Security fix for page exposure #456

darcs-hash:20050712210258-91c85-46f4df30378fcd2a7bbb92a95ec43c2ff9e474a1.gz

1 files changed, 14 insertions, 14 deletions

diff --git a/inc/actions.php b/inc/actions.php
index 091a477a3..75f4b3717 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -26,13 +26,23 @@ function act_dispatch(){
   //sanitize $ACT
   $ACT = act_clean($ACT);
 
-  //check permissions
-  $ACT = act_permcheck($ACT);
+  //check if searchword was given - else just show
+  if($ACT == 'search' && empty($QUERY)){
+    $ACT = 'show';
+  }
 
   //login stuff
-  if(in_array($ACT,array('login','logout','register')))
+  if(in_array($ACT,array('login','logout')))
     $ACT = act_auth($ACT);
  
+  //check permissions
+  $ACT = act_permcheck($ACT);
+
+  //register
+  if($ACT == 'register' && register()){
+    $ACT = 'login';
+  }
+
   //save
   if($ACT == 'save')
     $ACT = act_save($ACT);
@@ -54,11 +64,6 @@ function act_dispatch(){
     $ACT = 'show';
   }
 
-  //check if searchword was given - else just show
-  if($ACT == 'search' && empty($QUERY)){
-    $ACT = 'show';
-  }
-
   //handle admin tasks
   if($ACT == 'admin'){
 		if($_REQUEST['page'] == 'acl'){
@@ -180,7 +185,7 @@ function act_save($act){
 }
 
 /**
- * Handle 'login', 'logout', 'register'
+ * Handle 'login', 'logout'
  *
  * @author Andreas Gohr <andi@splitbrain.org>
  */
@@ -201,11 +206,6 @@ function act_auth($act){
     return 'login';
   }
 
-  //handle register
-  if($act=='register' && register()){
-    return 'login';
-  }
-
   return $act;
 }