blob: eea792f409f857fec2e788f61eb76df97839ce1f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
<?php /* Copyright (c) 2024 Freya Murphy */
class _comments_controller extends Controller {
private $comments_model;
function __construct() {
$this->comments_model = $this->load_model('_comments');
}
public function comments(string $page, string $ref): void {
$data = $this->comments_model->get_comments($page);
$this->view('comments', array(
'comments' => $data,
'ref' => $ref,
'page' => $page
));
}
public function post(): void {
$author = ''; $content = ''; $ref = '';
if (
!array_key_exists('author', $_GET) ||
!array_key_exists('content', $_GET) ||
!array_key_exists('ref', $_GET) ||
!array_key_exists('page', $_GET)
) {
$this->error(400); return;
}
$author = trim($_GET['author']);
$content = trim($_GET['content']);
$page = $_GET['page'];
$ref = $_GET['ref'];
$url = NULL;
$author_len = strlen($author);
$content_len = strlen($content);
if ($author_len < 1 || $content_len < 1) {
$this->error(400);
return;
}
if ($author_len > 30 || $content_len > 500) {
$this->error(413);
return;
}
if (base64_encode(base64_decode($ref)) !== $ref) {
// invalid base64
$this->error(400);
return;
}
try {
$ref = base64_decode($ref);
$url = parse_url($ref);
if (!$url && array_key_exists('host', $url)) {
// dont allow redirects off this site
$this->error(400);
return;
}
} catch (Exception $e) {
$this->error(400);
return;
}
$vulgar = 'false';
if (
$this->comments_model->is_vulgar($author) ||
$this->comments_model->is_vulgar($content)
) {
$vulgar = 'true';
}
$result = $this->comments_model
->post_comment($author, $content, $page, $vulgar);
if ($result) {
header('Location: ' . $this->get_url($ref) . '#comments');
} else {
$this->error(500);
}
}
}
|
