aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/item.php31
1 files changed, 22 insertions, 9 deletions
diff --git a/mod/item.php b/mod/item.php
index f23bff3ac..038a967b2 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -477,15 +477,28 @@ function item_post(&$a) {
if($mimetype === 'text/bbcode') {
require_once('include/text.php');
- if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
- require_once('include/bb2diaspora.php');
- $body = escape_tags(trim($body));
- $body = str_replace("\n",'<br />', $body);
-
- $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);
- $body = diaspora2bb($body,true);
- $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
- }
+
+ // Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
+
+ // Sample that will probably give you grief - you must preserve the linebreaks
+ // and provide the correct markdown interpretation and you cannot allow unfiltered HTML
+
+ // Markdown
+ // ========
+ //
+ // **bold** abcde
+ // fghijkl
+ // *italic*
+ // <img src="javascript:alert('hacked');" />
+
+// if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
+// require_once('include/bb2diaspora.php');
+// $body = escape_tags(trim($body));
+// $body = str_replace("\n",'<br />', $body);
+// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);
+// $body = diaspora2bb($body,true);
+// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
+// }
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)