public function test_parse_url_sanitization_idn()
{
// http://пример.испытание
$url = 'http://пример.испытание';
$url = html_entity_decode($url, null, 'UTF-8');
$parsed = InputFilter::parse_url($url);
$glued = InputFilter::glue_url($parsed);
// note that glue_url always appends a trailing /
$this->assert_identical($glued, $url . '/');
}
/**
* Receive a Pingback via XMLRPC
* @param array $params An array of XMLRPC parameters from the remote call
* @return string The success state of the pingback
*/
public function xmlrpc_pingback__ping( $params )
{
try {
list( $source_uri, $target_uri )= $params;
// This should really be done by an Habari core function
$target_parse = InputFilter::parse_url( $target_uri );
$target_stub = $target_parse['path'];
$base_url = Site::get_path( 'base', true );
if ( '/' != $base_url) {
$target_stub = str_replace( $base_url, '', $target_stub );
}
$target_stub = trim( $target_stub, '/' );
if ( strpos( $target_stub, '?' ) !== false ) {
list( $target_stub, $query_string )= explode( '?', $target_stub );
}
// Can this be used as a target?
$target_slug = URL::parse( $target_stub )->named_arg_values['slug'];
if ( $target_slug === false ) {
throw new XMLRPCException( 33 );
}
// Does the target exist?
$target_post = Post::get( array( 'slug' => $target_slug ) );
if ( $target_post === false ) {
throw new XMLRPCException( 32 );
}
// Is comment allowed?
if ( $target_post->info->comments_disabled ) {
throw new XMLRPCException( 33 );
}
// Is this Pingback already registered?
if ( Comments::get( array( 'post_id' => $target_post->id, 'url' => $source_uri, 'type' => Comment::PINGBACK ) )->count() > 0 ) {
throw new XMLRPCException( 48 );
}
// Retrieve source contents
try {
$rr = new RemoteRequest( $source_uri );
$rr->execute();
if ( ! $rr->executed() ) {
throw new XMLRPCException( 16 );
}
$source_contents = $rr->get_response_body();
$headers = $rr->get_response_headers();
}
catch ( XMLRPCException $e ) {
// catch our special type of exception and re-throw it
throw $e;
}
catch ( Exception $e ) {
throw new XMLRPCException( -32300 );
}
// Encoding is converted into internal encoding.
// First, detect the source string's encoding
$habari_encoding = strtoupper( MultiByte::hab_encoding() );
$source_encoding = 'Windows-1252';
// Is the charset in the headers?
if ( isset( $headers['Content-Type'] ) && strpos( $headers['Content-Type'], 'charset' ) !== false ) {
// This regex should be changed to meet the HTTP spec at some point
if ( preg_match("/charset[\x09\x0A\x0C\x0D\x20]*=[\x09\x0A\x0C\x0D\x20]*('?)([A-Za-z0-9\-\_]+)\1/i", $headers['Content-Type'], $matches ) ) {
$source_encoding = strtoupper( $matches[2] );
}
}
// Can we tell the charset from the stream itself?
else if ( ( $enc = MultiByte::detect_bom_encoding( $source_contents ) ) !== false ) {
$source_encoding = $enc;
}
// Is the charset in a meta tag?
else if ( preg_match( "/<meta[^>]+charset[\x09\x0A\x0C\x0D\x20]*=[\x09\x0A\x0C\x0D\x20]*([\"']?)([A-Za-z0-9\-\_]+)\1/i", $source_contents, $matches ) ) {
$source_encoding = strtoupper( $matches[2] );
if (in_array($source_encoding, array("UTF-16", "UTF-16BE", "UTF-16LE"))) {
$source_encoding = "UTF-8";
}
}
// Then, convert the string
$ret = MultiByte::convert_encoding( $source_contents, $habari_encoding, $source_encoding );
if ( $ret !== false ) {
$source_contents = $ret;
}
// Find the page's title
preg_match( '/<title>(.*)<\/title>/is', $source_contents, $matches );
$source_title = $matches[1];
// Find the reciprocal links and their context
preg_match( '/<body[^>]*>(.+)<\/body>/is', $source_contents, $matches );
$source_contents_filtered = preg_replace( '/\s{2,}/is', ' ', strip_tags( $matches[1], '<a>' ) );
// Get rid of all the non-recriprocal links
$ht = new HTMLTokenizer( trim( $source_contents_filtered ) );
$set = $ht->parse();
$all_links = $set->slice( 'a', array() );
$keep_links = $set->slice( 'a', array( 'href' => $target_uri ) );
$bad_links = array_diff( $all_links, $keep_links );
foreach( $bad_links as $link ) {
$link->tokenize_replace( '' );
$set->replace_slice( $link );
}
$source_contents_filtered = (string)$set;
// Get the excerpt
if ( !preg_match( '%.{0,100}?<a[^>]*?href\\s*=\\s*("|\'|)' . $target_uri . '\\1[^>]*?'.'>(.+?)</a>.{0,100}%s', $source_contents_filtered, $source_excerpt ) ) {
