diff --git a/ecrire/action/autoriser.php b/ecrire/action/autoriser.php
index 6091278e101eedb0dd5bf95315368434a228ef79..a77b2710f8d6f238a326cb9a71c14e4b90471f8f 100644
--- a/ecrire/action/autoriser.php
+++ b/ecrire/action/autoriser.php
@@ -39,7 +39,7 @@ function action_autoriser_dist()
else
{
if (!$arg) {
- $arg =spip_query("SELECT id_document, descriptif FROM spip_documents AS documents WHERE documents.fichier=" . spip_abstract_quote($file));
+ $arg =spip_query("SELECT id_document, descriptif FROM spip_documents AS documents WHERE documents.fichier=" . _q($file));
$arg = spip_fetch_array($arg);
if (!$arg) $refus = 2;
$dcc = $arg['descriptif'];
diff --git a/ecrire/action/cookie.php b/ecrire/action/cookie.php
index 95ce7865f14536f35f32216ca0f834e760109365..7a05b5b8d4ea49e671482beaed4bdbc5c2f35a49 100644
--- a/ecrire/action/cookie.php
+++ b/ecrire/action/cookie.php
@@ -131,7 +131,7 @@ if ($essai_login == "oui") {
$prefs = ($row_auteur['prefs']) ? unserialize($row_auteur['prefs']) : array();
$prefs['cnx'] = ($session_remember == 'oui') ? 'perma' : '';
- spip_query("UPDATE spip_auteurs SET prefs = " . spip_abstract_quote(serialize($prefs)) . " WHERE id_auteur = " . $row_auteur['id_auteur']);
+ spip_query("UPDATE spip_auteurs SET prefs = " . _q(serialize($prefs)) . " WHERE id_auteur = " . $row_auteur['id_auteur']);
}
}
@@ -170,7 +170,7 @@ if ($var_lang_ecrire) {
if (_FILE_CONNECT
AND verifier_action_auteur("cookie-var_lang_ecrire", $hash)) {
- spip_query("UPDATE spip_auteurs SET lang = " . spip_abstract_quote($var_lang_ecrire) . " WHERE id_auteur = " . $GLOBALS['auteur_session']['id_auteur']);
+ spip_query("UPDATE spip_auteurs SET lang = " . _q($var_lang_ecrire) . " WHERE id_auteur = " . $GLOBALS['auteur_session']['id_auteur']);
$auteur_session['lang'] = $var_lang_ecrire;
$var_f = charger_fonction('session', 'inc');
$var_f($auteur_session);
diff --git a/ecrire/action/editer_article.php b/ecrire/action/editer_article.php
index 460d2a5269e61a3d97e11e2625b9fdecad615011..7659c016da50934ad9af7efaece3a22aaf37ee99 100644
--- a/ecrire/action/editer_article.php
+++ b/ecrire/action/editer_article.php
@@ -198,7 +198,7 @@ function revisions_articles ($id_article, $new, $c = false) {
$update = '';
foreach ($champs as $champ => $val)
- $update .= $champ . '=' . spip_abstract_quote($val).', ';
+ $update .= $champ . '=' . _q($val).', ';
spip_query("UPDATE spip_articles SET $update date_modif=NOW() WHERE id_article=$id_article");
diff --git a/ecrire/action/editer_rubrique.php b/ecrire/action/editer_rubrique.php
index 1e88566453c343e20d227245848b65ddf5c86961..f6e1b385cab41fa59f80b8aef425040f97306da3 100644
--- a/ecrire/action/editer_rubrique.php
+++ b/ecrire/action/editer_rubrique.php
@@ -107,7 +107,7 @@ function enregistre_modifier_naviguer($id_rubrique, $id_parent, $titre, $texte,
}
else $extra = '';
- spip_query("UPDATE spip_rubriques SET " . $parent . "titre=" . spip_abstract_quote($titre) . ", descriptif=" . spip_abstract_quote($descriptif) . ", texte=" . spip_abstract_quote($texte) . (!$extra ? '' : ", extra = " . spip_abstract_quote($extra) . "") . " WHERE id_rubrique=$id_rubrique");
+ spip_query("UPDATE spip_rubriques SET " . $parent . "titre=" . _q($titre) . ", descriptif=" . _q($descriptif) . ", texte=" . _q($texte) . (!$extra ? '' : ", extra = " . _q($extra) . "") . " WHERE id_rubrique=$id_rubrique");
if ($GLOBALS['meta']['activer_moteur'] == 'oui') {
diff --git a/ecrire/action/instituer_langue_rubrique.php b/ecrire/action/instituer_langue_rubrique.php
index 784bf05ed5fc3ef42cba3fbc0486d070bfd58300..e0dc25453fbd6489de67e28a7bca0d464a801ae3 100644
--- a/ecrire/action/instituer_langue_rubrique.php
+++ b/ecrire/action/instituer_langue_rubrique.php
@@ -29,7 +29,7 @@ function action_instituer_langue_rubrique_dist() {
AND $GLOBALS['meta']['multi_rubriques'] == 'oui'
AND ($GLOBALS['meta']['multi_secteurs'] == 'non' OR $id_parent == 0)) {
if ($changer_lang != "herit")
- spip_query("UPDATE spip_rubriques SET lang=" . spip_abstract_quote($changer_lang) . ", langue_choisie='oui' WHERE id_rubrique=$id_rubrique");
+ spip_query("UPDATE spip_rubriques SET lang=" . _q($changer_lang) . ", langue_choisie='oui' WHERE id_rubrique=$id_rubrique");
else {
if ($id_parent == 0)
$langue_parent = $GLOBALS['meta']['langue_site'];
@@ -37,7 +37,7 @@ function action_instituer_langue_rubrique_dist() {
$row = spip_fetch_array(spip_query("SELECT lang FROM spip_rubriques WHERE id_rubrique=$id_parent"));
$langue_parent = $row['lang'];
}
- spip_query("UPDATE spip_rubriques SET lang=" . spip_abstract_quote($langue_parent) . ", langue_choisie='non' WHERE id_rubrique=$id_rubrique");
+ spip_query("UPDATE spip_rubriques SET lang=" . _q($langue_parent) . ", langue_choisie='non' WHERE id_rubrique=$id_rubrique");
}
include_spip('inc/rubriques');
calculer_rubriques();
diff --git a/ecrire/action/legender.php b/ecrire/action/legender.php
index 26f39198f647386cf6650d99b72f88888f5ba0b2..b6ad9f370d61e1c65f9c15dc7880038a097756ca 100644
--- a/ecrire/action/legender.php
+++ b/ecrire/action/legender.php
@@ -64,7 +64,7 @@ function action_legender_post($r)
if (preg_match('/^[0-9-]+$/', $date)) $d=" date='$date',";
}
- spip_query("UPDATE spip_documents SET$d titre=" . spip_abstract_quote($titre_document) . ", descriptif=" . spip_abstract_quote($descriptif_document) . " $wh WHERE id_document=".$id_document);
+ spip_query("UPDATE spip_documents SET$d titre=" . _q($titre_document) . ", descriptif=" . _q($descriptif_document) . " $wh WHERE id_document=".$id_document);
if ($date) {
diff --git a/ecrire/action/legender_auteur.php b/ecrire/action/legender_auteur.php
index 513040b5d750f99ed2613c6071883a6d684c4389..a4efd98bf394d0f80ee88d2aa0505210ca7ec00a 100644
--- a/ecrire/action/legender_auteur.php
+++ b/ecrire/action/legender_auteur.php
@@ -81,7 +81,7 @@ function action_legender_post($r)
if (strlen($new_login) < 4)
$echec[]= 'info_login_trop_court';
else {
- $n = spip_fetch_array(spip_query("SELECT COUNT(*) AS n FROM spip_auteurs WHERE login=" . spip_abstract_quote($new_login) . " AND id_auteur!=$id_auteur AND statut!='5poubelle'"));
+ $n = spip_fetch_array(spip_query("SELECT COUNT(*) AS n FROM spip_auteurs WHERE login=" . _q($new_login) . " AND id_auteur!=$id_auteur AND statut!='5poubelle'"));
if ($n['n'])
$echec[]= 'info_login_existant';
else if ($new_login != $old_login) {
@@ -177,7 +177,7 @@ function action_legender_post($r)
spip_abstract_insert("spip_auteurs_articles", "(id_auteur, id_article)", "($id_auteur, $ajouter_id_article)");
}
- $n = spip_query("UPDATE spip_auteurs SET $query_pass nom=" . spip_abstract_quote($auteur['nom']) . ", login=" . spip_abstract_quote($auteur['login']) . ", bio=" . spip_abstract_quote($auteur['bio']) . ", email=" . spip_abstract_quote($auteur['email']) . ", nom_site=" . spip_abstract_quote($auteur['nom_site']) . ", url_site=" . spip_abstract_quote($auteur['url_site']) . ", pgp=" . spip_abstract_quote($auteur['pgp']) . (!$extra ? '' : (", extra = " . spip_abstract_quote($extra) . "")) . " WHERE id_auteur=".$auteur['id_auteur']);
+ $n = spip_query("UPDATE spip_auteurs SET $query_pass nom=" . _q($auteur['nom']) . ", login=" . _q($auteur['login']) . ", bio=" . _q($auteur['bio']) . ", email=" . _q($auteur['email']) . ", nom_site=" . _q($auteur['nom_site']) . ", url_site=" . _q($auteur['url_site']) . ", pgp=" . _q($auteur['pgp']) . (!$extra ? '' : (", extra = " . _q($extra) . "")) . " WHERE id_auteur=".$auteur['id_auteur']);
if (!$n) die('UPDATE');
}
diff --git a/ecrire/action/pass.php b/ecrire/action/pass.php
index c6ccdf3cf06ea21945effceea7e51af08d2289b0..590400063ff4aa35d80e6ac67cf1e26304522fc3 100644
--- a/ecrire/action/pass.php
+++ b/ecrire/action/pass.php
@@ -43,7 +43,7 @@ function message_oubli($email, $param)
if (!is_array($declaration))
return $declaration;
- $res = spip_query("SELECT id_auteur,statut,pass FROM spip_auteurs WHERE email =" . spip_abstract_quote($declaration['mail']));
+ $res = spip_query("SELECT id_auteur,statut,pass FROM spip_auteurs WHERE email =" . _q($declaration['mail']));
if (!$row = spip_fetch_array($res))
return _T('pass_erreur_non_enregistre', array('email_oubli' => htmlspecialchars($email)));
@@ -81,14 +81,14 @@ $message = '';
if (!$p) {
if ($oubli) $message = message_oubli($oubli, 'p');
} else {
- $res = spip_query("SELECT login FROM spip_auteurs WHERE cookie_oubli=" . spip_abstract_quote($p) . " AND statut<>'5poubelle' AND pass<>''");
+ $res = spip_query("SELECT login FROM spip_auteurs WHERE cookie_oubli=" . _q($p) . " AND statut<>'5poubelle' AND pass<>''");
if (!$row = spip_fetch_array($res))
$message = _T('pass_erreur_code_inconnu');
else {
if ($oubli) {
$mdpass = md5($oubli);
$htpass = generer_htpass($oubli);
- spip_query("UPDATE spip_auteurs SET htpass='$htpass', pass='$mdpass', alea_actuel='', cookie_oubli='' WHERE cookie_oubli=" . spip_abstract_quote($p));
+ spip_query("UPDATE spip_auteurs SET htpass='$htpass', pass='$mdpass', alea_actuel='', cookie_oubli='' WHERE cookie_oubli=" . _q($p));
$login = $row['login'];
$message = "<b>" . _T('pass_nouveau_enregistre') . "</b>".
