[markdown] Escape mentions which username can contain Markdown-like syntax

This commit is contained in:
Hypolite Petovan 2020-11-02 11:02:08 -05:00
parent ee8564fd06
commit 05d2707d50

View file

@ -47,26 +47,17 @@ function markdown_post_local_start(App $a, &$request) {
return; return;
} }
// Elements that shouldn't be parsed // Escape elements that shouldn't be parsed
$elements = ['code', 'noparse', 'nobb', 'pre', 'share', 'url', 'img', 'bookmark', $request['body'] = \Friendica\Content\Text\BBCode::performWithEscapedTags(
'audio', 'video', 'youtube', 'vimeo', 'attachment', 'iframe', 'map', 'mail']; $request['body'],
foreach ($elements as $element) { ['code', 'noparse', 'nobb', 'pre', 'share', 'url', 'img', 'bookmark',
$request['body'] = preg_replace_callback("/\[" . $element . "(.*?)\](.*?)\[\/" . $element . "\]/ism", 'audio', 'video', 'youtube', 'vimeo', 'attachment', 'iframe', 'map', 'mail'],
function ($match) use ($element) { function ($body) {
return '[' . $element . '-b64' . base64_encode($match[1]) . ']' . base64_encode($match[2]) . '[/b64-' . $element . ']'; // Escape mentions which username can contain Markdown-like characters
}, // See https://github.com/friendica/friendica/issues/9486
$request['body'] return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
); return Markdown::toBBCode($text);
} });
}
$request['body'] = Markdown::toBBCode($request['body']); );
foreach (array_reverse($elements) as $element) {
$request['body'] = preg_replace_callback("/\[" . $element . "-b64(.*?)\](.*?)\[\/b64-" . $element . "\]/ism",
function ($match) use ($element) {
return '[' . $element . base64_decode($match[1]) . ']' . base64_decode($match[2]) . '[/' . $element . ']';
},
$request['body']
);
}
} }