diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-12-11 22:05:51 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-12-11 22:05:51 -0500 |
| commit | ce123807279506d10f79fdf7214b1ea12b654648 (patch) | |
| tree | 29fff07f47e8e548af3db219621121aa2715347f /src/web/_controller/_comments.php | |
| parent | update error lang (diff) | |
| download | website-ce123807279506d10f79fdf7214b1ea12b654648.tar.gz website-ce123807279506d10f79fdf7214b1ea12b654648.tar.bz2 website-ce123807279506d10f79fdf7214b1ea12b654648.zip | |
switch to POST for posting comments
Diffstat (limited to 'src/web/_controller/_comments.php')
| -rw-r--r-- | src/web/_controller/_comments.php | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/src/web/_controller/_comments.php b/src/web/_controller/_comments.php index eea792f..3b8fe35 100644 --- a/src/web/_controller/_comments.php +++ b/src/web/_controller/_comments.php @@ -17,20 +17,12 @@ class _comments_controller extends Controller { } public function post(): void { - $author = ''; $content = ''; $ref = ''; - if ( - !array_key_exists('author', $_GET) || - !array_key_exists('content', $_GET) || - !array_key_exists('ref', $_GET) || - !array_key_exists('page', $_GET) - ) { - $this->error(400); return; - } - $author = trim($_GET['author']); - $content = trim($_GET['content']); - $page = $_GET['page']; - $ref = $_GET['ref']; + $author = trim($this->post_data('author')); + $content = trim($this->post_data('content')); + $page = $this->post_data('page'); + $ref = $this->post_data('ref'); + $url = NULL; $author_len = strlen($author); @@ -55,7 +47,7 @@ class _comments_controller extends Controller { try { $ref = base64_decode($ref); $url = parse_url($ref); - if (!$url && array_key_exists('host', $url)) { + if (!$url || array_key_exists('host', $url)) { // dont allow redirects off this site $this->error(400); return; |