public static function clear($str) { return htmlspecialchars(Env::xss_clean($str)); }
public function actionComment($id) { $this->checkAddAccess(Env::getCurrentUser()); $error = false; if (isset($_POST['CommentForm'])) { if (empty($_POST['CommentForm']['content'])) { $error = true; } if (!$error) { $comment = new Comment(); $comment->uid = Env::getCurrentUser()->id; $comment->content = Env::xss_clean($_POST['CommentForm']['content']); $comment->pid = $id; $comment->time = time(); $comment->save(); $this->redirect("/post/" . $id . "#firstcomment"); } } $this->redirect("/post/" . $id . "#adderror"); }