enable markdown syntax in custom_notes field

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/Froxlor/System/Markdown.php

@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <team@froxlor.org>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+namespace Froxlor\System;
+
+use League\CommonMark\Exception\CommonMarkException;
+use League\CommonMark\GithubFlavoredMarkdownConverter;
+
+class Markdown
+{
+
+	private static $converter = null;
+
+	public static function converter(): ?GithubFlavoredMarkdownConverter
+	{
+		if (is_null(self::$converter)) {
+			self::$converter = new GithubFlavoredMarkdownConverter([
+				'html_input' => 'strip',
+				'allow_unsafe_links' => false,
+			]);
+		}
+		return self::$converter;
+	}
+
+	public static function cleanCustomNotes(string $note = ""): string
+	{
+		if (!empty($note)) {
+			try {
+				$note = self::converter()->convert($note)->getContent();
+			} catch (CommonMarkException $e) {
+				$note = "";
+			}
+		}
+		return $note;
+	}
+}

lib/Froxlor/UI/Callbacks/Customer.php

@@ -26,17 +26,19 @@
 namespace Froxlor\UI\Callbacks;
 
 use Froxlor\Settings;
+use Froxlor\System\Markdown;
 
 class Customer
 {
-	public static function isLocked(array $attributes)
+	public static function isLocked(array $attributes): bool
 	{
 		return $attributes['fields']['loginfail_count'] >= Settings::Get('login.maxloginattempts')
 			&& $attributes['fields']['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'));
 	}
 
-	public static function hasNote(array $attributes)
+	public static function hasNote(array $attributes): bool
 	{
-		return !empty($attributes['fields']['custom_notes']);
+		$cleanNote = Markdown::cleanCustomNotes($attributes['fields']['custom_notes'] ?? "");
+		return !empty($cleanNote);
 	}
 }

lib/Froxlor/UI/Callbacks/Text.php

@@ -29,6 +29,7 @@ use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\Froxlor;
 use Froxlor\PhpHelper;
+use Froxlor\System\Markdown;
 use Froxlor\UI\Panel\UI;
 use Froxlor\User;
 use PDO;
@@ -93,7 +94,7 @@ class Text
 			'entry' => $attributes['fields']['id'],
 			'id' => 'cnModal' . $attributes['fields']['id'],
 			'title' => lng('usersettings.custom_notes.title') . ': ' . ($attributes['fields']['loginname'] ?? $attributes['fields']['adminname']),
-			'body' => nl2br($note)
+			'body' => nl2br(Markdown::cleanCustomNotes($note))
 		];
 	}
 

lib/Froxlor/UI/Panel/FroxlorTwig.php

@@ -29,6 +29,7 @@ namespace Froxlor\UI\Panel;
 
 use Froxlor\Idna\IdnaWrapper;
 use Froxlor\Settings;
+use Froxlor\System\Markdown;
 use Parsedown;
 use Twig\Extension\AbstractExtension;
 use Twig\TwigFilter;
@@ -53,9 +54,9 @@ class FroxlorTwig extends AbstractExtension
 				$this,
 				'idnDecodeFilter'
 			]),
-			new TwigFilter('parsedown', [
+			new TwigFilter('markdown', [
 				$this,
-				'callParsedown'
+				'callMarkdown'
 			])
 		];
 	}
@@ -148,10 +149,9 @@ class FroxlorTwig extends AbstractExtension
 		return UI::getLinker()->getLink($linkopts);
 	}
 
-	public function callParsedown($string)
+	public function callMarkdown($string): string
 	{
-		$pd = new Parsedown();
-		return $pd->line($string);
+		return Markdown::cleanCustomNotes($string ?? "");
 	}
 
 	/**