mirror of
https://github.com/getgrav/grav.git
synced 2025-11-02 19:36:06 +01:00
Refactored the markdown link trait to use call_user_func_array() rather eval() which is slow and rather dangerous.
This commit is contained in:
Andy Miller
@@ -25,17 +25,6 @@ trait MarkdownGravLinkTrait
|
|||||||
//get the url and parse it
|
//get the url and parse it
|
||||||
$url = parse_url(htmlspecialchars_decode($Excerpt['element']['attributes']['src']));
|
$url = parse_url(htmlspecialchars_decode($Excerpt['element']['attributes']['src']));
|
||||||
|
|
||||||
// if there is a query, then parse it and build action calls
|
|
||||||
if (isset($url['query'])) {
|
|
||||||
parse_str($url['query'], $actions);
|
|
||||||
|
|
||||||
foreach ($actions as $action => $params) {
|
|
||||||
// ignore any url or html actions
|
|
||||||
if (!in_array($action, ['html','url']))
|
|
||||||
$command .= '->' . $action . '(' . $params . ')';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// if there is no host set but there is a path, the file is local
|
// if there is no host set but there is a path, the file is local
|
||||||
if (!isset($url['host']) && isset($url['path'])) {
|
if (!isset($url['host']) && isset($url['path'])) {
|
||||||
// get the media objects for this page
|
// get the media objects for this page
|
||||||
@@ -46,15 +35,26 @@ trait MarkdownGravLinkTrait
|
|||||||
// get the medium object
|
// get the medium object
|
||||||
$medium = $media->images()[$url['path']];
|
$medium = $media->images()[$url['path']];
|
||||||
|
|
||||||
// unless one of the actions is lightbox method get the url
|
// if there is a query, then parse it and build action calls
|
||||||
if (!isset($actions['lightbox'])) {
|
if (isset($url['query'])) {
|
||||||
$command .= '->url()';
|
parse_str($url['query'], $actions);
|
||||||
} else {
|
|
||||||
$command .= '->lightboxRaw()';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// evaluate the commands to run against the media object
|
// loop through actions for the image and call them
|
||||||
eval ('$src = $medium'.$command.';');
|
foreach ($actions as $action => $params) {
|
||||||
|
// as long as it's not an html, url or ligtbox action
|
||||||
|
if (!in_array($action, ['html','url','lightbox'])) {
|
||||||
|
call_user_func_array(array(&$medium, $action), explode(',', $params));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the URL for regular images, or an array of bits needed to put together
|
||||||
|
// the lightbox HTML
|
||||||
|
if (!isset($actions['lightbox'])) {
|
||||||
|
$src = $medium->url();
|
||||||
|
} else {
|
||||||
|
$src = $medium->lightboxRaw();
|
||||||
|
}
|
||||||
|
|
||||||
// set the src element with the new generated url
|
// set the src element with the new generated url
|
||||||
if (!isset($actions['lightbox']) && !is_array($src)) {
|
if (!isset($actions['lightbox']) && !is_array($src)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user