X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/85bd24522825b832a8f30c5629b81cf90307a388..58c5ec6b45dcc52107f5e7c8bbca2933c7f2e98d:/upload.inc.php
diff --git a/upload.inc.php b/upload.inc.php
index 10881a2..e270b76 100644
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -48,13 +48,22 @@ function messagehtml($input)
if (empty($input)) {
return;
}
- if ($User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
+ if ($User and $User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
return $input; # allow html input as is if privileged
}
- $html = preg_replace(
- ["/\r\n?/", "/ +\n/", "/\n/", '/\b_(\w+)_\b/'],
- ["\n", "
", "
", '$1' ], - htmlspecialchars($input) - ); - return "
$html
"; + $markup = [ + '{<((?:\w+:|/).+?)>}' => '<$1>', # unescape link entities + '{<(?:https?://)?([^>\s|]+)>}' => '<$1 $1>', # unnamed link + '{<([^>\s|]+)[\s|]([^>]+)>}' => '$2', # hyperlink + "/\r\n?/" => "\n", # unix newlines + "/ +\n/" => "$1
\n", # paragraph + "{^(
$1
', # monospace
+ ];
+ return preg_replace(array_keys($markup), array_values($markup), htmlspecialchars($input));
}