X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3069/head:/app/Entities/Tools/PageContent.php diff --git a/app/Entities/Tools/PageContent.php b/app/Entities/Tools/PageContent.php index 62982f4ad..c8204a181 100644 --- a/app/Entities/Tools/PageContent.php +++ b/app/Entities/Tools/PageContent.php @@ -1,10 +1,21 @@ -extractBase64ImagesFromHtml($html); $this->page->html = $this->formatHtml($html); $this->page->text = $this->toPlainText(); $this->page->markdown = ''; @@ -38,6 +49,7 @@ class PageContent */ public function setNewMarkdown(string $markdown) { + $markdown = $this->extractBase64ImagesFromMarkdown($markdown); $this->page->markdown = $markdown; $html = $this->markdownToHtml($markdown); $this->page->html = $this->formatHtml($html); @@ -53,23 +65,120 @@ class PageContent $environment->addExtension(new TableExtension()); $environment->addExtension(new TaskListExtension()); $environment->addExtension(new CustomStrikeThroughExtension()); + $environment = Theme::dispatch(ThemeEvents::COMMONMARK_ENVIRONMENT_CONFIGURE, $environment) ?? $environment; $converter = new CommonMarkConverter([], $environment); + + $environment->addBlockRenderer(ListItem::class, new CustomListItemRenderer(), 10); + return $converter->convertToHtml($markdown); } + /** + * Convert all base64 image data to saved images. + */ + protected function extractBase64ImagesFromHtml(string $htmlText): string + { + if (empty($htmlText) || strpos($htmlText, 'data:image') === false) { + return $htmlText; + } + + $doc = $this->loadDocumentFromHtml($htmlText); + $container = $doc->documentElement; + $body = $container->childNodes->item(0); + $childNodes = $body->childNodes; + $xPath = new DOMXPath($doc); + + // Get all img elements with image data blobs + $imageNodes = $xPath->query('//img[contains(@src, \'data:image\')]'); + foreach ($imageNodes as $imageNode) { + $imageSrc = $imageNode->getAttribute('src'); + $newUrl = $this->base64ImageUriToUploadedImageUrl($imageSrc); + $imageNode->setAttribute('src', $newUrl); + } + + // Generate inner html as a string + $html = ''; + foreach ($childNodes as $childNode) { + $html .= $doc->saveHTML($childNode); + } + + return $html; + } + + /** + * Convert all inline base64 content to uploaded image files. + */ + protected function extractBase64ImagesFromMarkdown(string $markdown) + { + $matches = []; + preg_match_all('/!\[.*?]\(.*?(data:image\/.*?)[)"\s]/', $markdown, $matches); + + foreach ($matches[1] as $base64Match) { + $newUrl = $this->base64ImageUriToUploadedImageUrl($base64Match); + $markdown = str_replace($base64Match, $newUrl, $markdown); + } + + return $markdown; + } + + /** + * Parse the given base64 image URI and return the URL to the created image instance. + * Returns an empty string if the parsed URI is invalid or causes an error upon upload. + */ + protected function base64ImageUriToUploadedImageUrl(string $uri): string + { + $imageRepo = app()->make(ImageRepo::class); + $imageInfo = $this->parseBase64ImageUri($uri); + + // Validate extension and content + if (empty($imageInfo['data']) || !ImageService::isExtensionSupported($imageInfo['extension'])) { + return ''; + } + + // Validate that the content is not over our upload limit + $uploadLimitBytes = (config('app.upload_limit') * 1000000); + if (strlen($imageInfo['data']) > $uploadLimitBytes) { + return ''; + } + + // Save image from data with a random name + $imageName = 'embedded-image-' . Str::random(8) . '.' . $imageInfo['extension']; + + try { + $image = $imageRepo->saveNewFromData($imageName, $imageInfo['data'], 'gallery', $this->page->id); + } catch (ImageUploadException $exception) { + return ''; + } + + return $image->url; + } + + /** + * Parse a base64 image URI into the data and extension. + * + * @return array{extension: array, data: string} + */ + protected function parseBase64ImageUri(string $uri): array + { + [$dataDefinition, $base64ImageData] = explode(',', $uri, 2); + $extension = strtolower(preg_split('/[\/;]/', $dataDefinition)[1] ?? ''); + + return [ + 'extension' => $extension, + 'data' => base64_decode($base64ImageData) ?: '', + ]; + } + /** * Formats a page's html to be tagged correctly within the system. */ protected function formatHtml(string $htmlText): string { - if ($htmlText == '') { + if (empty($htmlText)) { return $htmlText; } - libxml_use_internal_errors(true); - $doc = new DOMDocument(); - $doc->loadHTML(mb_convert_encoding($htmlText, 'HTML-ENTITIES', 'UTF-8')); - + $doc = $this->loadDocumentFromHtml($htmlText); $container = $doc->documentElement; $body = $container->childNodes->item(0); $childNodes = $body->childNodes; @@ -84,6 +193,15 @@ class PageContent } } + // Set ids on nested header nodes + $nestedHeaders = $xPath->query('//body//*//h1|//body//*//h2|//body//*//h3|//body//*//h4|//body//*//h5|//body//*//h6'); + foreach ($nestedHeaders as $nestedHeader) { + [$oldId, $newId] = $this->setUniqueId($nestedHeader, $idMap); + if ($newId && $newId !== $oldId) { + $this->updateLinks($xPath, '#' . $oldId, '#' . $newId); + } + } + // Ensure no duplicate ids within child items $idElems = $xPath->query('//body//*//*[@id]'); foreach ($idElems as $domElem) { @@ -108,7 +226,7 @@ class PageContent protected function updateLinks(DOMXPath $xpath, string $old, string $new) { $old = str_replace('"', '', $old); - $matchingLinks = $xpath->query('//body//*//*[@href="'.$old.'"]'); + $matchingLinks = $xpath->query('//body//*//*[@href="' . $old . '"]'); foreach ($matchingLinks as $domElem) { $domElem->setAttribute('href', $new); } @@ -117,7 +235,7 @@ class PageContent /** * Set a unique id on the given DOMElement. * A map for existing ID's should be passed in to check for current existence. - * Returns a pair of strings in the format [old_id, new_id] + * Returns a pair of strings in the format [old_id, new_id]. */ protected function setUniqueId(\DOMNode $element, array &$idMap): array { @@ -129,6 +247,7 @@ class PageContent $existingId = $element->getAttribute('id'); if (strpos($existingId, 'bkmrk') === 0 && !isset($idMap[$existingId])) { $idMap[$existingId] = true; + return [$existingId, $existingId]; } @@ -146,6 +265,7 @@ class PageContent $element->setAttribute('id', $newId); $idMap[$newId] = true; + return [$existingId, $newId]; } @@ -155,18 +275,19 @@ class PageContent protected function toPlainText(): string { $html = $this->render(true); + return html_entity_decode(strip_tags($html)); } /** - * Render the page for viewing + * Render the page for viewing. */ - public function render(bool $blankIncludes = false) : string + public function render(bool $blankIncludes = false): string { - $content = $this->page->html; + $content = $this->page->html ?? ''; if (!config('app.allow_content_scripts')) { - $content = $this->escapeScripts($content); + $content = HtmlContentFilter::removeScripts($content); } if ($blankIncludes) { @@ -179,7 +300,7 @@ class PageContent } /** - * Parse the headers on the page to get a navigation menu + * Parse the headers on the page to get a navigation menu. */ public function getNavigation(string $htmlContent): array { @@ -187,11 +308,9 @@ class PageContent return []; } - libxml_use_internal_errors(true); - $doc = new DOMDocument(); - $doc->loadHTML(mb_convert_encoding($htmlContent, 'HTML-ENTITIES', 'UTF-8')); + $doc = $this->loadDocumentFromHtml($htmlContent); $xPath = new DOMXPath($doc); - $headers = $xPath->query("//h1|//h2|//h3|//h4|//h5|//h6"); + $headers = $xPath->query('//h1|//h2|//h3|//h4|//h5|//h6'); return $headers ? $this->headerNodesToLevelList($headers) : []; } @@ -208,9 +327,9 @@ class PageContent return [ 'nodeName' => strtolower($header->nodeName), - 'level' => intval(str_replace('h', '', $header->nodeName)), - 'link' => '#' . $header->getAttribute('id'), - 'text' => $text, + 