From cb491c53f7cc7d8c382aadf5081f7603c1a92d4c Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Sat, 28 Jun 2025 13:35:05 +0200
Subject: [PATCH] Prevent mentions from mangling by markdown parser

Mentioning people whose handles include valid markdown would not survive
markdown to bbcode conversion wihout being mangled. An example that
brought this to my attention was a handle similar to this:

    _someuser_@testsite.example

The underscores would be interpreted as emphasis in markdown, and
converted to:

    [i]someuser[/i]@testsite.example

This patch should fix this, and hopefully any other issue with mentions
being mangled.
---
 include/markdown.php                 | 12 ++++++++++++
 tests/unit/includes/MarkdownTest.php |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/include/markdown.php b/include/markdown.php
index 90d671fe4..d2379e7ed 100644
--- a/include/markdown.php
+++ b/include/markdown.php
@@ -64,6 +64,12 @@ function markdown_to_bb($s, $use_zrl = false, $options = []) {
 	// Escaping the hash tags
 	$s = preg_replace('/\#([^\s\#])/','&#35;$1',$s);
 
+	// Protect mentions from being mangled by the markdown parser
+	$s = preg_replace_callback(
+		'|@\{([^}]+)\}|',
+		fn ($matches) => '@{' . base64_encode($matches[1]) . '}',
+		$s);
+
 	$s = MarkdownExtra::defaultTransform($s);
 
 
@@ -76,6 +82,12 @@ function markdown_to_bb($s, $use_zrl = false, $options = []) {
 		$s = str_replace("\r","",$s);
 	}
 
+	// Restore mentions after markdown conversion
+	$s = preg_replace_callback(
+		'|@\{([^}]+)\}|',
+		fn ($matches) => '@{' . base64_decode($matches[1]) . '}',
+		$s);
+
 	$s = str_replace('&#35;','#',$s);
 
 	$s = html2bbcode($s);
diff --git a/tests/unit/includes/MarkdownTest.php b/tests/unit/includes/MarkdownTest.php
index 55dbb4445..eec809174 100644
--- a/tests/unit/includes/MarkdownTest.php
+++ b/tests/unit/includes/MarkdownTest.php
@@ -114,6 +114,10 @@ class MarkdownTest extends UnitTestCase {
 				'This is a link https://example.com/some/path more info.',
 				'This is a link https://example.com/some/path more info.',
 			],
+			'mention with underscores is untouched' => [
+				'@{_test_@somesite.example} @{test_2_@othersite.example}',
+				'@{_test_@somesite.example} @{test_2_@othersite.example}',
+			],
 		];
 	}