Escape BBCode tag parsing avoidance tags when processing abstracts

- Improve documentation for related methods
This commit is contained in:
Hypolite Petovan 2022-05-07 22:19:11 -04:00
parent 25876099ce
commit 510dacf4df
2 changed files with 20 additions and 23 deletions

View file

@ -2086,11 +2086,15 @@ class BBCode
* @param string $text The text with BBCode * @param string $text The text with BBCode
* @return string The same text - but without "abstract" element * @return string The same text - but without "abstract" element
*/ */
public static function stripAbstract($text) public static function stripAbstract(string $text): string
{ {
DI::profiler()->startRecording('rendering'); DI::profiler()->startRecording('rendering');
$text = preg_replace("/[\s|\n]*\[abstract\].*?\[\/abstract\][\s|\n]*/ism", ' ', $text);
$text = preg_replace("/[\s|\n]*\[abstract=.*?\].*?\[\/abstract][\s|\n]*/ism", ' ', $text); $text = BBCode::performWithEscapedTags($text, ['code', 'noparse', 'nobb', 'pre'], function ($text) {
$text = preg_replace("/[\s|\n]*\[abstract\].*?\[\/abstract\][\s|\n]*/ism", ' ', $text);
$text = preg_replace("/[\s|\n]*\[abstract=.*?\].*?\[\/abstract][\s|\n]*/ism", ' ', $text);
return $text;
});
DI::profiler()->stopRecording(); DI::profiler()->stopRecording();
return $text; return $text;
@ -2099,30 +2103,26 @@ class BBCode
/** /**
* Returns the value of the "abstract" element * Returns the value of the "abstract" element
* *
* @param string $text The text that maybe contains the element * @param string $text The text that maybe contains the element
* @param string $addon The addon for which the abstract is meant for * @param string $addon The addon for which the abstract is meant for
* @return string The abstract * @return string The abstract
*/ */
public static function getAbstract($text, $addon = '') public static function getAbstract(string $text, string $addon = ''): string
{ {
DI::profiler()->startRecording('rendering'); DI::profiler()->startRecording('rendering');
$abstract = '';
$abstracts = [];
$addon = strtolower($addon); $addon = strtolower($addon);
if (preg_match_all("/\[abstract=(.*?)\](.*?)\[\/abstract\]/ism", $text, $results, PREG_SET_ORDER)) { $abstract = BBCode::performWithEscapedTags($text, ['code', 'noparse', 'nobb', 'pre'], function ($text) use ($addon) {
foreach ($results as $result) { if ($addon && preg_match('#\[abstract=' . preg_quote($addon, '#') . '](.*?)\[/abstract]#ism', $text, $matches)) {
$abstracts[strtolower($result[1])] = $result[2]; return $matches[1];
} }
}
if (isset($abstracts[$addon])) { if (preg_match("#\[abstract](.*?)\[/abstract]#ism", $text, $matches)) {
$abstract = $abstracts[$addon]; return $matches[1];
} }
if ($abstract == '' && preg_match("/\[abstract\](.*?)\[\/abstract\]/ism", $text, $result)) { return '';
$abstract = $result[1]; });
}
DI::profiler()->stopRecording(); DI::profiler()->stopRecording();
return $abstract; return $abstract;
@ -2337,11 +2337,9 @@ class BBCode
* @param array $tagList A list of tag names, e.g ['noparse', 'nobb', 'pre'] * @param array $tagList A list of tag names, e.g ['noparse', 'nobb', 'pre']
* @param callable $callback * @param callable $callback
* @return string * @return string
* @throws Exception * @see Strings::performWithEscapedBlocks
*@see Strings::performWithEscapedBlocks
*
*/ */
public static function performWithEscapedTags(string $text, array $tagList, callable $callback) public static function performWithEscapedTags(string $text, array $tagList, callable $callback): string
{ {
$tagList = array_map('preg_quote', $tagList); $tagList = array_map('preg_quote', $tagList);

View file

@ -485,9 +485,8 @@ class Strings
* @param string $regex * @param string $regex
* @param callable $callback * @param callable $callback
* @return string * @return string
* @throws \Exception
*/ */
public static function performWithEscapedBlocks(string $text, string $regex, callable $callback) public static function performWithEscapedBlocks(string $text, string $regex, callable $callback): string
{ {
// Enables nested use // Enables nested use
$executionId = random_int(PHP_INT_MAX / 10, PHP_INT_MAX); $executionId = random_int(PHP_INT_MAX / 10, PHP_INT_MAX);