Merge pull request #9626 from MrPetovan/bug/9611-bbcode-convert-html-purify

Prevents share block new lines from being converted to HTML <br> tags
This commit is contained in:
Michael Vogel 2020-12-06 15:53:18 +01:00 committed by GitHub
commit ce52d31afa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -50,7 +50,7 @@ use Friendica\Util\XML;
class BBCode class BBCode
{ {
// Update this value to the current date whenever changes are made to BBCode::convert // Update this value to the current date whenever changes are made to BBCode::convert
const VERSION = '2020-12-03'; const VERSION = '2020-12-06';
const INTERNAL = 0; const INTERNAL = 0;
const API = 2; const API = 2;
@ -1378,6 +1378,9 @@ class BBCode
} while ($oldtext != $text); } while ($oldtext != $text);
} }
// Add HTML new lines
$text = str_replace("\n", '<br>', $text);
/// @todo Have a closer look at the different html modes /// @todo Have a closer look at the different html modes
// Handle attached links or videos // Handle attached links or videos
if ($simple_html == self::ACTIVITYPUB) { if ($simple_html == self::ACTIVITYPUB) {
@ -1848,18 +1851,16 @@ class BBCode
return $text; return $text;
}); // Escaped noparse, nobb, pre }); // Escaped noparse, nobb, pre
// Remove escaping tags // Remove escaping tags and replace new lines that remain
$text = preg_replace("/\[noparse\](.*?)\[\/noparse\]/ism", '\1', $text); $text = preg_replace_callback('/\[(noparse|nobb)](.*?)\[\/\1]/ism', function ($match) {
$text = preg_replace("/\[nobb\](.*?)\[\/nobb\]/ism", '\1', $text); return str_replace("\n", "<br>", $match[2]);
}, $text);
// Additionally, [pre] tags preserve spaces // Additionally, [pre] tags preserve spaces
$text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", function ($match) { $text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", function ($match) {
return str_replace(' ', '&nbsp;', htmlentities($match[1], ENT_NOQUOTES,'UTF-8')); return str_replace([' ', "\n"], ['&nbsp;', "<br>"], htmlentities($match[1], ENT_NOQUOTES,'UTF-8'));
}, $text); }, $text);
// Add HTML new lines
$text = str_replace("\n", '<br>', $text);
return $text; return $text;
}); // Escaped code }); // Escaped code