/** * Process the /board API endpoint. * * @route board */ public function board() { if ($this->isLoggedIn()) { // You're already logged in! \Airship\redirect($this->airship_cabin_prefix); } if (!$this->config('board.enabled')) { \Airship\redirect($this->airship_cabin_prefix); } $this->storeLensVar('showmenu', false); $post = $this->post(new BoardFilter()); if (!empty($post)) { // Optional: CAPTCHA enforcement if ($this->config('board.captcha')) { if (isset($post['g-recaptcha-response'])) { $rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []); $resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); if ($resp->isSuccess()) { $this->processBoard($post); return; } $this->storeLensVar('post_response', ['status' => 'ERROR', 'message' => 'Invalid CAPTCHA response']); } } else { $this->processBoard($post); return; } } $this->lens('board', ['config' => $this->config(), 'title' => 'All Aboard!']); }
/** * Add a comment to a blog post * * @param array $post * @param int $blogPostId * @return bool */ protected function addComment(array $post = [], int $blogPostId = 0) : bool { if (!$this->config('blog.comments.enabled')) { $this->storeLensVar('blog_error', \__('Comments are not enabled on this blog.')); return false; } if (!$this->isLoggedIn() && !$this->config('blog.comments.guests')) { $this->storeLensVar('blog_error', \__('Guest comments are not enabled on this blog.')); return false; } if (!$this->isLoggedIn() && (empty($post['name']) || empty($post['email']))) { $this->storeLensVar('blog_error', \__('Name and email address are required fields.')); return false; } if ($this->isLoggedIn() && !$this->isSuperUser()) { if (!empty($post['author'])) { $allowedAuthors = $this->blog->getAuthorsForUser($this->getActiveUserId()); if (!\in_array($post['author'], $allowedAuthors)) { $this->storeLensVar('blog_error', \__('You do not have permission to post as this author.')); return false; } } } $msg = \trim($post['message']); if (Binary::safeStrlen($msg) < 2) { $this->storeLensVar('blog_error', \__('The comment you attempted to leave is much too short.')); return false; } $published = false; $can_comment = false; if ($this->can('publish')) { // No CAPTCHA necessary $published = true; $can_comment = true; } elseif ($this->config('blog.comments.recaptcha')) { if (isset($post['g-recaptcha-response'])) { $rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []); $resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); $can_comment = $resp->isSuccess(); } } else { $can_comment = true; } if (!$can_comment) { $this->storeLensVar('blog_error', \__('Invalid CAPTCHA Response. Please try again.')); return false; } return $this->blog->addCommentToPost($post, $blogPostId, $published); }
/** * @route pages/{string}/deletePage * @param string $cabin */ public function deletePage(string $cabin = '') { $page = []; $path = $this->determinePath($cabin); if (!\is1DArray($_GET)) { \Airship\redirect($this->airship_cabin_prefix . '/pages/' . \trim($cabin, '/')); } $cabins = $this->getCabinNamespaces(); if (!\in_array($cabin, $cabins)) { \Airship\redirect($this->airship_cabin_prefix); } $this->setTemplateExtraData($cabin); if (!$this->can('delete')) { \Airship\redirect($this->airship_cabin_prefix); } try { $page = $this->pg->getPageInfo($cabin, $path, (string) ($_GET['page'] ?? '')); } catch (CustomPageNotFoundException $ex) { \Airship\redirect($this->airship_cabin_prefix . '/pages/' . \trim($cabin, '/')); } $secretKey = $this->config('recaptcha.secret-key'); if (empty($secretKey)) { $this->lens('pages/bad_config'); } $post = $this->post(new DeletePageFilter()); if (!empty($post)) { if (isset($post['g-recaptcha-response'])) { $rc = \Airship\getReCaptcha($secretKey, $this->config('recaptcha.curl-opts') ?? []); $resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); if ($resp->isSuccess()) { // CAPTCHA verification and CSRF token both passed $this->processDeletePage((int) $page['pageid'], $post, $cabin, $path); } } } $this->lens('pages/page_delete', ['cabins' => $cabins, 'pageinfo' => $page, 'config' => $this->config(), 'dir' => $path, 'cabin' => $cabin, 'pathinfo' => \Airship\chunk($path)]); }