From 01d79fe3764ef61c8acbffe27fe7ef5bd8c55d1a Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Fri, 9 Dec 2005 15:22:31 +0000
Subject: [PATCH] surcharge possible, retrait de XSS et d'inclusions superflues

---
 ecrire/inc_mots_tous.php3 |   3 +-
 ecrire/mots_type.php3     | 210 +-------------------------------------
 2 files changed, 4 insertions(+), 209 deletions(-)

diff --git a/ecrire/inc_mots_tous.php3 b/ecrire/inc_mots_tous.php3
index 872ea7ca70..87da970584 100644
--- a/ecrire/inc_mots_tous.php3
+++ b/ecrire/inc_mots_tous.php3
@@ -10,11 +10,12 @@
  *  Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne.   *
 \***************************************************************************/
 
+if (!defined("_ECRIRE_INC_VERSION")) return;
 
 include_ecrire("inc_presentation.php3");
 include_ecrire("inc_mots.php3");
 
-function mots_tous()
+function mots_tous_dist()
 {
   global $acces_comite, $acces_forum, $acces_minirezo, $ancien_type, $articles, $breves, $change_type, $conf_mot, $connect_statut, $connect_toutes_rubriques, $descriptif, $id_groupe, $modifier_groupe, $obligatoire, $rubriques, $spip_lang, $spip_lang_right, $supp_group, $syndic, $texte, $unseul;
 
diff --git a/ecrire/mots_type.php3 b/ecrire/mots_type.php3
index 3f6e73119e..2fe0d69a9d 100644
--- a/ecrire/mots_type.php3
+++ b/ecrire/mots_type.php3
@@ -10,213 +10,7 @@
  *  Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne.   *
 \***************************************************************************/
 
