From 0c6ae99189ea87e72293fe390ee88722d132328e Mon Sep 17 00:00:00 2001
From: Fil <fil@rezo.net>
Date: Mon, 27 Feb 2006 21:22:39 +0000
Subject: [PATCH] suite correction #FORMULAIRE_FORUM{#SELF}

---
 ecrire/public/messforum.php           | 10 ++++--
 formulaires/formulaire_forum.html     |  7 +----
 formulaires/inc-formulaire_forum.php3 | 44 +++++++++++----------------
 3 files changed, 26 insertions(+), 35 deletions(-)

diff --git a/ecrire/public/messforum.php b/ecrire/public/messforum.php
index c06af244c3..dbc51cf0a3 100644
--- a/ecrire/public/messforum.php
+++ b/ecrire/public/messforum.php
@@ -138,9 +138,13 @@ function enregistre_forum() {
 	// Verifier hash securite pour les forums avec previsu
 	if ($GLOBALS['afficher_texte'] <> 'non') {
 		include_ecrire("inc_session");
-		if (!verifier_action_auteur("ajout_forum $id_rubrique".
-		" $id_forum $id_article $id_breve".
-		" $id_syndic $alea", $hash)) {
+
+		$ids = array();
+		foreach (array('article', 'breve', 'forum', 'rubrique', 'syndic') as $o)
+			$ids['id_'.$o] = ($x = intval(${'id_'.$o})) ? $x : '';
+
+		if (!verifier_action_auteur('ajout_forum'.join(' ', $ids).' '.$alea,
+		$hash)) {
 			spip_log('erreur hash forum');
 			die (_T('forum_titre_erreur')); 	# echec du POST
 		}
diff --git a/formulaires/formulaire_forum.html b/formulaires/formulaire_forum.html
index 3c89e8dbb8..9f25ca628c 100644
--- a/formulaires/formulaire_forum.html
+++ b/formulaires/formulaire_forum.html
@@ -1,12 +1,7 @@
 <a id="formulaire" name="formulaire"></a>
 <form action="[(#ENV{url})][(#ENV**{previsu}|?{'#formulaire',''})]" method="post">[
-(#ENV{url}|form_hidden)][
+(#ENV{url_post}|form_hidden)][
 <input type='hidden' name='alea' value='(#ENV{alea})' />][
-<input type='hidden' name='id_article' value='(#ENV{id_article})' />][
-<input type='hidden' name='id_breve' value='(#ENV{id_breve})' />][
-<input type='hidden' name='id_forum' value='(#ENV{id_forum})' />][
-<input type='hidden' name='id_rubrique' value='(#ENV{id_rubrique})' />][
-<input type='hidden' name='id_syndic' value='(#ENV{id_syndic})' />][
 <input type='hidden' name='hash' value='(#ENV{hash})' />][
 <input type='hidden' name='afficher_texte' value='(#ENV{afficher_texte})' />][
 <input type='hidden' name='retour_forum' value='(#ENV{retour_forum}|urlencode)' />][
diff --git a/formulaires/inc-formulaire_forum.php3 b/formulaires/inc-formulaire_forum.php3
index 0e83d26425..848b1738fc 100644
--- a/formulaires/inc-formulaire_forum.php3
+++ b/formulaires/inc-formulaire_forum.php3
@@ -70,12 +70,12 @@ function balise_FORMULAIRE_FORUM_stat($args, $filtres) {
 	// compatibilite: virer l'extension
 	$script = preg_match(',.php3?$,', $filtres[0],$r) ? $r[1] : $filtres[0];
 	return
-	  array($titre, $table, $forums_publics, ($script ? $script : 'forum'),
+		array($titre, $table, $forums_publics, $script,
 		$idr, $idf, $ida, $idb, $ids, $am, $ag, $af, $url);
 }
 
 function balise_FORMULAIRE_FORUM_dyn(
-$titre, $table, $type, $page,
+$titre, $table, $type, $script,
 $id_rubrique, $id_forum, $id_article, $id_breve, $id_syndic,
 $ajouter_mot, $ajouter_groupe, $afficher_texte, $url_param_retour)
 {
@@ -90,15 +90,13 @@ $ajouter_mot, $ajouter_groupe, $afficher_texte, $url_param_retour)
 // attention le calcul du hachage doit etre le meme ici et dans inc-messforum
 
 	$ids = array();
-	if ($x = intval($id_article)) $ids['id_article'] = $x;
-	if ($x = intval($id_breve)) $ids['id_breve'] = $x;
-	if ($x = intval($id_forum)) $ids['id_forum'] = $x;
-	if ($x = intval($id_rubrique)) $ids['id_rubrique'] = $x;
-	if ($x = intval($id_syndic)) $ids['id_syndic'] = $x;
+	foreach (array('article', 'breve', 'forum', 'rubrique', 'syndic') as $o)
+		$ids['id_'.$o] = ($x = intval(${'id_'.$o})) ? $x : '';
 
-	$args = "";
-	foreach ($ids as $id => $v) $args .= "&$id=$v";
-	$url = "./?page=$page$args";
+	if ($script)
+		$url = $script;
+	else
+		$url = generer_url_public('forum');
 
 	// ne pas mettre '', sinon le squelette n'affichera rien.
 	$previsu = ' ';
@@ -116,10 +114,10 @@ $ajouter_mot, $ajouter_groupe, $afficher_texte, $url_param_retour)
 			$retour_forum = "!";
 			
 			// sauf si on a passe un parametre en argument (exemple : {#SELF})
-			if($url_param_retour) {
-				$retour_forum = urlencode($url_param_retour);
+			if ($url_param_retour) {
+				$retour_forum = $url_param_retour;
 				$url = $retour_forum;
-				}
+			}
 		}
 		if (isset($_COOKIE['spip_forum_user'])
 		AND is_array($cookie_user = unserialize($_COOKIE['spip_forum_user']))) {
@@ -147,22 +145,15 @@ $ajouter_mot, $ajouter_groupe, $afficher_texte, $url_param_retour)
 
 		$alea = forum_fichier_tmp();
 
-		$hash = calculer_action_auteur("ajout_forum " .
-					       $ids['id_rubrique'] ." " .
-					       $ids['id_forum'] ." " .
-					       $ids['id_article'] ." " .
-					       $ids['id_breve'] ." " .
-					       $ids['id_syndic'] ." " .
-					       $alea);
+		$hash = calculer_action_auteur('ajout_forum'.join(' ', $ids).' '.$alea);
 	}
 
+	$url_post = $url;
+	foreach ($ids as $id => $v)
+		$url_post = parametre_url($url_post, $id, $v, '&');
+
 	return array('formulaire_forum', 0,
 	array(
-		'id_rubrique' => $ids['id_rubrique'],
-		'id_forum' => $ids['id_forum'],
-		'id_article' => $ids['id_article'],
-		'id_breve' => $ids['id_breve'],
-		'id_syndic' => $ids['id_syndic'],
 		'auteur' => $auteur,
 		'disabled' => ($type == "abo")? "disabled" : '',
 		'email_auteur' => $email_auteur,
@@ -174,7 +165,8 @@ $ajouter_mot, $ajouter_groupe, $afficher_texte, $url_param_retour)
 		'table' => $table,
 		'texte' => $texte,
 		'titre' => extraire_multi($titre),
-		'url' => $url,
+		'url' => $url, # ce sur quoi on fait le action='...'
+		'url_post' => $url_post, # pour les variables hidden
 		'url_site' => ($url_site ? $url_site : "http://"),
 		'alea' => $alea,
 		'hash' => $hash,
-- 
GitLab