diff --git a/ecrire/action/petitionner.php b/ecrire/action/petitionner.php
index 90394f761d9caf7c503b5e87d063bd559b8dc5bf..93e1198a6c85d6ef1a840aaf40758ea8af093141 100644
--- a/ecrire/action/petitionner.php
+++ b/ecrire/action/petitionner.php
@@ -36,7 +36,7 @@ function action_petitionner_dist() {
$site_unique = ($site_unique == 'on') ? 'oui' : "non";
$message = ($message == 'on') ? 'oui' : "non";
- $result_pet = spip_query("REPLACE spip_petitions (id_article, email_unique, site_obli, site_unique, message, texte) VALUES ($id_article, '$email_unique', '$site_obli', '$site_unique', '$message', " . spip_abstract_quote($texte_petition) . ")");
+ $result_pet = spip_query("REPLACE spip_petitions (id_article, email_unique, site_obli, site_unique, message, texte) VALUES ($id_article, '$email_unique', '$site_obli', '$site_unique', '$message', " . _q($texte_petition) . ")");
}
else if ($change_petition == "off") {
$result_pet = spip_query("DELETE FROM spip_petitions WHERE id_article=$id_article");
diff --git a/ecrire/action/referencer_traduction.php b/ecrire/action/referencer_traduction.php
index de98e9d1218d86aeb91aed1fc3919e6fc5178533..fc6f65f0a5efd047f7e5895014fedce902c84b73 100644
--- a/ecrire/action/referencer_traduction.php
+++ b/ecrire/action/referencer_traduction.php
@@ -55,11 +55,11 @@ function instituer_langue_article($id_article, $id_rubrique) {
if ($GLOBALS['meta']['multi_articles'] == 'oui' AND $changer_lang) {
if ($changer_lang != "herit")
- spip_query("UPDATE spip_articles SET lang=" . spip_abstract_quote($changer_lang) . ", langue_choisie='oui' WHERE id_article=$id_article");
+ spip_query("UPDATE spip_articles SET lang=" . _q($changer_lang) . ", langue_choisie='oui' WHERE id_article=$id_article");
else {
$langue_parent = spip_fetch_array(spip_query("SELECT lang FROM spip_rubriques WHERE id_rubrique=" . $id_rubrique));
$langue_parent=$langue_parent['lang'];
- spip_query("UPDATE spip_articles SET lang=" . spip_abstract_quote($langue_parent) . ", langue_choisie='non' WHERE id_article=$id_article");
+ spip_query("UPDATE spip_articles SET lang=" . _q($langue_parent) . ", langue_choisie='non' WHERE id_article=$id_article");
include_spip('inc/lang');
calculer_langues_utilisees();
}
diff --git a/ecrire/action/tourner.php b/ecrire/action/tourner.php
index f24044852b01cec88bfe65ea7c786a05f4e66656..69e444eb9685e7285955f7d3b18906b0b7c2c8d9 100644
--- a/ecrire/action/tourner.php
+++ b/ecrire/action/tourner.php
@@ -225,7 +225,7 @@ function inserer_vignette_base($image, $vignette) {
$vignette = str_replace(_DIR_RACINE, '', $vignette);
- $t = spip_query("SELECT id_document FROM spip_documents WHERE fichier=" . spip_abstract_quote($image));
+ $t = spip_query("SELECT id_document FROM spip_documents WHERE fichier=" . _q($image));
spip_log("creation vignette($image) -> $vignette $t");
if ($t) {
if ($row = spip_fetch_array($t)) {
diff --git a/ecrire/action/virtualiser.php b/ecrire/action/virtualiser.php
index 47f1d36ba8c6870c16ffb592b3c1f6a76aff3040..4e25c338a544e9ea260c450a8f0eb2650fa40166 100644
--- a/ecrire/action/virtualiser.php
+++ b/ecrire/action/virtualiser.php
@@ -36,6 +36,6 @@ function action_virtualiser_post($r)
{
$url = eregi_replace("^ *https?://$", "", rtrim($url));
if ($url) $url = corriger_caracteres("=$url");
- spip_query("UPDATE spip_articles SET chapo=" . spip_abstract_quote($url) . ", date_modif=NOW() WHERE id_article=" . $r[1]);
+ spip_query("UPDATE spip_articles SET chapo=" . _q($url) . ", date_modif=NOW() WHERE id_article=" . $r[1]);
}
?>
diff --git a/ecrire/balise/formulaire_admin.php b/ecrire/balise/formulaire_admin.php
index 8748f8521b6b0aeb684768e6072a0c8a005086fa..1803546ab5b61d03b8f00b4f57fc06f8ded38d8e 100644
--- a/ecrire/balise/formulaire_admin.php
+++ b/ecrire/balise/formulaire_admin.php
@@ -142,7 +142,7 @@ function balise_FORMULAIRE_ADMIN_dyn($float='', $debug='') {
include_spip('base/abstract_sql');
$login = preg_replace(',^@,','',$GLOBALS['spip_admin']);
$alang = spip_abstract_fetsel(array('lang'), array('spip_auteurs'),
- array("login=" . spip_abstract_quote($login)));
+ array("login=" . _q($login)));
if ($alang['lang']) {
lang_select($alang['lang']);
$lang = $GLOBALS['spip_lang'];
diff --git a/ecrire/balise/formulaire_inscription.php b/ecrire/balise/formulaire_inscription.php
index 72714902767a9ecaa4802e590891e0c1b290a985..5320b87f1f7ded1f75c4aaa3994b3da5b5dda798 100644
--- a/ecrire/balise/formulaire_inscription.php
+++ b/ecrire/balise/formulaire_inscription.php
@@ -117,7 +117,7 @@ function message_inscription($mail, $nom, $mode, $id=0) {
if (is_string($declaration))
return $declaration;
- $row = spip_query("SELECT statut, id_auteur, login, email FROM spip_auteurs WHERE email=" . spip_abstract_quote($declaration['email']));
+ $row = spip_query("SELECT statut, id_auteur, login, email FROM spip_auteurs WHERE email=" . _q($declaration['email']));
$row = spip_fetch_array($row);
if (!$row)
@@ -147,7 +147,7 @@ function inscription_nouveau($declaration)
$declaration['statut'] = 'nouveau';
- $n = spip_abstract_insert('spip_auteurs', ('(' .join(',',array_keys($declaration)).')'), ("(" .join(", ",array_map('spip_abstract_quote', $declaration)) .")"));
+ $n = spip_abstract_insert('spip_auteurs', ('(' .join(',',array_keys($declaration)).')'), ("(" .join(", ",array_map('_q', $declaration)) .")"));
$declaration['id_auteur'] = $n;
diff --git a/ecrire/balise/formulaire_signature.php b/ecrire/balise/formulaire_signature.php
index 2cf7b12a88dca91ef75652ed112d95c7260a6381..a84efa25551fc88b7ab1022ca368f78b0fe6ddd5 100644
--- a/ecrire/balise/formulaire_signature.php
+++ b/ecrire/balise/formulaire_signature.php
@@ -103,7 +103,7 @@ function reponse_confirmation($var_confirm = '') {
$confirm= _T('form_pet_probleme_technique');
}
else {
- $result_sign = spip_abstract_select('*', 'spip_signatures', "statut=" . spip_abstract_quote($var_confirm));
+ $result_sign = spip_abstract_select('*', 'spip_signatures', "statut=" . _q($var_confirm));
if (spip_num_rows($result_sign) > 0) {
while($row = spip_fetch_array($result_sign)) {
@@ -130,7 +130,7 @@ function reponse_confirmation($var_confirm = '') {
}
if ($email_unique == "oui") {
- $result = spip_abstract_select('ad_email', 'spip_signatures', "id_article=$id_article AND ad_email=" . spip_abstract_quote($adresse_email) . " AND statut='publie'");
+ $result = spip_abstract_select('ad_email', 'spip_signatures', "id_article=$id_article AND ad_email=" . _q($adresse_email) . " AND statut='publie'");
if (spip_num_rows($result) > 0) {
$confirm= _T('form_pet_deja_signe');
$refus = "oui";
@@ -138,7 +138,7 @@ function reponse_confirmation($var_confirm = '') {
}
if ($site_unique == "oui") {
- $result = spip_abstract_select('statut', 'spip_signatures', "id_article=$id_article AND url_site=" . spip_abstract_quote($url_site) . " AND statut='publie'");
+ $result = spip_abstract_select('statut', 'spip_signatures', "id_article=$id_article AND url_site=" . _q($url_site) . " AND statut='publie'");
if (spip_num_rows($result) > 0) {
$confirm= _T('form_pet_deja_enregistre');
$refus = "oui";
@@ -205,7 +205,7 @@ function reponse_signature($id_article, $nom_email, $adresse_email, $message, $n
$texte = _T('form_email_non_valide');
else {
if ($email_unique == "oui") {
- $result = spip_abstract_select('statut', 'spip_signatures', "id_article=$id_article AND ad_email=" . spip_abstract_quote($adresse_email) . " AND statut='publie'");
+ $result = spip_abstract_select('statut', 'spip_signatures', "id_article=$id_article AND ad_email=" . _q($adresse_email) . " AND statut='publie'");
