From 1b27b1fd3a50ee8b206daaee8203e630e676f60a Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Fri, 9 Dec 2005 21:25:55 +0000
Subject: [PATCH] permettre la surcharge et supprimer les includes inutiles et
2 XSS
---
.gitattributes | 1 +
ecrire/articles_forum.php3 | 120 +------------------------------
ecrire/inc_articles_forum.php | 132 ++++++++++++++++++++++++++++++++++
3 files changed, 135 insertions(+), 118 deletions(-)
create mode 100644 ecrire/inc_articles_forum.php
diff --git a/.gitattributes b/.gitattributes
index a2b9ed0c09..02d2c23ab1 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -262,6 +262,7 @@ ecrire/inc_ajax.php3 -text
ecrire/inc_ajax_page.php -text
ecrire/inc_articles.php -text
ecrire/inc_articles_edit.php -text
+ecrire/inc_articles_forum.php -text
ecrire/inc_articles_page.php -text
ecrire/inc_articles_tous.php -text
ecrire/inc_auteur_infos.php -text
diff --git a/ecrire/articles_forum.php3 b/ecrire/articles_forum.php3
index 0094495568..2fe0d69a9d 100644
--- a/ecrire/articles_forum.php3
+++ b/ecrire/articles_forum.php3
@@ -11,122 +11,6 @@
\***************************************************************************/
include ("inc.php3");
-include_ecrire("inc_presentation.php3");
-include_ecrire("inc_texte.php3");
-include_ecrire("inc_urls.php3");
-include_ecrire("inc_rubriques.php3");
-include_ecrire("inc_index.php3");
-include_ecrire("inc_logos.php3");
-include_ecrire('inc_forum.php3');
-
-
-$query = "SELECT titre, id_rubrique FROM spip_articles WHERE id_article='$id_article'";
-$result = spip_query($query);
-
-while($row = spip_fetch_array($result)) {
- $titre = $row["titre"];
- $id_rubrique = $row["id_rubrique"];
-}
-
-
-debut_page($titre, "documents", "articles");
-
-
-
-debut_grand_cadre();
-
-afficher_hierarchie($id_rubrique);
-
-fin_grand_cadre();
-
-
-
-debut_gauche();
-
-
-debut_boite_info();
-
-echo "<FONT FACE='Verdana,Arial,Sans,sans-serif' SIZE=2>";
-echo "<P align=left>"._T('info_gauche_suivi_forum');
-
-echo aide ("suiviforum");
-echo "</FONT>";
-
-fin_boite_info();
-
-
-debut_droite();
-
-
-echo "\n<table cellpadding=0 cellspacing=0 border=0 width='100%'>";
-echo "<tr width='100%'>";
-echo "<td>";
- icone(_T('icone_retour'), "articles.php3?id_article=$id_article", "article-24.gif", "rien.gif");
-
-echo "</td>";
-echo "<td>" . http_img_pack('rien.gif', " ", "width='10'") ."</td>\n";
-echo "<td width='100%'>";
-echo _T('texte_messages_publics');
-gros_titre($titre);
-echo "</td></tr></table>";
-echo "<p>";
-
-// Ne pas donner les cles du forum a des non-admins
-if (! ($connect_statut=='0minirezo' AND acces_rubrique($id_rubrique)))
- return;
-
-echo "<div class='serif2'>";
-
-// reglages
-if (!$debut) $debut = 0;
-$pack = 5; // nb de forums affiches par page
-$enplus = 200; // intervalle affiche autour du debut
-$limitdeb = ($debut > $enplus) ? $debut-$enplus : 0;
-$limitnb = $debut + $enplus - $limitdeb;
-
-$query_forum = "SELECT id_forum FROM spip_forum WHERE id_article='$id_article' AND id_parent=0 AND statut IN ('publie', 'off', 'prop') LIMIT $limitnb OFFSET $limitdeb";
-$result_forum = spip_query($query_forum);
-
-
-$i = $limitdeb;
-if ($i>0)
- echo "<A HREF='articles_forum.php3?id_article=$id_article&page=$page'>0</A> ... | ";
-while ($row = spip_fetch_array($result_forum)) {
-
- // barre de navigation
- if ($i == $pack*floor($i/$pack)) {
- if ($i == $debut)
- echo "<FONT SIZE=3><B>$i</B></FONT>";
- else
- echo "<A HREF='articles_forum.php3?id_article=$id_article&debut=$i&page=$page'>$i</A>";
- echo " | ";
- }
-
- // elements a controler
-
- $i ++;
-}
-echo "<A HREF='articles_forum.php3?id_article=$id_article&debut=$i&page=$page'>...</A>";
-
-echo "</div>";
-
-$mots_cles_forums = $GLOBALS['meta']["mots_cles_forums"];
-
-if ($connect_statut == "0minirezo") {
- $query_forum = "SELECT pied.*, max(thread.date_heure) AS date
- FROM spip_forum AS pied, spip_forum AS thread
- WHERE pied.id_article='$id_article'
- AND pied.id_parent=0
- AND pied.statut IN ('publie', 'off', 'prop')
