aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-08-14 18:00:48 -0700
committerfriendica <info@friendica.com>2014-08-14 18:00:48 -0700
commitb9dffa91073c2d20f81562c5d79fa9c0546aa6df (patch)
treead2d11ae809006d05d73a6b4333cd2c2b6f1a24f
parent414d86d3a92cc9645c5fac7c4569e3fe2822c051 (diff)
downloadvolse-hubzilla-b9dffa91073c2d20f81562c5d79fa9c0546aa6df.tar.gz
volse-hubzilla-b9dffa91073c2d20f81562c5d79fa9c0546aa6df.tar.bz2
volse-hubzilla-b9dffa91073c2d20f81562c5d79fa9c0546aa6df.zip
escape tags when using markdown. Strange things happen if you put HTML entities in the text.
-rw-r--r--mod/item.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/mod/item.php b/mod/item.php
index 0e2456df3..92dc3e7c6 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -430,8 +430,8 @@ function item_post(&$a) {
if($mimetype === 'text/bbcode') {
if(local_user() && local_user() == $profile_uid && feature_enabled(local_user(),'markdown')) {
- require_once('include/bb2diaspora.php');
- $body = diaspora2bb($body,true);
+ require_once('include/bb2diaspora.php');
+ $body = diaspora2bb(escape_tags($body),true);
}