From 125a611821a81f9496a477c1f85aba637747b54c Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Sun, 15 Jan 2006 23:39:38 +0000
Subject: [PATCH] joli XSS a double detente. A noter qu'un appel a sites_edit
communiquait un parametre 'redirect' que celui-ci ignorait
---
ecrire/inc_accueil.php | 2 +-
ecrire/inc_naviguer.php | 2 +-
ecrire/inc_presentation.php3 | 2 +-
ecrire/inc_sites.php3 | 2 +-
ecrire/inc_sites_edit.php | 13 +++----------
ecrire/inc_sites_tous.php | 5 +----
ecrire/inc_utils.php | 3 ++-
7 files changed, 10 insertions(+), 19 deletions(-)
diff --git a/ecrire/inc_accueil.php b/ecrire/inc_accueil.php
index 8df827373b..12233e7fd4 100644
--- a/ecrire/inc_accueil.php
+++ b/ecrire/inc_accueil.php
@@ -164,7 +164,7 @@ if ($spip_display == 4) {
if ($activer_sites == 'oui') {
if ($connect_statut == '0minirezo' OR $GLOBALS['meta']["proposer_sites"] > 0) {
$gadget .= "<td>";
- $gadget .= icone_horizontale(_T('info_sites_referencer'), generer_url_ecrire("sites_edit","new=oui$dans_parent&target=" . generer_url_ecrire('sites')), "site-24.gif","creer.gif", false);
+ $gadget .= icone_horizontale(_T('info_sites_referencer'), generer_url_ecrire("sites_edit","new=oui$dans_parent"), "site-24.gif","creer.gif", false);
$gadget .= "</td>";
}
}
diff --git a/ecrire/inc_naviguer.php b/ecrire/inc_naviguer.php
index 86efef4d92..0f71df226a 100644
--- a/ecrire/inc_naviguer.php
+++ b/ecrire/inc_naviguer.php
@@ -389,7 +389,7 @@ if ($relief) {
if ($id_rubrique > 0 AND ($flag_editable OR $proposer_sites > 0)) {
echo "<div align='$spip_lang_right'>";
- icone(_T('info_sites_referencer'), generer_url_ecrire('sites_edit', "id_rubrique=$id_rubrique&target=" . generer_url_ecrire('sites') . '&redirect=' . urlencode($clean_link->getUrl())), "site-24.gif", "creer.gif");
+ icone(_T('info_sites_referencer'), generer_url_ecrire('sites_edit', "id_rubrique=$id_rubrique&redirect=" . urlencode($clean_link->getUrl())), "site-24.gif", "creer.gif");
echo "</div><p>";
}
}
diff --git a/ecrire/inc_presentation.php3 b/ecrire/inc_presentation.php3
index 6b26900450..71c88caf87 100644
--- a/ecrire/inc_presentation.php3
+++ b/ecrire/inc_presentation.php3
@@ -2779,7 +2779,7 @@ if (true /*$gadgets*/) {
if ($GLOBALS['meta']["activer_sites"] == 'oui') {
if ($connect_statut == '0minirezo' OR $GLOBALS['meta']["proposer_sites"] > 0) {
$gadget .= "<div style='width: 140px; float: $spip_lang_left;'>";
- $gadget .= icone_horizontale(_T('info_sites_referencer'), generer_url_ecrire("sites_edit","new=oui$dans_parent&target=" . generer_url_ecrire("sites")), "site-24.gif","creer.gif", false);
+ $gadget .= icone_horizontale(_T('info_sites_referencer'), generer_url_ecrire("sites_edit","new=oui$dans_parent"), "site-24.gif","creer.gif", false);
$gadget .= "</div>";
}
}
diff --git a/ecrire/inc_sites.php3 b/ecrire/inc_sites.php3
index 845f84e47c..9f5d294157 100644
--- a/ecrire/inc_sites.php3
+++ b/ecrire/inc_sites.php3
@@ -345,7 +345,7 @@ echo "</td>";
if ($flag_editable) {
echo "<td>". http_img_pack('rien.gif', " ", "width='5'") . "</td>\n";
echo "<td align='right'>";
- icone(_T('icone_modifier_site'), $redirect = generer_url_ecrire('sites_edit',"id_syndic=$id_syndic&rtarget=" . $clean_link->getUrl()), "site-24.gif", "edit.gif");
