summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@controlyourself.ca>2009-08-04 08:58:24 -0400
committerEvan Prodromou <evan@controlyourself.ca>2009-08-04 08:58:24 -0400
commitc378cc976f2fc2afd3b9e1a6d7a9536cb94dc77d (patch)
treeee16a3d420bb87bf9eb86bfaf149558a9305c7f7
parent822d5b8887a06ba1704a7eb417a35d4dcb84e948 (diff)
add an event for determining if an action is sensitive
-rw-r--r--EVENTS.txt5
-rw-r--r--lib/util.php20
2 files changed, 20 insertions, 5 deletions
diff --git a/EVENTS.txt b/EVENTS.txt
index 933907933..908188cd2 100644
--- a/EVENTS.txt
+++ b/EVENTS.txt
@@ -137,3 +137,8 @@ EndAccountSettingsNav: After showing the account settings menu
Autoload: When trying to autoload a class
- $cls: the class being sought. A plugin might require_once the file for the class.
+
+SensitiveAction: determines if an action is 'sensitive' and should use SSL
+- $action: name of the action, like 'login'
+- $sensitive: flag for whether this is a sensitive action
+
diff --git a/lib/util.php b/lib/util.php
index c8e318efe..cd9bd9ed8 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -715,14 +715,10 @@ function common_relative_profile($sender, $nickname, $dt=null)
function common_local_url($action, $args=null, $params=null, $fragment=null)
{
- static $sensitive = array('login', 'register', 'passwordsettings',
- 'twittersettings', 'finishopenidlogin',
- 'finishaddopenid', 'api');
-
$r = Router::get();
$path = $r->build($action, $args, $params, $fragment);
- $ssl = in_array($action, $sensitive);
+ $ssl = common_is_sensitive($action);
if (common_config('site','fancy')) {
$url = common_path(mb_substr($path, 1), $ssl);
@@ -736,6 +732,20 @@ function common_local_url($action, $args=null, $params=null, $fragment=null)
return $url;
}
+function common_is_sensitive($action)
+{
+ static $sensitive = array('login', 'register', 'passwordsettings',
+ 'twittersettings', 'finishopenidlogin',
+ 'finishaddopenid', 'api');
+ $ssl = null;
+
+ if (Event::handle('SensitiveAction', array($action, &$ssl))) {
+ $ssl = in_array($action, $sensitive);
+ }
+
+ return $ssl;
+}
+
function common_path($relative, $ssl=false)
{
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';