if (spip_num_rows($result) > 0)
$texte = _T('form_pet_deja_signe');
}
@@ -219,7 +219,7 @@ function reponse_signature($id_article, $nom_email, $adresse_email, $message, $n
$texte = _T('form_pet_url_invalide');
}
if (!$texte AND $site_unique == "oui") {
- $result = spip_abstract_select('statut', 'spip_signatures', "id_article=$id_article AND url_site=" . spip_abstract_quote($url_site) . " AND (statut='publie' OR statut='poubelle')");
+ $result = spip_abstract_select('statut', 'spip_signatures', "id_article=$id_article AND url_site=" . _q($url_site) . " AND (statut='publie' OR statut='poubelle')");
if (spip_num_rows($result) > 0) {
$texte = _T('form_pet_site_deja_enregistre');
}
@@ -234,7 +234,7 @@ function reponse_signature($id_article, $nom_email, $adresse_email, $message, $n
$messagex = _T('form_pet_mail_confirmation', array('titre' => $titre, 'nom_email' => $nom_email, 'nom_site' => $nom_site, 'url_site' => $url_site, 'url' => $url, 'message' => $message));
if (envoyer_mail($adresse_email, _T('form_pet_confirmation')." ".$titre, $messagex)) {
- spip_abstract_insert('spip_signatures', "(id_article, date_time, nom_email, ad_email, nom_site, url_site, message, statut)", "($id_article, NOW(), " . spip_abstract_quote($nom_email) . ", " . spip_abstract_quote($adresse_email) . ", " . spip_abstract_quote($nom_site) . ", " . spip_abstract_quote($url_site) . ", " . spip_abstract_quote($message) . ", '$passw')");
+ spip_abstract_insert('spip_signatures', "(id_article, date_time, nom_email, ad_email, nom_site, url_site, message, statut)", "($id_article, NOW(), " . _q($nom_email) . ", " . _q($adresse_email) . ", " . _q($nom_site) . ", " . _q($url_site) . ", " . _q($message) . ", '$passw')");
$texte = _T('form_pet_envoi_mail_confirmation');
}
else {
diff --git a/ecrire/balise/formulaire_site.php b/ecrire/balise/formulaire_site.php
index 5c1f8afba501a45c39749ce532ed1cc963e5287a..2808aa784ac99fedf89b7fdd63f59575d0afcf4a 100644
--- a/ecrire/balise/formulaire_site.php
+++ b/ecrire/balise/formulaire_site.php
@@ -51,7 +51,7 @@ function balise_FORMULAIRE_SITE_dyn($id_rubrique) {
// Integrer a la base de donnees
if (!$message_erreur) {
- spip_abstract_insert('spip_syndic', "(nom_site, url_site, id_rubrique, descriptif, date, date_syndic, statut, syndication)", "(" . spip_abstract_quote($nom) . ", " . spip_abstract_quote($url) . ", " . intval($id_rubrique) .", " . spip_abstract_quote($desc) . ", NOW(), NOW(), 'prop', 'non')");
+ spip_abstract_insert('spip_syndic', "(nom_site, url_site, id_rubrique, descriptif, date, date_syndic, statut, syndication)", "(" . _q($nom) . ", " . _q($url) . ", " . intval($id_rubrique) .", " . _q($desc) . ", NOW(), NOW(), 'prop', 'non')");
$message_ok = _T('form_prop_enregistre');
}
}
diff --git a/ecrire/balise/login_public.php b/ecrire/balise/login_public.php
index 5420580788dfa6e1930d2ae4221b28246fb2f207..78d426888cdb514acb2a84624b2cf16f66bdf4ae 100644
--- a/ecrire/balise/login_public.php
+++ b/ecrire/balise/login_public.php
@@ -103,10 +103,10 @@ function login_pour_tous($login, $cible, $action) {
$erreur = '';
if ($login) {
- $row = spip_abstract_fetsel('*', 'spip_auteurs', "login=" . spip_abstract_quote($login));
+ $row = spip_abstract_fetsel('*', 'spip_auteurs', "login=" . _q($login));
// Retrouver ceux qui signent de leur nom ou email
if (!$row AND !$GLOBALS['ldap_present']) {
- $row = spip_abstract_fetsel('*', 'spip_auteurs', "(nom = " . spip_abstract_quote($login) . " OR email = " . spip_abstract_quote($login) . ") AND login<>'' AND statut<>'5poubelle'");
+ $row = spip_abstract_fetsel('*', 'spip_auteurs', "(nom = " . _q($login) . " OR email = " . _q($login) . ") AND login<>'' AND statut<>'5poubelle'");
if ($row) {
$login_alt = $login; # afficher ce qu'on a tape
$login = $row['login'];
diff --git a/ecrire/base/db_mysql.php b/ecrire/base/db_mysql.php
index b6b9f91c6cf4bd19af47cedc22bb26ca5d1c51cf..074143f8e2fbdc42a20ad0aaee4a4b237ac324ee 100644
--- a/ecrire/base/db_mysql.php
+++ b/ecrire/base/db_mysql.php
@@ -323,7 +323,7 @@ function spip_get_lock($nom, $timeout = 0) {
define('_LOCK_TIME', intval(time()/3600-316982));
$nom .= _LOCK_TIME;
- $q = spip_query("SELECT GET_LOCK(" . spip_abstract_quote($nom) . ", $timeout)");
+ $q = spip_query("SELECT GET_LOCK(" . _q($nom) . ", $timeout)");
list($lock_ok) = spip_fetch_array($q,SPIP_NUM);
if (!$lock_ok) spip_log("pas de lock sql pour $nom");
@@ -338,7 +338,7 @@ function spip_release_lock($nom) {
$nom .= _LOCK_TIME;
- spip_query("SELECT RELEASE_LOCK(" . spip_abstract_quote($nom) . ")");
+ spip_query("SELECT RELEASE_LOCK(" . _q($nom) . ")");
}
// http://doc.spip.org/@spip_mysql_version
diff --git a/ecrire/base/upgrade.php b/ecrire/base/upgrade.php
index 36e9b63e7ccb38fe9f3bbd8056d53a106453a60b..753224a82fe51242d4112c1d2c8d763ba346f428 100644
--- a/ecrire/base/upgrade.php
+++ b/ecrire/base/upgrade.php
@@ -659,7 +659,7 @@ function maj_base($version_cible = 0) {
$prefs = unserialize($row['prefs']);
$l = $prefs['spip_lang'];
unset ($prefs['spip_lang']);
- spip_query("UPDATE spip_auteurs SET lang=" . spip_abstract_quote($l) . ", prefs='".addslashes(serialize($prefs))."' WHERE id_auteur=".$row['id_auteur']);
+ spip_query("UPDATE spip_auteurs SET lang=" . _q($l) . ", prefs='".addslashes(serialize($prefs))."' WHERE id_auteur=".$row['id_auteur']);
}
$u = spip_query("SELECT lang FROM spip_auteurs");
maj_version (1.604, $u);
diff --git a/ecrire/exec/breves_voir.php b/ecrire/exec/breves_voir.php
index 99139a75d381ade6f8fd5f76b5b73ab3c84e5074..21d574c46d9c7b07f8f9e9c2a84237dc6ef09cd0 100644
--- a/ecrire/exec/breves_voir.php
+++ b/ecrire/exec/breves_voir.php
@@ -139,9 +139,9 @@ function afficher_breves_voir($id_breve, $changer_lang, $cherche_mot, $select_gr
if ($changer_lang) {
if ($changer_lang != "herit")
- spip_query("UPDATE spip_breves SET lang=" . spip_abstract_quote($changer_lang) . ", langue_choisie='oui' WHERE id_breve=$id_breve");
+ spip_query("UPDATE spip_breves SET lang=" . _q($changer_lang) . ", langue_choisie='oui' WHERE id_breve=$id_breve");
else
- spip_query("UPDATE spip_breves SET lang=" . spip_abstract_quote($langue_parent) . ", langue_choisie='non' WHERE id_breve=$id_breve");
+ spip_query("UPDATE spip_breves SET lang=" . _q($langue_parent) . ", langue_choisie='non' WHERE id_breve=$id_breve");
calculer_langues_utilisees();
}
@@ -283,7 +283,7 @@ function exec_breves_voir_dist()
$update = '';
foreach ($champs as $champ => $val)
- $update .= $champ . '=' . spip_abstract_quote($val).', ';
+ $update .= $champ . '=' . _q($val).', ';
$update = substr($update,0,strlen($update)-2);
spip_query("UPDATE spip_breves SET $update WHERE id_breve=$id_breve");
diff --git a/ecrire/exec/convert_utf8.php b/ecrire/exec/convert_utf8.php
index ab2bd735b126aa4772c2d99d16858a2b0ca670ff..26d8b4a436e0b90d58dd018579e71f159a9f6759 100644
--- a/ecrire/exec/convert_utf8.php
+++ b/ecrire/exec/convert_utf8.php
@@ -76,7 +76,7 @@ function convert_extra($v) {
foreach ($extra as $key=>$val)
$extra[$key] = unicode_to_utf_8(
charset2unicode($val, $charset_source));
- return ", extra=".spip_abstract_quote(serialize($extra));
+ return ", extra="._q(serialize($extra));
}
}
@@ -160,19 +160,19 @@ function exec_convert_utf8_dist() {
preg_match(',^<CONVERT (.*?)>,', $v, $reg);
$v = substr($v, strlen($reg[0]));
$charset_source = $reg[1];
- $query[] = "$c=" . spip_abstract_quote($v);
+ $query[] = "$c=" . _q($v);
} else {
if (!is_numeric($v)
