Improve excerpt formatting to allow plain text (#65)

* Improve message template sanitization to prevent breaking the markup

* Update donate link

* Update format-text

* Improve excerpt formatting to allow plain text

* Prepare for v4.0.9

---------

Co-authored-by: irshadahmad21 <[email protected]>

README.md

@@ -5,9 +5,10 @@
 **Requires at least:** 5.8  
 **Requires PHP:** 7.2  
 **Tested up to:** 6.1.1  
-**Stable tag:** 4.0.8  
+**Stable tag:** 4.0.9  
 **License:** GPLv2 or later  
-**License URI:** [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)
+**License URI:** [http://www.gnu.org/licenses/gpl-2.0.html](http://www.gnu.org/licenses/gpl-2.0.html)  
+**Donate link:** [wpsocio.com/donate](https://wpsocio.com/donate)
 
 [![Wordpress plugin](https://img.shields.io/wordpress/plugin/v/wptelegram.svg)](https://wordpress.org/plugins/wptelegram/)
 [![Wordpress](https://img.shields.io/wordpress/plugin/dt/wptelegram.svg)](https://wordpress.org/plugins/wptelegram/)

changelog.md

@@ -4,6 +4,17 @@ All notable changes to this project are documented in this file.
 
 ## Unreleased
 
+## [4.0.9 - 2023-03-23](https://github.com/wpsocio/wptelegram/releases/tag/v4.0.9)
+
+### Enhancements
+
+- Improved message template sanitization to prevent breaking the markup
+- Added a new filter `wptelegram_p2tg_post_data_plain_excerpt` to allow sending plain text excerpt
+
+### Bug fixes
+
+- Fixed the links added in parenthesis when "Formatting" is set to "None"
+
 ## [4.0.8 - 2023-03-12](https://github.com/wpsocio/wptelegram/releases/tag/v4.0.8)
 
 ### Bug fixes

composer.json

@@ -1,6 +1,6 @@
 {
 	"name": "wptelegram/core",
-	"version": "4.0.8",
+	"version": "4.0.9",
 	"description": "Integrate your WordPress site perfectly with Telegram with full control.",
 	"require-dev": {
 		"wp-coding-standards/wpcs": "*"

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "wptelegram",
 	"title": "WP Telegram",
-	"version": "4.0.8",
+	"version": "4.0.9",
 	"description": "Integrate your WordPress site perfectly with Telegram with full control.",
 	"repository": {
 		"type": "git",

src/README.txt

@@ -1,11 +1,11 @@
 === WP Telegram (Auto Post and Notifications) ===
 Contributors: wpsocio, irshadahmad21
-Donate link: https://wpsocio.com
+Donate link: https://wpsocio.com/donate
 Tags: telegram, notifications, posts, channel, group
 Requires at least: 5.8
 Requires PHP: 7.2
 Tested up to: 6.1.1
-Stable tag: 4.0.8
+Stable tag: 4.0.9
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -205,6 +205,11 @@ Yes, all you need to do is to setup **Private Notifications** module and use the
 
 == Changelog ==
 
+= 4.0.9 =
+- Improved message template sanitization to prevent breaking the markup
+- Added a new filter `wptelegram_p2tg_post_data_plain_excerpt` to allow sending plain text excerpt
+- Fixed the links added in parenthesis when "Formatting" is set to "None"
+
 = 4.0.8 =
 - Fixed the broken hyperlinks in Message Template when using custom field link
 

src/changelog.md

@@ -4,6 +4,17 @@ All notable changes to this project are documented in this file.
 
 ## Unreleased
 
+## [4.0.9 - 2023-03-23](https://github.com/wpsocio/wptelegram/releases/tag/v4.0.9)
+
+### Enhancements
+
+- Improved message template sanitization to prevent breaking the markup
+- Added a new filter `wptelegram_p2tg_post_data_plain_excerpt` to allow sending plain text excerpt
+
+### Bug fixes
+
+- Fixed the links added in parenthesis when "Formatting" is set to "None"
+
 ## [4.0.8 - 2023-03-12](https://github.com/wpsocio/wptelegram/releases/tag/v4.0.8)
 
 ### Bug fixes

src/includes/TemplateGuard.php

@@ -0,0 +1,85 @@
+<?php
+/**
+ * Template Guard
+ *
+ * @link       https://wpsocio.com
+ * @since      4.0.9
+ *
+ * @package    WPTelegram\Core
+ * @subpackage WPTelegram\Core\includes
+ */
+
+namespace WPTelegram\Core\includes;
+
+/**
+ * This class is used to guard the template from being broken
+ * during sanitization.
+ *
+ * @link       https://wpsocio.com
+ * @since      4.0.9
+ *
+ * @package    WPTelegram\Core
+ * @subpackage WPTelegram\Core\includes
+ */
+class TemplateGuard {
+
+	/**
+	 * The map of macros to their temporary placeholders.
+	 *
+	 * @var array $macro_map The map of macros to their temporary placeholders.
+	 */
+	protected $macro_map = [];
+
+	/**
+	 * Safeguard the template macros from being broken by wp_kses().
+	 *
+	 * For example wp_kses() can result in malformed template
+	 * For example,
+	 * <a href="{cf:_field_name}">Click here</a>
+	 * gets converted to
+	 * <a href="_field_name}">Click here</a>
+	 * due to ":" in the href being treated as a part of some protocol.
+	 *
+	 * @since 4.0.9
+	 *
+	 * @param string $template The template to safeguard.
+	 *
+	 * @return string The safeguarded template.
+	 */
+	public function safeguard_macros( $template ) {
+
+		$this->macro_map = [];
+
+		// Match all macros in the template.
+		if ( preg_match_all( '/\{[^\}]+?\}/iu', $template, $matches ) ) {
+
+			$total = count( $matches[0] );
+			// Replace the macros with temporary placeholders.
+			for ( $i = 0; $i < $total; $i++ ) {
+				$this->macro_map[ "##MACRO{$i}##" ] = $matches[0][ $i ];
+			}
+		}
+
+		// Replace the macros with temporary placeholders.
+		$safe_template = str_replace( array_values( $this->macro_map ), array_keys( $this->macro_map ), $template );
+
+		return $safe_template;
+	}
+
+	/**
+	 * Restore the template macros.
+	 *
+	 * @since 4.0.9
+	 *
+	 * @param string $template The template to restore.
+	 *
+	 * @return string The restored template.
+	 */
+	public function restore_macros( $template ) {
+
+		// Restore the macros with the original values.
+		$restored_template = str_replace( array_keys( $this->macro_map ), array_values( $this->macro_map ), $template );
+
+		return $restored_template;
+	}
+}

