remove the markdown feature. Do not re-enable unless you are willing to support it.

doc/to_do_code.bb

@@ -32,8 +32,6 @@ We need much more than this, but here are areas where developers can help. Pleas
 [li]API extensions, for Twitter API - search, friending, threading. For Red API, lots of stuff[/li]
 [li]Import channel from Diaspora/Friendica (Diaspora partially done)[/li]
 [li]MediaGoblin photo "crosspost" connector[/li]
-[li]Create management page/UI for extensible profile fields[/li]
-[li]Create interface to include/exclude and re-order standard profile fields[/li]
 [li]App taxonomy[/li]
 [li]Customisable App collection pages[/li]
 [li]replace the tinymce visual editor and/or make the visual editor pluggable and responsive to different output formats. We probably want library/bbedit for bbcode. This needs a fair bit of work to catch up with our "enhanced bbcode", but start with images, links, bold and highlight and work from there.[/li]

include/features.php

@@ -66,7 +66,7 @@ function get_features($filtered = true) {
 		'composition' => array(
 			t('Post Composition Features'),
 //			array('richtext',       t('Richtext Editor'),			t('Enable richtext editor'),falseget_config('feature_lock','richtext')),
-			array('markdown',       t('Use Markdown'),              t('Allow use of "Markdown" to format posts'),false,get_config('feature_lock','markdown')),
+//			array('markdown',       t('Use Markdown'),              t('Allow use of "Markdown" to format posts'),false,get_config('feature_lock','markdown')),
 			array('large_photos',   t('Large Photos'),              t('Include large (1024px) photo thumbnails in posts. If not enabled, use small (640px) photo thumbnails'),false,get_config('feature_lock','large_photos')),
 			array('channel_sources', t('Channel Sources'),          t('Automatically import channel content from other channels or feeds'),false,get_config('feature_lock','channel_sources')),
 			array('content_encrypt', t('Even More Encryption'),          t('Allow optional encryption of content end-to-end with a shared secret key'),false,get_config('feature_lock','content_encrypt')),

mod/item.php

@@ -477,15 +477,28 @@ function item_post(&$a) {
 	if($mimetype === 'text/bbcode') {
 
 		require_once('include/text.php');			
-		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
-			require_once('include/bb2diaspora.php');
-			$body = escape_tags(trim($body));
-			$body = str_replace("\n",'<br />', $body);
 
-			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);			
-			$body = diaspora2bb($body,true);
-			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
-		}
+		// Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
+
+		// Sample that will probably give you grief - you must preserve the linebreaks
+		// and provide the correct markdown interpretation and you cannot allow unfiltered HTML
+
+		// Markdown
+		// ========
+		//
+		// **bold** abcde
+		// fghijkl
+		// *italic*
+		// <img src="javascript:alert('hacked');" />
+
+//		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
+//			require_once('include/bb2diaspora.php');
+//			$body = escape_tags(trim($body));
+//			$body = str_replace("\n",'<br />', $body);
+//			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_shield',$body);			
+//			$body = diaspora2bb($body,true);
+//			$body = preg_replace_callback('/\[share(.*?)\]/ism','share_unshield',$body);
+//		}
 
 		// BBCODE alert: the following functions assume bbcode input
 		// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)

version.inc

@@ -1 +1 @@
-2016-03-02.1324H
+2016-03-03.1325H