[markdown] Escape mentions which username can contain Markdown-like syntax

This commit is contained in:
Hypolite Petovan 2020-11-02 11:02:08 -05:00
parent ee8564fd06
commit 05d2707d50

View file

@ -47,26 +47,17 @@ function markdown_post_local_start(App $a, &$request) {
return;
}
// Elements that shouldn't be parsed
$elements = ['code', 'noparse', 'nobb', 'pre', 'share', 'url', 'img', 'bookmark',
'audio', 'video', 'youtube', 'vimeo', 'attachment', 'iframe', 'map', 'mail'];
foreach ($elements as $element) {
$request['body'] = preg_replace_callback("/\[" . $element . "(.*?)\](.*?)\[\/" . $element . "\]/ism",
function ($match) use ($element) {
return '[' . $element . '-b64' . base64_encode($match[1]) . ']' . base64_encode($match[2]) . '[/b64-' . $element . ']';
},
$request['body']
);
}
$request['body'] = Markdown::toBBCode($request['body']);
foreach (array_reverse($elements) as $element) {
$request['body'] = preg_replace_callback("/\[" . $element . "-b64(.*?)\](.*?)\[\/b64-" . $element . "\]/ism",
function ($match) use ($element) {
return '[' . $element . base64_decode($match[1]) . ']' . base64_decode($match[2]) . '[/' . $element . ']';
},
$request['body']
);
}
// Escape elements that shouldn't be parsed
$request['body'] = \Friendica\Content\Text\BBCode::performWithEscapedTags(
$request['body'],
['code', 'noparse', 'nobb', 'pre', 'share', 'url', 'img', 'bookmark',
'audio', 'video', 'youtube', 'vimeo', 'attachment', 'iframe', 'map', 'mail'],
function ($body) {
// Escape mentions which username can contain Markdown-like characters
// See https://github.com/friendica/friendica/issues/9486
return \Friendica\Util\Strings::performWithEscapedBlocks($body, '/[@!][^@\s]+@[^\s]+\w/', function ($text) {
return Markdown::toBBCode($text);
});
}
);
}