hyzen/freedoms4-backend-public
1
0
Fork 0
mirror of https://github.com/hyzendust/freedoms4-backend-public.git synced 2026-06-30 23:12:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update: relative post_id

Browse Source
This commit is contained in:
hyzen
2026-06-26 13:24:24 +02:00
parent a15bcedac1
commit a21e5f64ed
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
comments.php
View File

@@ -273,6 +273,12 @@ if ($action === 'post' || $action === 'reply') {
if ($post_id === '') {
json_out(['success' => false, 'message' => 'post_id is required.']);
}
// post_id should always be a site-relative path like "/blog/some-post/".
// Reject anything else here, before it can shape outgoing notification
// email content or anything else downstream.
if (!preg_match('#^/[a-zA-Z0-9_/-]{1,200}/$#', $post_id)) {
json_out(['success' => false, 'message' => 'Invalid post_id.']);
}
if ($text === '') {
json_out(['success' => false, 'message' => 'Comment cannot be empty.']);
}