Merge pull-request #738

author: Frederic Guillot <fred@kanboard.net> 2015-03-30 20:47:42 -0400
committer: Frederic Guillot <fred@kanboard.net> 2015-03-30 20:47:42 -0400
commit: 147f2015c0d1adeb6e248bcdd023fe67fc81154a (patch)
tree: 62e9ffa5a4664af40520dd3f144ffeb625725e7f
parent: cb02acba94bf9966a1dcf58d7e6bf0d60aeb4c4a (diff)
parent: 2db1af88bbc2c9d72765577fd09ac588c5e67ebf (diff)
3 files changed, 6 insertions, 1 deletions
diff --git a/app/Core/Helper.php b/app/Core/Helper.php
index 34a5e6ab..1dea832a 100644
--- a/app/Core/Helper.php
+++ b/app/Core/Helper.php
@@ -502,7 +502,7 @@ class Helper
     public function markdown($text, array $link = array())
     {
         $parser = new Markdown($link, $this);
-        $parser->setMarkupEscaped(true);
+        $parser->setMarkupEscaped(MARKDOWN_ESCAPED);
         return $parser->text($text);
     }
 
diff --git a/app/constants.php b/app/constants.php
index 82d26f2c..8c23da81 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -74,3 +74,5 @@ defined('ENABLE_XFRAME') or define('ENABLE_XFRAME', true);
 // Default files directory
 defined('FILES_DIR') or define('FILES_DIR', 'data/files/');
 
+// Escape html inside markdown text
+define('MARKDOWN_ESCAPED', true);
diff --git a/config.default.php b/config.default.php
index eb9ad1b8..0306ea35 100644
--- a/config.default.php
+++ b/config.default.php
@@ -127,3 +127,6 @@ define('ENABLE_HSTS', true);
 
 // Enable or disable "X-Frame-Options: DENY" HTTP header
 define('ENABLE_XFRAME', true);
+
+// Escape html inside markdown text
+define('MARKDOWN_ESCAPED', true);
author	Frederic Guillot <fred@kanboard.net>	2015-03-30 20:47:42 -0400
committer	Frederic Guillot <fred@kanboard.net>	2015-03-30 20:47:42 -0400
commit	147f2015c0d1adeb6e248bcdd023fe67fc81154a (patch)
tree	62e9ffa5a4664af40520dd3f144ffeb625725e7f
parent	cb02acba94bf9966a1dcf58d7e6bf0d60aeb4c4a (diff)
parent	2db1af88bbc2c9d72765577fd09ac588c5e67ebf (diff)