public static function clear($str)
{
return htmlspecialchars(Env::xss_clean($str));
}
public function actionComment($id)
{
$this->checkAddAccess(Env::getCurrentUser());
$error = false;
if (isset($_POST['CommentForm'])) {
if (empty($_POST['CommentForm']['content'])) {
$error = true;
}
if (!$error) {
$comment = new Comment();
$comment->uid = Env::getCurrentUser()->id;
$comment->content = Env::xss_clean($_POST['CommentForm']['content']);
$comment->pid = $id;
$comment->time = time();
$comment->save();
$this->redirect("/post/" . $id . "#firstcomment");
}
}
$this->redirect("/post/" . $id . "#adderror");
}
