BookStack Code Mirror - bookstack/blobdiff - app/Entities/Tools/PageContent.php

-<?php namespace BookStack\Entities\Tools;

+<?php

+

+namespace BookStack\Entities\Tools;

-use BookStack\Auth\Permissions\PermissionService;

use BookStack\Entities\Models\Page;

+use BookStack\Entities\Tools\Markdown\CustomListItemRenderer;

use BookStack\Entities\Tools\Markdown\CustomStrikeThroughExtension;

+use BookStack\Exceptions\ImageUploadException;

use BookStack\Facades\Theme;

use BookStack\Theming\ThemeEvents;

use BookStack\Facades\Theme;

use BookStack\Theming\ThemeEvents;

-use BookStack\Uploads\Image;

use BookStack\Uploads\ImageRepo;

-use BookStack\Uploads\ImageService;

+use BookStack\Util\HtmlContentFilter;

use DOMDocument;

use DOMNodeList;

use DOMXPath;

use DOMDocument;

use DOMNodeList;

use DOMXPath;

+use Illuminate\Support\Str;

+use League\CommonMark\Block\Element\ListItem;

use League\CommonMark\CommonMarkConverter;

use League\CommonMark\Environment;

use League\CommonMark\Extension\Table\TableExtension;

use League\CommonMark\CommonMarkConverter;

use League\CommonMark\Environment;

use League\CommonMark\Extension\Table\TableExtension;

class PageContent

{

class PageContent

{

-

protected $page;

/**

protected $page;

/**

*/

public function setNewHTML(string $html)

{

*/

public function setNewHTML(string $html)

{

- $html = $this->saveBase64Images($this->page, $html);

+ $html = $this->extractBase64Images($this->page, $html);

$this->page->html = $this->formatHtml($html);

$this->page->text = $this->toPlainText();

$this->page->markdown = '';

$this->page->html = $this->formatHtml($html);

$this->page->text = $this->toPlainText();

$this->page->markdown = '';

$environment->addExtension(new CustomStrikeThroughExtension());

$environment = Theme::dispatch(ThemeEvents::COMMONMARK_ENVIRONMENT_CONFIGURE, $environment) ?? $environment;

$converter = new CommonMarkConverter([], $environment);

$environment->addExtension(new CustomStrikeThroughExtension());

$environment = Theme::dispatch(ThemeEvents::COMMONMARK_ENVIRONMENT_CONFIGURE, $environment) ?? $environment;

$converter = new CommonMarkConverter([], $environment);

+

+ $environment->addBlockRenderer(ListItem::class, new CustomListItemRenderer(), 10);

+

return $converter->convertToHtml($markdown);

}

/**

return $converter->convertToHtml($markdown);

}

/**

- * Convert all base64 image data to saved images

+ * Convert all base64 image data to saved images.

*/

- public function saveBase64Images(Page $page, string $htmlText): string

+ public function extractBase64Images(Page $page, string $htmlText): string

{

- if ($htmlText == '') {

+ if (empty($htmlText) || strpos($htmlText, 'data:image') === false) {

return $htmlText;

}

return $htmlText;

}

- libxml_use_internal_errors(true);

- $doc = new DOMDocument();

- $doc->loadHTML(mb_convert_encoding($htmlText, 'HTML-ENTITIES', 'UTF-8'));

+ $doc = $this->loadDocumentFromHtml($htmlText);

$container = $doc->documentElement;

$body = $container->childNodes->item(0);

$childNodes = $body->childNodes;

$xPath = new DOMXPath($doc);

$container = $doc->documentElement;

$body = $container->childNodes->item(0);

$childNodes = $body->childNodes;

$xPath = new DOMXPath($doc);

+ $imageRepo = app()->make(ImageRepo::class);

+ $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];

// Get all img elements with image data blobs

$imageNodes = $xPath->query('//img[contains(@src, \'data:image\')]');

// Get all img elements with image data blobs

$imageNodes = $xPath->query('//img[contains(@src, \'data:image\')]');

- foreach($imageNodes as $imageNode) {

+ foreach ($imageNodes as $imageNode) {

$imageSrc = $imageNode->getAttribute('src');

+ [$dataDefinition, $base64ImageData] = explode(',', $imageSrc, 2);

+ $extension = strtolower(preg_split('/[\/;]/', $dataDefinition)[1] ?? 'png');

- # Parse base64 data

- $result = preg_match('"data:image/[a-zA-Z]*(;base64,[a-zA-Z0-9+/\\= ]*)"', $imageSrc, $matches);

-

- if($result === 1) {

- $base64ImageData = $matches[1];

-

- $image = new Image();

- $imageService = app()->make(ImageService::class);

- $permissionService = app(PermissionService::class);

- $imageRepo = new ImageRepo(new Image(), $imageService, $permissionService, $page);

+ // Validate extension

+ if (!in_array($extension, $allowedExtensions)) {

+ $imageNode->setAttribute('src', '');

+ continue;

