page: call handler through index method

[minimedit.git] / upload.inc.php

diff --git a/upload.inc.php b/upload.inc.php
index 4eff8a09cdcc07374e8ac7e6228bf6c797d0c174..6175fe20a685b1b1df707ccba8e74f4bad2564f1 100644 (file)
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -41,10 +41,17 @@ function userupload($input, $target = NULL, $filename = NULL)
 function messagehtml($input)
 {
        # convert user textarea post to formatted html
+       global $User;
        if (empty($input)) {
                return;
        }
-       $html = htmlspecialchars($input);
-       $html = preg_replace('"(?:<br />){2}"', "</p>\n\n<p>", nl2br($html));
+       if ($User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
+               return $input;  # allow html input as is if privileged
+       }
+       $html = preg_replace(
+               ["/\r?\n/", "'(?:<br />\n?){2}'"],
+               ["<br />\n", "</p>\n\n<p>"],
+               htmlspecialchars($input)
+       );
        return "<p>$html</p>";
 }