Serendipity Forums

Discussed in detail here: http://www.gizmola.com/blog/archives/67 ... e-.05.html


I advise that people upgrade, both to get the latest version of the core geshi engine, and to get the numerous new language files. Ruby programmers for example, now have support for their code snippets There's a complete list in the announcement.

As for a roadmap, the next release of the plugin will concentrate on adding more options for styling the geshi block output.

Thanks and I'm proceeding to check and upgrade to it

Three suggestions, if possible:

1.) Since GeSHi will not work in Serendipity with any language that uses <>'s in the comment section, would it be possible to either add a textual alert in the intro-text for the comment section about this, or eliminate it as an option to use in the comments (or find a way to get around the problem in Serendipity)?

2.) The comment section of GeSHi says to close it with [ /lang ]...typo (I can fix this, but still...)

3.) Have an option to turn on/off the linking of functions to their related documentation on the web? I'd rather not have to explicitly uncheck each function that was auto-detected from the body as a ping/trackback...

Hi Brendon!

Thanks for the heads-up. I think adding a note on the comment section should work here. I'll also try to look into a possibility to execute the geshi markup before any <> is stripped, maybe that could work.

An option for function linking should be easily doable, I'll look into this after the weekend!

Also, you seem to be a fairly good PHP developer; if you'd like to help us with developing, I can give you a CVS account to patch and commit plugins? Or you could send me your patches, if you like to inspect our code?

Best regards,
Garvin

I've made some changes to the geshi plugin that people may find useful.

The first change is to allow a css style to be applied to the code area so that one can add an outline and color the background. In addition to this I added a default style option to the configuration where you can specify the default style to apply if none is given.

usage is [geshi lang=cpp style="some style"]code[/geshi]

The other change is to allow one to specify a line number using ln= which then cause the line numbering to start at that line number. The normal syntax for ln works as well.

usage is [geshi lang=cpp ln=12]code[/geshi]

here's the patch files of all the changes.
serendpity_event_geshi.php
--- /Users/dormlock/Desktop/geshi orginal/serendipity_event_geshi.php 2006-02-23 18:47:08.000000000 -0600
+++ /Users/dormlock/Desktop/serendipity_event_geshi/serendipity_event_geshi.php 2006-02-23 22:47:08.000000000 -0600
@@ -7,7 +7,7 @@
* indicates you are embedding code.
*
* The markup tag is:
- * [geshi lang=name {ln={y|n}}] [/geshi].
+ * [geshi lang=name {ln={y|n|number}} {style="css style"}] [/geshi].
*
* Where 'name' is the name of the language file, and ln= is an optional
* line numbering over ride parameter, that will explicitly set line numbering
@@ -98,7 +98,7 @@ class serendipity_event_geshi extends se
)
);

- $conf_array = array('pathtogeshi','showlinenumbers');
+ $conf_array = array('pathtogeshi','showlinenumbers', 'defaultstyle');
foreach($this->markup_elements as $element) {
$conf_array[] = $element['name'];
}
@@ -119,6 +119,12 @@ class serendipity_event_geshi extends se
$pathtogeshi = substr(__FILE__, 0, strrpos(__FILE__, '/'));
$propbag->add('default', $pathtogeshi);
break;
+ case 'defaultstyle' :
+ $propbag->add('name', PLUGIN_EVENT_GESHI_DEFAULTSTYLE);
+ $propbag->add('type', 'string');
+ $propbag->add('description', PLUGIN_EVENT_GESHI_DEFAULTSTYLE_DESC);
+ $propbag->add('default', 'text-align: left;');
+ break;
case 'showlinenumbers' :
$propbag->add('name', PLUGIN_EVENT_GESHI_SHOWLINENUMBERS);
$propbag->add('type', 'boolean');
@@ -137,7 +143,7 @@ class serendipity_event_geshi extends se
function geshi($input) {
$pathtogeshi = $this->get_config('pathtogeshi');
require_once($pathtogeshi . '/geshi.php');
- $input = preg_replace_callback('/\[geshi(?:\s)*lang=([A-Za-z0-9_\-]+)(?:\s)*(ln=[YyNn])?\](.*?)\[\/geshi\]/si', array(&$this, 'geshicallback'), $input);
+ $input = preg_replace_callback('/\[geshi(?:\s)*lang=([A-Za-z0-9_\-]+)(?:\s)*(ln=(?:[YyNn]|[0-9]+))?(?:\s)*(style=".*")?\](.*?)\[\/geshi\]/si', array(&$this, 'geshicallback'), $input);
return $input;
}

