correction de la classe Link, et suppressions d'appel superflus

272e9bd3 · esj · 3b4f7ce8 · 272e9bd3 · 272e9bd3 · 272e9bd3
--- a/ecrire/inc.php3
+++ b/ecrire/inc.php3
 <?php
 if (!defined('_ECRIRE_INC_VERSION')) { include ("inc_version.php3"); }
-spip_log("version lue " . _DIR_PREFIX1);
 include_ecrire("inc_auth.php3");
 include_ecrire("inc_presentation.php3");
 include_ecrire("inc_texte.php3");
@@ -12,10 +12,8 @@ include_ecrire("inc_rubriques.php3");
 include_ecrire("inc_calendrier.php");
 include_ecrire("inc_forum.php3");
 if (!@file_exists(_DIR_SESSIONS . "inc_meta_cache.php3")) ecrire_metas();
 //
 // Preferences de presentation
 //

--- a/ecrire/inc_auth.php3
+++ b/ecrire/inc_auth.php3
@@ -110,9 +110,9 @@ function auth() {
 	// Si pas authentifie, demander login / mdp
 	if (!$auth_login) {
-	  spip_log("redirection AUTH " . _DIR_PREFIX1 . $clean_link->getUrl());
+		$url = (str_replace('/./', '/',  _DIR_RESTREINT_ABS .$clean_link->getUrl()));
-		$url = str_replace('/./', '/',  _DIR_RESTREINT_ABS .$clean_link->getUrl());
+		redirige_par_entete(lire_meta("adresse_site") .
-		redirige_par_entete("../spip_login.php3?var_url=".urlencode($url));
+				    "/spip_login.php3?var_url=$url");
 	}

--- a/ecrire/inc_session.php3
+++ b/ecrire/inc_session.php3
@@ -52,7 +52,7 @@ function ajouter_session($auteur, $id_session) {
 		fputs($f, $texte);
 		fclose($f);
 	} else {
-		redirige_par_entete((_DIR_RESTREINT ? "" : "../") .
+		redirige_par_entete(lire_meta("adresse_site") .
 				    "spip_test_dirs.php3");
 	}
 }

--- a/ecrire/inc_version.php3
+++ b/ecrire/inc_version.php3
@@ -11,18 +11,20 @@ define('_EXTENSION_PHP', '.php3'); # a etendre
 define('_DIR_RESTREINT_ABS', 'ecrire/');
 define('_DIR_RESTREINT',
       (!@is_dir(_DIR_RESTREINT_ABS) ? "" : _DIR_RESTREINT_ABS));
+/* + tard
-if ($d = ($GLOBALS['HTTP_GET_VARS']['var_install']))
+if ($d = urldecode($GLOBALS['HTTP_GET_VARS']['var_install']))
  {
    $d = substr($d,0,strrpos($d,'/')+1);
    if (!ereg('^(.*)' . _DIR_RESTREINT_ABS . '$', $d))
      $d .= _DIR_RESTREINT_ABS;
    if (!@file_exists($d . 'mes_options.php3'))
-      {	header("Location: install.php3?var_install=$d");
+      {	
-	exit;}
+	header("Location: " . _DIR_RESTREINT . "install.php3?var_install=$d");
+	exit;
+      }
    define('_FILE_OPTIONS', $d . 'mes_options.php3');
    define('_FILE_CONNECT_INS', ($d . "inc_connect"));
-  } else {
+    } else */ {
  define('_FILE_OPTIONS', 'mes_options.php3');
  define('_FILE_CONNECT_INS', (_DIR_RESTREINT . "inc_connect"));
 }
@@ -36,7 +38,7 @@ define_once('_FILE_CONNECT',
 if (!(_FILE_CONNECT OR defined('_ECRIRE_INSTALL') OR defined('_TEST_DIRS'))) {
  if (!defined("_INC_PUBLIC"))
-	header("Location: install.php3");
+	header("Location: " . _DIR_RESTREINT . "install.php3");
  else
    {
 		$db_ok = 0;
@@ -786,14 +788,21 @@ class Link {
 			// (HTTP_GET_VARS may contain additional variables
 			// introduced by rewrite-rules)
 			$url = $GLOBALS['REQUEST_URI'];
-			$url = substr($url, strrpos($url, '/') + 1);
+			// Warning !!!! 
+			// since non encoded arguments may be present
+			// (especially those coming from Rewrite Rule)
+			// find the begining of the query string
+			// to compute the script-name
+			if ($v = strpos($url,'?'))
+			  $v = strrpos(substr($url, 0, $v), '/');
+			else $v = strrpos($url, '/');
+			$url = substr($url, $v + 1);
 			if (!$url) $url = "./";
 			if (count($GLOBALS['HTTP_POST_VARS']))
 				$vars = $GLOBALS['HTTP_POST_VARS'];
 		}
 		$v = split('[\?\&]', $url);
 		list(, $this->file) = each($v);
 		if (!$vars) {
 			while (list(,$var) = each($v)) {
 				list($name, $value) = split('=', $var, 2);
@@ -1180,6 +1189,7 @@ function redirige_par_entete($url)
 {
 #	$base=lire_meta("adresse_site");
 #	if ($base) $url = "$base/$url"; # + tard
+#	spip_log("red $url");
 	header("Location: $url");
 	taches_de_fond();
 	exit;