throw new XMLRPCException( 17 );
}
/** Sanitize Data */
$source_excerpt = '…' . InputFilter::filter( $source_excerpt[0] ) . '…';
$source_title = InputFilter::filter($source_title);
$source_uri = InputFilter::filter($source_uri);
/* Sanitize the URL */
if (!empty($source_uri)) {
$parsed = InputFilter::parse_url( $source_uri );
if ( $parsed['is_relative'] ) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url( 'http://' . $source_uri );
if ( ! $parsed['is_error'] ) {
$source_uri = InputFilter::glue_url( $parsed );
}
else {
// disallow relative URLs
$source_uri = '';
}
}
if ( $parsed['is_pseudo'] || ( $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https' ) ) {
// allow only http(s) URLs
$source_uri = '';
}
else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$source_uri = InputFilter::glue_url( $parsed );
}
}
// Add a new pingback comment
$pingback = new Comment( array(
'post_id' => $target_post->id,
'name' => $source_title,
'email' => '',
'url' => $source_uri,
'ip' => Utils::get_ip(),
'content' => $source_excerpt,
'status' => Comment::STATUS_UNAPPROVED,
'date' => HabariDateTime::date_create(),
'type' => Comment::PINGBACK,
) );
$pingback->insert();
// Respond to the Pingback
return 'The pingback has been registered';
}
catch ( XMLRPCException $e ) {
$e->output_fault_xml();
}
}
/**
* Return & entities in a URL querystring to their previous & glory, for use in redirects
* @param string $value A URL, maybe with a querystring
* @return bool|string The valid, de-amped URL
*/
public static function de_amp($value)
{
$url = InputFilter::parse_url($value);
$url['query'] = str_replace('&', '&', $url['query']);
return InputFilter::glue_url($url);
}
/**
* Add a comment to the site
*
* @param mixed $post A Post object instance or Post object id
* @param string $name The commenter's name
* @param string $email The commenter's email address
* @param string $url The commenter's website URL
* @param string $content The comment content
* @param array $extra An associative array of extra values that should be considered
*/
function add_comment($post, $name = null, $email = null, $url = null, $content = null, $extra = null)
{
if (is_numeric($post)) {
$post = Post::get(array('id' => $post));
}
if (!$post instanceof Post) {
// Not sure what you're trying to pull here, but that's no good
header('HTTP/1.1 403 Forbidden', true, 403);
die;
}
// let's do some basic sanity checking on the submission
if (1 == Options::get('comments_require_id') && (empty($name) || empty($email))) {
Session::error(_t('Both name and e-mail address must be provided.'));
}
if (empty($content)) {
Session::error(_t('You did not provide any content for your comment!'));
}
if (Session::has_errors()) {
// save whatever was provided in session data
Session::add_to_set('comment', $name, 'name');
Session::add_to_set('comment', $email, 'email');
Session::add_to_set('comment', $url, 'url');
Session::add_to_set('comment', $content, 'content');
// now send them back to the form
Utils::redirect($post->permalink . '#respond');
}
if ($post->info->comments_disabled) {
// comments are disabled, so let's just send
// them back to the post's permalink
Session::error(_t('Comments on this post are disabled!'));
Utils::redirect($post->permalink);
}
/* Sanitize data */
foreach (array('name', 'url', 'email', 'content') as $k) {
${$k} = InputFilter::filter(${$k});
}
/* Sanitize the URL */
if (!empty($url)) {
$parsed = InputFilter::parse_url($url);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $url);
if (!$parsed['is_error']) {
$url = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$url = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$url = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$url = InputFilter::glue_url($parsed);
}
}
if (preg_match('/^\\p{Z}*$/u', $content)) {
Session::error(_t('Comment contains only whitespace/empty comment'));
Utils::redirect($post->permalink);
}
/* Create comment object*/
$comment = new Comment(array('post_id' => $post->id, 'name' => $name, 'email' => $email, 'url' => $url, 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $content, 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT));
// Should this really be here or in a default filter?
// In any case, we should let plugins modify the status after we set it here.
