diff options
| author | Martin Doucha <next_ghost@quick.cz> | 2012-06-14 16:39:09 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-07-06 11:50:07 +0200 |
| commit | 62baad0f61a13ec01791a8cdc8a7dbbd78f6a567 (patch) | |
| tree | 30b9346fa4f1688ebb04a62e5c5bd481d58e7815 /inc | |
| parent | f1d7655b8b6288d5b3d63a44412a69c0aa012ed8 (diff) | |
| download | rpg-62baad0f61a13ec01791a8cdc8a7dbbd78f6a567.tar.gz rpg-62baad0f61a13ec01791a8cdc8a7dbbd78f6a567.tar.bz2 | |
Split act_clean() into two functions so that plugins may use action
string sanitization even for their own new actions
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/actions.php | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/inc/actions.php b/inc/actions.php index 0c35bc88c..2137d6b50 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -31,7 +31,7 @@ function act_dispatch(){ if ($evt->advise_before()) { //sanitize $ACT - $ACT = act_clean($ACT); + $ACT = act_validate($ACT); //check if searchword was given - else just show $s = cleanID($QUERY); @@ -184,8 +184,6 @@ function act_sendheaders($headers) { /** * Sanitize the action command * - * Add all allowed commands here. - * * @author Andreas Gohr <andi@splitbrain.org> */ function act_clean($act){ @@ -206,6 +204,18 @@ function act_clean($act){ if($act == 'export_htmlbody') $act = 'export_xhtmlbody'; if($act === '') $act = 'show'; + return $act; +} + +/** + * Sanitize and validate action commands. + * + * Add all allowed commands here. + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function act_validate($act) { + $act = act_clean($act); // check if action is disabled if(!actionOK($act)){ |