From 3a90845c9f5ace44df53c2e150e9ffbb7e1140d4 Mon Sep 17 00:00:00 2001
From: Fil <fil@rezo.net>
Date: Thu, 8 Apr 2004 21:05:46 +0000
Subject: [PATCH] =?UTF-8?q?#URL=5FFORUM=20+=20trou=20de=20s=C3=A9curit?=
 =?UTF-8?q?=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inc-forum.php3         | 16 ++++++++-------
 inc-urls-html.php3     | 45 ++++++++++++++++++++++++++++++++++++-----
 inc-urls-standard.php3 | 46 ++++++++++++++++++++++++++++++++++++------
 3 files changed, 89 insertions(+), 18 deletions(-)

diff --git a/inc-forum.php3 b/inc-forum.php3
index d6eb097f6c..01f7c29c8f 100644
--- a/inc-forum.php3
+++ b/inc-forum.php3
@@ -172,20 +172,22 @@ function retour_forum($id_rubrique, $id_parent, $id_article, $id_breve, $id_synd
 		// Si premiere edition, initialiser le titre et l'auteur
 		if (!$titre) {
 			if ($id_parent)
-				$titre_select = "SELECT titre FROM spip_forum WHERE id_forum = $id_parent";
+				$titre_select = "SELECT titre FROM spip_forum WHERE id_forum = $id_parent AND statut='publie'";
 			else if ($id_rubrique)
-				$titre_select = "SELECT titre FROM spip_rubriques WHERE id_rubrique = $id_rubrique";
+				$titre_select = "SELECT titre FROM spip_rubriques WHERE id_rubrique = $id_rubrique AND statut='publie'";
 			else if ($id_article)
-				$titre_select = "SELECT titre FROM spip_articles WHERE id_article = $id_article";
+				$titre_select = "SELECT titre FROM spip_articles WHERE id_article = $id_article AND statut='publie'";
 			else if ($id_breve)
-				$titre_select = "SELECT titre FROM spip_breves WHERE id_breve = $id_breve";
+				$titre_select = "SELECT titre FROM spip_breves WHERE id_breve = $id_breve AND statut='publie'";
 			else if ($id_syndic)
-				$titre_select = "SELECT nom_site AS titre FROM spip_syndic WHERE id_syndic = $id_syndic";
+				$titre_select = "SELECT nom_site AS titre FROM spip_syndic WHERE id_syndic = $id_syndic AND statut='publie'";
 			else
 				$titre_select = "SELECT '".addslashes(_T('forum_titre_erreur'))."' AS titre";
 
-			$res = spip_fetch_object(spip_query($titre_select));
-			$titre = '> ' . supprimer_numero(ereg_replace ('^[>[:space:]]*', '', $res->titre));
+			if ($res = spip_fetch_object(spip_query($titre_select)))
+				$titre = '> ' . supprimer_numero(ereg_replace ('^[>[:space:]]*', '', $res->titre));
+			else
+				$titre = _T('forum_titre_erreur');
 		}
 		if ($spip_forum_user && is_array($cookie_user = unserialize($spip_forum_user))) {
 			$auteur = $cookie_user['nom'];
diff --git a/inc-urls-html.php3 b/inc-urls-html.php3
index 452c955e09..d8c030801e 100644
--- a/inc-urls-html.php3
+++ b/inc-urls-html.php3
@@ -16,10 +16,6 @@ function generer_url_breve($id_breve) {
 	return "breve$id_breve.html";
 }
 
-function generer_url_forum($id_forum) {
-	return "forum$id_forum.html";
-}
-
 function generer_url_mot($id_mot) {
 	return "mot$id_mot.html";
 }
@@ -45,4 +41,43 @@ function recuperer_parametres_url($fond, $url) {
 }
 
 
-?>
\ No newline at end of file
+//
+// URLs des forums
+//
+
+// a mettre dans ecrire/inc_threads.php3 avec les autres trucs de forum
+function racine_forum($id_forum){
+	$query = "SELECT id_parent, id_rubrique, id_article, id_breve FROM spip_forum WHERE id_forum=".$id_forum;
+	$result = spip_query($query);
+	if($row = spip_fetch_array($result)){
+		if($row['id_parent']) {
+			return racine_forum($row['id_parent']);
+		}
+		else {
+			if($row['id_rubrique']) return array('rubrique',$row['id_rubrique'], $id_forum);
+ 			if($row['id_article']) return array('article',$row['id_article'], $id_forum);
+			if($row['id_breve']) return array('breve',$row['id_breve'], $id_forum);
+		}
+	}
+} 
+
+function generer_url_forum($id_forum, $show_thread=false) {
+	list($type, $id, $id_thread) = racine_forum($id_forum);
+	if ($id_thread>0 AND $show_thread)
+		$id_forum = $id_thread;
+	switch($type) {
+		case 'article':
+			return generer_url_article($id)."#forum$id_forum";
+			break;
+		case 'breve':
+			return generer_url_breve($id)."#forum$id_forum";
+			break;
+		case 'rubrique':
+			return generer_url_rubrique($id)."#forum$id_forum";
+			break;
+		default:
+			return "forum$id_forum.html";
+	}
+}
+
+?>
diff --git a/inc-urls-standard.php3 b/inc-urls-standard.php3
index 01ec10e658..52c4f80362 100644
--- a/inc-urls-standard.php3
+++ b/inc-urls-standard.php3
@@ -4,7 +4,6 @@
 if (defined("_INC_URLS2")) return;
 define("_INC_URLS2", "1");
 
-
 function generer_url_article($id_article) {
 	return "article.php3?id_article=$id_article";
 }
@@ -17,10 +16,6 @@ function generer_url_breve($id_breve) {
 	return "breve.php3?id_breve=$id_breve";
 }
 
-function generer_url_forum($id_forum) {
-	return "forum.php3?id_forum=$id_forum";
-}
-
 function generer_url_mot($id_mot) {
 	return "mot.php3?id_mot=$id_mot";
 }
@@ -45,4 +40,43 @@ function recuperer_parametres_url($fond, $url) {
 	return;
 }
 
-?>
\ No newline at end of file
+//
+// URLs des forums
+//
+
+// a mettre dans ecrire/inc_threads.php3 avec les autres trucs de forum
+function racine_forum($id_forum){
+	$query = "SELECT id_parent, id_rubrique, id_article, id_breve FROM spip_forum WHERE id_forum=".$id_forum;
+	$result = spip_query($query);
+	if($row = spip_fetch_array($result)){
+		if($row['id_parent']) {
+			return racine_forum($row['id_parent']);
+		}
+		else {
+			if($row['id_rubrique']) return array('rubrique',$row['id_rubrique'], $id_forum);
+ 			if($row['id_article']) return array('article',$row['id_article'], $id_forum);
+			if($row['id_breve']) return array('breve',$row['id_breve'], $id_forum);
+		}
+	}
+} 
+
+function generer_url_forum($id_forum, $show_thread=false) {
+	list($type, $id, $id_thread) = racine_forum($id_forum);
+	if ($id_thread>0 AND $show_thread)
+		$id_forum = $id_thread;
+	switch($type) {
+		case 'article':
+			return generer_url_article($id)."#forum$id_forum";
+			break;
+		case 'breve':
+			return generer_url_breve($id)."#forum$id_forum";
+			break;
+		case 'rubrique':
+			return generer_url_rubrique($id)."#forum$id_forum";
+			break;
+		default:
+			return "forum.php3?id_forum=".$id_forum;
+	}
+}
+
+?>
-- 
GitLab