.meta - |--- markdown.php - |--- README.md -``` - -To enable the plugin, just check it in the plugin administration page. - -You can also add `markdown` to your list of enabled plugins in `data/config.json.php` -(`general.enabled_plugins` list). - -This should look like: - -``` -"general": { - "enabled_plugins": [ - "markdown", - [...] - ], -} -``` - -Parsedown parsing library is imported using Composer. If you installed Shaarli using `git`, -or the `master` branch, run - - composer update --no-dev --prefer-dist - -### No Markdown tag - -If the tag `nomarkdown` is set for a shaare, it won't be converted to Markdown syntax. - -> Note: this is a special tag, so it won't be displayed in link list. - -### HTML escape - -By default, HTML tags are escaped. You can enable HTML tags rendering -by setting `security.markdwon_escape` to `false` in `data/config.json.php`: - -```json -{ - "security": { - "markdown_escape": false - } -} -``` - -With this setting, Markdown support HTML tags. For example: - - > strongstrike - -Will render as: - -> strongstrike - - -**Warning:** - - * This setting might present **security risks** (XSS) on shared instances, even though tags - such as script, iframe, etc should be disabled. - * If you want to shaare HTML code, it is necessary to use inline code or code blocks. - * If your shaared descriptions contained HTML tags before enabling the markdown plugin, -enabling it might break your page. - -### Known issue - -#### Redirector - -If you're using a redirector, you *need* to add a space after a link, -otherwise the rest of the line will be `urlencode`. - -``` -[link](http://domain.tld)-->test -``` - -Will consider `http://domain.tld)-->test` as URL. - -Instead, add an additional space. - -``` -[link](http://domain.tld) -->test -``` - -> Won't fix because a `)` is a valid part of an URL. diff --git a/plugins/markdown/help.html b/plugins/markdown/help.html deleted file mode 100644 index ded3d347..00000000 --- a/plugins/markdown/help.html +++ /dev/null @@ -1,5 +0,0 @@ -
- %s - - %s. -
diff --git a/plugins/markdown/markdown.css b/plugins/markdown/markdown.css deleted file mode 100644 index ce19cd2a..00000000 --- a/plugins/markdown/markdown.css +++ /dev/null @@ -1,173 +0,0 @@ -/** - * Credit to Simon Laroche - * whom created the CSS which this file is based on. - * License: Unlicense - */ - -.markdown p{ - margin:0.75em 0; -} - -.markdown img{ - max-width:100%; -} - -.markdown h1, .markdown h2, .markdown h3, .markdown h4, .markdown h5, .markdown h6{ - font-weight:normal; - font-style:normal; - line-height:1em; - margin:0.75em 0; -} -.markdown h4, .markdown h5, .markdown h6{ font-weight: bold; } -.markdown h1{ font-size:2.5em; } -.markdown h2{ font-size:2em; } -.markdown h3{ font-size:1.5em; } -.markdown h4{ font-size:1.2em; } -.markdown h5{ font-size:1em; } -.markdown h6{ font-size:0.9em; } - -.markdown blockquote{ - color:#666666; - padding-left: 3em; - border-left: 0.5em #EEE solid; - margin:0.75em 0; -} -.markdown hr { display: block; height: 2px; border: 0; border-top: 1px solid #aaa;border-bottom: 1px solid #eee; margin: 1em 0; padding: 0; } -.markdown pre, .markdown code, .markdown kbd, .markdown samp { - font-family: monospace, 'courier new'; - font-size: 