X-Git-Url: http://git.shiar.nl/minimedit.git/blobdiff_plain/e64861a7760cfe34596e193a6a3ed2ef39b25892..cc9044a1aa3f79cda743040573d49bc71fb7805f:/upload.inc.php
diff --git a/upload.inc.php b/upload.inc.php
index f79600f..0ee432b 100644
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -1,6 +1,4 @@
api = $_SERVER['HTTP_ACCEPT'] == 'text/plain';
-
function userupload($input, $target = NULL, $filename = NULL)
{
switch ($input['error']) {
@@ -29,6 +27,9 @@ function userupload($input, $target = NULL, $filename = NULL)
$target .= $input['name'];
}
+ if (file_exists($target)) {
+ throw new Exception("bestandsnaam al aanwezig op $target");
+ }
if (!@move_uploaded_file($input['tmp_name'], $target)) {
throw new Exception("bestand kon niet worden opgeslagen in $target");
}
@@ -50,10 +51,16 @@ function messagehtml($input)
if ($User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
return $input; # allow html input as is if privileged
}
- $html = preg_replace(
- ["/\r?\n/", "'(?:
\n?){2}'"],
- ["
\n", "
"],
- htmlspecialchars($input)
- );
+ $markup = [
+ '{<((?:\w+:|/).+?)>}' => '<$1>', # unescape link entities
+ '{<(?:https?://)?([^>\s|]+)>}' => '<$1 $1>', # unnamed link
+ '{<([^>\s|]+)[\s|]([^>]+)>}' => '$2', # hyperlink
+ "/\r\n?/" => "\n", # unix newlines
+ "/ +\n/" => "
", # trailing spaces for hard line break
+ "/\n/" => "
", # newlines start paragraphs + '/_(? '$1', # italic + '/\*(? '$1', # bold + ]; + $html = preg_replace(array_keys($markup), array_values($markup), htmlspecialchars($input)); return "
$html
"; }