Add tag escaping to Item::setHashtags

- Add return value to Item::setHashtags
This commit is contained in:
Hypolite Petovan 2020-06-04 20:56:50 -04:00
parent 472018191b
commit 76460ddd2d
3 changed files with 61 additions and 80 deletions

View file

@ -642,7 +642,7 @@ function item_post(App $a) {
// Check for hashtags in the body and repair or add hashtag links // Check for hashtags in the body and repair or add hashtag links
if ($preview || $orig_post) { if ($preview || $orig_post) {
Item::setHashtags($datarray); $datarray['body'] = Item::setHashtags($datarray['body']);
} }
// preview mode - prepare the body for display and send it via json // preview mode - prepare the body for display and send it via json

View file

@ -1780,7 +1780,7 @@ class Item
// Check for hashtags in the body and repair or add hashtag links // Check for hashtags in the body and repair or add hashtag links
self::setHashtags($item); $item['body'] = self::setHashtags($item['body']);
// Fill the cache field // Fill the cache field
self::putInCache($item); self::putInCache($item);
@ -2424,26 +2424,16 @@ class Item
} }
} }
public static function setHashtags(&$item) public static function setHashtags($body)
{ {
$tags = BBCode::getTags($item["body"]); $body = BBCode::performWithEscapedTags($body, ['noparse', 'pre', 'code'], function ($body) {
$tags = BBCode::getTags($body);
// No hashtags? // No hashtags?
if (!count($tags)) { if (!count($tags)) {
return false; return $body;
} }
// What happens in [code], stays in [code]!
// escape the # and the [
// hint: we will also get in trouble with #tags, when we want markdown in posts -> ### Headline 3
$item["body"] = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism",
function ($match) {
// we truly ESCape all # and [ to prevent gettin weird tags in [code] blocks
$find = ['#', '['];
$replace = [chr(27).'sharp', chr(27).'leftsquarebracket'];
return ("[code" . $match[1] . "]" . str_replace($find, $replace, $match[2]) . "[/code]");
}, $item["body"]);
// This sorting is important when there are hashtags that are part of other hashtags // This sorting is important when there are hashtags that are part of other hashtags
// Otherwise there could be problems with hashtags like #test and #test2 // Otherwise there could be problems with hashtags like #test and #test2
// Because of this we are sorting from the longest to the shortest tag. // Because of this we are sorting from the longest to the shortest tag.
@ -2455,29 +2445,29 @@ class Item
// All hashtags should point to the home server if "local_tags" is activated // All hashtags should point to the home server if "local_tags" is activated
if (DI::config()->get('system', 'local_tags')) { if (DI::config()->get('system', 'local_tags')) {
$item["body"] = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $body = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
"#[url=".DI::baseUrl()."/search?tag=$2]$2[/url]", $item["body"]); "#[url=" . DI::baseUrl() . "/search?tag=$2]$2[/url]", $body);
} }
// mask hashtags inside of url, bookmarks and attachments to avoid urls in urls // mask hashtags inside of url, bookmarks and attachments to avoid urls in urls
$item["body"] = preg_replace_callback("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $body = preg_replace_callback("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
function ($match) { function ($match) {
return ("[url=" . str_replace("#", "#", $match[1]) . "]" . str_replace("#", "#", $match[2]) . "[/url]"); return ("[url=" . str_replace("#", "#", $match[1]) . "]" . str_replace("#", "#", $match[2]) . "[/url]");
}, $item["body"]); }, $body);
$item["body"] = preg_replace_callback("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism", $body = preg_replace_callback("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism",
function ($match) { function ($match) {
return ("[bookmark=" . str_replace("#", "#", $match[1]) . "]" . str_replace("#", "#", $match[2]) . "[/bookmark]"); return ("[bookmark=" . str_replace("#", "#", $match[1]) . "]" . str_replace("#", "#", $match[2]) . "[/bookmark]");
}, $item["body"]); }, $body);
$item["body"] = preg_replace_callback("/\[attachment (.*)\](.*?)\[\/attachment\]/ism", $body = preg_replace_callback("/\[attachment (.*)\](.*?)\[\/attachment\]/ism",
function ($match) { function ($match) {
return ("[attachment " . str_replace("#", "#", $match[1]) . "]" . $match[2] . "[/attachment]"); return ("[attachment " . str_replace("#", "#", $match[1]) . "]" . $match[2] . "[/attachment]");
}, $item["body"]); }, $body);
// Repair recursive urls // Repair recursive urls
$item["body"] = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $body = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
"#$2", $item["body"]); "#$2", $body);
foreach ($tags as $tag) { foreach ($tags as $tag) {
if ((strpos($tag, '#') !== 0) || strpos($tag, '[url=') || strlen($tag) < 2 || $tag[1] == '#') { if ((strpos($tag, '#') !== 0) || strpos($tag, '[url=') || strlen($tag) < 2 || $tag[1] == '#') {
@ -2487,21 +2477,16 @@ class Item
$basetag = str_replace('_', ' ', substr($tag, 1)); $basetag = str_replace('_', ' ', substr($tag, 1));
$newtag = '#[url=' . DI::baseUrl() . '/search?tag=' . $basetag . ']' . $basetag . '[/url]'; $newtag = '#[url=' . DI::baseUrl() . '/search?tag=' . $basetag . ']' . $basetag . '[/url]';
$item["body"] = str_replace($tag, $newtag, $item["body"]); $body = str_replace($tag, $newtag, $body);
} }
// Convert back the masked hashtags // Convert back the masked hashtags
$item["body"] = str_replace("&num;", "#", $item["body"]); $body = str_replace("&num;", "#", $body);
// Remember! What happens in [code], stays in [code] return $body;
// roleback the # and [ });
$item["body"] = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism",
function ($match) { return $body;
// we truly unESCape all sharp and leftsquarebracket
$find = [chr(27).'sharp', chr(27).'leftsquarebracket'];
$replace = ['#', '['];
return ("[code" . $match[1] . "]" . str_replace($find, $replace, $match[2]) . "[/code]");
}, $item["body"]);
} }
/** /**

View file

@ -102,14 +102,12 @@ class Babel extends BaseModule
'content' => visible_whitespace($bbcode4) 'content' => visible_whitespace($bbcode4)
]; ];
$item = ['body' => $bbcode];
$tags = Text\BBCode::getTags($bbcode); $tags = Text\BBCode::getTags($bbcode);
Item::setHashtags($item); $body = Item::setHashtags($bbcode);
$results[] = [ $results[] = [
'title' => DI::l10n()->t('Item Body'), 'title' => DI::l10n()->t('Item Body'),
'content' => visible_whitespace($item['body']) 'content' => visible_whitespace($body)
]; ];
$results[] = [ $results[] = [
'title' => DI::l10n()->t('Item Tags'), 'title' => DI::l10n()->t('Item Tags'),
@ -125,9 +123,7 @@ class Babel extends BaseModule
$markdown = XML::unescape($diaspora); $markdown = XML::unescape($diaspora);
case 'markdown': case 'markdown':
if (!isset($markdown)) { $markdown = $markdown ?? trim($_REQUEST['text']);
$markdown = trim($_REQUEST['text']);
}
$results[] = [ $results[] = [
'title' => DI::l10n()->t('Source input (Markdown)'), 'title' => DI::l10n()->t('Source input (Markdown)'),