diff --git a/lib/CMTD/Main.pm b/lib/CMTD/Main.pm index 0577d31..09488de 100644 --- a/lib/CMTD/Main.pm +++ b/lib/CMTD/Main.pm @@ -6,6 +6,8 @@ use utf8; use Mojo::Base 'Mojolicious::Controller'; +use Mojo::Util qw(trim); + sub index { my ($self) = @_; @@ -75,15 +77,52 @@ sub c_add { return; } - my $site = $self->app->sites->{ $ref->{site} }; - unless ($site and ref($site) eq 'HASH') { - $self->res->code(400); - $self->render(text => "no such site\n"); - return; - } - eval { - 1; + my (%msg, %cap); + $msg{addr} = $self->tx->remote_address; + foreach my $param (qw(name email text reply)) { + $msg{$param} = trim($self->req->param($param) || ''); + } + foreach my $param (qw(cid code)) { + $cap{$param} = trim($self->req->param($param) || ''); + } + do {{ + unless ($msg{text}) { + $self->res->code(400); + $self->render(text => "empty message\n"); + last; + } + my $sid = $self->app->sid_by_name($ref->{site}); + unless ($sid) { + $self->res->code(400); + $self->render(text => "no such site\n"); + last; + } + if ($cap{cid}) { + unless ($cap{code}) { + $self->res->code(400); + $self->render(text => "missing captcha code\n"); + last; + } + my $cap = $self->captcha_by_id($cap{cid}); + unless ($cap and $cap eq 'HASH') { + $self->res->code(400); + $self->render(text => "no captcha with this id\n"); + last; + } + unless ($cap->{code} eq $cap{code}) { + $self->res->code(400); + $self->render(text => "captcha code mismatch\n"); + last; + } + } + my $pid = $self->app->pid_by_hash($sid, $ref->{hash}); + unless ($pid) { + $self->app->add_page($sid, $ref); + $pid = $self->app->pid_by_hash($sid, $ref->{hash}); + } + $self->add_comment($pid, \%msg); + }} while (0); 1; } or do { chomp $@; my $msg = sprintf "Error when listing comments for %s/%s: %s",