Editing bbPress topics/replies on the front end corrupts MarkDown

[stephenharris]

Steps to preproduce

• Install bbPress
• Install WP-MarkDown, enable markdown for bbPress
• Create a topic and a reply. (Saves correctly* )
• Edit the reply - markdown is corrupted.

The HTML coming of the database is fine, but after this HTML is converted into MarkDown for the editor it becomes corrupted, specifically by: bbp_code_trick_reverse() hooked onto the (same) filter, but later in the queue, bbp_get_form_{type}_content.

This function seems to reverse the effects of bbp_code_trick() which is applied as the content is saved to the database (and after MarkDown is converted into HTML). Oddly, this has function has no adverse effect, only its reverse.

From what I can tell (I would love feedback from someone who actually knows!) bbp_code_trick() adds support for backtics representing code tags, and converts these into <code>/<pre> tags. (This explains why this part has no effect: by the time bbp_code_trick() sees the content, the user entered MD has been converted to HTML, and there are typically no backtics present (though this is not necessarily the case)).

I think because of what bbp_code_trick() expects from the backtics, when this is reversed, it results in corrupted MarkDown. And hence the issue.

Adding the following (though this would need to be done conditionally):

    remove_filter( 'bbp_new_reply_pre_content',  'bbp_code_trick',  20 );
    remove_filter( 'bbp_new_topic_pre_content',  'bbp_code_trick',  20 );
    remove_filter( 'bbp_edit_reply_pre_content',  'bbp_code_trick',  20 );
    remove_filter( 'bbp_edit_topic_pre_content',  'bbp_code_trick',  20 );
    remove_filter( 'bbp_get_form_topic_content',  'bbp_code_trick_reverse',  10 );
    remove_filter( 'bbp_get_form_reply_content',  'bbp_code_trick_reverse',  10 );

Fixes the issue.

Question: Am I breaking anything here with bbPress?

---

* An issue has been reported even at this step, but as of yet I've been unable to reproduce it.

[chriscoyier]

Just in case this is helpful/relevant/important, when you create a topic and reply for testing, I feel like you should do it as a kinda "regular" bbPress user. Someone who just signed up with default participant role. Not as a logged in admin. bbPress shows you that message by default as an admin "You have the right to post unrestricted HTML content." or something like that. I definitely notice discrepancies in how my own posts turn out vs. how users posts turn out on my forums.

Here's a chunk of Markdown that ideally would render perfectly and be editable exactly as is.

I'm a regular ol' paragraph.

> I'm a blockquote.

I'm a paragraph with `<code>` in it and some *other* random **markdown**.

    <dl>
      <dt>I'm some HTML code that a user is trying to post</dt>
      <dd>I'm indented four spaces NOTE the missing closing tag
    </dl>

I'm a [link](http://google.com) in a paragraph

1. I
1. am
1. an
1. ordered
1. list

- I
- am
- an
- unordered
- list

[stephenharris]

I've tried the above as a logged out user and didn't have any problems. Certainly admins can post any HTML, but with the appropriate filter added logged-out users should be able to post the above without any problem.

The issue of some of the mark-up being lost is different to the one here: specifically, it seems that for you the mark-up is being lost before it gets to the database. It's not one I can reproduce, but if you can email me credentials for a test-site I'd gladly take a look.

Once that issue is resolved, if you could test the above patch regarding editing replies, that would be great.

[chriscoyier]

OK cool. I have a perfect replica test environment set up for testing. I'll email over the details to the email listed here on your GitHub acct.

[JustinSainton]

You're on the right track with c846692, but I think similar treatments need to be done with the bbp_bad_encode() function as well. Need to do some auditing there to make sure that we're not causing security issues - but it seemed to fix @chriscoyier's issue.

[stephenharris]

Hi Justin,

I think this issue has become confused, this bug relates to editing submitted forum posts. As far as I'm aware this bug is fixed with the referenced patch.

bbp_encode_bad() encodes anything that's not specifically allowed in bbp_kses_allowed_tags(). This gist adds additional HTML tags to the whitelist - which I may include (a subset of) in the plug-in since without it tags are stripped out by bbPress.

I'm aware @chriscoyier is having another issue with WP-MarkDown - would you mind opening a ticket for that? I believe it was to do with MarkDown being parsed within a code block, but I wasn't able to reproduce it. It also only occurred for users who could not post unfiltered_html so I suspect somewhere bbp_kses_allowed_tags() plays a role...