AND !is_ascii($v)) {
// traitement special car donnees serializees
if ($c == 'extra') {
- $query_no_convert .= ", $c=".spip_abstract_quote($v);
+ $query_no_convert .= ", $c="._q($v);
$query_extra = convert_extra($v);
} else
- $query[] = "$c=" . spip_abstract_quote($v);
+ $query[] = "$c=" . _q($v);
} else
# pour le backup
- $query_no_convert .= ", $c=".spip_abstract_quote($v);
+ $query_no_convert .= ", $c="._q($v);
}
}
diff --git a/ecrire/exec/forum_envoi.php b/ecrire/exec/forum_envoi.php
index 36b3a07dd057fc0bbdcdbc6791898da10c33c919..7c795332d4b0d1ad9100d3ef7b23986c952c04fd 100644
--- a/ecrire/exec/forum_envoi.php
+++ b/ecrire/exec/forum_envoi.php
@@ -53,7 +53,7 @@ if ($valider_forum AND ($statut!='')) {
$titre_message = corriger_caracteres($titre_message);
$texte = corriger_caracteres($texte);
- spip_abstract_insert('spip_forum', "(titre, texte, date_heure, nom_site, url_site, statut, id_auteur, auteur, email_auteur, id_rubrique, id_parent, id_article, id_breve, id_message, id_syndic)", "(" . spip_abstract_quote($titre_message) . ", " . spip_abstract_quote($texte) . ", NOW(), " . spip_abstract_quote($nom_site) . ", " . spip_abstract_quote($url_site) . ", " . spip_abstract_quote($statut) . ", $connect_id_auteur, " . spip_abstract_quote($GLOBALS['auteur_session']['nom']) . ", " . spip_abstract_quote($GLOBALS['auteur_session']['email']) . ", '$id_rubrique', '$id_parent', '$id_article', '$id_breve', '$id_message', '$id_syndic')");
+ spip_abstract_insert('spip_forum', "(titre, texte, date_heure, nom_site, url_site, statut, id_auteur, auteur, email_auteur, id_rubrique, id_parent, id_article, id_breve, id_message, id_syndic)", "(" . _q($titre_message) . ", " . _q($texte) . ", NOW(), " . _q($nom_site) . ", " . _q($url_site) . ", " . _q($statut) . ", $connect_id_auteur, " . _q($GLOBALS['auteur_session']['nom']) . ", " . _q($GLOBALS['auteur_session']['email']) . ", '$id_rubrique', '$id_parent', '$id_article', '$id_breve', '$id_message', '$id_syndic')");
calculer_threads();
diff --git a/ecrire/exec/message.php b/ecrire/exec/message.php
index 3eb3bd113e57f56ae7eaa3555dc62195b803da33..0646cfb97215f480d5c1b542877892c717f90f1f 100644
--- a/ecrire/exec/message.php
+++ b/ecrire/exec/message.php
@@ -68,18 +68,18 @@ if ($ajout_forum AND strlen($texte) > 10 AND strlen($titre) > 2) {
}
if ($modifier_message == "oui") {
- spip_query("UPDATE spip_messages SET titre=" . spip_abstract_quote($titre) . ", texte=" . spip_abstract_quote($texte) . " WHERE id_message='$id_message'");
+ spip_query("UPDATE spip_messages SET titre=" . _q($titre) . ", texte=" . _q($texte) . " WHERE id_message='$id_message'");
}
if ($changer_rv) {
- spip_query("UPDATE spip_messages SET rv=" . spip_abstract_quote($rv) . " WHERE id_message='$id_message'");
+ spip_query("UPDATE spip_messages SET rv=" . _q($rv) . " WHERE id_message='$id_message'");
}
if ($jour)
change_date_message($id_message, $heures,$minutes,$mois, $jour, $annee, $heures_fin,$minutes_fin,$mois_fin, $jour_fin, $annee_fin);
if ($change_statut) {
- spip_query("UPDATE spip_messages SET statut=" . spip_abstract_quote($change_statut) . " WHERE id_message='$id_message'");
+ spip_query("UPDATE spip_messages SET statut=" . _q($change_statut) . " WHERE id_message='$id_message'");
spip_query("UPDATE spip_messages SET date_heure=NOW() WHERE id_message='$id_message' AND rv<>'oui'");
}
diff --git a/ecrire/exec/message_edit.php b/ecrire/exec/message_edit.php
index fc5dac655e482b20a9bce346d2cbb3c66758820a..aa0af70499c43f2d7b79070412bcf8cec8244b58 100644
--- a/ecrire/exec/message_edit.php
+++ b/ecrire/exec/message_edit.php
@@ -62,10 +62,10 @@ if ($new=='oui') {
if ($type == 'pb') $statut = 'publie';
else $statut = 'redac';
$titre = filtrer_entites(_T('texte_nouveau_message'));
- $id_message = spip_abstract_insert("spip_messages", "(titre, date_heure, statut, type, id_auteur)", "(" . spip_abstract_quote($titre) . ", NOW(), '$statut', '$type', $connect_id_auteur)");
+ $id_message = spip_abstract_insert("spip_messages", "(titre, date_heure, statut, type, id_auteur)", "(" . _q($titre) . ", NOW(), '$statut', '$type', $connect_id_auteur)");
if ($rv) {
- spip_query("UPDATE spip_messages SET rv='oui', date_heure=" . spip_abstract_quote($rv . ' 12:00:00') . ", date_fin= " . spip_abstract_quote($rv . ' 13:00:00') . " WHERE id_message = $id_message");
+ spip_query("UPDATE spip_messages SET rv='oui', date_heure=" . _q($rv . ' 12:00:00') . ", date_fin= " . _q($rv . ' 13:00:00') . " WHERE id_message = $id_message");
}
if ($type != "affich"){
diff --git a/ecrire/exec/mots_edit.php b/ecrire/exec/mots_edit.php
index db51a931a90b002753890f3968d95a38c7b886ce..f4c03a1119670473750ed8aba918a4671a15a938 100644
--- a/ecrire/exec/mots_edit.php
+++ b/ecrire/exec/mots_edit.php
@@ -69,7 +69,7 @@ global
} else
$add_extra = '';
- spip_query("UPDATE spip_mots SET titre=" . spip_abstract_quote($titre_mot) . ", texte=" . spip_abstract_quote($texte) . ", descriptif=" . spip_abstract_quote($descriptif) . ", type=" . spip_abstract_quote($type) . ", id_groupe=$id_groupe" . (!$add_extra ? '' : (", extra = " . spip_abstract_quote($add_extra))) . " WHERE id_mot=$id_mot");
+ spip_query("UPDATE spip_mots SET titre=" . _q($titre_mot) . ", texte=" . _q($texte) . ", descriptif=" . _q($descriptif) . ", type=" . _q($type) . ", id_groupe=$id_groupe" . (!$add_extra ? '' : (", extra = " . _q($add_extra))) . " WHERE id_mot=$id_mot");
if ($GLOBALS['meta']['activer_moteur'] == 'oui') {
include_spip("inc/indexation");
@@ -300,7 +300,7 @@ function determine_groupe_mots($table, $id_groupe) {
// il faut creer un groupe de mots (cas d'un mot cree depuis le script articles)
$titre = _T('info_mot_sans_groupe');
- $row_groupes['id_groupe'] = spip_abstract_insert("spip_groupes_mots", "(titre, unseul, obligatoire, articles, breves, rubriques, syndic, minirezo, comite, forum)", "(" . spip_abstract_quote($titre) . ", 'non', 'non', '" . (($table=='articles') ? 'oui' : 'non') ."', '" . (($table=='breves') ? 'oui' : 'non') ."','" . (($table=='rubriques') ? 'oui' : 'non') ."','" . (($table=='syndic') ? 'oui' : 'non') ."', 'oui', 'non', 'non'" . ")");
+ $row_groupes['id_groupe'] = spip_abstract_insert("spip_groupes_mots", "(titre, unseul, obligatoire, articles, breves, rubriques, syndic, minirezo, comite, forum)", "(" . _q($titre) . ", 'non', 'non', '" . (($table=='articles') ? 'oui' : 'non') ."', '" . (($table=='breves') ? 'oui' : 'non') ."','" . (($table=='rubriques') ? 'oui' : 'non') ."','" . (($table=='syndic') ? 'oui' : 'non') ."', 'oui', 'non', 'non'" . ")");
} else $titre = $row_groupes['titre'];
echo $titre, '<br />';
echo "<input type='hidden' name='id_groupe' value='".$row_groupes['id_groupe']."' />";
diff --git a/ecrire/exec/mots_tous.php b/ecrire/exec/mots_tous.php
index 5626975b688b5c010e3f60eb567632791c83e8e6..6e97af7743bf401106553d322e3b82d7a1d67c9f 100644
--- a/ecrire/exec/mots_tous.php
+++ b/ecrire/exec/mots_tous.php
@@ -30,13 +30,13 @@ function exec_mots_tous_dist()
$descriptif = (corriger_caracteres($descriptif));
if (!$new) { // modif groupe
- spip_query("UPDATE spip_mots SET type=" . spip_abstract_quote($change_type) . " WHERE id_groupe=$id_groupe");
+ spip_query("UPDATE spip_mots SET type=" . _q($change_type) . " WHERE id_groupe=$id_groupe");
