Markdown: don't escape content + sanitize sensible tags

[github/shaarli/Shaarli.git] / application / Utils.php

diff --git a/application/Utils.php b/application/Utils.php
index aeaef9ff143a84e67f16bb99365fcdbd70680608..868946df756d98c1a726350cd524556e48b4a667 100644 (file)
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -3,6 +3,24 @@
  * Shaarli utilities
  */
 
+/**
+ * Logs a message to a text file
+ *
+ * The log format is compatible with fail2ban.
+ *
+ * @param string $logFile  where to write the logs
+ * @param string $clientIp the client's remote IPv4/IPv6 address
+ * @param string $message  the message to log
+ */
+function logm($logFile, $clientIp, $message)
+{
+    file_put_contents(
+        $logFile,
+        date('Y/m/d H:i:s').' - '.$clientIp.' - '.strval($message).PHP_EOL,
+        FILE_APPEND
+    );
+}
+
 /**
  *  Returns the small hash of a string, using RFC 4648 base64url format
  *
@@ -44,19 +62,27 @@ function endsWith($haystack, $needle, $case=true)
 }
 
 /**
- * Same as nl2br(), but escapes < and >
+ * Htmlspecialchars wrapper
+ *
+ * @param string $str the string to escape.
+ *
+ * @return string escaped.
  */
-function nl2br_escaped($html)
+function escape($str)
 {
-    return str_replace('>', '&gt;', str_replace('<', '&lt;', nl2br($html)));
+    return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
 }
 
 /**
- * htmlspecialchars wrapper
+ * Reverse the escape function.
+ *
+ * @param string $str the string to unescape.
+ *
+ * @return string unescaped string.
  */
-function escape($str)
+function unescape($str)
 {
-    return htmlspecialchars($str, ENT_COMPAT, 'UTF-8', false);
+    return htmlspecialchars_decode($str);
 }
 
 /**