public function testSanitizing()
{
$before = '';
$after = '';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
$before = '<strong>test</strong>';
$after = '<strong>test</strong>';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
$before = '<b>lorem</b> <strong>ipsum dolor</strong> sit <em>amet</em>';
$after = '<b>lorem</b> <strong>ipsum dolor</strong> sit <em>amet</em>';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
$before = 'I am <iframe src="http://evil" />! <script>Oooh!</script>';
$after = 'I am <iframe src="http://evil" />! <script>Oooh!</script>';
$this->assertEquals(ae_Security::sanitizeHTML($before), $after);
}
require_once '../core/autoload.php';
require_once '../core/config.php';
if (isset($_POST['comment-do-not-fill']) && $_POST['comment-do-not-fill'] != '' || isset($_POST['comment-content-do-not-fill']) && $_POST['comment-content-do-not-fill'] != '' || !isset($_POST['comment-post'])) {
header('Location: ../');
exit;
}
if (!isset($_POST['comment-author-name'], $_POST['comment-author-email'], $_POST['comment-author-url'], $_POST['comment-content'], $_POST['comment-post']) || mb_strlen(trim($_POST['comment-content'])) == 0) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=missing_data#comment-form');
exit;
}
$url = trim($_POST['comment-author-url']);
if (mb_strlen($url) > 0 && !preg_match('/^(http|ftp)s?:\\/\\//i', $url)) {
$url = 'http://' . $url;
}
$content = ae_Security::sanitizeHTML(trim($_POST['comment-content']));
$content = nl2br($content);
$co = new ae_CommentModel();
// Bad errors
try {
$co->setPostId($_POST['comment-post']);
} catch (Exception $exc) {
header('Location: ../?p=' . $_POST['comment-post'] . '&error=invalid_data#comment-form');
exit;
}
// Forgivable errors with default values for fallback
try {
$co->setAuthorName($_POST['comment-author-name']);
$co->setAuthorEmail($_POST['comment-author-email']);
$co->setAuthorUrl($url);
$co->setAuthorIp($_SERVER['REMOTE_ADDR']);