+ }

- # Use existing saveDrawing method used for Drawio diagrams

- $image = $imageRepo->saveDrawing($base64ImageData, $page->id);

-

- // Create a new img element with the saved image URI

- $newNode = $doc->createElement('img');

- $newNode->setAttribute('src', $image->path);

+ // Save image from data with a random name

+ $imageName = 'embedded-image-' . Str::random(8) . '.' . $extension;

- // Replace the old img element

- $imageNode->parentNode->replaceChild($newNode, $imageNode);

+ try {

+ $image = $imageRepo->saveNewFromData($imageName, base64_decode($base64ImageData), 'gallery', $page->id);

+ $imageNode->setAttribute('src', $image->url);

+ } catch (ImageUploadException $exception) {

+ $imageNode->setAttribute('src', '');

}

*/

protected function formatHtml(string $htmlText): string

{

*/

protected function formatHtml(string $htmlText): string

{

- if ($htmlText == '') {

+ if (empty($htmlText)) {

return $htmlText;

}

return $htmlText;

}

- libxml_use_internal_errors(true);

- $doc = new DOMDocument();

- $doc->loadHTML(mb_convert_encoding($htmlText, 'HTML-ENTITIES', 'UTF-8'));

-

+ $doc = $this->loadDocumentFromHtml($htmlText);

$container = $doc->documentElement;

$body = $container->childNodes->item(0);

$childNodes = $body->childNodes;

$container = $doc->documentElement;

$body = $container->childNodes->item(0);

$childNodes = $body->childNodes;

protected function updateLinks(DOMXPath $xpath, string $old, string $new)

{

$old = str_replace('"', '', $old);

protected function updateLinks(DOMXPath $xpath, string $old, string $new)

{

$old = str_replace('"', '', $old);

- $matchingLinks = $xpath->query('//body//*//*[@href="'.$old.'"]');

+ $matchingLinks = $xpath->query('//body//*//*[@href="' . $old . '"]');

foreach ($matchingLinks as $domElem) {

$domElem->setAttribute('href', $new);

}

foreach ($matchingLinks as $domElem) {

$domElem->setAttribute('href', $new);

}

/**

* Set a unique id on the given DOMElement.

* A map for existing ID's should be passed in to check for current existence.

/**

* Set a unique id on the given DOMElement.

* A map for existing ID's should be passed in to check for current existence.

- * Returns a pair of strings in the format [old_id, new_id]

+ * Returns a pair of strings in the format [old_id, new_id].

*/

protected function setUniqueId(\DOMNode $element, array &$idMap): array

{

*/

protected function setUniqueId(\DOMNode $element, array &$idMap): array

{

$existingId = $element->getAttribute('id');

if (strpos($existingId, 'bkmrk') === 0 && !isset($idMap[$existingId])) {

$idMap[$existingId] = true;

$existingId = $element->getAttribute('id');

if (strpos($existingId, 'bkmrk') === 0 && !isset($idMap[$existingId])) {

$idMap[$existingId] = true;

+

return [$existingId, $existingId];

}

return [$existingId, $existingId];

}

$element->setAttribute('id', $newId);

$idMap[$newId] = true;

$element->setAttribute('id', $newId);

$idMap[$newId] = true;

+

return [$existingId, $newId];

}

return [$existingId, $newId];

}

protected function toPlainText(): string

{

$html = $this->render(true);

protected function toPlainText(): string

{

$html = $this->render(true);

+

return html_entity_decode(strip_tags($html));

}

/**

return html_entity_decode(strip_tags($html));

}

/**

- * Render the page for viewing

+ * Render the page for viewing.

*/

- public function render(bool $blankIncludes = false) : string

+ public function render(bool $blankIncludes = false): string

{

- $content = $this->page->html;

+ $content = $this->page->html ?? '';

if (!config('app.allow_content_scripts')) {

- $content = $this->escapeScripts($content);

+ $content = HtmlContentFilter::removeScripts($content);

}

if ($blankIncludes) {

}

if ($blankIncludes) {

}

/**

}

/**

- * Parse the headers on the page to get a navigation menu

+ * Parse the headers on the page to get a navigation menu.

*/

public function getNavigation(string $htmlContent): array

{

*/

public function getNavigation(string $htmlContent): array

{

return [];

}

return [];

}

- libxml_use_internal_errors(true);

- $doc = new DOMDocument();

- $doc->loadHTML(mb_convert_encoding($htmlContent, 'HTML-ENTITIES', 'UTF-8'));

+ $doc = $this->loadDocumentFromHtml($htmlContent);

$xPath = new DOMXPath($doc);

- $headers = $xPath->query("//h1|//h2|//h3|//h4|//h5|//h6");

+ $headers = $xPath->query('//h1|//h2|//h3|//h4|//h5|//h6');

return $headers ? $this->headerNodesToLevelList($headers) : [];

}

return $headers ? $this->headerNodesToLevelList($headers) : [];

