baoshuo/S2OJ
baoshuo/S2OJ
1
1
Fork 0
mirror of https://github.com/renbaoshuo/S2OJ.git synced 2024-11-22 00:28:42 +00:00
Code Issues Actions Packages Releases Activity

fix(blog): comment escaping
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Baoshuo Ren 2023-02-28 20:13:59 +08:00
parent 2cf96c34ac
commit 31448fafee
Signed by: baoshuo
GPG Key ID: 00CB9680AB29F51A
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
web/app/controllers/subdomain/blog/blog.php
View File

@ -64,9 +64,9 @@ $comment_form->addTextArea('comment', [
]); ]);
$comment_form->handle = function () { $comment_form->handle = function () {
global $blog, $comment_form; global $blog, $comment_form;
$comment = HTML::escape($_POST['comment']); $comment = $_POST['comment'];
list($comment, $referrers) = uojHandleAtSign($comment, "/post/{$blog['id']}"); list(, $referrers) = uojHandleAtSign($comment, "/post/{$blog['id']}");
DB::insert([ DB::insert([
"insert into blogs_comments", "insert into blogs_comments",
@ -99,7 +99,7 @@ $comment_form->handle = function () {
} }
UOJBlog::cur()->updateActiveTime(); UOJBlog::cur()->updateActiveTime();
$comment_form->succ_href = getLongTablePageRawUri($page); $comment_form->succ_href = getLongTablePageRawUri($page) . "#comment-{$comment_id}";
}; };
$comment_form->config['ctrl_enter_submit'] = true; $comment_form->config['ctrl_enter_submit'] = true;
$comment_form->runAtServer(); $comment_form->runAtServer();
@ -139,9 +139,9 @@ $reply_form->addTextArea('reply_comment', [
]); ]);
$reply_form->handle = function (&$vdata) { $reply_form->handle = function (&$vdata) {
global $blog, $reply_form; global $blog, $reply_form;
$comment = HTML::escape($_POST['reply_comment']); $comment = $_POST['reply_comment'];
list($comment, $referrers) = uojHandleAtSign($comment, "/post/{$blog['id']}"); list(, $referrers) = uojHandleAtSign($comment, "/post/{$blog['id']}");
$reply_id = $_POST['reply_id']; $reply_id = $_POST['reply_id'];
@ -185,7 +185,7 @@ $reply_form->handle = function (&$vdata) {
UOJBlog::cur()->updateActiveTime(); UOJBlog::cur()->updateActiveTime();
$reply_form->succ_href = getLongTablePageRawUri($page); $reply_form->succ_href = getLongTablePageRawUri($page) . "#comment-{$comment_id}";
}; };
$reply_form->config['ctrl_enter_submit'] = true; $reply_form->config['ctrl_enter_submit'] = true;
$reply_form->runAtServer(); $reply_form->runAtServer();