add an event for determining if an action is sensitive

author Evan Prodromou <evan@controlyourself.ca>

Tue, 4 Aug 2009 12:58:24 +0000 (08:58 -0400)

committer Evan Prodromou <evan@controlyourself.ca>

Tue, 4 Aug 2009 12:58:24 +0000 (08:58 -0400)
author Evan Prodromou <evan@controlyourself.ca>
Tue, 4 Aug 2009 12:58:24 +0000 (08:58 -0400)
committer Evan Prodromou <evan@controlyourself.ca>
Tue, 4 Aug 2009 12:58:24 +0000 (08:58 -0400)
diff --git a/EVENTS.txt b/EVENTS.txt

index 933907933ffc759454e4297836d6667ac0f266be..908188cd2335b9c207aa4fb89d65c4b67abf0ad0 100644 (file)
--- a/EVENTS.txt
+++ b/EVENTS.txt
@@ -137,3 +137,8 @@ EndAccountSettingsNav: After showing the account settings menu
  
  Autoload: When trying to autoload a class
  - $cls: the class being sought. A plugin might require_once the file for the class.
+
+SensitiveAction: determines if an action is 'sensitive' and should use SSL
+- $action: name of the action, like 'login'
+- $sensitive: flag for whether this is a sensitive action
+
diff --git a/lib/util.php b/lib/util.php

index c8e318efec6e4491157e16d6444ab46de7db84f7..cd9bd9ed83b421b44e768a6f2e6934d03b2c583f 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -715,14 +715,10 @@ function common_relative_profile($sender, $nickname, $dt=null)
  
  function common_local_url($action, $args=null, $params=null, $fragment=null)
  {
-    static $sensitive = array('login', 'register', 'passwordsettings',
-                              'twittersettings', 'finishopenidlogin',
-                              'finishaddopenid', 'api');
-
      $r = Router::get();
      $path = $r->build($action, $args, $params, $fragment);
  
-    $ssl = in_array($action, $sensitive);
+    $ssl = common_is_sensitive($action);
  
      if (common_config('site','fancy')) {
          $url = common_path(mb_substr($path, 1), $ssl);
@@ -736,6 +732,20 @@ function common_local_url($action, $args=null, $params=null, $fragment=null)
      return $url;
  }
  
+function common_is_sensitive($action)
+{
+    static $sensitive = array('login', 'register', 'passwordsettings',
+                              'twittersettings', 'finishopenidlogin',
+                              'finishaddopenid', 'api');
+    $ssl = null;
+
+    if (Event::handle('SensitiveAction', array($action, &$ssl))) {
+        $ssl = in_array($action, $sensitive);
+    }
+
+    return $ssl;
+}
+
  function common_path($relative, $ssl=false)
  {
      $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
author	Evan Prodromou <evan@controlyourself.ca>
	Tue, 4 Aug 2009 12:58:24 +0000 (08:58 -0400)
committer	Evan Prodromou <evan@controlyourself.ca>
	Tue, 4 Aug 2009 12:58:24 +0000 (08:58 -0400)
EVENTS.txt		patch \| blob \| history
lib/util.php		patch \| blob \| history