From 159ee0f3d812c9681a00c37f6a2bcaf8a1de83bc Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 25 Nov 2019 21:12:33 +0100
Subject: [PATCH] upload: common function to parse user text input

Move duplicate code from issue and reply pages.
---
 issue/index.php  |  5 ++---
 upload.inc.php   | 11 +++++++++++
 widget/reply.php |  5 ++---
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/issue/index.php b/issue/index.php
index bb556f2..82fa39e 100644
--- a/issue/index.php
+++ b/issue/index.php
@@ -37,12 +37,11 @@ if ($id and ctype_digit($id)) {
 }
 
 if ($_POST) {
-		$html = nl2br(htmlspecialchars($_POST['body']));
-		$html = empty($html) ? NULL : "<p>$html</p>";
+		require_once 'upload.inc.php';
 		$query = $Db->set('issues', [
 			'page'    => $Page,
 			'subject' => $_POST['subject'],
-			'body'    => $html,
+			'body'    => messagehtml($_POST['body']),
 			'author'  => $User->login,
 		]);
 		if (!$query->rowCount()) {
diff --git a/upload.inc.php b/upload.inc.php
index c578a2d..ed9ee77 100644
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -37,3 +37,14 @@ function userupload($input, $target = NULL, $filename = NULL)
 	}
 	return $target;
 }
+
+function messagehtml($input)
+{
+	# convert user textarea post to formatted html
+	if (empty($input)) {
+		return;
+	}
+	$html = htmlspecialchars($input);
+	$html = nl2br($html);
+	return "<p>$html</p>";
+}
diff --git a/widget/reply.php b/widget/reply.php
index 43b773b..94018c4 100644
--- a/widget/reply.php
+++ b/widget/reply.php
@@ -7,12 +7,11 @@ $journalcol = [
 ];
 
 if ($_POST) {
+	require_once 'upload.inc.php';
 	try {
-		$html = nl2br(htmlspecialchars($_POST['reply']));
-		$html = empty($html) ? NULL : "<p>$html</p>";
 		$query = $Db->set('comments', [
 			'page'    => $Page,
-			'message' => $html,
+			'message' => messagehtml($_POST['reply']),
 			'author'  => $User->login,
 		]);
 		if (!$query->rowCount()) {
-- 
2.30.0