From 898d592df3d4ff0a3b2a75d4629df8f857cd9b37 Mon Sep 17 00:00:00 2001
From: zPlus <->
Date: Wed, 23 Mar 2016 21:30:32 +0100
Subject: [PATCH] post, reply: Prevent empty comments

---
 post.php            | 19 ++++++++++++++-----
 reply.php           | 16 +++++++++++++++-
 submit.php          |  2 +-
 template/post.twig  |  2 +-
 template/reply.twig |  2 +-
 5 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/post.php b/post.php
index 5be3509a..da262c91 100644
--- a/post.php
+++ b/post.php
@@ -12,7 +12,7 @@ $db->connect ();
 if ($_SERVER['REQUEST_METHOD'] === 'POST')
 {
     // Must be logged in
-    if (!Session::is_valid())
+    if (!Session::is_valid ())
     {
         header ('Location: ./');
         exit ();
@@ -28,12 +28,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
     // Clear input data
     $comment = trim ($_POST['new_comment']);
     
-    if (strlen($comment) == 0)
+    // Empty text... do nothing
+    if (strlen ($comment) == 0)
     {
-        header ('Location: ./');
-        exit ();
+        // Retrieve the post
+        $post = $db->get_post ($_GET['hash_id']);
+        
+        if (is_null ($post) || empty ($post))
+            exit ();
+        
+        header ('Location: ./' . $post['hashId']);
+        exit();
     }
     
+    // Everything seems OK, add the new comment
     $post_hash_id = $_GET['hash_id'];
     
     $db->new_comment ($comment, $post_hash_id, Session::get_userid());
@@ -49,7 +57,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
 // Retrieve the post
 $post = $db->get_post ($_GET['hash_id']);
 
-if (empty ($post))
+// Wrong hash_id
+if (is_null ($post) || empty ($post))
 {
     echo '404';
     exit ();
diff --git a/reply.php b/reply.php
index ed531f93..de138578 100644
--- a/reply.php
+++ b/reply.php
@@ -32,7 +32,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST')
     
     $parent_comment = $db->get_comment ($_POST['parent_comment']);
     
-    $hash_id = $db->new_reply ($_POST['text'], $parent_comment['hashId'], Session::get_userid ());
+    $text = trim ($_POST['text']);
+    
+    // Empty comment. Redirect to parent comment
+    if (strlen ($text) == 0)
+    {
+        header ('Location: ./post/' . $parent_comment['postHashId'] . '#comment-' . $parent_comment['hashId']);
+        exit ();
+    }
+    
+    // We have a text, add the reply and redirect to the new reply
+    
+    $hash_id = $db->new_reply (
+        $text,
+        $parent_comment['hashId'],
+        Session::get_userid ());
     
     // Can't post?! What happened?!
     if (is_null ($hash_id))
diff --git a/submit.php b/submit.php
index 6f905c06..45fba671 100644
--- a/submit.php
+++ b/submit.php
@@ -5,7 +5,7 @@ require_once 'database.php';
 require_once 'twig.php';
 
 // Must be logged in
-if (!Session::is_valid())
+if (!Session::is_valid ())
 {
     header ('Location: ./login');
     exit ();
diff --git a/template/post.twig b/template/post.twig
index a917f061..71a62a3e 100644
--- a/template/post.twig
+++ b/template/post.twig
@@ -40,7 +40,7 @@
     
     {% if user %}
         <form action="" method="post" class="new_comment">
-            <textarea name="new_comment" class="form-control" placeholder="Write a comment"></textarea>
+            <textarea name="new_comment" required="required" class="form-control" placeholder="Write a comment"></textarea>
             <input type="submit" value="Add comment" class="btn btn-primary" />
         </form>
     {% endif %}
diff --git a/template/reply.twig b/template/reply.twig
index 1c1c8464..ebc48ee3 100644
--- a/template/reply.twig
+++ b/template/reply.twig
@@ -16,7 +16,7 @@
         <input type="hidden" name="parent_comment" value="{{ comment.hashId }}" />
         
         <div style="margin: 2em 0;">
-            <textarea name="text" rows=10 class="form-control"></textarea>
+            <textarea name="text" required="required" rows=10 class="form-control"></textarea>
         </div>
 
         <div>