#172793 - Pastie

<?php defined('SYSPATH') or die('No direct script access.');

/*

Do you find the security hole?
http://forum.kohanaphp.com/comments.php?DiscussionID=236


Here is the database structure:

CREATE TABLE `jobs` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `company` varchar(100) collate utf8_unicode_ci NOT NULL default '',
  `location` varchar(100) collate utf8_unicode_ci NOT NULL default '',
  `email` varchar(100) collate utf8_unicode_ci NOT NULL default '',
  `description` text collate utf8_unicode_ci NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ;

*/

class Post_Controller extends Website_Controller {

	// URL: /post[/index]
	public function index()
	{
		$this->template->pagetitle = 'Create a new job listing';
		$this->template->content = new View('content/post');

		// Initialize all form fields
		$form = array
		(
			'company'	=> '',
			'location'	=> '',
			'email'		=> '',
			'description'	=> '',
		);

		// Form not submitted
		if ( ! $_POST)
		{
			// Intialize (empty) form fields in view
			$this->template->content->set('job', (object) $form);
		}

		// Form submitted
		else
		{
			// Set validation rules
			$post = Validation::factory($_POST)
				->pre_filter('trim')
				->add_rules('company', 'required', 'length[1,100]')
				->add_rules('location', 'required', 'length[1,100]')
				->add_rules('email', 'required', 'email', 'length[1,100]')
				->add_rules('description', 'required', 'length[1,5000]');

			// Run validation (filters and rules)
			$validate = $post->validate();

			// Overwrite initialized form values
			$form = array_merge($form, $post->as_array());

			// Errors
			if ( ! $validate)
			{
				// Show error messages
				$this->template->content->formerrors = $post->errors();

				// Repopulate the form
				$this->template->content->set('job', (object) $form);
			}

			// No errors
			else
			{
				// Load job ORM model
				$this->job = new Job_Model;

				// Load form values into ORM
				foreach ($form as $field => $value)
				{
					$this->job->$field = $value;
				}

				// Save the job
				$this->job->save();

				// Send confirmation mail
				email::send(/*...*/);

				// Redirect to homepage
				$this->session->set_flash('flash', 'Check mail for confirmation link.');
				url::redirect();
			}
		}
	}
}