src/includes/Utils.php

@@ -268,20 +268,18 @@ public static function sanitize_message_template( $value, $addslashes = false, $
 		if ( is_object( $value ) || is_array( $value ) ) {
 			return '';
 		}
+		$value = (string) $value;
 
-		$filtered = wp_check_invalid_utf8( (string) $value );
+		$guard = new TemplateGuard();
 
-		$allowed_protocols = [];
+		$value = $guard->safeguard_macros( $value );
 
-		// If the Message Template contains a link with {cf: field as the href,
-		// We need to allow "{cf" as a protocol to avoid wp_kses() stripping the link.
-		if ( preg_match( '/<a[^>]href=["\']{cf:/', $filtered ) ) {
-			$allowed_protocols = array_merge( wp_allowed_protocols(), [ '{cf' ] );
-		}
+		$filtered = wp_check_invalid_utf8( $value );
 
-		$allowed_protocols = apply_filters( 'wptelegram_message_template_allowed_protocols', $allowed_protocols, $filtered );
+		$filtered = trim( wp_kses( $filtered, self::SUPPORTED_HTML_TAGS ) );
 
-		$filtered = trim( wp_kses( $filtered, self::SUPPORTED_HTML_TAGS, $allowed_protocols ) );
+		// Restore the macros with the original values.
+		$filtered = $guard->restore_macros( $filtered );
 
 		if ( $json_encode ) {
 			// json_encode to avoid errors when saving multi-byte emojis into database with no multi-byte support.
@@ -495,12 +493,13 @@ public static function get_html_converter( $options = [], $id = 'default' ) {
 	public static function prepare_content( $content, $options = [] ) {
 
 		$defaults = [
-			'elipsis'      => '…',
-			'format_to'    => 'text',
-			'id'           => 'default',
-			'limit'        => 55,
-			'limit_by'     => 'words',
-			'preserve_eol' => true,
+			'elipsis'         => '…',
+			'format_to'       => 'text',
+			'id'              => 'default',
+			'limit'           => 55,
+			'limit_by'        => 'words',
+			'text_hyperlinks' => 'strip',
+			'preserve_eol'    => true,
 		];
 
 		$options = wp_parse_args( $options, $defaults );

src/languages/wptelegram.pot

@@ -4,11 +4,11 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: https://github.com/wpsocio/wptelegram\n"
-"POT-Creation-Date: 2023-03-12 17:29:13+00:00\n"
+"POT-Creation-Date: 2023-03-23 12:50:29+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2023-03-12 17:290\n"
+"PO-Revision-Date: 2023-03-23 12:500\n"
 "Last-Translator: WP Telegram\n"
 "Language-Team: WP Telegram\n"
 "Language: en_US\n"

src/modules/notify/NotifySender.php

@@ -293,6 +293,7 @@ private function get_prepare_content_options( $limit = 0 ) {
 			'id'              => 'notify',
 			'limit'           => $limit,
 			'limit_by'        => 'chars',
+			'text_hyperlinks' => 'retain',
 			'images_in_links' => [
 				'title_or_alt'    => 'retain',
 				'lone_image_link' => 'retain',

src/modules/p2tg/PostData.php

@@ -191,6 +191,13 @@ public function get_field_value( $field, $options = [] ) {
 						'preserve_eol' => $preserve_eol,
 					]
 				);
+
+				$plain_excerpt = apply_filters( 'wptelegram_p2tg_post_data_plain_excerpt', false, $value, $excerpt, $this->post, $options );
+
+				if ( $plain_excerpt ) {
+					$value = trim( wp_strip_all_tags( $value ) );
+				}
+
 				// If the excerpt is not empty.
 				if ( $value ) {
 					// Add custom tags for smart trimming.

src/wptelegram.php

@@ -10,7 +10,7 @@
  * Plugin Name:       WP Telegram
  * Plugin URI:        https://t.me/WPTelegram
  * Description:       Integrate your WordPress website perfectly with Telegram. Send posts automatically to Telegram when published or updated, whether to a Telegram Channel, Group or private chat, with full control. Get your email notifications on Telegram.
- * Version:           4.0.8
+ * Version:           4.0.9
  * Requires at least: 5.8
  * Requires PHP:      7.2
  * Author:            WP Socio
@@ -26,7 +26,7 @@
 	die;
 }
 
-define( 'WPTELEGRAM_VER', '4.0.8' );
+define( 'WPTELEGRAM_VER', '4.0.9' );
 
 defined( 'WPTELEGRAM_MAIN_FILE' ) || define( 'WPTELEGRAM_MAIN_FILE', __FILE__ );