diff --git a/ecrire/inc.php3 b/ecrire/inc.php3
index dbbf3aa632ee614529791d1632eb8ba2a26c9ddc..3dbe8722955de59a144b22e0d42fde2510d37351 100644
--- a/ecrire/inc.php3
+++ b/ecrire/inc.php3
@@ -17,10 +17,8 @@ include_ecrire('inc_cookie');
// Determiner l'action demandee
//
-if ($_GET['exec'] AND
-preg_match(',^[0-9a-z_]*$,i', $_GET['exec']))
- $exec = $_GET['exec'];
- else $exec = $SCRIPT_NAME;
+$exec = $_REQUEST['exec'];
+if (!preg_match(',^[a-z][0-9a-z_]*$,i', $exec)) $exec = $SCRIPT_NAME;
$var_auth ="";
if (autoriser_sans_cookie($exec)) {
diff --git a/ecrire/inc_admin_effacer.php b/ecrire/inc_admin_effacer.php
index a12a1f2c780fbd33c7ce2e425ece25a849b12a4f..a0bfc3b2675302d02c97fde166641d46166269d7 100644
--- a/ecrire/inc_admin_effacer.php
+++ b/ecrire/inc_admin_effacer.php
@@ -68,10 +68,8 @@ debut_boite_alerte();
echo "\n<div class='serif'>";
echo "\n<p align='justify'><b>"._T('avis_suppression_base')." !</b>";
- echo "\n<form action='", generer_url_ecrire("delete_all"),
- "' method='GET'>";
- echo "\n<div align='right'>",
- "<input type='hidden' name='reinstall' value='non' />",
+ echo generer_url_post_ecrire("delete_all", "reinstall=non"),
+ "\n<div align='right'>",
"<input class='fondo' type='submit' value='",
_T('bouton_effacer_tout'),
"' /></div></form>",
diff --git a/ecrire/inc_admin_tech.php b/ecrire/inc_admin_tech.php
index 9b4a0470357e49fbdbf1fd2fb45944f8d2d62aa7..26b7ff9102acee0af15da500669dab7bd37b0ade 100644
--- a/ecrire/inc_admin_tech.php
+++ b/ecrire/inc_admin_tech.php
@@ -59,13 +59,12 @@ echo _T('texte_sauvegarde')."</FONT></B></TD></TR>";
echo "<tr><td class='serif'>";
-echo "\n<form action='" . generer_url_ecrire("export_all") . "' method='GET'>";
-
-echo "\n<p align='justify'>";
-echo http_img_pack('warning.gif', _T('info_avertissement'), "width='48' height='48' align='right'");
-echo _T('texte_admin_tech_01');
-
-echo "<p>"._T('texte_admin_tech_02');
+ echo generer_url_post_ecrire("export_all", "reinstall=non"),
+ "\n<p align='justify'>",
+ http_img_pack('warning.gif', _T('info_avertissement'), "width='48' height='48' align='right'"),
+ _T('texte_admin_tech_01'),
+ "<p>",
+ _T('texte_admin_tech_02');
if ($flag_gz) {
echo "\n<p align='justify'>"._T('texte_admin_tech_03')."<p>";
@@ -76,7 +75,7 @@ else {
echo "\n<p align='justify'>"._T('texte_sauvegarde_compressee');
echo "\n<INPUT TYPE='hidden' NAME='gz' VALUE='0' />";
}
-echo "\n<input type='hidden' name='reinstall' value='non' />";
+
echo "\n<div align='right'><input class='fondo' type='submit' VALUE='"._T('texte_sauvegarde_base')."'></div></form>";
echo "</td></tr>";
@@ -87,17 +86,14 @@ echo "</TABLE>";
// Restauration de la base
//
-echo "<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=8 WIDTH=\"100%\">";
-echo "<TR><TD BGCOLOR='#EEEECC' BACKGROUND=''><B>";
-echo "<FONT FACE='Verdana,Arial,Sans,sans-serif' SIZE=3 COLOR='#000000'>";
-echo _T('texte_restaurer_base')."</FONT></B></TD></TR>";
-
-echo "<TR><td class='serif'>";
-
-echo "\n<form action='" . generer_url_ecrire("import_all","") . "' method='get'>";
-
-echo "\n<p align='justify'> "._T('texte_restaurer_sauvegarde');
-
+echo "<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=8 WIDTH=\"100%\">",
