- try {
- if ($action_obj->prepare($_REQUEST)) {
- $action_obj->handle($_REQUEST);
- }
- } catch (ClientException $cex) {
- $cac = new ClientErrorAction($cex->getMessage(), $cex->getCode());
+ $args = array_merge($args, $_REQUEST);
+
+ $action = $args['action'];
+
+ if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) {
+ common_redirect(common_local_url('public'));
+ return;
+ }
+
+ // If the site is private, and they're not on one of the "public"
+ // parts of the site, redirect to login
+
+ if (!$user && common_config('site', 'private') &&
+ !in_array($action, array('login', 'openidlogin', 'finishopenidlogin',
+ 'recoverpassword', 'api', 'doc', 'register'))) {
+ common_redirect(common_local_url('login'));
+ return;
+ }
+
+ $action_class = ucfirst($action).'Action';
+
+ if (!class_exists($action_class)) {
+ $cac = new ClientErrorAction(_('Unknown action'), 404);