$user = User::identify();
if ($user->loggedin && $comment->email == $user->email) {
$comment->status = Comment::STATUS_APPROVED;
}
// Users need to have permission to add comments
if (!$user->can('comment')) {
Session::error(_t('You do not have permission to create comments.'));
Utils::redirect($post->permalink);
}
// Allow themes to work with comment hooks
Themes::create();
// Allow plugins to change comment data and add commentinfo based on plugin-added form fields
Plugins::act('comment_accepted', $comment, $this->handler_vars, $extra);
$spam_rating = 0;
$spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars, $extra);
$comment->insert();
$anchor = '';
// If the comment was saved
if ($comment->id && $comment->status != Comment::STATUS_SPAM) {
$anchor = '#comment-' . $comment->id;
// store in the user's session that this comment is pending moderation
if ($comment->status == Comment::STATUS_UNAPPROVED) {
Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
}
// if no cookie exists, we should set one
// but only if the user provided some details
$cookie = 'comment_' . Options::get('GUID');
if (!User::identify()->loggedin && !isset($_COOKIE[$cookie]) && (!empty($name) || !empty($email) || !empty($url))) {
$cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url;
$site_url = Site::get_path('base', true);
setcookie($cookie, $cookie_content, time() + 31536000, $site_url);
}
}
// Return the commenter to the original page.
Utils::redirect($post->permalink . $anchor);
}
/**
* Merge query params from the URL with given params.
* @param string $url The URL
* @param string $params An associative array of parameters.
*/
private function merge_query_params($url, $params)
{
$urlparts = InputFilter::parse_url($url);
if (!isset($urlparts['query'])) {
$urlparts['query'] = '';
}
if (!is_array($params)) {
parse_str($params, $params);
}
$urlparts['query'] = http_build_query(array_merge(Utils::get_params($urlparts['query']), $params), '', '&');
return InputFilter::glue_url($urlparts);
}
/**
* Receive a Pingback via XMLRPC
* @param array $params An array of XMLRPC parameters from the remote call
* @return string The success state of the pingback
*/
public function xmlrpc_pingback__ping($params)
{
try {
list($source_uri, $target_uri) = $params;
// This should really be done by an Habari core function
$target_parse = InputFilter::parse_url($target_uri);
$target_stub = $target_parse['path'];
$base_url = Site::get_path('base', TRUE);
if ('/' != $base_url) {
$target_stub = str_replace($base_url, '', $target_stub);
}
$target_stub = trim($target_stub, '/');
if (strpos($target_stub, '?') !== FALSE) {
list($target_stub, $query_string) = explode('?', $target_stub);
}
// Can this be used as a target?
$target_slug = URL::parse($target_stub)->named_arg_values['slug'];
if ($target_slug === FALSE) {
throw new XMLRPCException(33);
}
// Does the target exist?
$target_post = Post::get(array('slug' => $target_slug));
if ($target_post === FALSE) {
throw new XMLRPCException(32);
}
// Is comment allowed?
if ($target_post->info->comments_disabled) {
throw new XMLRPCException(33);
}
// Is this Pingback already registered?
if (Comments::get(array('post_id' => $target_post->id, 'url' => $source_uri, 'type' => Comment::PINGBACK))->count() > 0) {
throw new XMLRPCException(48);
}
// Retrieve source contents
$rr = new RemoteRequest($source_uri);
$rr->execute();
if (!$rr->executed()) {
throw new XMLRPCException(16);
}
$source_contents = $rr->get_response_body();
// encoding is converted into internal encoding.
