From 272e9bd33895d90c8e215064e9dfdfeafc297f12 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Sat, 30 Oct 2004 09:59:09 +0000
Subject: [PATCH] correction de la classe Link, et suppressions d'appel
superflus
---
ecrire/inc.php3 | 4 +---
ecrire/inc_auth.php3 | 6 +++---
ecrire/inc_session.php3 | 2 +-
ecrire/inc_version.php3 | 26 ++++++++++++++++++--------
inc-forum.php3 | 16 ++++++++++------
inc-login.php3 | 16 ++++++++--------
spip_cookie.php3 | 17 ++++++-----------
7 files changed, 47 insertions(+), 40 deletions(-)
diff --git a/ecrire/inc.php3 b/ecrire/inc.php3
index eb8bc11892..cdb63fcb7d 100644
--- a/ecrire/inc.php3
+++ b/ecrire/inc.php3
@@ -1,7 +1,7 @@
<?php
if (!defined('_ECRIRE_INC_VERSION')) { include ("inc_version.php3"); }
-spip_log("version lue " . _DIR_PREFIX1);
+
include_ecrire("inc_auth.php3");
include_ecrire("inc_presentation.php3");
include_ecrire("inc_texte.php3");
@@ -12,10 +12,8 @@ include_ecrire("inc_rubriques.php3");
include_ecrire("inc_calendrier.php");
include_ecrire("inc_forum.php3");
-
if (!@file_exists(_DIR_SESSIONS . "inc_meta_cache.php3")) ecrire_metas();
-
//
// Preferences de presentation
//
diff --git a/ecrire/inc_auth.php3 b/ecrire/inc_auth.php3
index 854b156cff..8048e5b2c5 100644
--- a/ecrire/inc_auth.php3
+++ b/ecrire/inc_auth.php3
@@ -110,9 +110,9 @@ function auth() {
// Si pas authentifie, demander login / mdp
if (!$auth_login) {
- spip_log("redirection AUTH " . _DIR_PREFIX1 . $clean_link->getUrl());
- $url = str_replace('/./', '/', _DIR_RESTREINT_ABS .$clean_link->getUrl());
- redirige_par_entete("../spip_login.php3?var_url=".urlencode($url));
+ $url = (str_replace('/./', '/', _DIR_RESTREINT_ABS .$clean_link->getUrl()));
+ redirige_par_entete(lire_meta("adresse_site") .
+ "/spip_login.php3?var_url=$url");
}
diff --git a/ecrire/inc_session.php3 b/ecrire/inc_session.php3
index a5ef53eaef..c5e9f80f00 100644
--- a/ecrire/inc_session.php3
+++ b/ecrire/inc_session.php3
@@ -52,7 +52,7 @@ function ajouter_session($auteur, $id_session) {
fputs($f, $texte);
fclose($f);
} else {
- redirige_par_entete((_DIR_RESTREINT ? "" : "../") .
+ redirige_par_entete(lire_meta("adresse_site") .
"spip_test_dirs.php3");
}
}
diff --git a/ecrire/inc_version.php3 b/ecrire/inc_version.php3
index 2e476a2caf..e74c149ea6 100644
--- a/ecrire/inc_version.php3
+++ b/ecrire/inc_version.php3
@@ -11,18 +11,20 @@ define('_EXTENSION_PHP', '.php3'); # a etendre
define('_DIR_RESTREINT_ABS', 'ecrire/');
define('_DIR_RESTREINT',
(!@is_dir(_DIR_RESTREINT_ABS) ? "" : _DIR_RESTREINT_ABS));
-
-if ($d = ($GLOBALS['HTTP_GET_VARS']['var_install']))
+/* + tard
+if ($d = urldecode($GLOBALS['HTTP_GET_VARS']['var_install']))
{
$d = substr($d,0,strrpos($d,'/')+1);
if (!ereg('^(.*)' . _DIR_RESTREINT_ABS . '$', $d))
$d .= _DIR_RESTREINT_ABS;
if (!@file_exists($d . 'mes_options.php3'))
- { header("Location: install.php3?var_install=$d");
- exit;}
+ {
+ header("Location: " . _DIR_RESTREINT . "install.php3?var_install=$d");
+ exit;
+ }
define('_FILE_OPTIONS', $d . 'mes_options.php3');
define('_FILE_CONNECT_INS', ($d . "inc_connect"));
- } else {
+ } else */ {
define('_FILE_OPTIONS', 'mes_options.php3');
define('_FILE_CONNECT_INS', (_DIR_RESTREINT . "inc_connect"));
}
@@ -36,7 +38,7 @@ define_once('_FILE_CONNECT',
if (!(_FILE_CONNECT OR defined('_ECRIRE_INSTALL') OR defined('_TEST_DIRS'))) {
if (!defined("_INC_PUBLIC"))
- header("Location: install.php3");
+ header("Location: " . _DIR_RESTREINT . "install.php3");
else
{
$db_ok = 0;
@@ -786,14 +788,21 @@ class Link {
// (HTTP_GET_VARS may contain additional variables
// introduced by rewrite-rules)
$url = $GLOBALS['REQUEST_URI'];
- $url = substr($url, strrpos($url, '/') + 1);
+ // Warning !!!!
