From ce123807279506d10f79fdf7214b1ea12b654648 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Wed, 11 Dec 2024 22:05:51 -0500
Subject: switch to POST for posting comments

---
 src/web/_controller/_comments.php | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

(limited to 'src/web/_controller/_comments.php')

diff --git a/src/web/_controller/_comments.php b/src/web/_controller/_comments.php
index eea792f..3b8fe35 100644
--- a/src/web/_controller/_comments.php
+++ b/src/web/_controller/_comments.php
@@ -17,20 +17,12 @@ class _comments_controller extends Controller {
 	}
 
 	public function post(): void {
-		$author = ''; $content = ''; $ref = '';
-		if (
-			!array_key_exists('author', $_GET) ||
-			!array_key_exists('content', $_GET) ||
-			!array_key_exists('ref', $_GET) ||
-			!array_key_exists('page', $_GET)
-		) {
-			$this->error(400); return;
-		}
 
-		$author = trim($_GET['author']);
-		$content = trim($_GET['content']);
-		$page = $_GET['page'];
-		$ref = $_GET['ref'];
+		$author = trim($this->post_data('author'));
+		$content = trim($this->post_data('content'));
+		$page = $this->post_data('page');
+		$ref = $this->post_data('ref');
+
 		$url = NULL;
 
 		$author_len = strlen($author);
@@ -55,7 +47,7 @@ class _comments_controller extends Controller {
 		try {
 			$ref = base64_decode($ref);
 			$url = parse_url($ref);
-			if (!$url && array_key_exists('host', $url)) {
+			if (!$url || array_key_exists('host', $url)) {
 				// dont allow redirects off this site
 				$this->error(400);
 				return;
-- 
cgit v1.2.3-freya