From 347cae3904012658d316df570eb5e87d33eeba9b Mon Sep 17 00:00:00 2001 From: b_b Date: Wed, 30 Nov 2016 17:50:22 +0000 Subject: [PATCH] =?UTF-8?q?Fix=20#3845=20:=20s=C3=A9curiser=20les=20exec?= =?UTF-8?q?=20info=5Fplugin=20et=20puce=5Fstatut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit merci à felixk3y de PKAV Team pour le signalement --- ecrire/exec/info_plugin.php | 2 +- ecrire/exec/puce_statut.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ecrire/exec/info_plugin.php b/ecrire/exec/info_plugin.php index 77943b6a17..8043b908c8 100644 --- a/ecrire/exec/info_plugin.php +++ b/ecrire/exec/info_plugin.php @@ -25,7 +25,7 @@ function exec_info_plugin_dist() { include_spip('inc/minipres'); echo minipres(); } else { - $plug = _DIR_RACINE . _request('plugin'); + $plug = _DIR_RACINE . htmlspecialchars(_request('plugin')); $get_infos = charger_fonction('get_infos', 'plugins'); $dir = ""; if (strncmp($plug, _DIR_PLUGINS, strlen(_DIR_PLUGINS)) == 0) { diff --git a/ecrire/exec/puce_statut.php b/ecrire/exec/puce_statut.php index 3b27e32fba..d29aa4591d 100644 --- a/ecrire/exec/puce_statut.php +++ b/ecrire/exec/puce_statut.php @@ -52,13 +52,13 @@ function exec_puce_statut_dist() { * @return string Code HTML **/ function exec_puce_statut_args($id, $type) { + $id = intval($id); if ($table_objet_sql = table_objet_sql($type) and $d = lister_tables_objets_sql($table_objet_sql) and isset($d['statut_textes_instituer']) and $d['statut_textes_instituer'] ) { $prim = id_table_objet($type); - $id = intval($id); if (isset($d['field']['id_rubrique'])) { $select = "id_rubrique,statut"; } else { @@ -68,7 +68,7 @@ function exec_puce_statut_args($id, $type) { $statut = $r['statut']; $id_rubrique = $r['id_rubrique']; } else { - $id_rubrique = intval($id); + $id_rubrique = $id; $statut = 'prop'; // arbitraire } $puce_statut = charger_fonction('puce_statut', 'inc');