Markdown: don't escape content + sanitize sensible tags

[github/shaarli/Shaarli.git] / application / Utils.php

diff --git a/application/Utils.php b/application/Utils.php
index 551db3e7cf4b74b1a347d7a84002d1472384fa6b..868946df756d98c1a726350cd524556e48b4a667 100644 (file)
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -62,19 +62,27 @@ function endsWith($haystack, $needle, $case=true)
 }
 
 /**
- * Same as nl2br(), but escapes < and >
+ * Htmlspecialchars wrapper
+ *
+ * @param string $str the string to escape.
+ *
+ * @return string escaped.
  */
-function nl2br_escaped($html)
+function escape($str)
 {
-    return str_replace('>', '&gt;', str_replace('<', '&lt;', nl2br($html)));
+    return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
 }
 
 /**
- * htmlspecialchars wrapper
+ * Reverse the escape function.
+ *
+ * @param string $str the string to unescape.
+ *
+ * @return string unescaped string.
  */
-function escape($str)
+function unescape($str)
 {
-    return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
+    return htmlspecialchars_decode($str);
 }
 
 /**