@@ -177,20 +183,38 @@ class serendipity_event_geshi extends se

function geshicallback($matches) {
$pathtogeshi = $this->get_config('pathtogeshi') . '/geshi';
+ $defaultstyle = $this->get_config('defaultstyle');
$geshilang = strtolower($matches[1]);
$showln = ($this->get_config('showlinenumbers') == TRUE) ? TRUE : FALSE;
- if ((strlen($matches[2]) == 4) and (substr($matches[2], 0, 3) == 'ln=')) {
- $showln = (strtolower(substr($matches[2],-1)) == 'y') ? TRUE : FALSE;
+ $lineStart = -1;
+ if (substr($matches[2], 0, 3) == 'ln=') {
+ echo substr($matches[2], 3);
+ if(is_numeric(substr($matches[2], 3))){
+ $showln = TRUE;
+ $lineStart = substr($matches[2], 3);
+ } else {
+ $showln = (strtolower(substr($matches[2],-1)) == 'y') ? TRUE : FALSE;
+ }
}
- $geshi = new GeSHi($matches[3], $geshilang, $pathtogeshi);
+ $userStyle = $defaultstyle;
+ if($userStyle == "") {
+ $userStyle = 'text-align: left;';
+ }
+ if (substr($matches[3], 0, 6) == 'style=') {
+ $userStyle = substr($matches[3], 7, -1);
+ }
+ $geshi = new GeSHi($matches[4], $geshilang, $pathtogeshi);
$geshi->set_header_type(GESHI_HEADER_DIV);
- if ($showln)
+ if ($showln) {
$geshi->enable_line_numbers(GESHI_NORMAL_LINE_NUMBERS);
+ if ($lineStart != -1)
+ $geshi->start_line_numbers_at($lineStart);
+ }
// Have to get rid of newlines.
// Left align per suggestion from Norbert Mocsnik
- $geshi->set_overall_style('text-align: left');
+ $geshi->set_overall_style($userStyle);
return str_replace("\n", '', $geshi->parse_code());
}
}
/* vim: set sts=4 ts=4 expandtab : */
-?>
\ No newline at end of file
+?>

lang_en.inc.php
--- /Users/dormlock/Desktop/geshi orginal/lang_en.inc.php 2006-02-23 18:47:23.000000000 -0600
+++ /Users/dormlock/Desktop/serendipity_event_geshi/lang_en.inc.php 2006-02-23 19:27:48.000000000 -0600
@@ -8,11 +8,13 @@

@define('PLUGIN_EVENT_GESHI_NAME', 'Markup: GeSHi');
@define('PLUGIN_EVENT_GESHI_DESC', 'Computer Language Color Syntax Highlighting. Tag usage: [geshi lang=lang_name [,ln={y|n}]]code snippet[/geshi]');
-@define('PLUGIN_EVENT_GESHI_TRANSFORM', 'You can use <b>[geshi lang=lang_name [,ln={y|n}]][/lang]</b> tags to embed source code snippets');
+@define('PLUGIN_EVENT_GESHI_TRANSFORM', 'You can use <b>[geshi lang=lang_name [,ln={y|n}] [,style="css styles"]][/lang]</b> tags to embed source code snippets');
@define('PLUGIN_EVENT_GESHI_VERSION','03');
@define('PLUGIN_EVENT_GESHI_PATHTOGESHI','Path to GeSHi');
@define('PLUGIN_EVENT_GESHI_PATHTOGESHI_DESC','Path where GeSHi package is installed relative to Serendipity root directory');
@define('PLUGIN_EVENT_GESHI_SHOWLINENUMBERS', 'Line Numbers?');
@define('PLUGIN_EVENT_GESHI_SHOWLINENUMBERS_DESC','Do you want line numbers to be shown by default');
+@define('PLUGIN_EVENT_GESHI_DEFAULTSTYLE','The default style to wrap around the code');
+@define('PLUGIN_EVENT_GESHI_DEFAULTSTYLE_DESC','Enter the default style you want wrapped around the code');

?>

You can see the modifications in use at http://devblog.catspawgames.com

Hi!

Many thanks for sharing your code! I must admit I'm not very skilled in the Geshi plugin, but your patch sure seems useful.

However, it seems that your way of using style="..." accepts ".*" inside of it, which would allow to use any arbitrary characters sequence as a 'style' attribute.

For people having Geshi enabled for comments, this would mean arbitrary HTML/JavaScript inclusion. One could strip out dangerous tags ( "'<>(); ) but then the CSS rules would not allow really custom styling.

So instead I would suggest to use specifying CSS classnames instead, that people can use? Then the regex would only need to look for "A-Z0-9\." and not allow any XSS...?

Best regards,
Garvin

Thats a good point. I guess in order to keep the true nature of a custom style then I should probably run some checks on the css style they specify and reject any that try javascript or include html. The class name is fine but you then have to have a bunch of predefined styles to use.