From b83823e5b0c95ae2365cfc20eb33094c6ab108f2 Mon Sep 17 00:00:00 2001
From: Martin Doucha <next_ghost@quick.cz>
Date: Thu, 14 Jun 2012 16:39:09 +0200
Subject: [PATCH] Split act_clean() into two functions so that plugins may use
 action string sanitization even for their own new actions

---
 inc/actions.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/inc/actions.php b/inc/actions.php
index e85cbfccc..eb2178ac1 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -30,7 +30,7 @@ function act_dispatch(){
     if ($evt->advise_before()) {
 
         //sanitize $ACT
-        $ACT = act_clean($ACT);
+        $ACT = act_validate($ACT);
 
         //check if searchword was given - else just show
         $s = cleanID($QUERY);
@@ -183,8 +183,6 @@ function act_sendheaders($headers) {
 /**
  * Sanitize the action command
  *
- * Add all allowed commands here.
- *
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function act_clean($act){
@@ -205,6 +203,18 @@ function act_clean($act){
     if($act == 'export_htmlbody') $act = 'export_xhtmlbody';
 
     if($act === '') $act = 'show';
+    return $act;
+}
+
+/**
+ * Sanitize and validate action commands.
+ *
+ * Add all allowed commands here.
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
+ */
+function act_validate($act) {
+    $act = act_clean($act);
 
     // check if action is disabled
     if(!actionOK($act)){
-- 
GitLab