From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 5 Jan 2020 21:23:56 +0000 (+0100)
Subject: reply: accept html input from admins
X-Git-Tag: v4.3
X-Git-Url: http://git.shiar.net/minimedit.git/commitdiff_plain/refs/tags/v4.3

reply: accept html input from admins

Forgo html formatting if text starts with an element such as <p>.
Restricted for safety since it's not validated.  Intermediate solution to
support rich contents (wysiwyg editor can be added later for accessibility).
---

diff --git a/upload.inc.php b/upload.inc.php
index afaa047..74219ed 100644
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -41,9 +41,13 @@ function userupload($input, $target = NULL, $filename = NULL)
 function messagehtml($input)
 {
 	# convert user textarea post to formatted html
+	global $User;
 	if (empty($input)) {
 		return;
 	}
+	if ($User and $User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
+		return $input;  # allow html input as is if privileged
+	}
 	$html = preg_replace(
 		["/\r?\n/", "'(?:<br />\n?){2}'"],
 		["<br />\n", "</p>\n\n<p>"],