git.shiar.nl
/
minimedit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
issue: secure against external form submissions
[minimedit.git]
/
issue
/
index.php
diff --git
a/issue/index.php
b/issue/index.php
index 8b42d11f7c499699a2d51ac4debb80ff628478d8..704a405e879bf42b40d9d40c89acec27874ce816 100644
(file)
--- a/
issue/index.php
+++ b/
issue/index.php
@@
-42,8
+42,12
@@
if ($id and ctype_digit($id)) {
return;
}
return;
}
-if ($_POST) {
+if ($Page->api) return;
+if ($_POST and isset($_POST['subject'])) {
require_once 'upload.inc.php';
require_once 'upload.inc.php';
+ if (strlen($_POST['subject']) < 2) {
+ throw new Exception('Een minimaal onderwerp is verplicht om een issue aan te maken.');
+ }
$query = $Db->set('issues', [
'page' => $Page->handler,
'subject' => $_POST['subject'],
$query = $Db->set('issues', [
'page' => $Page->handler,
'subject' => $_POST['subject'],
@@
-55,7
+59,6
@@
if ($_POST) {
}
$_POST = [];
}
}
$_POST = [];
}
-if ($Page->api) return;
$subsql = "SELECT count(*) FROM comments WHERE page=i.page||'/'||i.id";
$cols = "*, ($subsql AND message IS NOT NULL) AS replycount";
$subsql = "SELECT count(*) FROM comments WHERE page=i.page||'/'||i.id";
$cols = "*, ($subsql AND message IS NOT NULL) AS replycount";