+ "<TR><TD BGCOLOR='#EEEECC' BACKGROUND=''><B>",
+ "<FONT FACE='Verdana,Arial,Sans,sans-serif' SIZE=3 COLOR='#000000'>",
+ _T('texte_restaurer_base')."</FONT></B></TD></TR>",
+ "<TR><td class='serif'>",
+ generer_url_post_ecrire("import_all"),
+ "\n<p align='justify'> ",
+ _T('texte_restaurer_sauvegarde');
if ($flag_gz) {
$fichier_defaut = 'dump.xml.gz';
@@ -108,13 +104,13 @@ else {
$texte_compresse = _T('texte_non_compresse')." ";
}
-echo "\n<p>"._T('entree_nom_fichier', array('texte_compresse' => $texte_compresse));
-echo "\n<p><FONT SIZE=3><ul><INPUT TYPE='text' NAME='archive' VALUE='$fichier_defaut' SIZE='30'></ul></FONT>";
+echo "\n<p>"._T('entree_nom_fichier', array('texte_compresse' => $texte_compresse)),
+ "\n<p><FONT SIZE=3><ul><INPUT TYPE='text' NAME='archive' VALUE='$fichier_defaut' SIZE='30'></ul></FONT>";
-echo "\n<p><DIV align='right'><INPUT CLASS='fondo' TYPE='submit' NAME='valider' VALUE='"._T('bouton_restaurer_base')."'></DIV></FORM>";
+echo "\n<p><DIV align='right'><INPUT CLASS='fondo' TYPE='submit' VALUE='"._T('bouton_restaurer_base')."'></DIV></FORM>";
-echo "</td></tr>";
-echo "</TABLE>";
+echo "</td></tr>",
+ "</TABLE>";
//
@@ -127,18 +123,16 @@ if ($options == "avancees") {
echo "<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=8 WIDTH=\"100%\">";
echo "<TR><TD BGCOLOR='#EEEECC' BACKGROUND=''><B>";
echo "<FONT FACE='Verdana,Arial,Sans,sans-serif' SIZE=3 COLOR='#000000'>";
- echo _T('texte_recuperer_base')."</FONT></B></TD></TR>";
-
- echo "<TR><TD class='serif'>";
-
- echo "\n<form action='" . generer_url_ecrire("admin_repair","") . "' method='get'>";
-
- echo "\n<p align='justify'>"._T('texte_crash_base');
-
- echo "\n<p><DIV align='right'><INPUT CLASS='fondo' TYPE='submit' NAME='valider' VALUE='"._T('bouton_tenter_recuperation')."'></DIV></FORM>";
-
- echo "</TD></TR>";
- echo "</TABLE>";
+ echo _T('texte_recuperer_base'),
+ "</FONT></B></TD></TR>",
+ "<TR><TD class='serif'>",
+ generer_url_post_ecrire("admin_repair"),
+ "\n<p align='justify'>"._T('texte_crash_base'),
+ "\n<p><DIV align='right'><INPUT CLASS='fondo' TYPE='submit' VALUE='",
+ _T('bouton_tenter_recuperation'),
+ "'></DIV></FORM>",
+ "</TD></TR>",
+ "</TABLE>";
}
}
diff --git a/ecrire/inc_articles.php b/ecrire/inc_articles.php
index c11f763325b3713eeef65fc9344f39ef232a022f..aa3de94da7061fd1968351b5af9444a4a21c2256 100644
--- a/ecrire/inc_articles.php
+++ b/ecrire/inc_articles.php
@@ -199,8 +199,7 @@ if ($flag_auteur AND $statut_article == 'prepa') {
echo "<center>",
"<B>"._T('texte_proposer_publication')."</B>",
aide ("artprop"),
- "\n<form action='", generer_url_ecrire("articles"), "'>\n",
- "<input type='hidden' name='id_article' value='$id_article' />\n",
+ generer_url_post_ecrire("articles", "id_article=$id_article"),
"<input type='hidden' name='statut_nouv' value='prop' />\n",
"<input type='submit' class='fondo' value=\"",
_T('bouton_demande_publication'),
@@ -681,8 +680,7 @@ function dates_articles($id_article, $flag_editable, $statut_article, $date, $an
if ($flag_editable AND $options == 'avancees') {
debut_cadre_couleur();
- echo "<form action='" . generer_url_ecrire("articles") . "' method='GET' style='margin: 0px; padding: 0px;'>";
