From c378cc976f2fc2afd3b9e1a6d7a9536cb94dc77d Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 4 Aug 2009 08:58:24 -0400 Subject: [PATCH] add an event for determining if an action is sensitive --- EVENTS.txt | 5 +++++ lib/util.php | 20 +++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/EVENTS.txt b/EVENTS.txt index 933907933f..908188cd23 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -137,3 +137,8 @@ EndAccountSettingsNav: After showing the account settings menu Autoload: When trying to autoload a class - $cls: the class being sought. A plugin might require_once the file for the class. + +SensitiveAction: determines if an action is 'sensitive' and should use SSL +- $action: name of the action, like 'login' +- $sensitive: flag for whether this is a sensitive action + diff --git a/lib/util.php b/lib/util.php index c8e318efec..cd9bd9ed83 100644 --- a/lib/util.php +++ b/lib/util.php @@ -715,14 +715,10 @@ function common_relative_profile($sender, $nickname, $dt=null) function common_local_url($action, $args=null, $params=null, $fragment=null) { - static $sensitive = array('login', 'register', 'passwordsettings', - 'twittersettings', 'finishopenidlogin', - 'finishaddopenid', 'api'); - $r = Router::get(); $path = $r->build($action, $args, $params, $fragment); - $ssl = in_array($action, $sensitive); + $ssl = common_is_sensitive($action); if (common_config('site','fancy')) { $url = common_path(mb_substr($path, 1), $ssl); @@ -736,6 +732,20 @@ function common_local_url($action, $args=null, $params=null, $fragment=null) return $url; } +function common_is_sensitive($action) +{ + static $sensitive = array('login', 'register', 'passwordsettings', + 'twittersettings', 'finishopenidlogin', + 'finishaddopenid', 'api'); + $ssl = null; + + if (Event::handle('SensitiveAction', array($action, &$ssl))) { + $ssl = in_array($action, $sensitive); + } + + return $ssl; +} + function common_path($relative, $ssl=false) { $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';