- spip_query("UPDATE spip_groupes_mots SET titre=" . spip_abstract_quote($change_type) . ", texte=" . spip_abstract_quote($texte) . ", descriptif=" . spip_abstract_quote($descriptif) . ", unseul=" . spip_abstract_quote($unseul) . ", obligatoire=" . spip_abstract_quote($obligatoire) . ", articles=" . spip_abstract_quote($articles) . ", breves=" . spip_abstract_quote($breves) . ", rubriques=" . spip_abstract_quote($rubriques) . ", syndic=" . spip_abstract_quote($syndic) . ", minirezo=" . spip_abstract_quote($acces_minirezo) . ", comite=" . spip_abstract_quote($acces_comite) . ", forum=" . spip_abstract_quote($acces_forum) . " WHERE id_groupe=$id_groupe");
+ spip_query("UPDATE spip_groupes_mots SET titre=" . _q($change_type) . ", texte=" . _q($texte) . ", descriptif=" . _q($descriptif) . ", unseul=" . _q($unseul) . ", obligatoire=" . _q($obligatoire) . ", articles=" . _q($articles) . ", breves=" . _q($breves) . ", rubriques=" . _q($rubriques) . ", syndic=" . _q($syndic) . ", minirezo=" . _q($acces_minirezo) . ", comite=" . _q($acces_comite) . ", forum=" . _q($acces_forum) . " WHERE id_groupe=$id_groupe");
} else { // creation groupe
- spip_abstract_insert('spip_groupes_mots', "(titre, texte, descriptif, unseul, obligatoire, articles, breves, rubriques, syndic, minirezo, comite, forum)", "(" . spip_abstract_quote($change_type) . ", " . spip_abstract_quote($texte) . " , " . spip_abstract_quote($descriptif) . " , " . spip_abstract_quote($unseul) . " , " . spip_abstract_quote($obligatoire) . " , " . spip_abstract_quote($articles) . " ," . spip_abstract_quote($breves) . " , " . spip_abstract_quote($rubriques) . " , " . spip_abstract_quote($syndic) . " , " . spip_abstract_quote($acces_minirezo) . " , " . spip_abstract_quote($acces_comite) . " , " . spip_abstract_quote($acces_forum) . " )");
+ spip_abstract_insert('spip_groupes_mots', "(titre, texte, descriptif, unseul, obligatoire, articles, breves, rubriques, syndic, minirezo, comite, forum)", "(" . _q($change_type) . ", " . _q($texte) . " , " . _q($descriptif) . " , " . _q($unseul) . " , " . _q($obligatoire) . " , " . _q($articles) . " ," . _q($breves) . " , " . _q($rubriques) . " , " . _q($syndic) . " , " . _q($acces_minirezo) . " , " . _q($acces_comite) . " , " . _q($acces_forum) . " )");
}
}
if ($supp_group){
diff --git a/ecrire/exec/recherche.php b/ecrire/exec/recherche.php
index 09584d8e780137582000f2111b810f4a50cbd5bd..83e6cb58c326d1ff2771aa53e0d3118db3d28984 100644
--- a/ecrire/exec/recherche.php
+++ b/ecrire/exec/recherche.php
@@ -55,7 +55,7 @@ function exec_recherche_dist()
$where = split("[[:space:]]+", $recherche);
if ($where) {
foreach ($where as $k => $v)
- $where[$k] = "'%" . substr(str_replace("%","\%", spip_abstract_quote($v)),1,-1) . "%'";
+ $where[$k] = "'%" . substr(str_replace("%","\%", _q($v)),1,-1) . "%'";
$where = ($testnum ? "OR " : '') .
("(titre LIKE " . join(" AND titre LIKE ", $where) . ")");
}
diff --git a/ecrire/exec/rechercher.php b/ecrire/exec/rechercher.php
index 94fc339a952504c7df9dae22428ee64df3daa09d..5e0a38615a5b06f5742186753eab39d231559696 100644
--- a/ecrire/exec/rechercher.php
+++ b/ecrire/exec/rechercher.php
@@ -25,7 +25,7 @@ function exec_rechercher_dist()
$where = split("[[:space:]]+", $type);
if ($where) {
foreach ($where as $k => $v)
- $where[$k] = "'%" . substr(str_replace("%","\%", spip_abstract_quote($v)),1,-1) . "%'";
+ $where[$k] = "'%" . substr(str_replace("%","\%", _q($v)),1,-1) . "%'";
$where_titre = ("(titre LIKE " . join(" AND titre LIKE ", $where) . ")");
$where_desc = ("(descriptif LIKE " . join(" AND descriptif LIKE ", $where) . ")");
$where_id = ("(id_rubrique = " . join(" AND id_rubrique = ", $where) . ")");
diff --git a/ecrire/exec/rechercher_auteur.php b/ecrire/exec/rechercher_auteur.php
index aec87dd798f132ee29c9c13fbb72e3c901c44a35..1485429a6f6ce11379a7f103d67ff2a8966ba5ad 100644
--- a/ecrire/exec/rechercher_auteur.php
+++ b/ecrire/exec/rechercher_auteur.php
@@ -23,7 +23,7 @@ function exec_rechercher_auteur_dist()
$where = split("[[:space:]]+", _request('nom'));
if ($where) {
foreach ($where as $k => $v)
- $where[$k] = "'%" . substr(str_replace("%","\%", spip_abstract_quote($v)),1,-1) . "%'";
+ $where[$k] = "'%" . substr(str_replace("%","\%", _q($v)),1,-1) . "%'";
$where= ("(nom LIKE " . join(" AND nom LIKE ", $where) . ")");
}
$q = spip_query("SELECT * FROM spip_auteurs WHERE $where");
diff --git a/ecrire/exec/sites.php b/ecrire/exec/sites.php
index 21c66ac27b7bd52d54d0802110302126de5b4d19..109a177fed7c8cbc469077d6d3b9d45106e284f9 100644
--- a/ecrire/exec/sites.php
+++ b/ecrire/exec/sites.php
@@ -104,7 +104,7 @@ if ($analyser_site == 'oui' AND $flag_editable) {
$url_syndic = trim($v['url_syndic']);
$descriptif = $v['descriptif'];
$syndication = $v[syndic] ? 'oui' : 'non';
- $result = spip_query("UPDATE spip_syndic SET nom_site=" . spip_abstract_quote($nom_site) . ", url_site=" . spip_abstract_quote($url) . ", url_syndic=" . spip_abstract_quote($url_syndic) . ", descriptif=" . spip_abstract_quote($descriptif) . ", syndication='$syndication', statut='$statut' WHERE id_syndic=$id_syndic");
+ $result = spip_query("UPDATE spip_syndic SET nom_site=" . _q($nom_site) . ", url_site=" . _q($url) . ", url_syndic=" . _q($url_syndic) . ", descriptif=" . _q($descriptif) . ", syndication='$syndication', statut='$statut' WHERE id_syndic=$id_syndic");
if ($syndication == 'oui') syndic_a_jour($id_syndic);
}
}
@@ -139,7 +139,7 @@ if (strval($nom_site)!='' AND $modifier_site == 'oui' AND $flag_editable) {
} else
$add_extra = '';
- spip_query("UPDATE spip_syndic SET id_rubrique='$id_rubrique', nom_site=" . spip_abstract_quote($nom_site) . ", url_site=" . spip_abstract_quote($url_site) . ", url_syndic=" . spip_abstract_quote($url_syndic) . ", descriptif=" . spip_abstract_quote($descriptif) . ", syndication='$syndication', statut='$statut'". (!$add_extra ? '' : (", extra = " . spip_abstract_quote($add_extra))) . " WHERE id_syndic=$id_syndic");
+ spip_query("UPDATE spip_syndic SET id_rubrique='$id_rubrique', nom_site=" . _q($nom_site) . ", url_site=" . _q($url_site) . ", url_syndic=" . _q($url_syndic) . ", descriptif=" . _q($descriptif) . ", syndication='$syndication', statut='$statut'". (!$add_extra ? '' : (", extra = " . _q($add_extra))) . " WHERE id_syndic=$id_syndic");
propager_les_secteurs();
@@ -168,7 +168,7 @@ if (strval($nom_site)!='' AND $modifier_site == 'oui' AND $flag_editable) {
if ($jour AND $flag_administrable) {
if ($annee == "0000") $mois = "00";
if ($mois == "00") $jour = "00";
- spip_query("UPDATE spip_syndic SET date=" . spip_abstract_quote("$annee-$mois-$jour") . " WHERE id_syndic=$id_syndic");
+ spip_query("UPDATE spip_syndic SET date=" . _q("$annee-$mois-$jour") . " WHERE id_syndic=$id_syndic");
calculer_rubriques();
}
diff --git a/ecrire/inc/actions.php b/ecrire/inc/actions.php
index 4356785309b91a476abad1c9db665a80373ff90e..bedd32e91520372b84cc56869ebcf8485c903d8b 100644
--- a/ecrire/inc/actions.php
+++ b/ecrire/inc/actions.php
@@ -261,7 +261,7 @@ function determine_upload()
function verifier_php_auth() {
if ($_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_PW']
&& !$GLOBALS['ignore_auth_http']) {
- $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" . spip_abstract_quote($_SERVER['PHP_AUTH_USER']));
+ $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" . _q($_SERVER['PHP_AUTH_USER']));
$row = @spip_fetch_array($result);
if ($row AND $row['source'] != 'ldap') {
diff --git a/ecrire/inc/auth.php b/ecrire/inc/auth.php
index 5d110d7ceddc9826910c586af6a6ce12746ebf44..d4b10e4046a334bbecd4695f59661d7517caf4a0 100644
--- a/ecrire/inc/auth.php
+++ b/ecrire/inc/auth.php
@@ -158,7 +158,7 @@ function inc_auth_dist() {
$where = $connect_id_auteur ?