0.98em; -} -.markdown pre { white-space: pre; white-space: pre-wrap; word-wrap: break-word; } - -.markdown b, .markdown strong { font-weight: bold; } - -.markdown dfn, .markdown em { font-style: italic; } - -.markdown ins { background: #ff9; color: #000; text-decoration: none; } - -.markdown mark { background: #ff0; color: #000; font-style: italic; font-weight: bold; } - -.markdown sub, .markdown sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; } -.markdown sup { top: -0.5em; } -.markdown sub { bottom: -0.25em; } - -.markdown ul, .markdown ol { margin: 1em 0; padding: 0 0 0 2em; } -.markdown li p:last-child { margin:0 } -.markdown dd { margin: 0 0 0 2em; } - -.markdown img { border: 0; -ms-interpolation-mode: bicubic; vertical-align: middle; } - -.markdown table { border-collapse: collapse; border-spacing: 0; } -.markdown td { vertical-align: top; } - -@media only screen and (min-width: 480px) { - .markdown {font-size:0.9em;} -} - -@media only screen and (min-width: 768px) { - .markdown {font-size:1em;} -} - -#linklist .markdown li { - padding: 0; - border: none; - background: none; -} - -#linklist .markdown ul li { - list-style: circle; -} - -#linklist .markdown ol li { - list-style: decimal; -} - -.markdown table { - padding: 0; -} -.markdown table tr { - border-top: 1px solid #cccccc; - background-color: white; - margin: 0; - padding: 0; -} -.markdown table tr:nth-child(2n) { - background-color: #f8f8f8; -} -.markdown table tr th { - font-weight: bold; - border: 1px solid #cccccc; - text-align: left; - margin: 0; - padding: 6px 13px; -} -.markdown table tr td { - border: 1px solid #cccccc; - text-align: left; - margin: 0; - padding: 6px 13px; -} -.markdown table tr th :first-child, .markdown table tr td :first-child { - margin-top: 0; -} -.markdown table tr th :last-child, table tr td :last-child { - margin-bottom: 0; -} - -.markdown pre { - background-color: #eee; - padding: 4px 9px; - -webkit-border-radius: 5px; - -moz-border-radius: 5px; - border-radius: 5px; - overflow: auto; - box-shadow: 0 -1px 0 #e5e5e5,0 0 1px rgba(0,0,0,0.12),0 1px 2px rgba(0,0,0,0.24); -} - -.markdown pre code { - color: black; - font-family: 'Consolas', 'Monaco', 'Andale Mono', monospace; - direction: ltr; - text-align: left; - white-space: pre; - word-spacing: normal; - word-break: normal; - line-height: 1.7; - font-size: 11.5px; - -moz-tab-size: 4; - -o-tab-size: 4; - tab-size: 4; - -webkit-hyphens: none; - -moz-hyphens: none; - -ms-hyphens: none; - hyphens: none; -} - -.markdown :not(pre) code { - background-color: #eee; - padding: 1px 3px; - border-radius: 1px; - box-shadow: 0 -1px 0 #e5e5e5,0 0 1px rgba(0,0,0,0.12),0 1px 1px rgba(0,0,0,0.24); -} - -#pageheader .md_help { - color: white; -} - -/* - Remove header links style - */ -#pageheader .md_help a { - color: lightgray; - font-weight: bold; - text-decoration: underline; - - background: none; - box-shadow: none; - padding: 0; - margin: 0; -} - -#pageheader .md_help a:hover { - color: white; -} diff --git a/plugins/markdown/markdown.meta b/plugins/markdown/markdown.meta deleted file mode 100644 index 322856ea..00000000 --- a/plugins/markdown/markdown.meta +++ /dev/null @@ -1,4 +0,0 @@ -description="Render shaare description with Markdown syntax.
