Merge remote-tracking branch 'upstream/master'

1 files changed, 22 insertions, 9 deletions

diff --git a/mod/item.php b/mod/item.php
index f23bff3ac..038a967b2 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -477,15 +477,28 @@ function item_post(&$a) {
 	if($mimetype === 'text/bbcode') {
 
 		require_once('include/text.php');			
-		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
-			require_once('include/bb2diaspora.php');
-			$body = escape_tags(trim($body));
-			$body = str_replace("\n",'<br />', $body);
-
-			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);			
-			$body = diaspora2bb($body,true);
-			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
-		}
+
+		// Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
+
+		// Sample that will probably give you grief - you must preserve the linebreaks
+		// and provide the correct markdown interpretation and you cannot allow unfiltered HTML
+
+		// Markdown
+		// ========
+		//
+		// **bold** abcde
+		// fghijkl
+		// *italic*
+		// <img src="javascript:alert('hacked');" />
+
+//		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
+//			require_once('include/bb2diaspora.php');
+//			$body = escape_tags(trim($body));
+//			$body = str_replace("\n",'<br />', $body);
+//			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);			
+//			$body = diaspora2bb($body,true);
+//			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
+//		}
 
 		// BBCODE alert: the following functions assume bbcode input
 		// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)