--- a/inc-forum.php3
+++ b/inc-forum.php3
@@ -368,13 +368,17 @@ function code_de_forum_spip ($idr, $idf, $ida, $idb, $ids) {
 	  if ($args) $url .= (strpos($url,'?') ? $args : ('?' . substr($args,1)));
 	}
 	$url = ereg_replace("[?&]var_erreur=[^&]*", '', $url);
-	$url = ereg_replace("[?&]var_login[^&]*", '', $url);
+	$url = ereg_replace("[?&]var_login=[^&]*", '', $url);
-	$url = ereg_replace("[?&]var_url[^&]*", '', $url);
+	$url = ereg_replace("[?&]var_url=[^&]*", '', $url);
+	$url = ereg_replace("[?&]retour=[^&]*", '', $url);
 	// url de retour du forum
-	$retour_forum = rawurldecode($GLOBALS['HTTP_GET_VARS']['retour']);
+	if ($retour_forum = rawurldecode($GLOBALS['HTTP_GET_VARS']['retour']))
-	if (!$retour_forum)
+	  $retour_forum = ereg_replace('&recalcul=oui','',$retour_forum);
-	  $retour_forum = $url;
+	else {
-	else $retour_forum = ereg_replace('&recalcul=oui','',$retour_forum);
+	  if (!$retour_forum = rawurldecode($GLOBALS['HTTP_POST_VARS']['retour']))
+	    $retour_forum = $url;
+	}
 	// debut formulaire forum
 	$lacible = "