}

return [

'nodeName' => strtolower($header->nodeName),

return [

'nodeName' => strtolower($header->nodeName),

- 'level' => intval(str_replace('h', '', $header->nodeName)),

- 'link' => '#' . $header->getAttribute('id'),

- 'text' => $text,

+ 'level' => intval(str_replace('h', '', $header->nodeName)),

+ 'link' => '#' . $header->getAttribute('id'),

+ 'text' => $text,

];

})->filter(function ($header) {

return mb_strlen($header['text']) > 0;

];

})->filter(function ($header) {

return mb_strlen($header['text']) > 0;

$levelChange = ($tree->pluck('level')->min() - 1);

$tree = $tree->map(function ($header) use ($levelChange) {

$header['level'] -= ($levelChange);

$levelChange = ($tree->pluck('level')->min() - 1);

$tree = $tree->map(function ($header) use ($levelChange) {

$header['level'] -= ($levelChange);

+

return $header;

});

return $header;

});

/**

* Remove any page include tags within the given HTML.

*/

/**

* Remove any page include tags within the given HTML.

*/

- protected function blankPageIncludes(string $html) : string

+ protected function blankPageIncludes(string $html): string

{

return preg_replace("/{{@\s?([0-9].*?)}}/", '', $html);

}

{

return preg_replace("/{{@\s?([0-9].*?)}}/", '', $html);

}

/**

* Parse any include tags "{{@<page_id>#section}}" to be part of the page.

*/

/**

* Parse any include tags "{{@<page_id>#section}}" to be part of the page.

*/

- protected function parsePageIncludes(string $html) : string

+ protected function parsePageIncludes(string $html): string

{

$matches = [];

preg_match_all("/{{@\s?([0-9].*?)}}/", $html, $matches);

{

$matches = [];

preg_match_all("/{{@\s?([0-9].*?)}}/", $html, $matches);

return $html;

}

return $html;

}

-

/**

* Fetch the content from a specific section of the given page.

*/

protected function fetchSectionOfPage(Page $page, string $sectionId): string

{

$topLevelTags = ['table', 'ul', 'ol'];

/**

* Fetch the content from a specific section of the given page.

*/

protected function fetchSectionOfPage(Page $page, string $sectionId): string

{

$topLevelTags = ['table', 'ul', 'ol'];

- $doc = new DOMDocument();

- libxml_use_internal_errors(true);

- $doc->loadHTML(mb_convert_encoding('<body>'.$page->html.'</body>', 'HTML-ENTITIES', 'UTF-8'));

+ $doc = $this->loadDocumentFromHtml($page->html);

// Search included content for the id given and blank out if not exists.

$matchingElem = $doc->getElementById($sectionId);

// Search included content for the id given and blank out if not exists.

$matchingElem = $doc->getElementById($sectionId);

}

/**

}

/**

- * Escape script tags within HTML content.

+ * Create and load a DOMDocument from the given html content.

*/

- protected function escapeScripts(string $html) : string

+ protected function loadDocumentFromHtml(string $html): DOMDocument

{

- if (empty($html)) {

- return $html;

- }

-

libxml_use_internal_errors(true);

$doc = new DOMDocument();

libxml_use_internal_errors(true);

$doc = new DOMDocument();

+ $html = '<body>' . $html . '</body>';

$doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));

- $xPath = new DOMXPath($doc);

-

- // Remove standard script tags

- $scriptElems = $xPath->query('//script');

- foreach ($scriptElems as $scriptElem) {

- $scriptElem->parentNode->removeChild($scriptElem);

- }

-

- // Remove clickable links to JavaScript URI

- $badLinks = $xPath->query('//*[contains(@href, \'javascript:\')]');

- foreach ($badLinks as $badLink) {

- $badLink->parentNode->removeChild($badLink);

- }

-

- // Remove forms with calls to JavaScript URI

- $badForms = $xPath->query('//*[contains(@action, \'javascript:\')] | //*[contains(@formaction, \'javascript:\')]');

- foreach ($badForms as $badForm) {

- $badForm->parentNode->removeChild($badForm);

- }

- // Remove meta tag to prevent external redirects

- $metaTags = $xPath->query('//meta[contains(@content, \'url\')]');

- foreach ($metaTags as $metaTag) {

- $metaTag->parentNode->removeChild($metaTag);

- }

-

- // Remove data or JavaScript iFrames

- $badIframes = $xPath->query('//*[contains(@src, \'data:\')] | //*[contains(@src, \'javascript:\')] | //*[@srcdoc]');

- foreach ($badIframes as $badIframe) {

- $badIframe->parentNode->removeChild($badIframe);

- }

-

- // Remove 'on*' attributes

- $onAttributes = $xPath->query('//@*[starts-with(name(), \'on\')]');

- foreach ($onAttributes as $attr) {

- /** @var \DOMAttr $attr*/

- $attrName = $attr->nodeName;

- $attr->parentNode->removeAttribute($attrName);

- }

-

- $html = '';

- $topElems = $doc->documentElement->childNodes->item(0)->childNodes;

- foreach ($topElems as $child) {

- $html .= $doc->saveHTML($child);

- }

-

- return $html;

+ return $doc;

}