1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
/* |
4
|
|
|
* This file is part of the league/commonmark package. |
5
|
|
|
* |
6
|
|
|
* (c) Colin O'Dell <[email protected]> |
7
|
|
|
* |
8
|
|
|
* Original code based on the CommonMark JS reference parser (https://bitly.com/commonmark-js) |
9
|
|
|
* - (c) John MacFarlane |
10
|
|
|
* |
11
|
|
|
* For the full copyright and license information, please view the LICENSE |
12
|
|
|
* file that was distributed with this source code. |
13
|
|
|
*/ |
14
|
|
|
|
15
|
|
|
namespace League\CommonMark\Util; |
16
|
|
|
|
17
|
|
|
use League\CommonMark\Block\Element\HtmlBlock; |
18
|
|
|
|
19
|
|
|
/** |
20
|
|
|
* Provides regular expressions and utilities for parsing Markdown |
21
|
|
|
*/ |
22
|
|
|
final class RegexHelper |
23
|
|
|
{ |
24
|
|
|
// Partial regular expressions (wrap with `/` on each side before use) |
25
|
|
|
public const PARTIAL_ENTITY = '&(?:#x[a-f0-9]{1,6}|#[0-9]{1,7}|[a-z][a-z0-9]{1,31});'; |
26
|
|
|
public const PARTIAL_ESCAPABLE = '[!"#$%&\'()*+,.\/:;<=>?@[\\\\\]^_`{|}~-]'; |
27
|
|
|
public const PARTIAL_ESCAPED_CHAR = '\\\\' . self::PARTIAL_ESCAPABLE; |
28
|
|
|
public const PARTIAL_IN_DOUBLE_QUOTES = '"(' . self::PARTIAL_ESCAPED_CHAR . '|[^"\x00])*"'; |
29
|
|
|
public const PARTIAL_IN_SINGLE_QUOTES = '\'(' . self::PARTIAL_ESCAPED_CHAR . '|[^\'\x00])*\''; |
30
|
|
|
public const PARTIAL_IN_PARENS = '\\((' . self::PARTIAL_ESCAPED_CHAR . '|[^)\x00])*\\)'; |
31
|
|
|
public const PARTIAL_REG_CHAR = '[^\\\\()\x00-\x20]'; |
32
|
|
|
public const PARTIAL_IN_PARENS_NOSP = '\((' . self::PARTIAL_REG_CHAR . '|' . self::PARTIAL_ESCAPED_CHAR . '|\\\\)*\)'; |
33
|
|
|
public const PARTIAL_TAGNAME = '[A-Za-z][A-Za-z0-9-]*'; |
34
|
|
|
public const PARTIAL_BLOCKTAGNAME = '(?:address|article|aside|base|basefont|blockquote|body|caption|center|col|colgroup|dd|details|dialog|dir|div|dl|dt|fieldset|figcaption|figure|footer|form|frame|frameset|h1|head|header|hr|html|iframe|legend|li|link|main|menu|menuitem|nav|noframes|ol|optgroup|option|p|param|section|source|summary|table|tbody|td|tfoot|th|thead|title|tr|track|ul)'; |
35
|
|
|
public const PARTIAL_ATTRIBUTENAME = '[a-zA-Z_:][a-zA-Z0-9:._-]*'; |
36
|
|
|
public const PARTIAL_UNQUOTEDVALUE = '[^"\'=<>`\x00-\x20]+'; |
37
|
|
|
public const PARTIAL_SINGLEQUOTEDVALUE = '\'[^\']*\''; |
38
|
|
|
public const PARTIAL_DOUBLEQUOTEDVALUE = '"[^"]*"'; |
39
|
|
|
public const PARTIAL_ATTRIBUTEVALUE = '(?:' . self::PARTIAL_UNQUOTEDVALUE . '|' . self::PARTIAL_SINGLEQUOTEDVALUE . '|' . self::PARTIAL_DOUBLEQUOTEDVALUE . ')'; |
40
|
|
|
public const PARTIAL_ATTRIBUTEVALUESPEC = '(?:' . '\s*=' . '\s*' . self::PARTIAL_ATTRIBUTEVALUE . ')'; |
41
|
|
|
public const PARTIAL_ATTRIBUTE = '(?:' . '\s+' . self::PARTIAL_ATTRIBUTENAME . self::PARTIAL_ATTRIBUTEVALUESPEC . '?)'; |
42
|
|
|
public const PARTIAL_OPENTAG = '<' . self::PARTIAL_TAGNAME . self::PARTIAL_ATTRIBUTE . '*' . '\s*\/?>'; |
