From 671946af5f06753cb83c9e1fdaf0bdd44ea28b8d Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 5 Jan 2020 22:23:56 +0100
Subject: [PATCH] reply: accept html input from admins

Forgo html formatting if text starts with an element such as <p>.
Restricted for safety since it's not validated.  Intermediate solution to
support rich contents (wysiwyg editor can be added later for accessibility).
---
 upload.inc.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/upload.inc.php b/upload.inc.php
index afaa047..74219ed 100644
--- a/upload.inc.php
+++ b/upload.inc.php
@@ -41,9 +41,13 @@ function userupload($input, $target = NULL, $filename = NULL)
 function messagehtml($input)
 {
 	# convert user textarea post to formatted html
+	global $User;
 	if (empty($input)) {
 		return;
 	}
+	if ($User and $User->admin and preg_match('/\A<[a-z][^>]*>/', $input)) {
+		return $input;  # allow html input as is if privileged
+	}
 	$html = preg_replace(
 		["/\r?\n/", "'(?:<br />\n?){2}'"],
 		["<br />\n", "</p>\n\n<p>"],
-- 
2.30.0