gordonbanderson /
silverstripe-comments
@@ -243,7 +243,7 @@ discard block |
||
| 243 | 243 | if(!$comment->getSecurityToken()->checkRequest($this->request)) return $this->httpError(400); |
| 244 | 244 | |
| 245 | 245 | $comment->markSpam(); |
| 246 | - return $this->renderChangedCommentState($comment); |
|
| 246 | + return $this->renderChangedCommentState($comment); |
|
| 247 | 247 | } |
| 248 | 248 | |
| 249 | 249 | /** |
@@ -258,7 +258,7 @@ discard block |
||
| 258 | 258 | if(!$comment->getSecurityToken()->checkRequest($this->request)) return $this->httpError(400); |
| 259 | 259 | |
| 260 | 260 | $comment->markApproved(); |
| 261 | - return $this->renderChangedCommentState($comment); |
|
| 261 | + return $this->renderChangedCommentState($comment); |
|
| 262 | 262 | } |
| 263 | 263 | |
| 264 | 264 | /** |
@@ -273,36 +273,36 @@ discard block |
||
| 273 | 273 | if(!$comment->getSecurityToken()->checkRequest($this->request)) return $this->httpError(400); |
| 274 | 274 | |
| 275 | 275 | $comment->markApproved(); |
| 276 | - return $this->renderChangedCommentState($comment); |
|
| 276 | + return $this->renderChangedCommentState($comment); |
|
| 277 | 277 | } |
| 278 | 278 | |
| 279 | - /** |
|
| 280 | - * Redirect back to referer if available, ensuring that only site URLs |
|
| 281 | - * are allowed to avoid phishing. If it's an AJAX request render the |
|
| 282 | - * comment in it's new state |
|
| 283 | - */ |
|
| 284 | - private function renderChangedCommentState($comment) { |
|
| 285 | - $referer = $this->request->getHeader('Referer'); |
|
| 286 | - |
|
| 287 | - // Render comment using AJAX |
|
| 288 | - if ($this->request->isAjax()) { |
|
| 289 | - return $comment->renderWith('CommentsInterface_singlecomment'); |
|
| 290 | - } else { |
|
| 291 | - // Redirect to either the comment or start of the page |
|
| 292 | - if (empty($referer)) { |
|
| 293 | - return $this->redirectBack(); |
|
| 294 | - } else { |
|
| 295 | - // Redirect to the comment, but check for phishing |
|
| 296 | - $url = $referer . '#comment-' . $comment->ID; |
|
| 297 | - // absolute redirection URLs not located on this site may cause phishing |
|
| 298 | - if(Director::is_site_url($url)) { |
|
| 299 | - return $this->redirect($url); |
|
| 300 | - } else { |
|
| 301 | - return false; |
|
| 302 | - } |
|
| 303 | - } |
|
| 304 | - } |
|
| 305 | - } |
|
| 279 | + /** |
|
| 280 | + * Redirect back to referer if available, ensuring that only site URLs |
|
| 281 | + * are allowed to avoid phishing. If it's an AJAX request render the |
|
| 282 | + * comment in it's new state |
|
| 283 | + */ |
|
| 284 | + private function renderChangedCommentState($comment) { |
|
| 285 | + $referer = $this->request->getHeader('Referer'); |
|
| 286 | + |
|
| 287 | + // Render comment using AJAX |
|
| 288 | + if ($this->request->isAjax()) { |
|
| 289 | + return $comment->renderWith('CommentsInterface_singlecomment'); |
|
| 290 | + } else { |
|
| 291 | + // Redirect to either the comment or start of the page |
|
| 292 | + if (empty($referer)) { |
|
| 293 | + return $this->redirectBack(); |
|
| 294 | + } else { |
|
| 295 | + // Redirect to the comment, but check for phishing |
|
| 296 | + $url = $referer . '#comment-' . $comment->ID; |
|
| 297 | + // absolute redirection URLs not located on this site may cause phishing |
|
| 298 | + if(Director::is_site_url($url)) { |
|
| 299 | + return $this->redirect($url); |
|
| 300 | + } else { |
|
| 301 | + return false; |
|
| 302 | + } |
|
| 303 | + } |
|
| 304 | + } |
|
| 305 | + } |
|
| 306 | 306 | |
| 307 | 307 | /** |
| 308 | 308 | * Returns the comment referenced in the URL (by ID). Permission checking |