// @todo check BOM at beginning of file before checking for a charset attribute
$habari_encoding = MultiByte::hab_encoding();
if (preg_match("/<meta[^>]+charset=([A-Za-z0-9\\-\\_]+)/i", $source_contents, $matches) !== FALSE && strtolower($habari_encoding) != strtolower($matches[1])) {
$ret = MultiByte::convert_encoding($source_contents, $habari_encoding, $matches[1]);
if ($ret !== FALSE) {
$source_contents = $ret;
}
}
// Find the page's title
preg_match('/<title>(.*)<\\/title>/is', $source_contents, $matches);
$source_title = $matches[1];
// Find the reciprocal links and their context
preg_match('/<body[^>]*>(.+)<\\/body>/is', $source_contents, $matches);
$source_contents_filtered = preg_replace('/\\s{2,}/is', ' ', strip_tags($matches[1], '<a>'));
if (!preg_match('%.{0,100}?<a[^>]*?href\\s*=\\s*("|\'|)' . $target_uri . '\\1[^>]*?' . '>(.+?)</a>.{0,100}%s', $source_contents_filtered, $source_excerpt)) {
throw new XMLRPCException(17);
}
/** Sanitize Data */
$source_excerpt = '...' . InputFilter::filter($source_excerpt[0]) . '...';
$source_title = InputFilter::filter($source_title);
$source_uri = InputFilter::filter($source_uri);
/* Sanitize the URL */
if (!empty($source_uri)) {
$parsed = InputFilter::parse_url($source_uri);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $source_uri);
if (!$parsed['is_error']) {
$source_uri = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$source_uri = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$source_uri = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$source_uri = InputFilter::glue_url($parsed);
}
}
// Add a new pingback comment
$pingback = new Comment(array('post_id' => $target_post->id, 'name' => $source_title, 'email' => '', 'url' => $source_uri, 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $source_excerpt, 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::PINGBACK));
$pingback->insert();
// Respond to the Pingback
return 'The pingback has been registered';
} catch (XMLRPCException $e) {
$e->output_fault_xml();
}
}
/**
* Returns a humane commenter's link for a comment if a URL is supplied, or just display the comment author's name
*
* @param Theme $theme The current theme
* @param Comment $comment The comment object
* @return string A link to the comment author or the comment author's name with no link
*/
public function theme_comment_author_link($theme, $comment)
{
$url = $comment->url;
if ($url != '') {
$parsed_url = InputFilter::parse_url($url);
if ($parsed_url['host'] == '') {
$url = '';
} else {
$url = InputFilter::glue_url($parsed_url);
}
}
if ($url != '') {
return '<a href="' . $url . '">' . $comment->name . '</a>';
} else {
return $comment->name;
}
}
/**
* function add_comment
* adds a comment to a post, if the comment content is not NULL
* @param array An associative array of content found in the $_POST array
*/
public function act_add_comment()
{
Utils::check_request_method(array('POST'));
$defaults = array('name' => '', 'email' => '', 'url' => '', 'content' => '');
// We need to get the post anyway to redirect back to the post page.
$post = Post::get(array('id' => $this->handler_vars['id']));
if (!$post) {
// trying to comment on a non-existent post? Weirdo.
header('HTTP/1.1 403 Forbidden', true, 403);
die;
}
// make sure all our default values are set so we don't throw undefined index errors
foreach ($defaults as $k => $v) {
if (!isset($this->handler_vars[$k])) {
$this->handler_vars[$k] = $v;
}
}
// let's do some basic sanity checking on the submission
if (1 == Options::get('comments_require_id') && (empty($this->handler_vars['name']) || empty($this->handler_vars['email']))) {
Session::error(_t('Both name and e-mail address must be provided.'));
}
if (empty($this->handler_vars['content'])) {
Session::error(_t('You did not provide any content for your comment!'));
}
if (Session::has_errors()) {
// save whatever was provided in session data
Session::add_to_set('comment', $this->handler_vars['name'], 'name');
Session::add_to_set('comment', $this->handler_vars['email'], 'email');
Session::add_to_set('comment', $this->handler_vars['url'], 'url');
Session::add_to_set('comment', $this->handler_vars['content'], 'content');
// now send them back to the form
Utils::redirect($post->permalink . '#respond');
}
if ($post->info->comments_disabled) {
// comments are disabled, so let's just send
// them back to the post's permalink
Session::error(_t('Comments on this post are disabled!'));
Utils::redirect($post->permalink);
}
/* Sanitize data */
foreach ($defaults as $k => $v) {
$this->handler_vars[$k] = InputFilter::filter($this->handler_vars[$k]);
}
/* Sanitize the URL */
if (!empty($this->handler_vars['url'])) {
$url = $this->handler_vars['url'];
$parsed = InputFilter::parse_url($url);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $url);
if (!$parsed['is_error']) {
$url = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$url = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$url = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$url = InputFilter::glue_url($parsed);
}
$this->handler_vars['url'] = $url;
}
if (preg_match('/^\\p{Z}*$/u', $this->handler_vars['content'])) {
Session::error(_t('Comment contains only whitespace/empty comment'));
Utils::redirect($post->permalink);
}
/* Create comment object*/
$comment = new Comment(array('post_id' => $this->handler_vars['id'], 'name' => $this->handler_vars['name'], 'email' => $this->handler_vars['email'], 'url' => $this->handler_vars['url'], 'ip' => sprintf("%u", ip2long($_SERVER['REMOTE_ADDR'])), 'content' => $this->handler_vars['content'], 'status' => Comment::STATUS_UNAPPROVED, 'date' => HabariDateTime::date_create(), 'type' => Comment::COMMENT));
// Should this really be here or in a default filter?
// In any case, we should let plugins modify the status after we set it here.