"id_auteur=$connect_id_auteur" :
- (!$connect_login ? '' : "login=" . spip_abstract_quote($connect_login));
+ (!$connect_login ? '' : "login=" . _q($connect_login));
// pas authentifie par cookie ni rien: demander login / mdp
diff --git a/ecrire/inc/auth_ldap.php b/ecrire/inc/auth_ldap.php
index 5b7a8a5448fdc3903af154f3e0290ed763e947e4..91a4641865103ad1fb982e99ad070a51f27b70ac 100644
--- a/ecrire/inc/auth_ldap.php
+++ b/ecrire/inc/auth_ldap.php
@@ -27,7 +27,7 @@ function inc_auth_ldap_dist ($login, $pass) {
if (!($dn = auth_ldap_search($login, $pass))) return array();
// Si l'utilisateur figure deja dans la base, y recuperer les infos
- $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" . spip_abstract_quote($login) . " AND source='ldap'");
+ $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" . _q($login) . " AND source='ldap'");
// sinon importer les infos depuis LDAP,
// avec le statut par defaut a l'install
@@ -108,7 +108,7 @@ function auth_ldap_inserer($dn, $statut)
$login = strtolower(importer_charset($login, 'utf-8'));
include_spip('base/abstract_sql');
- $n = spip_abstract_insert('spip_auteurs', '(source, nom, login, email, bio, statut, pass)', "('ldap', " . spip_abstract_quote($nom) . ", " . spip_abstract_quote($login) . ", " . spip_abstract_quote($email) . ", " . spip_abstract_quote($bio) . ", " . spip_abstract_quote($statut) . ", '')");
+ $n = spip_abstract_insert('spip_auteurs', '(source, nom, login, email, bio, statut, pass)', "('ldap', " . _q($nom) . ", " . _q($login) . ", " . _q($email) . ", " . _q($bio) . ", " . _q($statut) . ", '')");
return spip_query("SELECT * FROM spip_auteurs WHERE id_auteur=$n");
}
diff --git a/ecrire/inc/auth_spip.php b/ecrire/inc/auth_spip.php
index e42001a763656bf43c59f6143a5dd090ab0ade83..586148242f30c6d677f06e064a51dafa138d25ac 100644
--- a/ecrire/inc/auth_spip.php
+++ b/ecrire/inc/auth_spip.php
@@ -23,7 +23,7 @@ function inc_auth_spip_dist ($login, $pass) {
// si envoi non crypte, crypter maintenant
if (!$md5pass AND $pass) {
- $result = spip_query("SELECT alea_actuel, alea_futur FROM spip_auteurs WHERE login=" . spip_abstract_quote($login));
+ $result = spip_query("SELECT alea_actuel, alea_futur FROM spip_auteurs WHERE login=" . _q($login));
if ($row = spip_fetch_array($result)) {
$md5pass = md5($row['alea_actuel'] . $pass);
@@ -33,7 +33,7 @@ function inc_auth_spip_dist ($login, $pass) {
// login inexistant ou mot de passe vide
if (!$md5pass) return array();
- $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" . spip_abstract_quote($login) . " AND pass=" . spip_abstract_quote($md5pass) . " AND statut<>'5poubelle'");
+ $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" . _q($login) . " AND pass=" . _q($md5pass) . " AND statut<>'5poubelle'");
$row = spip_fetch_array($result);
// login/mot de passe incorrect
@@ -47,7 +47,7 @@ function inc_auth_spip_dist ($login, $pass) {
// fait tourner le codage du pass dans la base
if ($md5next) {
include_spip('inc/acces'); // pour creer_uniqid
- @spip_query("UPDATE spip_auteurs SET alea_actuel = alea_futur, pass = " . spip_abstract_quote($md5next) . ", alea_futur = '" . creer_uniqid() ."' WHERE id_auteur=" . $row['id_auteur']);
+ @spip_query("UPDATE spip_auteurs SET alea_actuel = alea_futur, pass = " . _q($md5next) . ", alea_futur = '" . creer_uniqid() ."' WHERE id_auteur=" . $row['id_auteur']);
// En profiter pour verifier la securite de ecrire/data/
verifier_htaccess(_DIR_TMP);
}
diff --git a/ecrire/inc/distant.php b/ecrire/inc/distant.php
index b9875d6c4686863594798effcd649568699582b2..958338da9aa193a9abb0bf5edf6f0d74e8e02e27 100644
--- a/ecrire/inc/distant.php
+++ b/ecrire/inc/distant.php
@@ -45,7 +45,7 @@ function copie_locale($source, $mode='auto') {
ecrire_fichier($local, $contenu);
// signaler au moteur de recherche qu'il peut reindexer ce doc
- $id_document = spip_fetch_array(spip_query("SELECT id_document FROM spip_documents WHERE fichier=" . spip_abstract_quote($source)));
+ $id_document = spip_fetch_array(spip_query("SELECT id_document FROM spip_documents WHERE fichier=" . _q($source)));
$id_document = $id_document['id_document'];
if ($id_document) {
include_spip('inc/indexation');
@@ -256,7 +256,7 @@ function fichier_copie_locale($source) {
// Si l'extension n'est pas precisee, aller la chercher dans la table
// des documents -- si la source n'est pas dans la table des documents,
// on ne fait rien
- $t = spip_fetch_array(spip_query("SELECT id_type FROM spip_documents WHERE fichier=" . spip_abstract_quote($source) . " AND distant='oui'"));
+ $t = spip_fetch_array(spip_query("SELECT id_type FROM spip_documents WHERE fichier=" . _q($source) . " AND distant='oui'"));
if ($t) {
$t = spip_fetch_array(spip_query("SELECT extension FROM spip_types_documents WHERE id_type=".$t['id_type']));
if ($t)
@@ -280,7 +280,7 @@ function recuperer_infos_distantes($source, $max=0) {
"\n$headers", $regs);
if ($t) {
$mime_type = (trim($regs[1]));
- $t = spip_fetch_array(spip_query("SELECT id_type,extension FROM spip_types_documents WHERE mime_type=" . spip_abstract_quote($mime_type)));
+ $t = spip_fetch_array(spip_query("SELECT id_type,extension FROM spip_types_documents WHERE mime_type=" . _q($mime_type)));
}
if ($t) {
spip_log("mime-type $mime_type ok");
diff --git a/ecrire/inc/forum_insert.php b/ecrire/inc/forum_insert.php
index 8cd0a4f32a5ffe4159e933fedfec2007f583c1d4..f8b6d355971280a3b89fb7a032c592daae163f08 100644
--- a/ecrire/inc/forum_insert.php
+++ b/ecrire/inc/forum_insert.php
@@ -256,7 +256,7 @@ function inc_forum_insert_dist() {
$id_thread = $id_message; # id_thread oblige INSERT puis UPDATE.
