Browse Source

Fix #3845 : sécuriser les exec info_plugin et puce_statut

merci à felixk3y de PKAV Team pour le signalement
update_jquery
b_b 6 years ago
parent
commit
347cae3904
  1. 2
      ecrire/exec/info_plugin.php
  2. 4
      ecrire/exec/puce_statut.php

2
ecrire/exec/info_plugin.php

@ -25,7 +25,7 @@ function exec_info_plugin_dist() {
include_spip('inc/minipres');
echo minipres();
} else {
$plug = _DIR_RACINE . _request('plugin');
$plug = _DIR_RACINE . htmlspecialchars(_request('plugin'));
$get_infos = charger_fonction('get_infos', 'plugins');
$dir = "";
if (strncmp($plug, _DIR_PLUGINS, strlen(_DIR_PLUGINS)) == 0) {

4
ecrire/exec/puce_statut.php

@ -52,13 +52,13 @@ function exec_puce_statut_dist() {
* @return string Code HTML
**/
function exec_puce_statut_args($id, $type) {
$id = intval($id);
if ($table_objet_sql = table_objet_sql($type)
and $d = lister_tables_objets_sql($table_objet_sql)
and isset($d['statut_textes_instituer'])
and $d['statut_textes_instituer']
) {
$prim = id_table_objet($type);
$id = intval($id);
if (isset($d['field']['id_rubrique'])) {
$select = "id_rubrique,statut";
} else {
@ -68,7 +68,7 @@ function exec_puce_statut_args($id, $type) {
$statut = $r['statut'];
$id_rubrique = $r['id_rubrique'];
} else {
$id_rubrique = intval($id);
$id_rubrique = $id;
$statut = 'prop'; // arbitraire
}
$puce_statut = charger_fonction('puce_statut', 'inc');

Loading…
Cancel
Save