--- a/inc-login.php3
+++ b/inc-login.php3
@@ -13,24 +13,24 @@ include_ecrire ("inc_texte.php3");
 include_local ("inc-formulaires.php3");
 // gerer l'auth http
-function auth_http($cible, $essai_auth_http) {
+function auth_http($url, $essai_auth_http) {
 	$lien = " [<a href='" . _DIR_RESTREINT_ABS . "'>"._T('login_espace_prive')."</a>]";
 	if ($essai_auth_http == 'oui') {
 		include_ecrire('inc_session.php3');
 		if (!verifier_php_auth()) {
-			$url = quote_amp(urlencode($cible->getUrl()));
+		  $url = quote_amp(urlencode($url));
-			$page_erreur = "<b>"._T('login_connexion_refusee')."</b><p />"._T('login_login_pass_incorrect')."<p />[<a href='./'>"._T('login_retour_site')."</a>] [<a href='./spip_cookie.php3?essai_auth_http=oui&amp;url=$url'>"._T('login_nouvelle_tentative')."</a>]";
+			$page_erreur = "<b>"._T('login_connexion_refusee')."</b><p />"._T('login_login_pass_incorrect')."<p />[<a href='./'>"._T('login_retour_site')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&amp;url=$url'>"._T('login_nouvelle_tentative')."</a>]";
 			if (ereg(_DIR_RESTREINT_ABS, $url))
 			  $page_erreur .= $lien;
 			ask_php_auth($page_erreur);
 		}
 		else
-			redirige_par_entete($cible->getUrl());
+			redirige_par_entete($url);
 	}
 	// si demande logout auth_http
 	else if ($essai_auth_http == 'logout') {
 		include_ecrire('inc_session.php3');
-		ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p />"._T('login_verifiez_navigateur')."<p />[<a href='./'>"._T('login_retour_public')."</a>] [<a href='./spip_cookie.php3?essai_auth_http=oui&amp;redirect=ecrire'>"._T('login_test_navigateur')."</a>] $lien");
+		ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p />"._T('login_verifiez_navigateur')."<p />[<a href='./'>"._T('login_retour_public')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&amp;redirect=ecrire'>"._T('login_test_navigateur')."</a>] $lien");
 		exit;
 	}
 }
@@ -47,14 +47,14 @@ function login($cible, $prive = 'prive') {
 	global $clean_link;
 	$clean_link->delVar('var_erreur');
 	$clean_link->delVar('var_login');
-	$action = $clean_link->getUrl();
+	$action = urldecode($clean_link->getUrl());
 	include_ecrire("inc_session.php3");
 	verifier_visiteur();
 	if ($auteur_session AND 
 	($auteur_session['statut']=='0minirezo' OR $auteur_session['statut']=='1comite')) {
-	  if (($cible != $action) &&  !headers_sent())
+		if (($cible != $action) &&  !headers_sent())
 			redirige_par_entete($cible);
 		echo "<a href='$cible'>"._T('login_par_ici')."</a>\n";
 		return;
@@ -158,7 +158,7 @@ function login_pour_tous($cible, $prive, $message, $action) {
 		$src = _DIR_RESTREINT_ABS . 'md5.js';
 		if ($flag_challenge_md5) echo "<script type=\"text/javascript\" src=\"$src\"></script>\n";
-		echo "<form name='form_login' action='./spip_cookie.php3' method='post'";
+		echo "<form name='form_login' action='spip_cookie.php3' method='post'";
 		if ($flag_challenge_md5) echo " onSubmit='if (this.session_password.value) {
 				this.session_password_md5.value = calcMD5(\"$alea_actuel\" + this.session_password.value);
 				this.next_session_password_md5.value = calcMD5(\"$alea_futur\" + this.session_password.value);

--- a/spip_cookie.php3
+++ b/spip_cookie.php3
@@ -24,17 +24,14 @@ if ($change_session == 'oui') {
 		exit;
 	}
 }
+#spip_log("cookie: $url");
-// determiner ou l'on veut retomber
+if ($url)  $url = urldecode($url);
-if ($url)
-	$cible = new Link($url);
-else
-	$cible = new Link(_DIR_RESTREINT_ABS);
 // tentative de connexion en auth_http
 if ($essai_auth_http AND !$ignore_auth_http) {
 	include_local ("inc-login.php3");
-	auth_http($cible, $essai_auth_http);
+	auth_http(($url ? $url : _DIR_RESTREINT_ABS), $essai_auth_http);
 	exit;
 }
@@ -56,7 +53,7 @@ if ($logout) {
 		}
 		if ($PHP_AUTH_USER AND !$ignore_auth_http) {
 			include_local ("inc-login.php3");
-			auth_http($cible, 'logout');
+			auth_http(($url ? $url : _DIR_RESTREINT_ABS), 'logout');
 		}
 		unset ($auteur_session);
 	}
@@ -70,14 +67,12 @@ if ($logout) {
 if ($test_echec_cookie == 'oui') {
 	spip_setcookie('spip_session', 'test_echec_cookie');
 	redirige_par_entete("spip_login.php3?var_echec_cookie=oui&var_url=" .
-			    ($url ? rawurlencode($url) : _DIR_RESTREINT_ABS));
+			    ($url ? $url : _DIR_RESTREINT_ABS));
 }
 // Tentative de login
 unset ($cookie_session);
-$durl = rawurldecode($url);
+$redirect = ($url ? $url : _DIR_RESTREINT_ABS);
-$redirect = (!$url ? _DIR_RESTREINT_ABS : (strpos($durl,"&retour=") ? ($url) : $url));
-#$redirect = ($url ? $url : _DIR_RESTREINT_ABS);
 if ($essai_login == "oui") {
 	// Recuperer le login en champ hidden
 	if ($session_login_hidden AND !$session_login)