aboutsummaryrefslogtreecommitdiffstats
path: root/mod/item.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-03-03 14:47:39 -0800
committerredmatrix <git@macgirvin.com>2016-03-03 14:47:39 -0800
commit2cf54c465d25918d582efcf2bce0e3086d270e72 (patch)
tree3bd058ce47eabb7690147d435e7c61e9b749f41e /mod/item.php
parent436e91a1e13bc488003262dfffb0a7d273a3106a (diff)
downloadvolse-hubzilla-2cf54c465d25918d582efcf2bce0e3086d270e72.tar.gz
volse-hubzilla-2cf54c465d25918d582efcf2bce0e3086d270e72.tar.bz2
volse-hubzilla-2cf54c465d25918d582efcf2bce0e3086d270e72.zip
remove the markdown feature. Do not re-enable unless you are willing to support it.
Diffstat (limited to 'mod/item.php')
-rw-r--r--mod/item.php31
1 files changed, 22 insertions, 9 deletions
diff --git a/mod/item.php b/mod/item.php
index f23bff3ac..038a967b2 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -477,15 +477,28 @@ function item_post(&$a) {
if($mimetype === 'text/bbcode') {
require_once('include/text.php');
- if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
- require_once('include/bb2diaspora.php');
- $body = escape_tags(trim($body));
- $body = str_replace("\n",'<br />', $body);
-
- $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);
- $body = diaspora2bb($body,true);
- $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
- }
+
+ // Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
+
+ // Sample that will probably give you grief - you must preserve the linebreaks
+ // and provide the correct markdown interpretation and you cannot allow unfiltered HTML
+
+ // Markdown
+ // ========
+ //
+ // **bold** abcde
+ // fghijkl
+ // *italic*
+ // <img src="javascript:alert('hacked');" />
+
+// if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
+// require_once('include/bb2diaspora.php');
+// $body = escape_tags(trim($body));
+// $body = str_replace("\n",'<br />', $body);
+// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);
+// $body = diaspora2bb($body,true);
+// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
+// }
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)