$action = $_REQUEST['action'];
-if (!$action) {
- common_redirect(common_local_url('public'));
-}
-
-# Do an OpenID immediate request if they're not logged in
-# and they have an OpenID cookie
-
-if (!common_logged_in() &&
- $_SERVER['REQUEST_METHOD'] == 'GET' &&
- $action != 'finishimmediate')
-{
- require_once(INSTALLDIR.'/lib/openid.php');
- $openid_url = oid_get_last();
- if ($openid_url) {
- oid_check_immediate($openid_url);
- return;
- }
+if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) {
+ common_redirect(common_local_url('public'));
}
$actionfile = INSTALLDIR."/actions/$action.php";
if (file_exists($actionfile)) {
- require_once($actionfile);
- $action_class = ucfirst($action)."Action";
- $action_obj = new $action_class();
- call_user_func(array($action_obj, 'handle'), $_REQUEST);
+ require_once($actionfile);
+ $action_class = ucfirst($action)."Action";
+ $action_obj = new $action_class();
+ call_user_func(array($action_obj, 'handle'), $_REQUEST);
} else {
- common_user_error(_t('Unknown action'));
+ common_user_error(_('Unknown action'));
}
\ No newline at end of file