43
|
|
|
public const PARTIAL_CLOSETAG = '<\/' . self::PARTIAL_TAGNAME . '\s*[>]'; |
44
|
|
|
public const PARTIAL_OPENBLOCKTAG = '<' . self::PARTIAL_BLOCKTAGNAME . self::PARTIAL_ATTRIBUTE . '*' . '\s*\/?>'; |
45
|
|
|
public const PARTIAL_CLOSEBLOCKTAG = '<\/' . self::PARTIAL_BLOCKTAGNAME . '\s*[>]'; |
46
|
|
|
public const PARTIAL_HTMLCOMMENT = '<!---->|<!--(?:-?[^>-])(?:-?[^-])*-->'; |
47
|
|
|
public const PARTIAL_PROCESSINGINSTRUCTION = '[<][?].*?[?][>]'; |
48
|
|
|
public const PARTIAL_DECLARATION = '<![A-Z]+' . '\s+[^>]*>'; |
49
|
|
|
public const PARTIAL_CDATA = '<!\[CDATA\[[\s\S]*?]\]>'; |
50
|
|
|
public const PARTIAL_HTMLTAG = '(?:' . self::PARTIAL_OPENTAG . '|' . self::PARTIAL_CLOSETAG . '|' . self::PARTIAL_HTMLCOMMENT . '|' . |
51
|
|
|
self::PARTIAL_PROCESSINGINSTRUCTION . '|' . self::PARTIAL_DECLARATION . '|' . self::PARTIAL_CDATA . ')'; |
52
|
|
|
public const PARTIAL_HTMLBLOCKOPEN = '<(?:' . self::PARTIAL_BLOCKTAGNAME . '(?:[\s\/>]|$)' . '|' . |
53
|
|
|
'\/' . self::PARTIAL_BLOCKTAGNAME . '(?:[\s>]|$)' . '|' . '[?!])'; |
54
|
|
|
public const PARTIAL_LINK_TITLE = '^(?:"(' . self::PARTIAL_ESCAPED_CHAR . '|[^"\x00])*"' . |
55
|
|
|
'|' . '\'(' . self::PARTIAL_ESCAPED_CHAR . '|[^\'\x00])*\'' . |
56
|
|
|
'|' . '\((' . self::PARTIAL_ESCAPED_CHAR . '|[^()\x00])*\))'; |
57
|
|
|
|
58
|
|
|
public const REGEX_PUNCTUATION = '/^[\x{2000}-\x{206F}\x{2E00}-\x{2E7F}\p{Pc}\p{Pd}\p{Pe}\p{Pf}\p{Pi}\p{Po}\p{Ps}\\\\\'!"#\$%&\(\)\*\+,\-\.\\/:;<=>\?@\[\]\^_`\{\|\}~]/u'; |
59
|
|
|
public const REGEX_UNSAFE_PROTOCOL = '/^javascript:|vbscript:|file:|data:/i'; |
60
|
|
|
public const REGEX_SAFE_DATA_PROTOCOL = '/^data:image\/(?:png|gif|jpeg|webp)/i'; |
61
|
|
|
public const REGEX_NON_SPACE = '/[^ \t\f\v\r\n]/'; |
62
|
|
|
|
63
|
|
|
public const REGEX_WHITESPACE_CHAR = '/^[ \t\n\x0b\x0c\x0d]/'; |
64
|
|
|
public const REGEX_WHITESPACE = '/[ \t\n\x0b\x0c\x0d]+/'; |
65
|
|
|
public const REGEX_UNICODE_WHITESPACE_CHAR = '/^\pZ|\s/u'; |
66
|
|
|
public const REGEX_THEMATIC_BREAK = '/^(?:(?:\*[ \t]*){3,}|(?:_[ \t]*){3,}|(?:-[ \t]*){3,})[ \t]*$/'; |
67
|
|
|
public const REGEX_LINK_DESTINATION_BRACES = '/^(?:<(?:[^<>\\n\\\\\\x00]|\\\\.)*>)/'; |
68
|
|
|
|
69
|
129 |
|
public static function isEscapable(string $character): bool |
70
|
|
|
{ |
71
|
129 |
|
return \preg_match('/' . self::PARTIAL_ESCAPABLE . '/', $character) === 1; |
72
|
|
|
} |
73
|
|
|
|
74
|
|
|
/** |
75
|
|
|
* Attempt to match a regex in string s at offset offset |
76
|
|
|
* |
77
|
|
|
* @param string $regex |
78
|
|
|
* @param string $string |
79
|
|
|
* @param int $offset |
80
|
|
|
* |
81
|
|
|
* @return int|null Index of match, or null |
82
|
|
|
*/ |
83
|
2700 |
|
public static function matchAt(string $regex, string $string, int $offset = 0): ?int |
84
|
|
|
{ |
85
|
2700 |
|
$matches = []; |
86
|
2700 |
|