$user = User::identify();
if ($user->loggedin && $comment->email == $user->email) {
$comment->status = Comment::STATUS_APPROVED;
}
// Allow themes to work with comment hooks
Themes::create();
$spam_rating = 0;
$spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars);
$comment->insert();
$anchor = '';
// If the comment was saved
if ($comment->id) {
$anchor = '#comment-' . $comment->id;
// store in the user's session that this comment is pending moderation
if ($comment->status == Comment::STATUS_UNAPPROVED) {
Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
}
// if no cookie exists, we should set one
// but only if the user provided some details
$cookie = 'comment_' . Options::get('GUID');
if (!isset($_COOKIE[$cookie]) && (!empty($this->handler_vars['name']) || !empty($this->handler_vars['email']) || !empty($this->handler_vars['url']))) {
$cookie_content = $comment->name . '#' . $comment->email . '#' . $comment->url;
$site_url = Site::get_path('base', true);
setcookie($cookie, $cookie_content, time() + 31536000, $site_url);
}
}
// Return the commenter to the original page.
Utils::redirect($post->permalink . $anchor);
}
/**
* Add a comment to the site
*
* @param mixed $post A Post object instance or Post object id
* @param string $name The commenter's name
* @param string $email The commenter's email address
* @param string $url The commenter's website URL
* @param string $content The comment content
* @param array $extra An associative array of extra values that should be considered
*/
function add_comment($post, $name = null, $email = null, $url = null, $content = null, $extra = null)
{
if (is_numeric($post)) {
$post = Post::get(array('id' => $post));
}
if (!$post instanceof Post) {
// Not sure what you're trying to pull here, but that's no good
header('HTTP/1.1 403 Forbidden', true, 403);
die;
}
/* Sanitize data */
foreach (array('name', 'url', 'email', 'content') as $k) {
${$k} = InputFilter::filter(${$k});
}
// there should never be any HTML in the name, so do some extra filtering on it
$name = strip_tags(html_entity_decode($name, ENT_QUOTES, 'UTF-8'));
/* Sanitize the URL */
if (!empty($url)) {
$parsed = InputFilter::parse_url($url);
if ($parsed['is_relative']) {
// guess if they meant to use an absolute link
$parsed = InputFilter::parse_url('http://' . $url);
if (!$parsed['is_error']) {
$url = InputFilter::glue_url($parsed);
} else {
// disallow relative URLs
$url = '';
}
}
if ($parsed['is_pseudo'] || $parsed['scheme'] !== 'http' && $parsed['scheme'] !== 'https') {
// allow only http(s) URLs
$url = '';
} else {
// reconstruct the URL from the error-tolerant parsing
// http:moeffju.net/blog/ -> http://moeffju.net/blog/
$url = InputFilter::glue_url($parsed);
}
}
/* Create comment object*/
$comment = new Comment(array('post_id' => $post->id, 'name' => $name, 'email' => $email, 'url' => $url, 'ip' => Utils::get_ip(), 'content' => $content, 'status' => Comment::status('approved'), 'date' => DateTime::create(), 'type' => Comment::type('comment')));
// Should this really be here or in a default filter?
// In any case, we should let plugins modify the status after we set it here.
$user = User::identify();
if ($user->loggedin && $comment->email == $user->email) {
$comment->status = 'approved';
}
// Allow themes to work with comment hooks
Themes::create();
// Allow plugins to change comment data and add commentinfo based on plugin-added form fields
Plugins::act('comment_accepted', $comment, $this->handler_vars, $extra);
$spam_rating = 0;
$spam_rating = Plugins::filter('spam_filter', $spam_rating, $comment, $this->handler_vars, $extra);
if ($spam_rating >= Options::get('spam_percentage', 100)) {
$comment->status = 'spam';
}
$comment->insert();
$anchor = '';
// If the comment was saved
if ($comment->id && $comment->status != 'spam') {
$anchor = '#comment-' . $comment->id;
// store in the user's session that this comment is pending moderation
if ($comment->status == 'unapproved') {
Session::notice(_t('Your comment is pending moderation.'), 'comment_' . $comment->id);
}
// if no cookie exists, we should set one
// but only if the user provided some details
$cookie_name = 'comment_' . Options::get('public-GUID');
// build the string we store for the cookie
$cookie_content = implode('#', array($comment->name, $comment->email, $comment->url));
// if the user is not logged in and there is no cookie OR the cookie differs from the current set
if (User::identify()->loggedin == false && (!isset($_COOKIE[$cookie_name]) || $_COOKIE[$cookie_name] != $cookie_content)) {
// update the cookie
setcookie($cookie_name, $cookie_content, time() + DateTime::YEAR, Site::get_path('base', true));
}
}
// Return the commenter to the original page.
Utils::redirect($post->permalink . $anchor);
}
