diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/item.php | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/mod/item.php b/mod/item.php index f23bff3ac..038a967b2 100644 --- a/mod/item.php +++ b/mod/item.php @@ -477,15 +477,28 @@ function item_post(&$a) { if($mimetype === 'text/bbcode') { require_once('include/text.php'); - if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) { - require_once('include/bb2diaspora.php'); - $body = escape_tags(trim($body)); - $body = str_replace("\n",'<br />', $body); - - $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body); - $body = diaspora2bb($body,true); - $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body); - } + + // Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it. + + // Sample that will probably give you grief - you must preserve the linebreaks + // and provide the correct markdown interpretation and you cannot allow unfiltered HTML + + // Markdown + // ======== + // + // **bold** abcde + // fghijkl + // *italic* + // <img src="javascript:alert('hacked');" /> + +// if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) { +// require_once('include/bb2diaspora.php'); +// $body = escape_tags(trim($body)); +// $body = str_replace("\n",'<br />', $body); +// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body); +// $body = diaspora2bb($body,true); +// $body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body); +// } // BBCODE alert: the following functions assume bbcode input // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) |