+ // since non encoded arguments may be present
+ // (especially those coming from Rewrite Rule)
+ // find the begining of the query string
+ // to compute the script-name
+ if ($v = strpos($url,'?'))
+ $v = strrpos(substr($url, 0, $v), '/');
+ else $v = strrpos($url, '/');
+ $url = substr($url, $v + 1);
if (!$url) $url = "./";
if (count($GLOBALS['HTTP_POST_VARS']))
$vars = $GLOBALS['HTTP_POST_VARS'];
}
$v = split('[\?\&]', $url);
list(, $this->file) = each($v);
-
if (!$vars) {
while (list(,$var) = each($v)) {
list($name, $value) = split('=', $var, 2);
@@ -1180,6 +1189,7 @@ function redirige_par_entete($url)
{
# $base=lire_meta("adresse_site");
# if ($base) $url = "$base/$url"; # + tard
+# spip_log("red $url");
header("Location: $url");
taches_de_fond();
exit;
diff --git a/inc-forum.php3 b/inc-forum.php3
index f770931420..6a4efbe3e0 100644
--- a/inc-forum.php3
+++ b/inc-forum.php3
@@ -368,13 +368,17 @@ function code_de_forum_spip ($idr, $idf, $ida, $idb, $ids) {
if ($args) $url .= (strpos($url,'?') ? $args : ('?' . substr($args,1)));
}
$url = ereg_replace("[?&]var_erreur=[^&]*", '', $url);
- $url = ereg_replace("[?&]var_login[^&]*", '', $url);
- $url = ereg_replace("[?&]var_url[^&]*", '', $url);
+ $url = ereg_replace("[?&]var_login=[^&]*", '', $url);
+ $url = ereg_replace("[?&]var_url=[^&]*", '', $url);
+ $url = ereg_replace("[?&]retour=[^&]*", '', $url);
// url de retour du forum
- $retour_forum = rawurldecode($GLOBALS['HTTP_GET_VARS']['retour']);
- if (!$retour_forum)
- $retour_forum = $url;
- else $retour_forum = ereg_replace('&recalcul=oui','',$retour_forum);
+ if ($retour_forum = rawurldecode($GLOBALS['HTTP_GET_VARS']['retour']))
+ $retour_forum = ereg_replace('&recalcul=oui','',$retour_forum);
+ else {
+ if (!$retour_forum = rawurldecode($GLOBALS['HTTP_POST_VARS']['retour']))
+ $retour_forum = $url;
+ }
+
// debut formulaire forum
$lacible = "
diff --git a/inc-login.php3 b/inc-login.php3
index ec8d7904be..614177d700 100644
--- a/inc-login.php3
+++ b/inc-login.php3
@@ -13,24 +13,24 @@ include_ecrire ("inc_texte.php3");
include_local ("inc-formulaires.php3");
// gerer l'auth http
-function auth_http($cible, $essai_auth_http) {
+function auth_http($url, $essai_auth_http) {
$lien = " [<a href='" . _DIR_RESTREINT_ABS . "'>"._T('login_espace_prive')."</a>]";
if ($essai_auth_http == 'oui') {
include_ecrire('inc_session.php3');
if (!verifier_php_auth()) {
- $url = quote_amp(urlencode($cible->getUrl()));
- $page_erreur = "<b>"._T('login_connexion_refusee')."</b><p />"._T('login_login_pass_incorrect')."<p />[<a href='./'>"._T('login_retour_site')."</a>] [<a href='./spip_cookie.php3?essai_auth_http=oui&url=$url'>"._T('login_nouvelle_tentative')."</a>]";
+ $url = quote_amp(urlencode($url));
+ $page_erreur = "<b>"._T('login_connexion_refusee')."</b><p />"._T('login_login_pass_incorrect')."<p />[<a href='./'>"._T('login_retour_site')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&url=$url'>"._T('login_nouvelle_tentative')."</a>]";
if (ereg(_DIR_RESTREINT_ABS, $url))
$page_erreur .= $lien;
ask_php_auth($page_erreur);
}
else
- redirige_par_entete($cible->getUrl());
+ redirige_par_entete($url);
}
// si demande logout auth_http
else if ($essai_auth_http == 'logout') {
include_ecrire('inc_session.php3');
- ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p />"._T('login_verifiez_navigateur')."<p />[<a href='./'>"._T('login_retour_public')."</a>] [<a href='./spip_cookie.php3?essai_auth_http=oui&redirect=ecrire'>"._T('login_test_navigateur')."</a>] $lien");
+ ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p />"._T('login_verifiez_navigateur')."<p />[<a href='./'>"._T('login_retour_public')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&redirect=ecrire'>"._T('login_test_navigateur')."</a>] $lien");
exit;
}
}
@@ -47,14 +47,14 @@ function login($cible, $prive = 'prive') {
global $clean_link;
$clean_link->delVar('var_erreur');
$clean_link->delVar('var_login');
- $action = $clean_link->getUrl();
+ $action = urldecode($clean_link->getUrl());
include_ecrire("inc_session.php3");
verifier_visiteur();
if ($auteur_session AND
($auteur_session['statut']=='0minirezo' OR $auteur_session['statut']=='1comite')) {
- if (($cible != $action) && !headers_sent())
+ if (($cible != $action) && !headers_sent())
redirige_par_entete($cible);
echo "<a href='$cible'>"._T('login_par_ici')."</a>\n";
return;
@@ -158,7 +158,7 @@ function login_pour_tous($cible, $prive, $message, $action) {
$src = _DIR_RESTREINT_ABS . 'md5.js';
if ($flag_challenge_md5) echo "<script type=\"text/javascript\" src=\"$src\"></script>\n";
- echo "<form name='form_login' action='./spip_cookie.php3' method='post'";
+ echo "<form name='form_login' action='spip_cookie.php3' method='post'";
if ($flag_challenge_md5) echo " onSubmit='if (this.session_password.value) {
this.session_password_md5.value = calcMD5(\"$alea_actuel\" + this.session_password.value);
this.next_session_password_md5.value = calcMD5(\"$alea_futur\" + this.session_password.value);
diff --git a/spip_cookie.php3 b/spip_cookie.php3
index 20806d7ef1..84f12dd85f 100644
--- a/spip_cookie.php3
+++ b/spip_cookie.php3
@@ -24,17 +24,14 @@ if ($change_session == 'oui') {
exit;
}
}
+#spip_log("cookie: $url");
-// determiner ou l'on veut retomber
-if ($url)
- $cible = new Link($url);
-else
- $cible = new Link(_DIR_RESTREINT_ABS);
+if ($url) $url = urldecode($url);
// tentative de connexion en auth_http
if ($essai_auth_http AND !$ignore_auth_http) {
include_local ("inc-login.php3");
- auth_http($cible, $essai_auth_http);
+ auth_http(($url ? $url : _DIR_RESTREINT_ABS), $essai_auth_http);
exit;
}
@@ -56,7 +53,7 @@ if ($logout) {
}
if ($PHP_AUTH_USER AND !$ignore_auth_http) {
include_local ("inc-login.php3");
- auth_http($cible, 'logout');
+ auth_http(($url ? $url : _DIR_RESTREINT_ABS), 'logout');
}
unset ($auteur_session);
}
@@ -70,14 +67,12 @@ if ($logout) {
if ($test_echec_cookie == 'oui') {
spip_setcookie('spip_session', 'test_echec_cookie');
redirige_par_entete("spip_login.php3?var_echec_cookie=oui&var_url=" .
- ($url ? rawurlencode($url) : _DIR_RESTREINT_ABS));
+ ($url ? $url : _DIR_RESTREINT_ABS));
}
// Tentative de login
unset ($cookie_session);
-$durl = rawurldecode($url);
-$redirect = (!$url ? _DIR_RESTREINT_ABS : (strpos($durl,"&retour=") ? ($url) : $url));
-#$redirect = ($url ? $url : _DIR_RESTREINT_ABS);
+$redirect = ($url ? $url : _DIR_RESTREINT_ABS);
if ($essai_login == "oui") {
// Recuperer le login en champ hidden
if ($session_login_hidden AND !$session_login)
--
GitLab