From 1ddc72ffdc66fa981f19b1330e56c146d95b2947 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Fri, 26 Oct 2007 09:34:12 +0000
Subject: [PATCH] =?UTF-8?q?Prendre=20des=20valeurs=20par=20d=C3=A9faut=20p?=
 =?UTF-8?q?lutot=20que=20de=20provoquer=20des=20erreurs=20SQL=20dans=20les?=
 =?UTF-8?q?=20tests=20automatiques=20du=20validateur.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ecrire/exec/dater.php        | 11 ++++++-----
 ecrire/exec/legender.php     |  6 +++---
 ecrire/exec/message_edit.php |  6 ++++--
 ecrire/inc/documenter.php    |  8 +++++---
 ecrire/inc/legender.php      | 11 ++++++-----
 ecrire/inc/presentation.php  | 17 +++++++++--------
 ecrire/inc/tourner.php       |  3 +--
 7 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/ecrire/exec/dater.php b/ecrire/exec/dater.php
index 78abfa3b00..51d35cdc78 100644
--- a/ecrire/exec/dater.php
+++ b/ecrire/exec/dater.php
@@ -25,13 +25,14 @@ function exec_dater_args($id, $type)
 		include_spip('inc/minipres');
 		echo minipres();
 	} else {
-		$table = table_objet_sql($type);
-		if (!$table) {
-			spip_log("dater, type inconnu: $type");
+		$table = 'spip_documents_' . $type . 's';
+		if (!id_table_objet($table)) {
+			spip_log("dater: $type table inconnue");
 			$type = 'article';
-			$table = table_objet_sql($type);
+			$table = 'spip_documents_' . $type . 's';
 		}
-		$row = sql_fetsel("*", $table, "id_$type=$id");
+		$prim = 'id_' . $type;
+		$row = sql_fetsel("*", $table, "$prim=$id");
 		$statut = $row['statut'];
 		$date = $row[($type!='breve')?"date":"date_heure"];
 		$date_redac = isset($row["date_redac"]) ? $row["date_redac"] : '';
diff --git a/ecrire/exec/legender.php b/ecrire/exec/legender.php
index 481129b2db..02b55b58ff 100644
--- a/ecrire/exec/legender.php
+++ b/ecrire/exec/legender.php
@@ -17,13 +17,13 @@ function exec_legender_dist()
 {
 	exec_legender_args(intval(_request('id_document')),
 			   _request('type'),
+			   intval(_request('id')),
 			   _request('ancre'),
-			   _request('script'),
-			   intval(_request('id')));
+			   _request('script'));
 }
 
 // http://doc.spip.org/@exec_legender_args
-function exec_legender_args($id_document, $type, $ancre, $script, $id)
+function exec_legender_args($id_document, $type, $id, $ancre, $script)
 {
 	if (!$id_document OR !autoriser('joindredocument',$type, $id)) {
 		include_spip('inc/minipres');
diff --git a/ecrire/exec/message_edit.php b/ecrire/exec/message_edit.php
index ec34fdb7e2..f2dd43a3fb 100644
--- a/ecrire/exec/message_edit.php
+++ b/ecrire/exec/message_edit.php
@@ -19,10 +19,12 @@ include_spip('inc/date');
 // http://doc.spip.org/@exec_message_edit_dist
 function exec_message_edit_dist()
 {
-	exec_message_edit_args(intval(_request('id_message')), intval(_request('dest')), _request('new'));
+	exec_message_edit_args(intval(_request('id_message')), 
+			       _request('new'),
+			       intval(_request('dest')));
 }
 // http://doc.spip.org/@exec_message_edit_args
-function exec_message_edit_args($id_message,$dest, $new)
+function exec_message_edit_args($id_message, $new, $dest)
 {
 	global  $connect_id_auteur, $connect_statut;
 
diff --git a/ecrire/inc/documenter.php b/ecrire/inc/documenter.php
index 8a68a0d43f..e6132b0eb0 100644
--- a/ecrire/inc/documenter.php
+++ b/ecrire/inc/documenter.php
@@ -26,10 +26,12 @@ function inc_documenter_dist(
 	$appelant =''		# pour le rappel (cf plugin)
 ) {
 	$table = 'spip_documents_' . $type . 's';
-	$prim = id_table_objet($table);
-	if (!$prim) return '';
+	if (!id_table_objet($table)) {
+			spip_log("documenter: $type table inconnue");
+			$type = 'article';
+			$table = 'spip_documents_' . $type . 's';
+	}
 	$prim = 'id_' . $type;
-
 	if (is_int($doc)) {
 		if ($ancre == 'portfolio') {
 		  $lies = sql_select("D.id_document, D.id_vignette, D.extension, D.titre,  D.date,  D.descriptif,  D.fichier,  D.taille, D.largeur,  D.hauteur,  D.mode,  D.distant, l.vu, l." .$prim, "spip_documents AS D, $table AS l", "l.$prim=$doc AND l.id_document=D.id_document AND D.mode='document' AND D.extension IN ('gif', 'jpg', 'png')",'',  "0+D.titre, D.date");
diff --git a/ecrire/inc/legender.php b/ecrire/inc/legender.php
index baeb068455..00301e5dcc 100644
--- a/ecrire/inc/legender.php
+++ b/ecrire/inc/legender.php
@@ -24,12 +24,13 @@ include_spip('inc/date');
 // http://doc.spip.org/@inc_legender_dist
 function inc_legender_dist($id_document, $document, $script, $type, $id, $ancre, $deplier=false) {
 