$string = \mb_substr($string, $offset, null, 'utf-8'); |
87
|
2700 |
|
if (!\preg_match($regex, $string, $matches, \PREG_OFFSET_CAPTURE)) { |
88
|
2637 |
|
return null; |
89
|
|
|
} |
90
|
|
|
|
91
|
|
|
// PREG_OFFSET_CAPTURE always returns the byte offset, not the char offset, which is annoying |
92
|
321 |
|
$charPos = \mb_strlen(\mb_strcut($string, 0, $matches[0][1], 'utf-8'), 'utf-8'); |
93
|
|
|
|
94
|
321 |
|
return $offset + $charPos; |
95
|
|
|
} |
96
|
|
|
|
97
|
|
|
/** |
98
|
|
|
* Functional wrapper around preg_match_all |
99
|
|
|
* |
100
|
|
|
* @param string $pattern |
101
|
|
|
* @param string $subject |
102
|
|
|
* @param int $offset |
103
|
|
|
* |
104
|
|
|
* @return array<string>|null |
105
|
|
|
* |
106
|
|
|
* @deprecated in 1.6; use matchFirst() instead |
107
|
|
|
*/ |
108
|
|
|
public static function matchAll(string $pattern, string $subject, int $offset = 0): ?array |
109
|
|
|
{ |
110
|
|
|
@\trigger_error('RegexHelper::matchAll() is deprecated in league/commonmark 1.6 and will be removed in 2.0; use RegexHelper::matchFirst() instead', \E_USER_DEPRECATED); |
111
|
|
|
|
112
|
|
|
if ($offset !== 0) { |
113
|
|
|
$subject = \substr($subject, $offset); |
114
|
|
|
} |
115
|
|
|
|
116
|
|
|
\preg_match_all($pattern, $subject, $matches, \PREG_PATTERN_ORDER); |
117
|
|
|
|
118
|
|
|
$fullMatches = \reset($matches); |
119
|
|
|
if (empty($fullMatches)) { |
120
|
|
|
return null; |
121
|
|
|
} |
122
|
|
|
|
123
|
|
|
if (\count($fullMatches) === 1) { |
124
|
|
|
foreach ($matches as &$match) { |
125
|
|
|
$match = \reset($match); |
126
|
|
|
} |
127
|
|
|
} |
128
|
|
|
|
129
|
|
|
return $matches ?: null; |
130
|
|
|
} |
131
|
|
|
|
132
|
|
|
/** |
133
|
|
|
* Functional wrapper around preg_match_all which only returns the first set of matches |
134
|
|
|
* |
135
|
|
|
* @return string[]|null |
136
|
|
|
* |
137
|
|
|
* @psalm-pure |
138
|
|
|
*/ |
139
|
2850 |
|
public static function matchFirst(string $pattern, string $subject, int $offset = 0): ?array |
140
|
|
|
{ |
141
|
2850 |
|
if ($offset !== 0) { |
142
|
459 |
|
$subject = \substr($subject, $offset); |
143
|
|
|
} |
144
|
|
|
|
145
|
2850 |
|
\preg_match_all($pattern, $subject, $matches, \PREG_SET_ORDER); |
146
|
|
|
|
147
|
2850 |
|
if ($matches === []) { |
148
|
2766 |
|
return null; |
149
|
|
|
} |
150
|
|
|
|
151
|
420 |
|
return $matches[0] ?: null; |
152
|
|
|
} |
153
|
|
|
|
154
|
|
|
/** |
155
|
|
|
* Replace backslash escapes with literal characters |
156
|
|
|
* |
157
|
|
|
* @param string $string |
158
|
|
|
* |
159
|
|
|
* @return string |
160
|
|
|
*/ |
161
|
591 |
|
public static function unescape(string $string): string |
162
|
|
|
{ |
163
|
591 |
|
$allEscapedChar = '/\\\\(' . self::PARTIAL_ESCAPABLE . ')/'; |
164
|
|
|
|
165
|
|
|
/** @var string $escaped */ |
166
|
591 |
|
$escaped = \preg_replace($allEscapedChar, '$1', $string); |