-
-
 include ("inc.php3");
-include_ecrire("inc_presentation.php3");
-include_ecrire("inc_texte.php3");
-include_ecrire("inc_urls.php3");
-include_ecrire("inc_rubriques.php3");
-
-
-if ($connect_statut == '0minirezo' AND $new == "oui") {
-	$id_groupe = '';
-	$type = filtrer_entites(_T('titre_nouveau_groupe'));
-	$onfocus = " onfocus=\"if(!antifocus){this.value='';antifocus=true;}\"";
-	$ancien_type = '';
-	$unseul = 'non';
-	$obligatoire = 'non';
-	$articles = 'oui';
-	$breves = 'oui';
-	$rubriques = 'non';
-	$syndic = 'oui';
-	$acces_minirezo = 'oui';
-	$acces_comite = 'oui';
-	$acces_forum = 'non';
-} else {
-	$query_groupes = "SELECT * FROM spip_groupes_mots WHERE id_groupe='$id_groupe'";
-	$result_groupes = spip_query($query_groupes);
-	while($row = spip_fetch_array($result_groupes)) {
-		$id_groupe = $row['id_groupe'];
-		$type = $row['titre'];
-		$ancien_type = $type;
-		$titre = typo($type);
-		$descriptif = $row['descriptif'];
-		$texte = $row['texte'];
-		$unseul = $row['unseul'];
-		$obligatoire = $row['obligatoire'];
-		$articles = $row['articles'];
-		$breves = $row['breves'];
-		$rubriques = $row['rubriques'];
-		$syndic = $row['syndic'];
-		$acces_minirezo = $row['minirezo'];
-		$acces_comite = $row['comite'];
-		$acces_forum = $row['forum'];
-	}
-}
-
-debut_page("&laquo; $titre &raquo;", "documents", "mots");
-
-debut_gauche();
-
-
-
-debut_droite();
-
-debut_cadre_relief("groupe-mot-24.gif");
-
-
-
-echo "\n<table cellpadding=0 cellspacing=0 border=0 width='100%'>";
-echo "<tr width='100%'>";
-
-	echo "<td  align='right' valign='top'>";
-	icone(_T('icone_retour'), "mots_tous.php3", "mot-cle-24.gif", "rien.gif");
-	echo "</td>";
-	echo "<td>". http_img_pack('rien.gif', " ", "width='5'") . "</td>\n";
-
-echo "<td width='100%' valign='top'>";
-echo "<font face='Verdana,Arial,Sans,sans-serif' size=1><b>"._T('titre_groupe_mots')."</b><br></font>";
-gros_titre($titre);
-echo aide("motsgroupes");
-
-if ($connect_statut =="0minirezo"){
-	$type=entites_html(urldecode($type));
-	echo "<p><font face='Verdana,Arial,Sans,sans-serif'>";
-	echo "<FORM ACTION='mots_tous.php3' METHOD='post'>\n";
-	echo "<INPUT TYPE='Hidden' NAME='modifier_groupe' VALUE=\"oui\">\n";
-	echo "<INPUT TYPE='Hidden' NAME='id_groupe' VALUE=\"$id_groupe\">\n";
-	echo "<INPUT TYPE='Hidden' NAME='ancien_type' VALUE=\"$ancien_type\">\n";
-	debut_cadre_formulaire();
-	echo "<b>"._T('info_changer_nom_groupe')."</b><br>\n";
-	echo "<INPUT TYPE='Text' SIZE=40 CLASS='formo' NAME='change_type' VALUE=\"$type\" $onfocus>\n";
-
-	if ($options == 'avancees' OR $descriptif) {
-		echo "<B>"._T('texte_descriptif_rapide')."</B><BR>";
-		echo "<TEXTAREA NAME='descriptif' CLASS='forml' ROWS='4' COLS='40' wrap=soft>";
-		echo $descriptif;
-		echo "</TEXTAREA><P>\n";
-	}
-	else
-		echo "<INPUT TYPE='hidden' NAME='descriptif' VALUE=\"$descriptif\">";
-
-	if ($options == 'avancees' OR $texte) {
-		echo "<B>"._T('info_texte_explicatif')."</B><BR>";
-		echo "<TEXTAREA NAME='texte' ROWS='8' CLASS='forml' COLS='40' wrap=soft>";
-		echo $texte;
-		echo "</TEXTAREA><P>\n";
-	}
-	else
-		echo "<INPUT TYPE='hidden' NAME='texte' VALUE=\"$texte\">";
-
-
-	echo "<p><div align='right'><INPUT TYPE='submit' CLASS='fondo' NAME='Valider' VALUE='"._T('bouton_valider')."'></div>";
-	fin_cadre_formulaire();
-}
-
-
-echo "</td></tr></table>";
-
-
-
-fin_cadre_relief();
-
-if ($connect_statut =="0minirezo"){
-	echo "<p>";
-	debut_cadre_formulaire();
-	echo "<div style='padding: 5px; border: 1px dashed #aaaaaa; background-color: #dddddd;'>";
-		echo "<b>"._T('info_mots_cles_association')."</b>";
-		echo "<ul>";
-		
-		if ($articles == "oui") $checked = "checked";
-		else $checked = "";
-		echo "<input type='checkbox' name='articles' value='oui' $checked id='articles'> <label for='articles'>"._T('item_mots_cles_association_articles')."</label><br>";
-		$activer_breves = $GLOBALS['meta']["activer_breves"];
-		if ($activer_breves != "non"){
-			if ($breves == "oui") $checked = "checked";
-			else $checked = "";
-			echo "<input type='checkbox' name='breves' value='oui' $checked id='breves'> <label for='breves'>"._T('item_mots_cles_association_breves')."</label><br>";
-		} else {
-			echo "<input type='hidden' name='breves' value='non'>";
-		}
-		if ($rubriques == "oui") $checked = "checked";
-		else $checked = "";
-		echo "<input type='checkbox' name='rubriques' value='oui' $checked id='rubriques'> <label for='rubriques'>"._T('item_mots_cles_association_rubriques')."</label><br>";
-		if ($syndic == "oui") $checked = "checked";
-		else $checked = "";
-		echo "<input type='checkbox' name='syndic' value='oui' $checked id='syndic'> <label for='syndic'>"._T('item_mots_cles_association_sites')."</label>";
-		
-		echo "</ul>";
-	echo "</div>";
-
-
-	$config_precise_groupes = $GLOBALS['meta']["config_precise_groupes"];
-	if ($config_precise_groupes == "oui" OR $unseul == "oui" OR $obligatoire == "oui"){
-		echo "<p><div style='padding: 5px; border: 1px dashed #aaaaaa; background-color: #dddddd;'>";
-
-		if ($unseul == "oui")
-			$checked = "checked";
-		else
-			$checked = "";
-		echo "<input type='checkbox' name='unseul' value='oui' $checked id='unseul'> <label for='unseul'>"._T('info_selection_un_seul_mot_cle')."</label>";
-		echo "<br>";
-
-		if ($obligatoire == "oui")
-			$checked = "checked";
-		else $checked = "";
-		echo "<input type='checkbox' name='obligatoire' value='oui' $checked id='obligatoire'> <label for='obligatoire'>"._T('avis_conseil_selection_mot_cle')."</label>";
-
-		echo "</div>";
-	} else {
-		echo "<input type='hidden' name='unseul' value='non'>";
-		echo "<input type='hidden' name='obligatoire' value='non'>";
-	}
-
-
-	
-	echo "<p>";
-	echo "<div style='padding: 5px; border: 1px dashed #aaaaaa; background-color: #dddddd;'>";
-		echo "<b>"._T('info_qui_attribue_mot_cle')."</b>";
-		echo "<ul>";
-		
-		if ($acces_minirezo == "oui") $checked = "checked";
-		else $checked = "";
-		echo "<input type='checkbox' name='acces_minirezo' value='oui' $checked id='administrateurs'> <label for='administrateurs'>"._T('bouton_checkbox_qui_attribue_mot_cle_administrateurs')."</label><br>";
-		if ($acces_comite == "oui") $checked = "checked";
-		else $checked = "";
-		echo "<input type='checkbox' name='acces_comite' value='oui' $checked id='comite'> <label for='comite'>"._T('bouton_checkbox_qui_attribue_mot_cle_redacteurs')."</label><br>";
-	
-		$mots_cles_forums = $GLOBALS['meta']["mots_cles_forums"];
-		$forums_publics=$GLOBALS['meta']["forums_publics"];
-		
-		if (($mots_cles_forums == "oui" OR $acces_forum == "oui") AND $forums_publics != "non"){
-			if ($acces_forum == "oui") $checked = "checked";
-			else $checked = "";
-			echo "<input type='checkbox' name='acces_forum' value='oui' $checked id='forum'> <label for='forum'>"._T('bouton_checkbox_qui_attribue_mot_cle_visiteurs')."</label>";
-		} 
-		else {
-			echo "<input type='hidden' name='acces_forum' value='non'>";
-		}
-			
-		echo "</ul>";
-	echo "</div>";
-	
-	
-	
-
-	echo "<p><div align='right'><INPUT TYPE='submit' CLASS='fondo' NAME='Valider' VALUE='"._T('bouton_valider')."'></div>";
-	echo "</FORM><P>";
-	fin_cadre_formulaire();	
-	echo "</font>";
-
-
-}else{
-
-	echo "<H3>"._T('avis_non_acces_page')."</H3>";
-
-}
-
-
-fin_page();
-
+$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
+$var_f();
 ?>
-- 
GitLab