add an event for determining if an action is sensitive

2 files changed, 20 insertions, 5 deletions

diff --git a/EVENTS.txt b/EVENTS.txt
index 933907933..908188cd2 100644
--- a/EVENTS.txt
+++ b/EVENTS.txt
@@ -137,3 +137,8 @@ EndAccountSettingsNav: After showing the account settings menu
 
 Autoload: When trying to autoload a class
 - $cls: the class being sought. A plugin might require_once the file for the class.
+
+SensitiveAction: determines if an action is 'sensitive' and should use SSL
+- $action: name of the action, like 'login'
+- $sensitive: flag for whether this is a sensitive action
+
diff --git a/lib/util.php b/lib/util.php
index c8e318efe..cd9bd9ed8 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -715,14 +715,10 @@ function common_relative_profile($sender, $nickname, $dt=null)
 
 function common_local_url($action, $args=null, $params=null, $fragment=null)
 {
-    static $sensitive = array('login', 'register', 'passwordsettings',
-                              'twittersettings', 'finishopenidlogin',
-                              'finishaddopenid', 'api');
-
     $r = Router::get();
     $path = $r->build($action, $args, $params, $fragment);
 
-    $ssl = in_array($action, $sensitive);
+    $ssl = common_is_sensitive($action);
 
     if (common_config('site','fancy')) {
         $url = common_path(mb_substr($path, 1), $ssl);
@@ -736,6 +732,20 @@ function common_local_url($action, $args=null, $params=null, $fragment=null)
     return $url;
 }
 
+function common_is_sensitive($action)
+{
+    static $sensitive = array('login', 'register', 'passwordsettings',
+                              'twittersettings', 'finishopenidlogin',
+                              'finishaddopenid', 'api');
+    $ssl = null;
+
+    if (Event::handle('SensitiveAction', array($action, &$ssl))) {
+        $ssl = in_array($action, $sensitive);
+    }
+
+    return $ssl;
+}
+
 function common_path($relative, $ssl=false)
 {
     $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';