'level' => intval(str_replace('h', '', $header->nodeName)), + 'link' => '#' . $header->getAttribute('id'), + 'text' => $text, ]; })->filter(function ($header) { return mb_strlen($header['text']) > 0; @@ -220,6 +339,7 @@ class PageContent $levelChange = ($tree->pluck('level')->min() - 1); $tree = $tree->map(function ($header) use ($levelChange) { $header['level'] -= ($levelChange); + return $header; }); @@ -229,7 +349,7 @@ class PageContent /** * Remove any page include tags within the given HTML. */ - protected function blankPageIncludes(string $html) : string + protected function blankPageIncludes(string $html): string { return preg_replace("/{{@\s?([0-9].*?)}}/", '', $html); } @@ -237,7 +357,7 @@ class PageContent /** * Parse any include tags "{{@#section}}" to be part of the page. */ - protected function parsePageIncludes(string $html) : string + protected function parsePageIncludes(string $html): string { $matches = []; preg_match_all("/{{@\s?([0-9].*?)}}/", $html, $matches); @@ -253,6 +373,7 @@ class PageContent } // Find page and skip this if page not found + /** @var ?Page $matchedPage */ $matchedPage = Page::visible()->find($pageId); if ($matchedPage === null) { $html = str_replace($fullMatch, '', $html); @@ -273,16 +394,13 @@ class PageContent return $html; } - /** * Fetch the content from a specific section of the given page. */ protected function fetchSectionOfPage(Page $page, string $sectionId): string { - $topLevelTags = ['table', 'ul', 'ol']; - $doc = new DOMDocument(); - libxml_use_internal_errors(true); - $doc->loadHTML(mb_convert_encoding(''.$page->html.'', 'HTML-ENTITIES', 'UTF-8')); + $topLevelTags = ['table', 'ul', 'ol', 'pre']; + $doc = $this->loadDocumentFromHtml($page->html); // Search included content for the id given and blank out if not exists. $matchingElem = $doc->getElementById($sectionId); @@ -307,63 +425,15 @@ class PageContent } /** - * Escape script tags within HTML content. + * Create and load a DOMDocument from the given html content. */ - protected function escapeScripts(string $html) : string + protected function loadDocumentFromHtml(string $html): DOMDocument { - if (empty($html)) { - return $html; - } - libxml_use_internal_errors(true); $doc = new DOMDocument(); + $html = '' . $html . ''; $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8')); - $xPath = new DOMXPath($doc); - - // Remove standard script tags - $scriptElems = $xPath->query('//script'); - foreach ($scriptElems as $scriptElem) { - $scriptElem->parentNode->removeChild($scriptElem); - } - // Remove clickable links to JavaScript URI - $badLinks = $xPath->query('//*[contains(@href, \'javascript:\')]'); - foreach ($badLinks as $badLink) { - $badLink->parentNode->removeChild($badLink); - } - - // Remove forms with calls to JavaScript URI - $badForms = $xPath->query('//*[contains(@action, \'javascript:\')] | //*[contains(@formaction, \'javascript:\')]'); - foreach ($badForms as $badForm) { - $badForm->parentNode->removeChild($badForm); - } - - // Remove meta tag to prevent external redirects - $metaTags = $xPath->query('//meta[contains(@content, \'url\')]'); - foreach ($metaTags as $metaTag) { - $metaTag->parentNode->removeChild($metaTag); - } - - // Remove data or JavaScript iFrames - $badIframes = $xPath->query('//*[contains(@src, \'data:\')] | //*[contains(@src, \'javascript:\')] | //*[@srcdoc]'); - foreach ($badIframes as $badIframe) { - $badIframe->parentNode->removeChild($badIframe); - } - - // Remove 'on*' attributes - $onAttributes = $xPath->query('//@*[starts-with(name(), \'on\')]'); - foreach ($onAttributes as $attr) { - /** @var \DOMAttr $attr*/ - $attrName = $attr->nodeName; - $attr->parentNode->removeAttribute($attrName); - } - - $html = ''; - $topElems = $doc->documentElement->childNodes->item(0)->childNodes; - foreach ($topElems as $child) { - $html .= $doc->saveHTML($child); - } - - return $html; + return $doc; } }