Merge pull request #3 from mindoc-org/master

sync

.github/workflows/build.yml

@@ -32,7 +32,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18
+          go-version: 1.20.0
 
       - name: Build
         run: |

conf/lang/en-us.ini

@@ -224,6 +224,7 @@ project_label_desc = Allows up to 10 labels, use ";" to separate multiple tags
 cannot_change_own_status = Cannot change own status
 cannot_change_super_status = Cannot change super administrator status
 cannot_change_super_priv = Cannot change super administrator permissions
+editors_not_compatible = two editors are not compatible
 
 [blog]
 author = Author
@@ -571,4 +572,4 @@ create_time = Create Time
 creator = Creator
 doc_amount = Number of Document
 last_edit = Last Edit
-delete_project = Delete Project
+delete_project = Delete Project

conf/lang/zh-cn.ini

@@ -224,6 +224,7 @@ project_label_desc = 最多允许添加10个标签，多个标签请用“;”
 cannot_change_own_status = 不能变更自己的状态
 cannot_change_super_status = 不能变更超级管理员的状态
 cannot_change_super_priv = 不能变更超级管理员的权限
+editors_not_compatible = 两种编辑器不兼容
 
 [blog]
 author = 作者

controllers/BookController.go

@@ -173,6 +173,9 @@ func (c *BookController) SaveBook() {
 	book.CommentStatus = commentStatus
 	book.Publisher = publisher
 	//book.Label = tag
+	if book.Editor == EditorMarkdown && editor == EditorCherryMarkdown || book.Editor == EditorCherryMarkdown && editor == EditorMarkdown {
+		c.JsonResult(6006, i18n.Tr(c.Lang, "message.editors_not_compatible"))
+	}
 	book.Editor = editor
 	if editor == EditorCherryMarkdown {
 		book.Theme = "cherry"

models/DocumentSearchResult.go

@@ -1,12 +1,13 @@
 package models
 
 import (
-	"time"
-
+	"regexp"
 	"strings"
+	"time"
 
 	"github.com/beego/beego/v2/client/orm"
 	"github.com/beego/beego/v2/core/logs"
+	"github.com/beego/beego/v2/server/web"
 )
 
 type DocumentSearchResult struct {
@@ -24,18 +25,37 @@ type DocumentSearchResult struct {
 	SearchType   string    `json:"search_type"`
 }
 
+var escape_re = regexp.MustCompile(`(?mi)(\bLIKE\s+\?)`)
+var escape_replace = "${1} ESCAPE '\\'"
+
+func need_escape(keyword string) bool {
+	dbadapter, _ := web.AppConfig.String("db_adapter")
+	if strings.EqualFold(dbadapter, "sqlite3") && (strings.Contains(keyword, "\\_") || strings.Contains(keyword, "\\%")) {
+		return true
+	}
+	return false
+}
+
 func NewDocumentSearchResult() *DocumentSearchResult {
 	return &DocumentSearchResult{}
 }
 
-//分页全局搜索.
+// 分页全局搜索.
 func (m *DocumentSearchResult) FindToPager(keyword string, pageIndex, pageSize, memberId int) (searchResult []*DocumentSearchResult, totalCount int, err error) {
 	o := orm.NewOrm()
 
 	offset := (pageIndex - 1) * pageSize
 
 	keyword = "%" + strings.Replace(keyword, " ", "%", -1) + "%"
 
+	_need_escape := need_escape(keyword)
+	escape_sql := func(sql string) string {
+		if _need_escape {
+			return escape_re.ReplaceAllString(sql, escape_replace)
+		}
+		return sql
+	}
+
 	if memberId <= 0 {
 		sql1 := `SELECT count(doc.document_id) as total_count FROM md_documents AS doc
   LEFT JOIN md_books as book ON doc.book_id = book.book_id
@@ -98,7 +118,7 @@ WHERE book.privately_owned = 0 AND (book.book_name LIKE ? OR book.description LI
 ORDER BY create_time DESC
 LIMIT ? OFFSET ?;`
 
-		err = o.Raw(sql1, keyword, keyword).QueryRow(&totalCount)
+		err = o.Raw(escape_sql(sql1), keyword, keyword).QueryRow(&totalCount)
 		if err != nil {
 			logs.Error("查询搜索结果失败 -> ", err)
 			return
@@ -109,7 +129,7 @@ LIMIT ? OFFSET ?;`
        WHERE blog.blog_status = 'public' AND (blog.blog_release LIKE ? OR blog.blog_title LIKE ?);`
 
 		c := 0
-		err = o.Raw(sql3, keyword, keyword).QueryRow(&c)
+		err = o.Raw(escape_sql(sql3), keyword, keyword).QueryRow(&c)
 		if err != nil {
 			logs.Error("查询搜索结果失败 -> ", err)
 			return
@@ -120,15 +140,15 @@ LIMIT ? OFFSET ?;`
 		sql4 := `SELECT count(*) as total_count FROM md_books as book
 WHERE book.privately_owned = 0 AND (book.book_name LIKE ? OR book.description LIKE ?);`
 
