page: apply admin restrictions from .private contents

[minimedit.git] / upload.inc.php

diff --git a/upload.inc.php b/upload.inc.php
index 0ee432bc538a8f82f0fe5d1ea135b4524d948b7d..e270b76328c97968149f1962f0488247d66378c4 100644 (file)
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -48,7 +48,7 @@ function messagehtml($input)
        if (empty($input)) {
                return;
        }
-       if ($User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
+       if ($User and $User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
                return $input;  # allow html input as is if privileged
        }
        $markup = [
@@ -57,10 +57,13 @@ function messagehtml($input)
                '{<([^>\s|]+)[\s|]([^>]+)>}'   => '<a href="$1">$2</a>', # hyperlink
                "/\r\n?/" => "\n",        # unix newlines
                "/  +\n/" => "<br />",    # trailing spaces for hard line break
-               "/\n/"    => "</p>\n<p>", # newlines start paragraphs
+               "/^[-*] (.*)$\n?/m"            => '<li>$1</li>',         # list item
+               "/^(.+)$\n?/m"                 => "<p>$1</p>\n",         # paragraph
+               "{^<p>(<li>.*</li>)(?:</p>\n)?}m" => "<ul>$1</ul>\n",    # list container
                '/_(?<!\w_)(.+?)_(?!\w)/'      => '<em>$1</em>',         # italic
                '/\*(?<!\w\*)(.+?)\*(?!\w)/'   => '<strong>$1</strong>', # bold
+               '/~(?<!\w~)(.+?)~(?!\w)/'      => '<s>$1</s>',           # stricken
+               '/`(?<!\w`)(.+?)`(?!\w)/'      => '<code>$1</code>',     # monospace
        ];
-       $html = preg_replace(array_keys($markup), array_values($markup), htmlspecialchars($input));
-       return "<p>$html</p>";
+       return preg_replace(array_keys($markup), array_values($markup), htmlspecialchars($input));
 }