+ icone(_T('icone_modifier_site'), generer_url_ecrire('sites_edit',"id_syndic=$id_syndic"), "site-24.gif", "edit.gif");
echo "</td>";
}
echo "</tr></table>\n";
diff --git a/ecrire/inc_sites_edit.php b/ecrire/inc_sites_edit.php
index 43a10b4877..a04a2ca858 100644
--- a/ecrire/inc_sites_edit.php
+++ b/ecrire/inc_sites_edit.php
@@ -15,7 +15,7 @@ include_ecrire("inc_presentation");
function sites_edit_dist()
{
- global $champs_extra, $clean_link, $connect_statut, $descriptif, $id_rubrique, $id_secteur, $id_syndic, $new, $nom_site, $syndication, $target, $url_site, $url_syndic;
+ global $champs_extra, $clean_link, $connect_statut, $descriptif, $id_rubrique, $id_secteur, $id_syndic, $new, $nom_site, $syndication, $url_site, $url_syndic;
$query = "SELECT * FROM spip_syndic WHERE id_syndic=" . intval($id_syndic);
$result = spip_query($query);
@@ -88,22 +88,15 @@ if ($new == 'oui'){
echo "<p><blockquote><b>"._T('texte_non_fonction_referencement')."</b>";
$cadre_ouvert = true;
debut_cadre_enfonce("site-24.gif");
-
}
-
}
-$link = new Link($target);
-$link->addVar('new');
-$link->addVar('modifier_site', 'oui');
-$link->addVar('syndication_old', $syndication);
-echo $link->getForm('POST');
-
$nom_site = entites_html($nom_site);
$url_site = entites_html($url_site);
$url_syndic = entites_html($url_syndic);
-echo _T('info_nom_site_2')."<br>";
+ echo generer_url_post_ecrire('sites', ($id_syndic ? "id_syndic=$id_syndic" : "new=oui") . "&modifier_site=oui&syndication_old=$syndication");
+echo _T('info_nom_site_2')."<br />";
echo "<input type='text' class='formo' name='nom_site' value=\"$nom_site\" size='40'><p>";
if (strlen($url_site)<8) $url_site="http://";
echo _T('entree_adresse_site')."<br>";
diff --git a/ecrire/inc_sites_tous.php b/ecrire/inc_sites_tous.php
index c1fc6f746f..13c791f44a 100644
--- a/ecrire/inc_sites_tous.php
+++ b/ecrire/inc_sites_tous.php
@@ -44,10 +44,7 @@ afficher_sites(_T('titre_sites_proposes'), "SELECT * FROM spip_syndic WHERE stat
if ($connect_statut == '0minirezo' OR $GLOBALS['meta']["proposer_sites"] > 0) {
echo "<div align='right'>";
- $link = new Link(generer_url_ecrire('sites_edit'));
- $link->addVar('target', generer_url_ecrire('sites'));
- $link->addVar('redirect', $clean_link->getUrl());
- icone(_T('icone_referencer_nouveau_site'), $link->getUrl(), "site-24.gif", "creer.gif");
+ icone(_T('icone_referencer_nouveau_site'), generer_url_ecrire('sites_edit'), "site-24.gif", "creer.gif");
echo "</div>";
}
diff --git a/ecrire/inc_utils.php b/ecrire/inc_utils.php
index 629ff7618f..9393836e11 100644
--- a/ecrire/inc_utils.php
+++ b/ecrire/inc_utils.php
@@ -644,7 +644,8 @@ function charger_generer_url() {
// Bravo au W3C qui n'a pas ete capable de nous eviter ca
// faute de separer proprement langage et meta-langage
-// Ecriture tres tarabiscotee pour assurer la transition php3 & mutualisation
+// Attention, X?y=z et "X/?y=z" sont completement differents!
+// http://httpd.apache.org/docs/2.0/mod/mod_dir.html
function generer_url_ecrire($script, $args="", $no_entities=false, $rel=false) {
$site = $rel ? "" : $GLOBALS['meta']["adresse_site"];
--
GitLab