# CKEDITOR escapes it's own input data // $body = trim(filter_input(INPUT_POST, 'comment', FILTER_SANITIZE_STRING)); // if (!$body) { // throw new Exception('Invalid Comment. Please resubmit.'); // } // VALIDATE if (strlen($title) > MAX_TITLE_LENGTH) { throw new Exception('Title is larger than the maximum length allowed. Please shorten it.'); } if (strlen($body) > MAX_COMMENT_LENGTH) { throw new Exception('Comment is larger than the maximum length allowed. Please shorten it.'); } // Create a 'Comment' object and set the username for the post $commentObject = new Comment("", $title, $body, time(), $user->id); // Add the comment to the DB GuestBook::addComment($commentObject); // Count user comments for view and store back into the session $user->countUserComments(); $_SESSION['user'] = $user; // Provide the user a message $_SESSION['userMessage'] = "Your comment has been added!"; header('HTTP/1.1 302 Redirect'); header('Location: ' . INDEX_REDIRECT); } catch (Exception $e) { // Store error message in the session to view on the index page $_SESSION['errorMessage'] = $e->getMessage(); header('HTTP/1.1 302 Redirect'); header('Location: ' . INDEX_REDIRECT); } // d88888b d8888b. d888888b d888888b .o88b. .d88b. .88b d88. .88b d88. d88888b d8b db d888888b // 88' 88 `8D `88' `~~88~~' d8P Y8 .8P Y8. 88'YbdP`88 88'YbdP`88 88' 888o 88 `~~88~~'