diff options
| author | Martin Doucha <next_ghost@quick.cz> | 2012-06-14 16:39:09 +0200 |
|---|---|---|
| committer | Martin Doucha <next_ghost@quick.cz> | 2012-06-14 16:39:09 +0200 |
| commit | b83823e5b0c95ae2365cfc20eb33094c6ab108f2 (patch) | |
| tree | 6bd26ccf7a045a8ecd97d05514ae0ee86f224f44 /inc | |
| parent | a257b0bd427ca5a7eb636d95f98aca831ec075b5 (diff) | |
| download | rpg-b83823e5b0c95ae2365cfc20eb33094c6ab108f2.tar.gz rpg-b83823e5b0c95ae2365cfc20eb33094c6ab108f2.tar.bz2 | |
Split act_clean() into two functions so that plugins may use action
string sanitization even for their own new actions
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/actions.php | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/inc/actions.php b/inc/actions.php index e85cbfccc..eb2178ac1 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -30,7 +30,7 @@ function act_dispatch(){ if ($evt->advise_before()) { //sanitize $ACT - $ACT = act_clean($ACT); + $ACT = act_validate($ACT); //check if searchword was given - else just show $s = cleanID($QUERY); @@ -183,8 +183,6 @@ function act_sendheaders($headers) { /** * Sanitize the action command * - * Add all allowed commands here. - * * @author Andreas Gohr <andi@splitbrain.org> */ function act_clean($act){ @@ -205,6 +203,18 @@ function act_clean($act){ if($act == 'export_htmlbody') $act = 'export_xhtmlbody'; if($act === '') $act = 'show'; + return $act; +} + +/** + * Sanitize and validate action commands. + * + * Add all allowed commands here. + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function act_validate($act) { + $act = act_clean($act); // check if action is disabled if(!actionOK($act)){ |