167
|
|
|
|
168
|
|
|
/** @var string $replaced */ |
169
|
394 |
|
$replaced = \preg_replace_callback('/' . self::PARTIAL_ENTITY . '/i', function ($e) { |
170
|
24 |
|
return Html5EntityDecoder::decode($e[0]); |
171
|
591 |
|
}, $escaped); |
172
|
|
|
|
173
|
591 |
|
return $replaced; |
174
|
|
|
} |
175
|
|
|
|
176
|
|
|
/** |
177
|
|
|
* @param int $type HTML block type |
178
|
|
|
* |
179
|
|
|
* @return string |
180
|
|
|
* |
181
|
|
|
* @internal |
182
|
|
|
*/ |
183
|
342 |
|
public static function getHtmlBlockOpenRegex(int $type): string |
184
|
|
|
{ |
185
|
228 |
|
switch ($type) { |
186
|
114 |
|
case HtmlBlock::TYPE_1_CODE_CONTAINER: |
187
|
309 |
|
return '/^<(?:script|pre|textarea|style)(?:\s|>|$)/i'; |
188
|
105 |
|
case HtmlBlock::TYPE_2_COMMENT: |
189
|
288 |
|
return '/^<!--/'; |
190
|
98 |
|
case HtmlBlock::TYPE_3: |
191
|
273 |
|
return '/^<[?]/'; |
192
|
95 |
|
case HtmlBlock::TYPE_4: |
193
|
270 |
|
return '/^<![A-Z]/'; |
194
|
92 |
|
case HtmlBlock::TYPE_5_CDATA: |
195
|
267 |
|
return '/^<!\[CDATA\[/'; |
196
|
89 |
|
case HtmlBlock::TYPE_6_BLOCK_ELEMENT: |
197
|
261 |
|
return '%^<[/]?(?:address|article|aside|base|basefont|blockquote|body|caption|center|col|colgroup|dd|details|dialog|dir|div|dl|dt|fieldset|figcaption|figure|footer|form|frame|frameset|h[123456]|head|header|hr|html|iframe|legend|li|link|main|menu|menuitem|nav|noframes|ol|optgroup|option|p|param|section|source|summary|table|tbody|td|tfoot|th|thead|title|tr|track|ul)(?:\s|[/]?[>]|$)%i'; |
198
|
60 |
|
case HtmlBlock::TYPE_7_MISC_ELEMENT: |
199
|
177 |
|
return '/^(?:' . self::PARTIAL_OPENTAG . '|' . self::PARTIAL_CLOSETAG . ')\\s*$/i'; |
200
|
|
|
} |
201
|
|
|
|
202
|
3 |
|
throw new \InvalidArgumentException('Invalid HTML block type'); |
203
|
|
|
} |
204
|
|
|
|
205
|
|
|
/** |
206
|
|
|
* @param int $type HTML block type |
207
|
|
|
* |
208
|
|
|
* @return string |
209
|
|
|
* |
210
|
|
|
* @internal |
211
|
|
|
*/ |
212
|
69 |
|
public static function getHtmlBlockCloseRegex(int $type): string |
213
|
|
|
{ |
214
|
46 |
|
switch ($type) { |
215
|
23 |
|
case HtmlBlock::TYPE_1_CODE_CONTAINER: |
216
|
36 |
|
return '%<\/(?:script|pre|textarea|style)>%i'; |
217
|
11 |
|
case HtmlBlock::TYPE_2_COMMENT: |
218
|
15 |
|
return '/-->/'; |
219
|
6 |
|
case HtmlBlock::TYPE_3: |
220
|
3 |
|
return '/\?>/'; |
221
|
5 |
|
case HtmlBlock::TYPE_4: |
222
|
3 |
|
return '/>/'; |
223
|
4 |
|
case HtmlBlock::TYPE_5_CDATA: |
224
|
3 |
|
return '/\]\]>/'; |
225
|
|
|
} |
226
|
|
|
|
227
|
9 |
|
throw new \InvalidArgumentException('Invalid HTML block type'); |
228
|
|
|
} |
229
|
|
|
|
230
|
39 |
|
public static function isLinkPotentiallyUnsafe(string $url): bool |
231
|
|
|
{ |
232
|
39 |
|
return \preg_match(self::REGEX_UNSAFE_PROTOCOL, $url) !== 0 && \preg_match(self::REGEX_SAFE_DATA_PROTOCOL, $url) === 0; |
233
|
|
|
} |
234
|
|
|
} |
235
|
|
|
|