From 62baad0f61a13ec01791a8cdc8a7dbbd78f6a567 Mon Sep 17 00:00:00 2001
From: Martin Doucha <next_ghost@quick.cz>
Date: Thu, 14 Jun 2012 16:39:09 +0200
Subject: [PATCH] Split act_clean() into two functions so that plugins may use
 action string sanitization even for their own new actions

---
 inc/actions.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/inc/actions.php b/inc/actions.php
index 0c35bc88c..2137d6b50 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -31,7 +31,7 @@ function act_dispatch(){
     if ($evt->advise_before()) {
 
         //sanitize $ACT
-        $ACT = act_clean($ACT);
+        $ACT = act_validate($ACT);
 
         //check if searchword was given - else just show
         $s = cleanID($QUERY);
@@ -184,8 +184,6 @@ function act_sendheaders($headers) {
 /**
  * Sanitize the action command
  *
- * Add all allowed commands here.
- *
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function act_clean($act){
@@ -206,6 +204,18 @@ function act_clean($act){
     if($act == 'export_htmlbody') $act = 'export_xhtmlbody';
 
     if($act === '') $act = 'show';
+    return $act;
+}
+
+/**
+ * Sanitize and validate action commands.
+ *
+ * Add all allowed commands here.
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+function act_validate($act) {
+    $act = act_clean($act);
 
     // check if action is disabled
     if(!actionOK($act)){
-- 
GitLab