$url_site = vider_url($url_site, false); # pas de http://
- spip_query("UPDATE spip_forum SET id_parent = $id_forum, id_rubrique = $id_rubrique, id_article = $id_article, id_breve = $id_breve, id_syndic = $id_syndic, id_auteur = $id_auteur, id_thread = $id_thread, date_heure = NOW(), titre = ".spip_abstract_quote(corriger_caracteres($titre)).", texte = ".spip_abstract_quote(corriger_caracteres($texte)).", nom_site = ".spip_abstract_quote(corriger_caracteres($nom_site_forum)).", url_site = ".spip_abstract_quote(corriger_caracteres($url_site)).", auteur = ".spip_abstract_quote(corriger_caracteres($auteur)).", email_auteur = ".spip_abstract_quote(corriger_caracteres($email_auteur)).", ip = " . spip_abstract_quote($GLOBALS['ip']) . ", statut = '$statut' WHERE id_forum = $id_message");
+ spip_query("UPDATE spip_forum SET id_parent = $id_forum, id_rubrique = $id_rubrique, id_article = $id_article, id_breve = $id_breve, id_syndic = $id_syndic, id_auteur = $id_auteur, id_thread = $id_thread, date_heure = NOW(), titre = "._q(corriger_caracteres($titre)).", texte = "._q(corriger_caracteres($texte)).", nom_site = "._q(corriger_caracteres($nom_site_forum)).", url_site = "._q(corriger_caracteres($url_site)).", auteur = "._q(corriger_caracteres($auteur)).", email_auteur = "._q(corriger_caracteres($email_auteur)).", ip = " . _q($GLOBALS['ip']) . ", statut = '$statut' WHERE id_forum = $id_message");
// Entrer les mots-cles associes
if (is_array($ajouter_mot)) mots_du_forum($ajouter_mot, $id_message);
diff --git a/ecrire/inc/getdocument.php b/ecrire/inc/getdocument.php
index 5886b76b6af6b69244377c0f9b0783a54e1cfc0d..e2efe044b986f590a42ef66a2308f0acbb884fef 100644
--- a/ecrire/inc/getdocument.php
+++ b/ecrire/inc/getdocument.php
@@ -163,7 +163,7 @@ function accepte_fichier_upload ($f) {
if (!ereg(".*__MACOSX/", $f)
AND !ereg("^\.", basename($f))) {
$ext = corriger_extension((strtolower(substr(strrchr($f, "."), 1))));
- $row = @spip_fetch_array(spip_query("SELECT extension FROM spip_types_documents WHERE extension=" . spip_abstract_quote($ext) . " AND upload='oui'"));
+ $row = @spip_fetch_array(spip_query("SELECT extension FROM spip_types_documents WHERE extension=" . _q($ext) . " AND upload='oui'"));
return $row;
}
}
@@ -252,7 +252,7 @@ function ajouter_un_document ($source, $nom_envoye, $type_lien, $id_lien, $mode,
$ext = (corriger_extension(strtolower($match[1])));
// Si le fichier est de type inconnu, on va le stocker en .zip
- $q = spip_query("SELECT * FROM spip_types_documents WHERE extension=" . spip_abstract_quote($ext) . " AND upload='oui'");
+ $q = spip_query("SELECT * FROM spip_types_documents WHERE extension=" . _q($ext) . " AND upload='oui'");
if (!$row = spip_fetch_array($q)) {
/* STOCKER LES DOCUMENTS INCONNUS AU FORMAT .BIN */
@@ -394,7 +394,7 @@ function ajouter_un_document ($source, $nom_envoye, $type_lien, $id_lien, $mode,
// passe "mode=document" et "id_document=.." (pas utilise)
if (!$id_document) {
// Inserer le nouveau doc et recuperer son id_
- $id_document = spip_abstract_insert("spip_documents", "(id_type, titre, date, distant)", "($id_type, " . spip_abstract_quote($titre) . ", NOW(), '$distant')");
+ $id_document = spip_abstract_insert("spip_documents", "(id_type, titre, date, distant)", "($id_type, " . _q($titre) . ", NOW(), '$distant')");
if ($id_lien
AND preg_match('/^[a-z0-9_]+$/i', $type_lien) # securite
@@ -426,7 +426,7 @@ function ajouter_un_document ($source, $nom_envoye, $type_lien, $id_lien, $mode,
// Pour les fichiers distants remettre l'URL de base
if ($distant == 'oui')
- spip_query("UPDATE spip_documents SET fichier=" . spip_abstract_quote($source) . " WHERE id_document = $id_document");
+ spip_query("UPDATE spip_documents SET fichier=" . _q($source) . " WHERE id_document = $id_document");
// Demander l'indexation du document
include_spip('inc/indexation');
diff --git a/ecrire/inc/import_0_0.php b/ecrire/inc/import_0_0.php
index de7ecea73a89edef47b416889888ef29bd3409a0..52699d2994756b38f19967bcc736f6d7d07e5bea 100644
--- a/ecrire/inc/import_0_0.php
+++ b/ecrire/inc/import_0_0.php
@@ -53,7 +53,7 @@ function inc_import_0_0_dist($f, $gz=false) {
}
else if ($col != 'maj') {
$cols[] = $col;
- $values[] = spip_abstract_quote($value);
+ $values[] = _q($value);
if ($is_art && ($col == 'id_article')) $id_article = $value;
if ($is_mot && ($col == 'id_mot')) $id_mot = $value;
}
diff --git a/ecrire/inc/import_1_2.php b/ecrire/inc/import_1_2.php
index ee21e314e7cb6b132c772cee5aea9bfc1226a761..e6cd8cd9b6895c8a30bc47d59e29dbd1e34feddc 100644
--- a/ecrire/inc/import_1_2.php
+++ b/ecrire/inc/import_1_2.php
@@ -106,7 +106,7 @@ function inc_import_1_2_dist($f, $gz=false) {
}
}
else if ($fields==NULL or isset($fields[$col])) {
- $values[$col] = spip_abstract_quote($value);
+ $values[$col] = _q($value);
if ($col == $id) $id_objet = $value;
}
}
diff --git a/ecrire/inc/import_1_3.php b/ecrire/inc/import_1_3.php
index 54cff83d6b46486bd4c47a00da1a4603812286db..a9554f56edf2785f69265e25f1a2c372e14523cb 100644
--- a/ecrire/inc/import_1_3.php
+++ b/ecrire/inc/import_1_3.php
@@ -91,7 +91,7 @@ function inc_import_1_3_dist($f, $gz=false) {
&& ($fields==NULL or isset($fields[$col])) ) {
if ($phpmyadmin)
$value = str_replace(array('"','>'),array('"','>'),$value);
- $values[$col] = spip_abstract_quote($value);
+ $values[$col] = _q($value);
}
}
diff --git a/ecrire/inc/indexation.php b/ecrire/inc/indexation.php
index d05cb4098bba45f01ef9074727c315a78aa72d2d..88d6a093349fa211fefae6c9afc0ef2fba151f34 100644
--- a/ecrire/inc/indexation.php
+++ b/ecrire/inc/indexation.php
@@ -726,9 +726,9 @@ function requete_dico($val) {
// cas normal
if (strlen($val) > $min_long) {
- return array("dico LIKE ".spip_abstract_quote($val. "%"), "dico = " . spip_abstract_quote($val));
+ return array("dico LIKE "._q($val. "%"), "dico = " . _q($val));
} else
- return array("dico = ".spip_abstract_quote($val."___"), "dico = ".spip_abstract_quote($val."___"));
+ return array("dico = "._q($val."___"), "dico = "._q($val."___"));
}
diff --git a/ecrire/inc/invalideur.php b/ecrire/inc/invalideur.php
index b9a4a5317533be6f60432e6eacef1bc7c45c6a2d..bf719e5e2e6d2b245ee21c5a003ede0f9e83bd74 100644
--- a/ecrire/inc/invalideur.php
+++ b/ecrire/inc/invalideur.php
@@ -38,7 +38,7 @@ function maj_invalideurs ($fichier, &$page) {
# entre un invalideur et un appel public de page
$bedtime = time() + $page['entetes']['X-Spip-Cache'] + 3600;
$taille = @filesize(_DIR_CACHE . $fichier);
- spip_query("INSERT IGNORE INTO spip_caches (fichier,id,type,taille) VALUES (" . spip_abstract_quote($fichier) . ",'$bedtime','t','$taille')");
+ spip_query("INSERT IGNORE INTO spip_caches (fichier,id,type,taille) VALUES (" . _q($fichier) . ",'$bedtime','t','$taille')");
// invalidations
insere_invalideur($page['invalideurs'], $fichier);
@@ -224,7 +224,7 @@ function retire_caches($chemin = '') {
if ($chemin) {
$f = spip_abstract_fetsel(array("fichier"),
array("spip_caches"),
- array("fichier = " . spip_abstract_quote($chemin) . " ",
+ array("fichier = " . _q($chemin) . " ",
"type='x'"),
"",
array(),
diff --git a/ecrire/inc/meta.php b/ecrire/inc/meta.php
index 606340276eb9246d5ee93456c539752b4f1f2b0b..12933d69f89354e7f87939b0651aefc6af3a4506 100644
--- a/ecrire/inc/meta.php
+++ b/ecrire/inc/meta.php
@@ -31,7 +31,7 @@ function ecrire_meta($nom, $valeur) {
if (strlen($nom)){
$GLOBALS['meta'][$nom] = $valeur;
if (!_FILE_CONNECT) return;
- spip_query("REPLACE spip_meta (nom, valeur) VALUES ('$nom', " . spip_abstract_quote($valeur) . " )");