-		err = o.Raw(sql4, keyword, keyword).QueryRow(&c)
+		err = o.Raw(escape_sql(sql4), keyword, keyword).QueryRow(&c)
 		if err != nil {
 			logs.Error("查询搜索结果失败 -> ", err)
 			return
 		}
 
 		totalCount += c
 
-		_, err = o.Raw(sql2, keyword, keyword, keyword, keyword, keyword, keyword, pageSize, offset).QueryRows(&searchResult)
+		_, err = o.Raw(escape_sql(sql2), keyword, keyword, keyword, keyword, keyword, keyword, pageSize, offset).QueryRows(&searchResult)
 		if err != nil {
 			logs.Error("查询搜索结果失败 -> ", err)
 			return
@@ -226,7 +246,7 @@ FROM (
 ORDER BY create_time DESC
 LIMIT ? OFFSET ?;`
 
-		err = o.Raw(sql1, memberId, memberId, keyword, keyword).QueryRow(&totalCount)
+		err = o.Raw(escape_sql(sql1), memberId, memberId, keyword, keyword).QueryRow(&totalCount)
 		if err != nil {
 			return
 		}
@@ -237,7 +257,7 @@ LIMIT ? OFFSET ?;`
              (blog.blog_release LIKE ? OR blog.blog_title LIKE ?);`
 
 		c := 0
-		err = o.Raw(sql3, memberId, keyword, keyword).QueryRow(&c)
+		err = o.Raw(escape_sql(sql3), memberId, keyword, keyword).QueryRow(&c)
 		if err != nil {
 			logs.Error("查询搜索结果失败 -> ", err)
 			return
@@ -254,30 +274,38 @@ LIMIT ? OFFSET ?;`
 					on team.book_id = book.book_id
 WHERE (book.privately_owned = 0 OR rel1.relationship_id > 0 or team.team_member_id > 0)  AND (book.book_name LIKE ? OR book.description LIKE ?);`
 
-		err = o.Raw(sql4, memberId, memberId, keyword, keyword).QueryRow(&c)
+		err = o.Raw(escape_sql(sql4), memberId, memberId, keyword, keyword).QueryRow(&c)
 		if err != nil {
 			logs.Error("查询搜索结果失败 -> ", err)
 			return
 		}
 
 		totalCount += c
 
-		_, err = o.Raw(sql2, memberId, memberId, keyword, keyword, memberId, memberId, keyword, keyword, memberId, keyword, keyword, pageSize, offset).QueryRows(&searchResult)
+		_, err = o.Raw(escape_sql(sql2), memberId, memberId, keyword, keyword, memberId, memberId, keyword, keyword, memberId, keyword, keyword, pageSize, offset).QueryRows(&searchResult)
 		if err != nil {
 			return
 		}
 	}
 	return
 }
 
-//项目内搜索.
+// 项目内搜索.
 func (m *DocumentSearchResult) SearchDocument(keyword string, bookId int) (docs []*DocumentSearchResult, err error) {
 	o := orm.NewOrm()
 
 	sql := "SELECT * FROM md_documents WHERE book_id = ? AND (document_name LIKE ? OR `release` LIKE ?) "
 	keyword = "%" + keyword + "%"
 
-	_, err = o.Raw(sql, bookId, keyword, keyword).QueryRows(&docs)
+	_need_escape := need_escape(keyword)
+	escape_sql := func(sql string) string {
+		if _need_escape {
+			return escape_re.ReplaceAllString(sql, escape_replace)
+		}
+		return sql
+	}
+
+	_, err = o.Raw(escape_sql(sql), bookId, keyword, keyword).QueryRows(&docs)
 
 	return
 }

static/css/markdown.css

@@ -548,12 +548,13 @@ iframe.cherry-dialog-iframe {
     margin-right: 50px;
 }
 
-.markdown-article-body {
-    margin-right: 200px !important;
+@media screen and (min-width: 840px) {
+    .markdown-article {
+        margin-right: 200px !important;
+    }
 }
 
 .markdown-article-head {
-    margin-right: 200px !important;
     width: unset !important;
     padding: unset !important;
     padding-top: 10px !important;
@@ -562,4 +563,10 @@ iframe.cherry-dialog-iframe {
 .markdown-title {
     padding: unset !important;
     width: 100% !important;
-}
+}
+
+@media screen and (max-width: 839px) {
+  .toc {
+    display: none !important;
+  }
+}

utils/html.go

@@ -34,7 +34,7 @@ func StripTags(s string) string {
 	return src
 }
 
-//自动提取文章摘要
+// 自动提取文章摘要
 func AutoSummary(body string, l int) string {
 
 	//匹配图片，如果图片语法是在代码块中，这里同样会处理
@@ -60,7 +60,7 @@ func AutoSummary(body string, l int) string {
 	return content
 }
 
-//安全处理HTML文档，过滤危险标签和属性.
+// 安全处理HTML文档，过滤危险标签和属性.
 func SafetyProcessor(html string) string {
 
 	//安全过滤，移除危险标签和属性
@@ -117,6 +117,8 @@ func SafetyProcessor(html string) string {
 		if selector := docQuery.Find("div.markdown-article").First(); selector.Size() <= 0 {
 			if selector := docQuery.Find("div.markdown-toc").First(); selector.Size() > 0 {
 				docQuery.Find("div.markdown-toc").NextAll().WrapAllHtml("<div class=\"markdown-article\"></div>")
+			} else if selector := docQuery.Find("dir.toc").First(); selector.Size() > 0 {
+				docQuery.Find("dir.toc").NextAll().WrapAllHtml("<div class=\"markdown-article\"></div>")
 			}
 		}