From bd3d32384956f8c5c7ca2624c96f47bb66d8958c Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Wed, 11 Nov 2015 15:09:22 -0800
Subject: run markdown through html purifier for those who insist on mixing
 html with markdown.

---
 mod/item.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mod/item.php')

diff --git a/mod/item.php b/mod/item.php
index 5f45a248b..5bf59de26 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -473,8 +473,9 @@ function item_post(&$a) {
 		require_once('include/text.php');			
 		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
 			require_once('include/bb2diaspora.php');
-			$body = escape_tags($body);
 			$body = str_replace("\n",'<br />', $body);
+			$body = purify_html($body);
+
 			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);			
 			$body = diaspora2bb($body,true);
 			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
-- 
cgit v1.2.3