switch to POST for posting comments
This commit is contained in:
parent
d26ef7865e
commit
ce12380727
GPG key ID:
9FBC6FFD6D2DBF17
4 changed files with 38 additions and 26 deletions
|
|
@ -17,20 +17,12 @@ class _comments_controller extends Controller {
|
|||
}
|
||||
|
||||
public function post(): void {
|
||||
$author = ''; $content = ''; $ref = '';
|
||||
if (
|
||||
!array_key_exists('author', $_GET) ||
|
||||
!array_key_exists('content', $_GET) ||
|
||||
!array_key_exists('ref', $_GET) ||
|
||||
!array_key_exists('page', $_GET)
|
||||
) {
|
||||
$this->error(400); return;
|
||||
}
|
||||
|
||||
$author = trim($_GET['author']);
|
||||
$content = trim($_GET['content']);
|
||||
$page = $_GET['page'];
|
||||
$ref = $_GET['ref'];
|
||||
$author = trim($this->post_data('author'));
|
||||
$content = trim($this->post_data('content'));
|
||||
$page = $this->post_data('page');
|
||||
$ref = $this->post_data('ref');
|
||||
|
||||
$url = NULL;
|
||||
|
||||
$author_len = strlen($author);
|
||||
|
|
@ -55,7 +47,7 @@ class _comments_controller extends Controller {
|
|||
try {
|
||||
$ref = base64_decode($ref);
|
||||
$url = parse_url($ref);
|
||||
if (!$url && array_key_exists('host', $url)) {
|
||||
if (!$url || array_key_exists('host', $url)) {
|
||||
// dont allow redirects off this site
|
||||
$this->error(400);
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,13 @@
|
|||
<?php /* Copyright (c) 2024 Freya Murphy */
|
||||
class _comments_model extends Model {
|
||||
|
||||
private $profanity;
|
||||
|
||||
function __construct()
|
||||
{
|
||||
$this->profanity = $this->load_profanity();
|
||||
}
|
||||
|
||||
private function load_profanity()
|
||||
{
|
||||
$path = ASSET_ROOT . '/profanity.txt';
|
||||
|
|
@ -24,8 +31,7 @@ class _comments_model extends Model {
|
|||
|
||||
public function is_vulgar($text)
|
||||
{
|
||||
$profanity = $this->load_profanity();
|
||||
return preg_match($profanity, $text);
|
||||
return preg_match($this->profanity, $text);
|
||||
}
|
||||
|
||||
public function get_comments($page)
|
||||
|
|
@ -45,15 +51,6 @@ class _comments_model extends Model {
|
|||
return $result;
|
||||
}
|
||||
|
||||
public function ban_user()
|
||||
{
|
||||
$ip = CONTEXT['ip'];
|
||||
$this->db()
|
||||
->insert_into('admin.banned', 'ip', 'reason')
|
||||
->values($ip, 'vulgar language')
|
||||
->execute();
|
||||
}
|
||||
|
||||
public function post_comment($author, $content, $page, $vulgar)
|
||||
{
|
||||
$ip = CONTEXT['ip'];
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
?>
|
||||
<div class="new">
|
||||
<h3><?=lang('new_comment_title')?></h3>
|
||||
<form id="new_comment" method="get" action="<?=$this->get_url('_comments/post')?>">
|
||||
<form id="new_comment" method="post" action="<?=$this->get_url('_comments/post')?>">
|
||||
<div><input
|
||||
type="text"
|
||||
name="author"
|
||||
|
|
|
|||
|
|
@ -39,4 +39,27 @@ abstract class Controller extends Component {
|
|||
die();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns HTTP POST information if POST request.
|
||||
* Returns 405 Method Not Allowed if not.
|
||||
*
|
||||
* If $key is specified, returns only that key. otherwise
|
||||
* returns HTTP 400 Bad Request;
|
||||
*/
|
||||
protected function post_data(?string $key = NULL): array|string
|
||||
{
|
||||
// only post requests allowed
|
||||
if ($_SERVER['REQUEST_METHOD'] != 'POST')
|
||||
$this->error(405);
|
||||
|
||||
// return entire $_POST array
|
||||
if (!$key)
|
||||
return $_POST;
|
||||
|
||||
if (!isset($_POST[$key]))
|
||||
$this->error(400);
|
||||
|
||||
return $_POST[$key];
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue