diff options
Diffstat (limited to '')
| -rw-r--r-- | src/web/_controller/_comments.php | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/src/web/_controller/_comments.php b/src/web/_controller/_comments.php index eea792f..3b8fe35 100644 --- a/src/web/_controller/_comments.php +++ b/src/web/_controller/_comments.php @@ -17,20 +17,12 @@ class _comments_controller extends Controller { } public function post(): void { - $author = ''; $content = ''; $ref = ''; - if ( - !array_key_exists('author', $_GET) || - !array_key_exists('content', $_GET) || - !array_key_exists('ref', $_GET) || - !array_key_exists('page', $_GET) - ) { - $this->error(400); return; - } - $author = trim($_GET['author']); - $content = trim($_GET['content']); - $page = $_GET['page']; - $ref = $_GET['ref']; + $author = trim($this->post_data('author')); + $content = trim($this->post_data('content')); + $page = $this->post_data('page'); + $ref = $this->post_data('ref'); + $url = NULL; $author_len = strlen($author); @@ -55,7 +47,7 @@ class _comments_controller extends Controller { try { $ref = base64_decode($ref); $url = parse_url($ref); - if (!$url && array_key_exists('host', $url)) { + if (!$url || array_key_exists('host', $url)) { // dont allow redirects off this site $this->error(400); return; |