streams/Zotlabs/Lib/MarkdownSoap.php

<?php

namespace Zotlabs\Lib;

/**
 * @brief MarkdownSoap class.
 *
 * Purify Markdown for storage
 * @code{.php}
 *   $x = new MarkdownSoap($string_to_be_cleansed);
 *   $text = $x->clean();
 * @endcode
 * What this does:
 * 1. extracts code blocks and privately escapes them from processing
 * 2. Run html purifier on the content
 * 3. put back the code blocks
 * 4. run htmlspecialchars on the entire content for safe storage
 *
 * At render time:
 * @code{.php}
 *    $markdown = \Zotlabs\Lib\MarkdownSoap::unescape($text);
 *    $html = \Michelf\MarkdownExtra::DefaultTransform($markdown);
 * @endcode
 */
class MarkdownSoap {

	/**
	 * @var string
	 */
	private $str;
	/**
	 * @var string
	 */
	private $token;


	function __construct($s) {
		$this->str   = $s;
		$this->token = random_string(20);
	}

	function clean() {

		$x = $this->extract_code($this->str);

		$x = $this->purify($x);

		$x = $this->putback_code($x);

		$x = $this->escape($x);

		return $x;
	}

	/**
	 * @brief Extracts code blocks and privately escapes them from processing.
	 *
	 * @see encode_code()
	 * @see putback_code()
	 *
	 * @param string $s
	 * @return string
	 */
	function extract_code($s) {

		$text = preg_replace_callback('{
					(?:\n\n|\A\n?)
					(	            # $1 = the code block -- one or more lines, starting with a space/tab
					  (?>
						[ ]{'.'4'.'}  # Lines must start with a tab or a tab-width of spaces
						.*\n+
					  )+
					)
					((?=^[ ]{0,'.'4'.'}\S)|\Z)	# Lookahead for non-space at line-start, or end of doc
				}xm',
				[ $this , 'encode_code' ], $s);

		return $text;
	}

	function encode_code($matches) {
		return $this->token . ';' . base64_encode($matches[0]) . ';' ;
	}

	function decode_code($matches) {
		return base64_decode($matches[1]);
	}

	/**
	 * @brief Put back the code blocks.
	 *
	 * @see extract_code()
	 * @see decode_code()
	 *
	 * @param string $s
	 * @return string
	 */
	function putback_code($s) {
		$text = preg_replace_callback('{' . $this->token . '\;(.*?)\;}xm', [ $this, 'decode_code' ], $s);
		return $text;
	}

	function purify($s) {
		$s = $this->protect_autolinks($s);
		$s = purify_html($s);
		$s = $this->unprotect_autolinks($s);
		return $s;
	}

	function protect_autolinks($s) {
		$s = preg_replace('/\<(https?\:\/\/)(.*?)\>/', '[$1$2]($1$2)', $s);
		return $s;
	}

	function unprotect_autolinks($s) {
		return $s;
	}

	function escape($s) {
		return htmlspecialchars($s, ENT_QUOTES, 'UTF-8', false);
	}

	/**
	 * @brief Converts special HTML entities back to characters.
	 *
	 * @param string $s
	 * @return string
	 */
	static public function unescape($s) {
		return htmlspecialchars_decode($s, ENT_QUOTES);
	}
}
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`<?php`

			`namespace Zotlabs\Lib;`

			`/**`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`* @brief MarkdownSoap class.`
			`*`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`* Purify Markdown for storage`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`* @code{.php}`
input filter updates 2017-03-15 00:07:29 +00:00			`* $x = new MarkdownSoap($string_to_be_cleansed);`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`* $text = $x->clean();`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`* @endcode`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`* What this does:`
			`* 1. extracts code blocks and privately escapes them from processing`
			`* 2. Run html purifier on the content`
			`* 3. put back the code blocks`
			`* 4. run htmlspecialchars on the entire content for safe storage`
			`*`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`* At render time:`
			`* @code{.php}`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`* $markdown = \Zotlabs\Lib\MarkdownSoap::unescape($text);`
			`* $html = \Michelf\MarkdownExtra::DefaultTransform($markdown);`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`* @endcode`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`*/`
			`class MarkdownSoap {`

:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`/**`
			`* @var string`
			`*/`
			`private $str;`
			`/**`
			`* @var string`
			`*/`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`private $token;`


			`function __construct($s) {`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`$this->str = $s;`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`$this->token = random_string(20);`
			`}`

			`function clean() {`
various input filter fixes 2017-03-18 23:41:43 +00:00
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`$x = $this->extract_code($this->str);`
various input filter fixes 2017-03-18 23:41:43 +00:00
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`$x = $this->purify($x);`
various input filter fixes 2017-03-18 23:41:43 +00:00
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`$x = $this->putback_code($x);`
various input filter fixes 2017-03-18 23:41:43 +00:00
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`$x = $this->escape($x);`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`return $x;`
			`}`

:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`/**`
			`* @brief Extracts code blocks and privately escapes them from processing.`
			`*`
			`* @see encode_code()`
			`* @see putback_code()`
			`*`
			`* @param string $s`
			`* @return string`
			`*/`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`function extract_code($s) {`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`$text = preg_replace_callback('{`
			`(?:\n\n\|\A\n?)`
			`( # $1 = the code block -- one or more lines, starting with a space/tab`
			`(?>`
			`[ ]{'.'4'.'} # Lines must start with a tab or a tab-width of spaces`
			`.*\n+`
			`)+`
			`)`
			`((?=^[ ]{0,'.'4'.'}\S)\|\Z) # Lookahead for non-space at line-start, or end of doc`
			`}xm',`
			`[ $this , 'encode_code' ], $s);`

			`return $text;`
			`}`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`function encode_code($matches) {`
various input filter fixes 2017-03-18 23:41:43 +00:00			`return $this->token . ';' . base64_encode($matches[0]) . ';' ;`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`}`

			`function decode_code($matches) {`
			`return base64_decode($matches[1]);`
			`}`

:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`/**`
			`* @brief Put back the code blocks.`
			`*`
			`* @see extract_code()`
			`* @see decode_code()`
			`*`
			`* @param string $s`
			`* @return string`
			`*/`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`function putback_code($s) {`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`$text = preg_replace_callback('{' . $this->token . '\;(.*?)\;}xm', [ $this, 'decode_code' ], $s);`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`return $text;`
			`}`

			`function purify($s) {`
markdown autolinks - hubzilla bug #752 2017-05-05 09:27:24 +00:00			`$s = $this->protect_autolinks($s);`
various input filter fixes 2017-03-18 23:41:43 +00:00			`$s = purify_html($s);`
markdown autolinks - hubzilla bug #752 2017-05-05 09:27:24 +00:00			`$s = $this->unprotect_autolinks($s);`
various input filter fixes 2017-03-18 23:41:43 +00:00			`return $s;`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`}`

markdown autolinks - hubzilla bug #752 2017-05-05 09:27:24 +00:00			`function protect_autolinks($s) {`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`$s = preg_replace('/\<(https?\:\/\/)(.*?)\>/', '[$1$2]($1$2)', $s);`
markdown autolinks - hubzilla bug #752 2017-05-05 09:27:24 +00:00			`return $s;`
			`}`

			`function unprotect_autolinks($s) {`
			`return $s;`
			`}`

class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`function escape($s) {`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`return htmlspecialchars($s, ENT_QUOTES, 'UTF-8', false);`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`}`

:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`/**`
			`* @brief Converts special HTML entities back to characters.`
			`*`
			`* @param string $s`
			`* @return string`
			`*/`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`static public function unescape($s) {`
:bulb: Add source documentation from recent conversations. There have been some conversations in the last weeks which explained several parts of the code, so add it to the source code documentation. Also some other small source code documentation improvements. 2017-12-23 13:42:23 +00:00			`return htmlspecialchars_decode($s, ENT_QUOTES);`
class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor 2017-03-14 07:23:44 +00:00			`}`
			`}`