-	// + securite (avec le script exec=legender ca vient de dehors)
 	$table = 'spip_documents_' . $type . 's';
-	$prim = id_table_objet($table);
-	if (!$prim) return '';
+	if (!id_table_objet($table)) {
+		spip_log("legender: $type table inconnue");
+		$type = 'article';
+		$table = 'spip_documents_' . $type . 's';
+	}
 	$prim = 'id_' . $type;
-
 	// premier appel
 	if ($document) {
 		$flag = $deplier;
@@ -44,7 +45,7 @@ function inc_legender_dist($id_document, $document, $script, $type, $id, $ancre,
 		$flag = 'ajax';
 	}
 	else
-		return;
+		return '';
 
 	$descriptif = $document['descriptif'];
 	$titre = $document['titre'];
diff --git a/ecrire/inc/presentation.php b/ecrire/inc/presentation.php
index 3a39084d33..4947cc6327 100644
--- a/ecrire/inc/presentation.php
+++ b/ecrire/inc/presentation.php
@@ -1355,23 +1355,24 @@ function meme_rubrique($id_rubrique, $id, $type, $order='date', $limit=NULL, $aj
 	global $spip_lang_right, $spip_lang_left;
 	include_spip('inc/afficher_objets');
 
-	if (!($table = table_objet_sql($type))) {
+	$table = table_objet_sql($type);
+	if (!id_table_objet($table)) {
 		spip_log("meme_rubrique: $type table inconnue");
 		$type = 'article';
-		$table = table_objet_sql($type);
+		$table = 'spip_articles';
 	}
-
+	$prim = 'id_' . $type;
 	if (!$limit) $limit = 10;
 
 	$titre = ($type!='syndic'?'titre':'nom_site');
 	$exec = array('article'=>'articles','breve'=>'breves_voir','syndic'=>'sites');
-	$key = 'id_' . $type;
+
 	$where = (($GLOBALS['auteur_session']['statut'] == '0minirezo')
 		  ? ''
 		  :  "(statut = 'publie' OR statut = 'prop') AND ") 
-	. "id_rubrique=$id_rubrique AND ($key != $id)";
+	. "id_rubrique=$id_rubrique AND ($prim != $id)";
 
-	$select = "$key AS id, $titre AS titre, statut";
+	$select = "$prim AS id, $titre AS titre, statut";
 
 	$n = sql_countsel($table, $where);
 
@@ -1386,11 +1387,11 @@ function meme_rubrique($id_rubrique, $id, $type, $order='date', $limit=NULL, $aj
 
 	while($row = sql_fetch($voss)) {
 		$id = $row['id'];
-		$num = afficher_numero_edit($id, $key, $type);
+		$num = afficher_numero_edit($id, $prim, $type);
 		$statut = $row['statut'];
 		$statut = $fstatut($id, $statut, $id_rubrique, $type);
 		$href = "<a class='verdana1' href='"
-		. generer_url_ecrire($exec[$type],"$key=$id")
+		. generer_url_ecrire($exec[$type],"$prim=$id")
 		. "'>"
 		. sinon(typo($row['titre']), _T('info_sans_titre'))
 		. "</a>";
diff --git a/ecrire/inc/tourner.php b/ecrire/inc/tourner.php
index ea89e7fd39..5041cc94bd 100644
--- a/ecrire/inc/tourner.php
+++ b/ecrire/inc/tourner.php
@@ -27,8 +27,7 @@ function inc_tourner_dist($id_document, $document, $script, $flag, $type)
 	}
 
 	$table = 'spip_documents_' . $type . 's';
-	$prim = id_table_objet($table);
-	if (!$prim) {
+	if (!id_table_objet($table)) {
 		spip_log("tourner: $type table inconnue");
 		$type = 'article';
 		$table = 'spip_documents_' . $type . 's';
-- 
GitLab