Merge pull request #8022 from nupplaphil/task/mod_hcard

[friendica.git] / src / Content / Text / BBCode.php

diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index 6d4c3418d07410dd40417c5203ae0328c5d8c821..3617470df4ff175cc0505cf1e5ea934427b6c0c6 100644 (file)
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -398,15 +398,15 @@ class BBCode extends BaseObject
         */
        public static function removeAttachment($body, $no_link_desc = false)
        {
-               return preg_replace_callback("/\[attachment (.*)\](.*?)\[\/attachment\]/ism",
+               return preg_replace_callback("/\s*\[attachment (.*)\](.*?)\[\/attachment\]\s*/ism",
                        function ($match) use ($no_link_desc) {
                                $attach_data = self::getAttachmentData($match[0]);
                                if (empty($attach_data['url'])) {
                                        return $match[0];
                                } elseif (empty($attach_data['title']) || $no_link_desc) {
-                                       return '[url]' . $attach_data['url'] . "[/url]\n";
+                                       return "\n[url]" . $attach_data['url'] . "[/url]\n";
                                } else {
-                                       return '[url=' . $attach_data['url'] . ']' . $attach_data['title'] . "[/url]\n";
+                                       return "\n[url=" . $attach_data['url'] . ']' . $attach_data['title'] . "[/url]\n";
                                }
                }, $body);
        }
@@ -1283,9 +1283,9 @@ class BBCode extends BaseObject
                        function ($matches) use (&$codeblocks) {
                                $return = '#codeblock-' . count($codeblocks) . '#';
                                if (strpos($matches[2], "\n") !== false) {
-                                       $codeblocks[] = '<pre><code class="language-' . trim($matches[1]) . '">' . trim($matches[2], "\n\r") . '</code></pre>';
+                                       $codeblocks[] = '<pre><code class="language-' . trim($matches[1]) . '">' . htmlspecialchars(trim($matches[2], "\n\r"), ENT_NOQUOTES, 'UTF-8') . '</code></pre>';
                                } else {
-                                       $codeblocks[] = '<code>' . $matches[2] . '</code>';
+                                       $codeblocks[] = '<code>' . htmlspecialchars($matches[2], ENT_NOQUOTES, 'UTF-8') . '</code>';
                                }
 
                                return $return;
@@ -2052,9 +2052,6 @@ class BBCode extends BaseObject
                        $text = self::convert($text, false, 4);
                }
 
-               // mask some special HTML chars from conversation to markdown
-               $text = str_replace(['&lt;', '&gt;', '&amp;'], ['&_lt_;', '&_gt_;', '&_amp_;'], $text);
-
                // If a link is followed by a quote then there should be a newline before it
                // Maybe we should make this newline at every time before a quote.
                $text = str_replace(['</a><blockquote>'], ['</a><br><blockquote>'], $text);
@@ -2064,9 +2061,6 @@ class BBCode extends BaseObject
                // Now convert HTML to Markdown
                $text = HTML::toMarkdown($text);
 
-               // unmask the special chars back to HTML
-               $text = str_replace(['&\_lt\_;', '&\_gt\_;', '&\_amp\_;'], ['&lt;', '&gt;', '&amp;'], $text);
-
                $a->getProfiler()->saveTimestamp($stamp1, "parser", System::callstack());
 
                // Libertree has a problem with escaped hashtags.