widget/reply: formatting syntax for <links>

[minimedit.git] / upload.inc.php

diff --git a/upload.inc.php b/upload.inc.php
index 4eff8a09cdcc07374e8ac7e6228bf6c797d0c174..86af6049dd49a6fff720deb77c7a1d76afc91dee 100644 (file)
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -27,6 +27,9 @@ function userupload($input, $target = NULL, $filename = NULL)
                $target .= $input['name'];
        }
 
+       if (file_exists($target)) {
+               throw new Exception("bestandsnaam al aanwezig op $target");
+       }
        if (!@move_uploaded_file($input['tmp_name'], $target)) {
                throw new Exception("bestand kon niet worden opgeslagen in $target");
        }
@@ -41,10 +44,23 @@ function userupload($input, $target = NULL, $filename = NULL)
 function messagehtml($input)
 {
        # convert user textarea post to formatted html
+       global $User;
        if (empty($input)) {
                return;
        }
-       $html = htmlspecialchars($input);
-       $html = preg_replace('"(?:<br />){2}"', "</p>\n\n<p>", nl2br($html));
+       if ($User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
+               return $input;  # allow html input as is if privileged
+       }
+       $markup = [
+               '{&lt;((?:\w+:|/).+?)&gt;}'    => '<$1>',                # unescape link entities
+               '{<(?:https?://)?([^>\s|]+)>}' => '<$1 $1>',             # unnamed link
+               '{<([^>\s|]+)[\s|]([^>]+)>}'   => '<a href="$1">$2</a>', # hyperlink
+               "/\r\n?/" => "\n",        # unix newlines
+               "/  +\n/" => "<br />",    # trailing spaces for hard line break
+               "/\n/"    => "</p>\n<p>", # newlines start paragraphs
+               '/\b_(\w+)_\b/'   => '<em>$1</em>',         # italic
+               '/\b\*(\w+)\*\b/' => '<strong>$1</strong>', # bold
+       ];
+       $html = preg_replace(array_keys($markup), array_values($markup), htmlspecialchars($input));
        return "<p>$html</p>";
 }