Fix hashtags with markdown escape enabled

They're now transformed to markdown syntax links before processing them through Parsedown.

Fixes #1210
This commit is contained in:
ArthurHoaro 2018-08-14 12:26:51 +02:00
parent f28b73b21f
commit cb7940e2de
6 changed files with 47 additions and 6 deletions

View file

@ -215,6 +215,15 @@ function reverse_text2clickable($description)
$descriptionLine $descriptionLine
); );
// Make hashtag links markdown ready, otherwise the links will be ignored with escape set to true
if (!$codeBlockOn && !$codeLineOn) {
$descriptionLine = preg_replace(
'#<a href="([^ ]*)"'. $hashtagTitle .'>([^<]+)</a>#m',
'[$2]($1)',
$descriptionLine
);
}
$descriptionOut .= $descriptionLine; $descriptionOut .= $descriptionLine;
if ($lineCount++ < count($descriptionLines) - 1) { if ($lineCount++ < count($descriptionLines) - 1) {
$descriptionOut .= PHP_EOL; $descriptionOut .= PHP_EOL;

View file

@ -106,6 +106,18 @@ public function testReverseText2clickable()
$this->assertEquals($text, $reversedText); $this->assertEquals($text, $reversedText);
} }
/**
* Test reverse_text2clickable().
*/
public function testReverseText2clickableHashtags()
{
$text = file_get_contents('tests/plugins/resources/hashtags.raw');
$md = file_get_contents('tests/plugins/resources/hashtags.md');
$clickableText = hashtag_autolink($text);
$reversedText = reverse_text2clickable($clickableText);
$this->assertEquals($md, $reversedText);
}
/** /**
* Test reverse_nl2br(). * Test reverse_nl2br().
*/ */
@ -246,7 +258,7 @@ public function testMarkdownGlobalProcessDescription()
$this->conf->get('security.markdown_escape', true), $this->conf->get('security.markdown_escape', true),
$this->conf->get('security.allowed_protocols') $this->conf->get('security.allowed_protocols')
); );
$this->assertEquals($html, $data); $this->assertEquals($html, $data . PHP_EOL);
} }
/** /**

View file

@ -0,0 +1,10 @@
[#lol](?addtag=lol)
#test
`#test2`
```
bla #bli blo
#bla
```

View file

@ -0,0 +1,10 @@
#lol
#test
`#test2`
```
bla #bli blo
#bla
```

View file

@ -12,11 +12,11 @@
<li><a href="http://link.tld">two</a></li> <li><a href="http://link.tld">two</a></li>
<li><a href="http://link.tld">three</a></li> <li><a href="http://link.tld">three</a></li>
<li><a href="http://link.tld">four</a></li> <li><a href="http://link.tld">four</a></li>
<li>foo &lt;a href=&quot;?addtag=foobar&quot; title=&quot;Hashtag foobar&quot;&gt;#foobar&lt;/a&gt;</li> <li>foo <a href="?addtag=foobar">#foobar</a></li>
</ol></li> </ol></li>
</ol> </ol>
<p>&lt;a href=&quot;?addtag=foobar&quot; title=&quot;Hashtag foobar&quot;&gt;#foobar&lt;/a&gt; foo <code>lol #foo</code> &lt;a href=&quot;?addtag=bar&quot; title=&quot;Hashtag bar&quot;&gt;#bar&lt;/a&gt;</p> <p><a href="?addtag=foobar">#foobar</a> foo <code>lol #foo</code> <a href="?addtag=bar">#bar</a></p>
<p>fsdfs <a href="http://link.tld">http://link.tld</a> &lt;a href=&quot;?addtag=foobar&quot; title=&quot;Hashtag foobar&quot;&gt;#foobar&lt;/a&gt; <code>http://link.tld</code></p> <p>fsdfs <a href="http://link.tld">http://link.tld</a> <a href="?addtag=foobar">#foobar</a> <code>http://link.tld</code></p>
<pre><code>http://link.tld #foobar <pre><code>http://link.tld #foobar
next #foo</code></pre> next #foo</code></pre>
<p>Block:</p> <p>Block:</p>
@ -30,4 +30,4 @@
<a href="ftp://test.tld/path/?query=value#hash">link</a><br /> <a href="ftp://test.tld/path/?query=value#hash">link</a><br />
<a href="magnet:test.tld/path/?query=value#hash">link</a><br /> <a href="magnet:test.tld/path/?query=value#hash">link</a><br />
<a href="http://alert(&#039;xss&#039;)">link</a><br /> <a href="http://alert(&#039;xss&#039;)">link</a><br />
<a href="http://test.tld/path/?query=value#hash">link</a></p></div> <a href="http://test.tld/path/?query=value#hash">link</a></p></div>

View file

@ -31,4 +31,4 @@ lorem ipsum #foobar http://link.tld
[link](ftp://test.tld/path/?query=value#hash) [link](ftp://test.tld/path/?query=value#hash)
[link](magnet:test.tld/path/?query=value#hash) [link](magnet:test.tld/path/?query=value#hash)
[link](javascript:alert('xss')) [link](javascript:alert('xss'))
[link](other://test.tld/path/?query=value#hash) [link](other://test.tld/path/?query=value#hash)