From 2afa14ce11a8066fd45b31cb4eafc3ce7c1c3962 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Fri, 9 Dec 2005 17:04:26 +0000
Subject: [PATCH] harmonisation de l'API des surcharges, retrait de XSS et
d'inclusions superflues
---
ecrire/forum.php3 | 4 ++--
ecrire/forum_admin.php3 | 2 +-
ecrire/inc_forum_admin.php | 6 ++++--
ecrire/inc_lang_raccourcis.php3 | 6 +++---
ecrire/inc_messagerie.php | 10 ++++++----
ecrire/inc_naviguer.php | 4 ++--
ecrire/lang_raccourcis.php3 | 2 +-
ecrire/messagerie.php3 | 2 +-
ecrire/naviguer.php3 | 2 +-
9 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/ecrire/forum.php3 b/ecrire/forum.php3
index 4d208c0abf..8b41f8b379 100644
--- a/ecrire/forum.php3
+++ b/ecrire/forum.php3
@@ -12,6 +12,6 @@
// obsolete, mais assurer le service pour les vieux liens
include ("inc.php3");
-$var_f = include_fonction(basename('forum_admin'));
-$var_f($debut, $admin);
+$var_f = include_fonction('forum_admin');
+$var_f();
?>
diff --git a/ecrire/forum_admin.php3 b/ecrire/forum_admin.php3
index e1950e824c..2fe0d69a9d 100644
--- a/ecrire/forum_admin.php3
+++ b/ecrire/forum_admin.php3
@@ -12,5 +12,5 @@
include ("inc.php3");
$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
-$var_f($debut, $admin);
+$var_f();
?>
diff --git a/ecrire/inc_forum_admin.php b/ecrire/inc_forum_admin.php
index 81436e487c..b321f6fd81 100644
--- a/ecrire/inc_forum_admin.php
+++ b/ecrire/inc_forum_admin.php
@@ -30,9 +30,11 @@ function liste_numeros_forum($urlforum, $debut, $total)
echo "\n</p>\n";
}
-function forum_admin_dist($debut, $admin)
+function forum_admin_dist()
{
- global $connect_statut;
+ global $connect_statut, $debut, $admin;
+
+ $debut = intval($debut);
if ($admin) {
debut_page(_T('titre_page_forum'), "redacteurs", "privadm");
diff --git a/ecrire/inc_lang_raccourcis.php3 b/ecrire/inc_lang_raccourcis.php3
index d8080f03a0..6d983f740e 100644
--- a/ecrire/inc_lang_raccourcis.php3
+++ b/ecrire/inc_lang_raccourcis.php3
@@ -15,11 +15,11 @@ include_ecrire("inc_texte.php3");
include_ecrire("inc_urls.php3");
include_ecrire("inc_rubriques.php3");
-function lang_raccourcis_dist($module)
+function lang_raccourcis_dist()
{
- global $couleur_foncee, $spip_lang, $spip_lang_left;
+ global $changer_config, $couleur_foncee, $spip_lang, $spip_lang_left;
-if (!$module) $module = "public";
+ $module = $changer_config ? $changer_config : "public";
debut_page(_T('module_fichier_langue').": $module", "administration", "langues");
diff --git a/ecrire/inc_messagerie.php b/ecrire/inc_messagerie.php
index b84d1e2763..f4cd4823b3 100644
--- a/ecrire/inc_messagerie.php
+++ b/ecrire/inc_messagerie.php
@@ -13,14 +13,17 @@
if (!defined("_ECRIRE_INC_VERSION")) return;
include_ecrire("inc_presentation.php3");
-include_ecrire("inc_texte.php3");
-function messagerie_dist($id_message, $detruire_message, $supp_dest)
+function messagerie_dist()
{
global $connect_id_auteur, $connect_statut, $couleur_claire, $spip_lang_rtl;
-if ($supp_dest) {
+ $id_message = intval($id_message);
+ $detruire_message = intval($detruire_message);
+ $supp_dest = intval($supp_dest);
+
+ if ($supp_dest) {
spip_query("DELETE FROM spip_auteurs_messages WHERE id_message=$id_message AND id_auteur=$supp_dest");
}
@@ -30,7 +33,6 @@ if ($detruire_message) {
spip_query("DELETE FROM spip_forum WHERE id_message=$detruire_message");
}
-
debut_page(_T('titre_page_messagerie'), "redacteurs", "messagerie");
debut_gauche("messagerie");
diff --git a/ecrire/inc_naviguer.php b/ecrire/inc_naviguer.php
index ab56ca1a5e..454f5c4f9c 100644
--- a/ecrire/inc_naviguer.php
+++ b/ecrire/inc_naviguer.php
@@ -22,9 +22,9 @@ include_ecrire("inc_mots.php3");
include_ecrire("inc_documents.php3");
include_ecrire("inc_abstract_sql.php3");
-function naviguer_dist($action)
+function naviguer_dist()
{
- global $id_parent, $id_rubrique, $nouv_mot, $spip_display, $connect_statut, $supp_mot, $champs_extra, $cherche_mot, $descriptif, $texte, $titre, $changer_lang;
+ global $action, $id_parent, $id_rubrique, $nouv_mot, $spip_display, $connect_statut, $supp_mot, $champs_extra, $cherche_mot, $descriptif, $texte, $titre, $changer_lang;
$flag_editable = ($connect_statut == '0minirezo' AND (acces_rubrique($id_parent) OR acces_rubrique($id_rubrique))); // id_parent necessaire en cas de creation de sous-rubrique
diff --git a/ecrire/lang_raccourcis.php3 b/ecrire/lang_raccourcis.php3
index 14dc22a594..2fe0d69a9d 100644
--- a/ecrire/lang_raccourcis.php3
+++ b/ecrire/lang_raccourcis.php3
@@ -12,5 +12,5 @@
include ("inc.php3");
$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
-$var_f($changer_config);
+$var_f();
?>
diff --git a/ecrire/messagerie.php3 b/ecrire/messagerie.php3
index 84ce57a60b..2fe0d69a9d 100644
--- a/ecrire/messagerie.php3
+++ b/ecrire/messagerie.php3
@@ -12,5 +12,5 @@
include ("inc.php3");
$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
-$var_f(intval($id_message), intval($detruire_message), $supp_dest);
+$var_f();
?>
diff --git a/ecrire/naviguer.php3 b/ecrire/naviguer.php3
index b08c938ff3..2fe0d69a9d 100644
--- a/ecrire/naviguer.php3
+++ b/ecrire/naviguer.php3
@@ -12,5 +12,5 @@
include ("inc.php3");
$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
-$var_f($action);
+$var_f();
?>
--
GitLab