freya/website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

switch to POST for posting comments

Browse source
This commit is contained in:
Murphy 2024-12-11 22:05:51 -05:00
parent d26ef7865e
commit ce12380727
Signed by: freya
GPG key ID: 9FBC6FFD6D2DBF17
4 changed files with 38 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/web/_controller/_comments.php
View file

@ -17,20 +17,12 @@ class _comments_controller extends Controller {
} }
public function post(): void { public function post(): void {
$author = ''; $content = ''; $ref = '';
if (
!array_key_exists('author', $_GET) ||
!array_key_exists('content', $_GET) ||
!array_key_exists('ref', $_GET) ||
!array_key_exists('page', $_GET)
) {
$this->error(400); return;
}
$author = trim($_GET['author']); $author = trim($this->post_data('author'));
$content = trim($_GET['content']); $content = trim($this->post_data('content'));
$page = $_GET['page']; $page = $this->post_data('page');
$ref = $_GET['ref']; $ref = $this->post_data('ref');
$url = NULL; $url = NULL;
$author_len = strlen($author); $author_len = strlen($author);
@ -55,7 +47,7 @@ class _comments_controller extends Controller {
try { try {
$ref = base64_decode($ref); $ref = base64_decode($ref);
$url = parse_url($ref); $url = parse_url($ref);
if (!$url && array_key_exists('host', $url)) { if (!$url || array_key_exists('host', $url)) {
// dont allow redirects off this site // dont allow redirects off this site
$this->error(400); $this->error(400);
return; return;

19
src/web/_model/_comments.php
View file

@ -1,6 +1,13 @@
<?php /* Copyright (c) 2024 Freya Murphy */ <?php /* Copyright (c) 2024 Freya Murphy */
class _comments_model extends Model { class _comments_model extends Model {
private $profanity;
function __construct()
{
$this->profanity = $this->load_profanity();
}
private function load_profanity() private function load_profanity()
{ {
$path = ASSET_ROOT . '/profanity.txt'; $path = ASSET_ROOT . '/profanity.txt';
@ -24,8 +31,7 @@ class _comments_model extends Model {
public function is_vulgar($text) public function is_vulgar($text)
{ {
$profanity = $this->load_profanity(); return preg_match($this->profanity, $text);
return preg_match($profanity, $text);
} }
public function get_comments($page) public function get_comments($page)
@ -45,15 +51,6 @@ class _comments_model extends Model {
return $result; return $result;
} }
public function ban_user()
{
$ip = CONTEXT['ip'];
$this->db()
->insert_into('admin.banned', 'ip', 'reason')
->values($ip, 'vulgar language')
->execute();
}
public function post_comment($author, $content, $page, $vulgar) public function post_comment($author, $content, $page, $vulgar)
{ {
$ip = CONTEXT['ip']; $ip = CONTEXT['ip'];

2
src/web/_views/comments.php
View file

@ -17,7 +17,7 @@
?> ?>
<div class="new"> <div class="new">
<h3><?=lang('new_comment_title')?></h3> <h3><?=lang('new_comment_title')?></h3>
<form id="new_comment" method="get" action="<?=$this->get_url('_comments/post')?>"> <form id="new_comment" method="post" action="<?=$this->get_url('_comments/post')?>">
<div><input <div><input
type="text" type="text"
name="author" name="author"

23
src/web/core/controller.php
View file

@ -39,4 +39,27 @@ abstract class Controller extends Component {
die(); die();
} }
/**
* Returns HTTP POST information if POST request.
* Returns 405 Method Not Allowed if not.
*
* If $key is specified, returns only that key. otherwise
* returns HTTP 400 Bad Request;
*/
protected function post_data(?string $key = NULL): array|string
{
// only post requests allowed
if ($_SERVER['REQUEST_METHOD'] != 'POST')
$this->error(405);
// return entire $_POST array
if (!$key)
return $_POST;
if (!isset($_POST[$key]))
$this->error(400);
return $_POST[$key];
}
} }