- echo "<INPUT TYPE='hidden' NAME='id_article' VALUE='$id_article'>";
+ echo generer_url_post_ecrire("articles", "id_article=$id_article");
if ($statut_article == 'publie') {
@@ -1393,34 +1391,32 @@ function afficher_statut_articles($id_article, $rubrique_article, $statut_articl
global $connect_statut;
if ($connect_statut == '0minirezo' AND acces_rubrique($rubrique_article)) {
- echo "<form action='" . generer_url_ecrire("articles") . "' method='GET'>";
- debut_cadre_relief("racine-site-24.gif");
- echo "<CENTER>";
-
- echo "<INPUT TYPE='Hidden' NAME='id_article' VALUE=\"$id_article\" />";
-
- echo "<B>"._T('texte_article_statut')."</B> ";
-
- $statut_url_javascript="'" . _DIR_IMG_PACK . "' + puce_statut(options[selectedIndex].value);";
- echo "<SELECT NAME='statut_nouv' SIZE='1' CLASS='fondl' onChange=\"document.statut.src=$statut_url_javascript; setvisibility('valider_statut', 'visible');\">";
- echo "<OPTION" . mySel("prepa", $statut_article) ." style='background-color: white'>"._T('texte_statut_en_cours_redaction')."\n";
- echo "<OPTION" . mySel("prop", $statut_article) . " style='background-color: #FFF1C6'>"._T('texte_statut_propose_evaluation')."\n";
- echo "<OPTION" . mySel("publie", $statut_article) . " style='background-color: #B4E8C5'>"._T('texte_statut_publie')."\n";
- echo "<OPTION" . mySel("poubelle", $statut_article)
- . http_style_background('rayures-sup.gif') . '>' ._T('texte_statut_poubelle')."\n";
- echo "<OPTION" . mySel("refuse", $statut_article) . " style='background-color: #FFA4A4'>"._T('texte_statut_refuse')."\n";
- echo "</SELECT>";
-
- echo " ". http_img_pack("puce-".puce_statut($statut_article).'.gif', "", "border='0' NAME='statut'") . " ";
+ echo generer_url_post_ecrire("articles", "id_article=$id_article"),
+ "\n<CENTER>", "<B>",_T('texte_article_statut'),"</B>",
+ "\n<SELECT NAME='statut_nouv' SIZE='1' CLASS='fondl'\n",
+ "onChange=\"document.statut.src='",
+ _DIR_IMG_PACK,
+ "' + puce_statut(options[selectedIndex].value);",
+ " setvisibility('valider_statut', 'visible');\">\n",
+ "<OPTION" , mySel("prepa", $statut_article) ," style='background-color: white'>",_T('texte_statut_en_cours_redaction'),"</OPTION>\n",
+ "<OPTION" , mySel("prop", $statut_article) , " style='background-color: #FFF1C6'>",_T('texte_statut_propose_evaluation'),"</OPTION>\n",
+ "<OPTION" , mySel("publie", $statut_article) , " style='background-color: #B4E8C5'>",_T('texte_statut_publie'),"</OPTION>\n",
+ "<OPTION" , mySel("poubelle", $statut_article),
+ http_style_background('rayures-sup.gif') , '>' ,_T('texte_statut_poubelle'),"</OPTION>\n",
+ "<OPTION" , mySel("refuse", $statut_article) , " style='background-color: #FFA4A4'>",_T('texte_statut_refuse'),"</OPTION>\n",
+ "</SELECT>",
+ " ",
+ http_img_pack("puce-".puce_statut($statut_article).'.gif', "", "border='0' NAME='statut'"),
+ " ";
// echo "<noscript><INPUT TYPE='submit' NAME='Valider' VALUE='"._T('bouton_valider')."' CLASS='fondo'></noscript>";
echo "<span class='visible_au_chargement' id='valider_statut'>";
- echo "<INPUT TYPE='submit' NAME='Valider' VALUE='"._T('bouton_valider')."' CLASS='fondo'>";
+ echo "<INPUT TYPE='submit' VALUE='"._T('bouton_valider')."' CLASS='fondo'>";