Warning: -If your shaared descriptions contained HTML tags before enabling the markdown plugin, -enabling it might break your page. -See the README." diff --git a/plugins/markdown/markdown.php b/plugins/markdown/markdown.php deleted file mode 100644 index f6f66cc5..00000000 --- a/plugins/markdown/markdown.php +++ /dev/null @@ -1,365 +0,0 @@ -get('security.markdown_escape', true), - $conf->get('security.allowed_protocols') - ); - } - return $data; -} - -/** - * Parse feed linklist descriptions. - * - * @param array $data linklist data. - * @param ConfigManager $conf instance. - * - * @return mixed linklist data parsed in markdown (and converted to HTML). - */ -function hook_markdown_render_feed($data, $conf) -{ - foreach ($data['links'] as &$value) { - if (!empty($value['tags']) && noMarkdownTag($value['tags'])) { - $value = stripNoMarkdownTag($value); - continue; - } - $value['description'] = reverse_feed_permalink($value['description']); - $value['description'] = process_markdown( - $value['description'], - $conf->get('security.markdown_escape', true), - $conf->get('security.allowed_protocols') - ); - } - - return $data; -} - -/** - * Parse daily descriptions. - * - * @param array $data daily data. - * @param ConfigManager $conf instance. - * - * @return mixed daily data parsed in markdown (and converted to HTML). - */ -function hook_markdown_render_daily($data, $conf) -{ - //var_dump($data);die; - // Manipulate columns data - foreach ($data['linksToDisplay'] as &$value) { - if (!empty($value['tags']) && noMarkdownTag($value['tags'])) { - $value = stripNoMarkdownTag($value); - continue; - } - $value['formatedDescription'] = process_markdown( - $value['formatedDescription'], - $conf->get('security.markdown_escape', true), - $conf->get('security.allowed_protocols') - ); - } - - return $data; -} - -/** - * Check if noMarkdown is set in tags. - * - * @param string $tags tag list - * - * @return bool true if markdown should be disabled on this link. - */ -function noMarkdownTag($tags) -{ - return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags); -} - -/** - * Remove the no-markdown meta tag so it won't be displayed. - * - * @param array $link Link data. - * - * @return array Updated link without no markdown tag. - */ -function stripNoMarkdownTag($link) -{ - if (! empty($link['taglist'])) { - $offset = array_search(NO_MD_TAG, $link['taglist']); - if ($offset !== false) { - unset($link['taglist'][$offset]); - } - } - - if (!empty($link['tags'])) { - str_replace(NO_MD_TAG, '', $link['tags']); - } - - return $link; -} - -/** - * When link list is displayed, include markdown CSS. - * - * @param array $data includes data. - * - * @return mixed - includes data with markdown CSS file added. - */ -function hook_markdown_render_includes($data) -{ - if ($data['_PAGE_'] == Router::$PAGE_LINKLIST - || $data['_PAGE_'] == Router::$PAGE_DAILY - || $data['_PAGE_'] == Router::$PAGE_EDITLINK - ) { - $data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css'; - } - - return $data; -} - -/** - * Hook render_editlink. - * Adds an help link to markdown syntax. - * - * @param array $data data passed to plugin - * - * @return array altered $data. - */ -function hook_markdown_render_editlink($data) -{ - // Load help HTML into a string - $txt = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html'); - $translations = [ - t('Description will be rendered with'), - t('Markdown syntax documentation'), - t('Markdown syntax'), - ]; - $data['edit_link_plugin'][] = vsprintf($txt, $translations); - // Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion. - if (! in_array(NO_MD_TAG, $data['tags'])) { - $data['tags'][NO_MD_TAG] = 0; - } - - return $data; -} - - -/** - * Remove HTML links auto generated by Shaarli core system. - * Keeps HREF attributes. - * - * @param string $description input description text. - * - * @return string $description without HTML links. - */ -function reverse_text2clickable($description) -{ - $descriptionLines = explode(PHP_EOL, $description); - $descriptionOut = ''; - $codeBlockOn = false; - $lineCount = 0; - - foreach ($descriptionLines as $descriptionLine) { - // Detect line of code: starting with 4 spaces, - // except lists which can start with +/*/- or `2.` after spaces. - $codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0; - // Detect and toggle block of code - if (!$codeBlockOn) { - $codeBlockOn = preg_match('/^```/', $descriptionLine) > 0; - } elseif (preg_match('/^```/', $descriptionLine) > 0) { - $codeBlockOn = false; - } - - $hashtagTitle = ' title="Hashtag [^"]+"'; - // Reverse `inline code` hashtags. - $descriptionLine = preg_replace( - '!(`[^`\n]*)([^<]+)([^`\n]*`)!m', - '$1$2$3', - $descriptionLine - ); - - // Reverse all links in code blocks, only non hashtag elsewhere. - $hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?'; - $descriptionLine = preg_replace( - '#([^<]+)#m', - '$1', - $descriptionLine - ); - - // Make hashtag links markdown ready, otherwise the links will be ignored with escape set to true - if (!$codeBlockOn && !$codeLineOn) { - $descriptionLine = preg_replace( - '#([^<]+)#m', - '[$2]($1)', - $descriptionLine - ); - } - - $descriptionOut .= $descriptionLine; - if ($lineCount++ < count($descriptionLines) - 1) { - $descriptionOut .= PHP_EOL; - } - } - return $descriptionOut; -} - -/** - * Remove
tag to let markdown handle it. - * - * @param string $description input description text. - * - * @return string $description without
tags. - */ -function reverse_nl2br($description) -{ - return preg_replace('!
