First Twitter-compat API call works! /api/help/test.format

[quix0rs-gnu-social.git] / index.php

diff --git a/index.php b/index.php
index 53fd1bfe668c78d6a9944f50353e9b53c7736847..21d5ed275354a052ed3df81dad4bff1b4b2c706c 100644 (file)
--- a/index.php
+++ b/index.php
@@ -24,17 +24,17 @@ require_once(INSTALLDIR . "/lib/common.php");
 
 $action = $_REQUEST['action'];
 
-if (!$action) {
-       common_redirect(common_local_url('public'));
+if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) {
+    common_redirect(common_local_url('public'));
 }
 
 $actionfile = INSTALLDIR."/actions/$action.php";
 
 if (file_exists($actionfile)) {
-       require_once($actionfile);
-       $action_class = ucfirst($action)."Action";
-       $action_obj = new $action_class();
-       call_user_func(array($action_obj, 'handle'), $_REQUEST);
+    require_once($actionfile);
+    $action_class = ucfirst($action)."Action";
+    $action_obj = new $action_class();
+    call_user_func(array($action_obj, 'handle'), $_REQUEST);
 } else {
-       common_user_error(_t('Unknown action'));
+    common_user_error(_('Unknown action'));
 }
\ No newline at end of file