echo "</span>";
echo aide ("artstatut");
echo "</CENTER>";
- fin_cadre_relief();
echo "</FORM>";
+ fin_cadre_relief();
}
}
diff --git a/ecrire/inc_articles_tous.php b/ecrire/inc_articles_tous.php
index 7d0810a445f78f27485c93eaf4ae4564f4de5d3f..d0a74d11d0eb8009a6b15779e523dc6020eef558 100644
--- a/ecrire/inc_articles_tous.php
+++ b/ecrire/inc_articles_tous.php
@@ -138,13 +138,13 @@ function http_label_img($statut, $etat, $var, $img, $texte) {
function formulaire_affiche_tous($aff_art, $aff_statut,$sel_lang)
{
- global $spip_lang_right;
-echo "<form action='" . generer_url_ecrire("articles_tous","") . "' method='get'>";
-echo "<input type='hidden' name='aff_art[]' value='x'>";
+global $spip_lang_right;
+echo generer_url_post_ecrire("articles_tous"),
+ "<input type='hidden' name='aff_art[]' value='x'>";
debut_boite_info();
-echo "<B>"._T('titre_cadre_afficher_article')." :</B><BR>";
+ echo "<b>",_T('titre_cadre_afficher_article')," :</b><br />";
if ($aff_statut['prepa'])
echo http_label_img('prepa',
@@ -181,7 +181,7 @@ if ($aff_statut['poubelle'])
'puce-poubelle-breve.gif',
_T('texte_statut_poubelle'));
-echo "<div align='$spip_lang_right'><INPUT TYPE='submit' NAME='Changer' CLASS='fondo' VALUE='"._T('bouton_changer')."'></div>";
+echo "<div align='$spip_lang_right'><INPUT TYPE='submit' CLASS='fondo' VALUE='"._T('bouton_changer')."'></div>";
// GERER LE MULTILINGUISME
diff --git a/ecrire/inc_auteurs.php3 b/ecrire/inc_auteurs.php3
index f2fbe39d2049d9f482fcca40bd2cc9e991883e12..8d23341b63a39f77c7bf557b6b6e509942794ba4 100644
--- a/ecrire/inc_auteurs.php3
+++ b/ecrire/inc_auteurs.php3
@@ -190,18 +190,14 @@ if ($debut_suivant < $nombre_auteurs OR $debut > 0) {
echo "<tr bgcolor='white'><td align='left'>";
if ($debut > 0) {
$debut_prec = max($debut - $max_par_page, 0);
- echo "\n<form action='" . generer_url_ecrire("auteurs","") . "'>",
- "\n<input type='hidden' name='tri' value='$tri' />",
- "\n<input type='hidden' name='debut' value='$debut_prec' />",
+ echo generer_url_post_ecrire("auteurs","tri=$tri&debut=$debut_prec"),
"\n<input type='submit' value='<<<' class='fondo' />",
$visiteurs,
"\n</form>";
}
echo "</td><td style='text-align: $spip_lang_right'>";
if ($debut_suivant < $nombre_auteurs) {
- echo "\n<form action='" . generer_url_ecrire("auteurs","") . "'>",
- "\n<input type='hidden' name='tri' value='$tri' />",
- "\n<input type='hidden' name='debut' value='$debut_suivant' />",
+ echo generer_url_post_ecrire("auteurs","tri=$tri&debut=$debut_suivant"),
"\n<input type='submit' value='>>>' class='fondo' />",
$visiteurs,
"\n</form>";
diff --git a/ecrire/inc_forum.php3 b/ecrire/inc_forum.php3
index fc7bcccb9de875fe1fdd51d5f55c07e933e1c2de..1fc4e7b5a78abcbc5ba56f25adb98644c75c60a6 100644
--- a/ecrire/inc_forum.php3
+++ b/ecrire/inc_forum.php3
@@ -250,8 +250,7 @@ function modifier_forums_publics($id_article, $forums_publics) {
function formulaire_modification_forums_publics($id_article, $forums_publics) {
global $spip_lang_right;
- $r = "\n<form action='". $GLOBALS['clean_link']->getUrl()
- ."' method='POST'>";
+ $r = "\n<form action='". $GLOBALS['clean_link']->getUrl() ."' method='POST'>";
