diff options
author | Evan Prodromou <evan@controlyourself.ca> | 2009-08-04 08:58:24 -0400 |
---|---|---|
committer | Evan Prodromou <evan@controlyourself.ca> | 2009-08-04 08:58:24 -0400 |
commit | c378cc976f2fc2afd3b9e1a6d7a9536cb94dc77d (patch) | |
tree | ee16a3d420bb87bf9eb86bfaf149558a9305c7f7 | |
parent | 822d5b8887a06ba1704a7eb417a35d4dcb84e948 (diff) |
add an event for determining if an action is sensitive
-rw-r--r-- | EVENTS.txt | 5 | ||||
-rw-r--r-- | lib/util.php | 20 |
2 files changed, 20 insertions, 5 deletions
diff --git a/EVENTS.txt b/EVENTS.txt index 933907933..908188cd2 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -137,3 +137,8 @@ EndAccountSettingsNav: After showing the account settings menu Autoload: When trying to autoload a class - $cls: the class being sought. A plugin might require_once the file for the class. + +SensitiveAction: determines if an action is 'sensitive' and should use SSL +- $action: name of the action, like 'login' +- $sensitive: flag for whether this is a sensitive action + diff --git a/lib/util.php b/lib/util.php index c8e318efe..cd9bd9ed8 100644 --- a/lib/util.php +++ b/lib/util.php @@ -715,14 +715,10 @@ function common_relative_profile($sender, $nickname, $dt=null) function common_local_url($action, $args=null, $params=null, $fragment=null) { - static $sensitive = array('login', 'register', 'passwordsettings', - 'twittersettings', 'finishopenidlogin', - 'finishaddopenid', 'api'); - $r = Router::get(); $path = $r->build($action, $args, $params, $fragment); - $ssl = in_array($action, $sensitive); + $ssl = common_is_sensitive($action); if (common_config('site','fancy')) { $url = common_path(mb_substr($path, 1), $ssl); @@ -736,6 +732,20 @@ function common_local_url($action, $args=null, $params=null, $fragment=null) return $url; } +function common_is_sensitive($action) +{ + static $sensitive = array('login', 'register', 'passwordsettings', + 'twittersettings', 'finishopenidlogin', + 'finishaddopenid', 'api'); + $ssl = null; + + if (Event::handle('SensitiveAction', array($action, &$ssl))) { + $ssl = in_array($action, $sensitive); + } + + return $ssl; +} + function common_path($relative, $ssl=false) { $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : ''; |