!im', '', $description); -} - -/** - * Remove HTML spaces ' ' auto generated by Shaarli core system. - * - * @param string $description input description text. - * - * @return string $description without HTML links. - */ -function reverse_space2nbsp($description) -{ - return preg_replace('/(^| ) /m', '$1 ', $description); -} - -function reverse_feed_permalink($description) -{ - return preg_replace('@— ([^<]+)$@im', '— [$2]($1)', $description); -} - -/** - * Replace not whitelisted protocols with http:// in given description. - * - * @param string $description input description text. - * @param array $allowedProtocols list of allowed protocols. - * - * @return string $description without malicious link. - */ -function filter_protocols($description, $allowedProtocols) -{ - return preg_replace_callback( - '#]\((.*?)\)#is', - function ($match) use ($allowedProtocols) { - return ']('. whitelist_protocols($match[1], $allowedProtocols) .')'; - }, - $description - ); -} - -/** - * Remove dangerous HTML tags (tags, iframe, etc.). - * Doesn't affect content (already escaped by Parsedown). - * - * @param string $description input description text. - * - * @return string given string escaped. - */ -function sanitize_html($description) -{ - $escapeTags = array( - 'script', - 'style', - 'link', - 'iframe', - 'frameset', - 'frame', - ); - foreach ($escapeTags as $tag) { - $description = preg_replace_callback( - '#<\s*'. $tag .'[^>]*>(.*]*>)?#is', - function ($match) { - return escape($match[0]); - }, - $description - ); - } - $description = preg_replace( - '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is', - '$1', - $description - ); - return $description; -} - -/** - * Render shaare contents through Markdown parser. - * 1. Remove HTML generated by Shaarli core. - * 2. Reverse the escape function. - * 3. Generate markdown descriptions. - * 4. Sanitize sensible HTML tags for security. - * 5. Wrap description in 'markdown' CSS class. - * - * @param string $description input description text. - * @param bool $escape escape HTML entities - * - * @return string HTML processed $description. - */ -function process_markdown($description, $escape = true, $allowedProtocols = []) -{ - $parsedown = new Parsedown(); - - $processedDescription = $description; - $processedDescription = reverse_nl2br($processedDescription); - $processedDescription = reverse_space2nbsp($processedDescription); - $processedDescription = reverse_text2clickable($processedDescription); - $processedDescription = filter_protocols($processedDescription, $allowedProtocols); - $processedDescription = unescape($processedDescription); - $processedDescription = $parsedown - ->setMarkupEscaped($escape) - ->setBreaksEnabled(true) - ->text($processedDescription); - $processedDescription = sanitize_html($processedDescription); - - if (!empty($processedDescription)) { - $processedDescription = '
'. $processedDescription . '
'; - } - - return $processedDescription; -} - -/** - * This function is never called, but contains translation calls for GNU gettext extraction. - */ -function markdown_dummy_translation() -{ - // meta - t('Render shaare description with Markdown syntax.
Warning: -If your shaared descriptions contained HTML tags before enabling the markdown plugin, -enabling it might break your page. -See the README.'); -} -- cgit v1.2.3