$r .= "\n<input type='hidden' name='id_article' value='$id_article'>";
$r .= "<br>"._T('info_fonctionnement_forum')."\n";
diff --git a/ecrire/inc_minipres.php b/ecrire/inc_minipres.php
index 5a7e3f5995bb6c6905f7a1148b7b1cf235b38260..9aabda758845b26796c06863c08d563668d5b38c 100644
--- a/ecrire/inc_minipres.php
+++ b/ecrire/inc_minipres.php
@@ -182,21 +182,23 @@ function http_href_img($href, $img, $att, $title='', $style='', $class='', $evt=
return http_href($href, http_img_pack($img, $title, $att), $title, $style, $class, $evt);
}
-// Pour les formulaires en methode POST, mettre le id_ a la fois en
-// input-hidden et apres le "?" du champ action:
+// Pour les formulaires en methode POST,
+// mettre les arguments a la fois en input-hidden et dans le champ action:
// 1) on peut ainsi memoriser le signet comme si c'etait un GET
// 2) ca suit http://en.wikipedia.org/wiki/Representational_State_Transfer
+// Attention: generer_url_ecrire peut rajouter des args
+
function generer_url_post_ecrire($script, $args='', $name='', $ancre='') {
$hidden = "";
- if ($args)
- foreach(split('&',$args) as $c) {
+ $action = generer_url_ecrire($script, $args) ;
+ if ($p = strpos($action, '?'))
+ foreach(preg_split('/&(amp;)?/',substr($action,$p+1)) as $c) {
$hidden .= "\n<input name='" .
str_replace('=', "' value='", $c) .
- " 'type='hidden' />";
+ "' type='hidden' />";
}
if ($name) $name = " name='$name'";
- $action = generer_url_ecrire($script, $args) . $ancre;
- return "\n<form action='$action'$name method='post'>$hidden";
+ return "\n<form action='$action$ancre'$name method='post'>$hidden";
}
?>
diff --git a/ecrire/inc_sites.php3 b/ecrire/inc_sites.php3
index 1d28489a499430fb3fb308bb7626ca43d2092b77..f0a6d1cd03797c6dd61ff7631f9f67c36b6a6da0 100644
--- a/ecrire/inc_sites.php3
+++ b/ecrire/inc_sites.php3
@@ -387,12 +387,10 @@ if ($flag_editable AND $options == 'avancees') {
if ($flag_administrable) {
debut_cadre_relief("racine-site-24.gif");
- echo "<form action='", generer_url_ecrire('sites'), "'>\n",
- "<center><b>",
+ echo generer_url_post_ecrire('sites', "id_syndic=$id_syndic&$id_parent=$id_rubrique"),
+ "\n<center><b>",
_T('info_statut_site_1'),
"</b> \n",
- "<input type='hidden' name='id_parent' value='$id_rubrique' />\n",
- "<input type='hidden' name='id_syndic' value='$id_syndic' />\n",
"<select name='nouveau_statut' size='1' class='fondl'>\n",
my_sel("prop",_T('info_statut_site_3'),$statut),
my_sel("publie",_T('info_statut_site_2'),$statut),
diff --git a/ecrire/inc_sites_edit.php b/ecrire/inc_sites_edit.php
index f3942461ffe59b5bf9220792936bbc73a2dc0db9..43a10b4877ec0f20e39f82ecd342a1f4656ef555 100644
--- a/ecrire/inc_sites_edit.php
+++ b/ecrire/inc_sites_edit.php
@@ -71,8 +71,7 @@ if ($new == 'oui'){
if ($connect_statut == '0minirezo' OR $GLOBALS['meta']["proposer_sites"] > 0) {
debut_cadre_relief("site-24.gif");
- echo "<form action='", generer_url_ecrire('sites'), "'>\n",
- "<input type='hidden' name='id_rubrique' value='$id_rubrique' />\n",
+ echo generer_url_post_ecrire('sites', "id_rubrique=$id_rubrique"),
"<input type='hidden' name='new' value='oui' />\n",
"<input type='hidden' name='analyser_site' value='oui' />\n",
"<input type='hidden' name='redirect' value='",