- AND thread.id_thread=pied.id_forum
- GROUP BY id_thread
- ORDER BY date DESC LIMIT $debut, $pack";
- $result_forum = spip_query($query_forum);
- afficher_forum($result_forum, $forum_retour, $id_article);
-}
-
-echo "</FONT>";
-
-fin_page();
-
+$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
+$var_f();
?>
diff --git a/ecrire/inc_articles_forum.php b/ecrire/inc_articles_forum.php
new file mode 100644
index 0000000000..8ce51a74cd
--- /dev/null
+++ b/ecrire/inc_articles_forum.php
@@ -0,0 +1,132 @@
+<?php
+
+/***************************************************************************\
+ * SPIP, Systeme de publication pour l'internet *
+ * *
+ * Copyright (c) 2001-2005 *
+ * Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James *
+ * *
+ * Ce programme est un logiciel libre distribue sous licence GNU/GPL. *
+ * Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne. *
+\***************************************************************************/
+
+if (!defined("_ECRIRE_INC_VERSION")) return;
+include_ecrire("inc_presentation.php3");
+include_ecrire('inc_forum.php3'); // pour boutons_controle_forum
+
+function articles_forum_dist()
+{
+ global $connect_statut, $debut, $forum_retour, $id_article;
+
+ $id_article = intval($id_article);
+ $debut = intval($debut);
+
+$query = "SELECT titre, id_rubrique FROM spip_articles WHERE id_article=$id_article";
+$result = spip_query($query);
+
+if ($row = spip_fetch_array($result)) {
+ $titre = $row["titre"];
+ $id_rubrique = $row["id_rubrique"];
+}
+
+
+debut_page($titre, "documents", "articles");
+
+
+
+debut_grand_cadre();
+
+afficher_hierarchie($id_rubrique);
+
+fin_grand_cadre();
+
+
+
+debut_gauche();
+
+
+debut_boite_info();
+
+echo "<FONT FACE='Verdana,Arial,Sans,sans-serif' SIZE=2>";
+echo "<P align=left>"._T('info_gauche_suivi_forum');
+
+echo aide ("suiviforum");
+echo "</FONT>";
+
+fin_boite_info();
+
+
+debut_droite();
+
+
+echo "\n<table cellpadding=0 cellspacing=0 border=0 width='100%'>";
+echo "<tr width='100%'>";
+echo "<td>";
+ icone(_T('icone_retour'), "articles.php3?id_article=$id_article", "article-24.gif", "rien.gif");
+
+echo "</td>";
+echo "<td>" . http_img_pack('rien.gif', " ", "width='10'") ."</td>\n";
+echo "<td width='100%'>";
+echo _T('texte_messages_publics');
+gros_titre($titre);
+echo "</td></tr></table>";
+echo "<p>";
+
+// Ne pas donner les cles du forum a des non-admins
+if (! ($connect_statut=='0minirezo' AND acces_rubrique($id_rubrique)))
+ return;
+
+echo "<div class='serif2'>";
+
+// reglages
+if (!$debut) $debut = 0;
+$pack = 5; // nb de forums affiches par page
+$enplus = 200; // intervalle affiche autour du debut
+$limitdeb = ($debut > $enplus) ? $debut-$enplus : 0;
+$limitnb = $debut + $enplus - $limitdeb;
+
+$query_forum = "SELECT id_forum FROM spip_forum WHERE id_article='$id_article' AND id_parent=0 AND statut IN ('publie', 'off', 'prop') LIMIT $limitnb OFFSET $limitdeb";
+$result_forum = spip_query($query_forum);
+
+
+$i = $limitdeb;
+if ($i>0)
+ echo "<A HREF='articles_forum.php3?id_article=$id_article'>0</A> ... | ";
+while ($row = spip_fetch_array($result_forum)) {
+
+ // barre de navigation
+ if ($i == $pack*floor($i/$pack)) {
+ if ($i == $debut)
+ echo "<FONT SIZE=3><B>$i</B></FONT>";
+ else
+ echo "<A HREF='articles_forum.php3?id_article=$id_article&debut=$i'>$i</A>";
+ echo " | ";
+ }
+
+ // elements a controler
+
+ $i ++;
+}
+echo "<A HREF='articles_forum.php3?id_article=$id_article&debut=$i'>...</A>";
+
+echo "</div>";
+
+if ($connect_statut == "0minirezo") {
+ $query_forum = "SELECT pied.*, max(thread.date_heure) AS date
+ FROM spip_forum AS pied, spip_forum AS thread
+ WHERE pied.id_article='$id_article'
+ AND pied.id_parent=0
+ AND pied.statut IN ('publie', 'off', 'prop')
+ AND thread.id_thread=pied.id_forum
+ GROUP BY id_thread
+ ORDER BY date DESC LIMIT $debut, $pack";
+ $result_forum = spip_query($query_forum);
+ afficher_forum($result_forum, $forum_retour, $id_article);
+}
+
+echo "</FONT>";
+
+fin_page();
+}
+
+?>
--
GitLab