+ spip_query("REPLACE spip_meta (nom, valeur) VALUES ('$nom', " . _q($valeur) . " )");
}
}
diff --git a/ecrire/inc/ortho.php b/ecrire/inc/ortho.php
index e7f34462f9322b2fc07d00731e9ba3edbac8a530..1161be65b1ceec568190a36cd0337f082a3d9c62 100644
--- a/ecrire/inc/ortho.php
+++ b/ecrire/inc/ortho.php
@@ -232,7 +232,7 @@ function verifier_langue_miroir($url, $lang) {
//
// http://doc.spip.org/@suggerer_dico_ortho
function suggerer_dico_ortho(&$mots, $lang) {
- $result = spip_query("SELECT mot FROM spip_ortho_dico WHERE lang=" . spip_abstract_quote($lang) . " AND mot IN (".join(", ", array_map('spip_abstract_quote', $mots)).")");
+ $result = spip_query("SELECT mot FROM spip_ortho_dico WHERE lang=" . _q($lang) . " AND mot IN (".join(", ", array_map('_q', $mots)).")");
$mots = array_flip($mots);
$bons = array();
@@ -254,13 +254,13 @@ function suggerer_dico_ortho(&$mots, $lang) {
function ajouter_dico_ortho($mot, $lang) {
global $connect_id_auteur;
- spip_query("INSERT IGNORE INTO spip_ortho_dico (lang, mot, id_auteur) VALUES (" . spip_abstract_quote($lang) . ", " . spip_abstract_quote($mot) . ", $connect_id_auteur)");
+ spip_query("INSERT IGNORE INTO spip_ortho_dico (lang, mot, id_auteur) VALUES (" . _q($lang) . ", " . _q($mot) . ", $connect_id_auteur)");
}
// http://doc.spip.org/@supprimer_dico_ortho
function supprimer_dico_ortho($mot, $lang) {
- spip_query("DELETE FROM spip_ortho_dico WHERE lang=" . spip_abstract_quote($lang) . " AND mot=" . spip_abstract_quote($mot));
+ spip_query("DELETE FROM spip_ortho_dico WHERE lang=" . _q($lang) . " AND mot=" . _q($mot));
}
@@ -283,7 +283,7 @@ function gerer_dico_ortho($lang) {
function suggerer_cache_ortho(&$mots, $lang) {
global $duree_cache_ortho;
- $result = spip_query("SELECT mot, ok, suggest FROM spip_ortho_cache WHERE lang=" . spip_abstract_quote($lang) . " AND mot IN (".join(", ", array_map('spip_abstract_quote', $mots)).") AND maj > FROM_UNIXTIME(".(time() - $duree_cache_ortho).")");
+ $result = spip_query("SELECT mot, ok, suggest FROM spip_ortho_cache WHERE lang=" . _q($lang) . " AND mot IN (".join(", ", array_map('_q', $mots)).") AND maj > FROM_UNIXTIME(".(time() - $duree_cache_ortho).")");
$mots = array_flip($mots);
@@ -311,16 +311,16 @@ function ajouter_cache_ortho($tous, $mauvais, $lang) {
global $duree_cache_ortho;
$values = array();
- $lang = spip_abstract_quote($lang);
+ $lang = _q($lang);
if (count($mauvais)) {
foreach ($mauvais as $mot => $suggest) {
- $values[] = "($lang, " . spip_abstract_quote($mot) . ", 0, ".spip_abstract_quote(join(",", $suggest)).")";
+ $values[] = "($lang, " . _q($mot) . ", 0, "._q(join(",", $suggest)).")";
}
}
if (count($tous)) {
foreach ($tous as $mot) {
if (!isset($mauvais[$mot]))
- $values[] = "($lang, " . spip_abstract_quote($mot) . ", 1, '')";
+ $values[] = "($lang, " . _q($mot) . ", 1, '')";
}
}
if (count($values)) {
diff --git a/ecrire/inc/presentation.php b/ecrire/inc/presentation.php
index 87cee9e233df1d7b5a60567f3decb4fb2f08585e..57e65954f0d5f9f70518f962cbff9adacf05dc46 100644
--- a/ecrire/inc/presentation.php
+++ b/ecrire/inc/presentation.php
@@ -722,7 +722,7 @@ function afficher_articles($titre_table, $requete, $formater_article='') {
if (!$cpt = $cpt['n']) return '' ;
if (isset($requete['LIMIT'])) $cpt = min($requete['LIMIT'], $cpt);
- $id_ajax = spip_abstract_insert("spip_ajax_fonc", "(variables, hash, id_auteur, date)", "(" . spip_abstract_quote($variables) . ", $hash, $cpt, NOW())");
+ $id_ajax = spip_abstract_insert("spip_ajax_fonc", "(variables, hash, id_auteur, date)", "(" . _q($variables) . ", $hash, $cpt, NOW())");
}
$nb_aff = floor(1.5 * _TRANCHES);
diff --git a/ecrire/inc/revisions.php b/ecrire/inc/revisions.php
index 20d50dc434594cc687516a4b98cb3a1bf50d57e7..d2451efc461e3e1747ee360ea422cf8cc696d63f 100644
--- a/ecrire/inc/revisions.php
+++ b/ecrire/inc/revisions.php
@@ -441,11 +441,11 @@ function ajouter_version($id_article, $champs, $titre_version = "", $id_auteur)
$codes = (serialize($codes));
$permanent = empty($titre_version) ? 'non' : 'oui';
if ($nouveau) {
- spip_query("INSERT spip_versions (id_article, id_version, titre_version, permanent, date, id_auteur, champs) VALUES ($id_article, $id_version_new, " . spip_abstract_quote($titre_version) . ", '$permanent', NOW(), '$id_auteur', " . spip_abstract_quote($codes) . ")");
+ spip_query("INSERT spip_versions (id_article, id_version, titre_version, permanent, date, id_auteur, champs) VALUES ($id_article, $id_version_new, " . _q($titre_version) . ", '$permanent', NOW(), '$id_auteur', " . _q($codes) . ")");
}
else {
- spip_query("UPDATE spip_versions SET date=NOW(), id_auteur='$id_auteur', champs=" . spip_abstract_quote($codes) . ", permanent='$permanent', titre_version=" . spip_abstract_quote($titre_version) . " WHERE id_article=$id_article AND id_version=$id_version");
+ spip_query("UPDATE spip_versions SET date=NOW(), id_auteur='$id_auteur', champs=" . _q($codes) . ", permanent='$permanent', titre_version=" . _q($titre_version) . " WHERE id_article=$id_article AND id_version=$id_version");
}
spip_query("UPDATE spip_articles SET id_version=$id_version_new WHERE id_article=$id_article");
diff --git a/ecrire/inc/rubriques.php b/ecrire/inc/rubriques.php
index 7a50e9bdabdba3dba75cfc7ad75415627add1878..69c99505ca9e3706a69faeb1ae9c04efe44a1d2f 100644
--- a/ecrire/inc/rubriques.php
+++ b/ecrire/inc/rubriques.php
@@ -169,7 +169,7 @@ function calculer_langues_rubriques_etape() {
while ($row = spip_fetch_array($s)) {
$id_rubrique = $row['id_rubrique'];
- $t = spip_query("UPDATE spip_rubriques SET lang=" . spip_abstract_quote($row['lang']) . ", langue_choisie='non' WHERE id_rubrique=$id_rubrique");
+ $t = spip_query("UPDATE spip_rubriques SET lang=" . _q($row['lang']) . ", langue_choisie='non' WHERE id_rubrique=$id_rubrique");
}
return $t;
@@ -179,7 +179,7 @@ function calculer_langues_rubriques_etape() {
function calculer_langues_rubriques() {
// rubriques (recursivite)
- spip_query("UPDATE spip_rubriques SET lang=" . spip_abstract_quote($GLOBALS['meta']['langue_site']) . ", langue_choisie='non' WHERE id_parent=0 AND langue_choisie != 'oui'");
+ spip_query("UPDATE spip_rubriques SET lang=" . _q($GLOBALS['meta']['langue_site']) . ", langue_choisie='non' WHERE id_parent=0 AND langue_choisie != 'oui'");
while (calculer_langues_rubriques_etape());
// articles
@@ -190,7 +190,7 @@ function calculer_langues_rubriques() {
AND mere.lang<>fils.lang");
while ($row = spip_fetch_array($s)) {
$id_article = $row['id_article'];
- spip_query("UPDATE spip_articles SET lang=" . spip_abstract_quote($row['lang']) . ", langue_choisie='non' WHERE id_article=$id_article");
+ spip_query("UPDATE spip_articles SET lang=" . _q($row['lang']) . ", langue_choisie='non' WHERE id_article=$id_article");
}
// breves
@@ -201,7 +201,7 @@ function calculer_langues_rubriques() {
AND mere.lang<>fils.lang");
while ($row = spip_fetch_array($s)) {
$id_breve = $row['id_breve'];
- spip_query("UPDATE spip_breves SET lang=" . spip_abstract_quote($row['lang']) . ", langue_choisie='non' WHERE id_breve=$id_breve");
+ spip_query("UPDATE spip_breves SET lang=" . _q($row['lang']) . ", langue_choisie='non' WHERE id_breve=$id_breve");
}
if ($GLOBALS['meta']['multi_rubriques'] == 'oui') {
diff --git a/ecrire/inc/suivi_versions.php b/ecrire/inc/suivi_versions.php
index fe4ea1d96e8aabada7b61ccb71ff7d53b02e10b5..81c8e5ed44cc7b29cede3276beaa7beaaf8f4e90 100644
--- a/ecrire/inc/suivi_versions.php
+++ b/ecrire/inc/suivi_versions.php
@@ -44,7 +44,7 @@ function afficher_suivi_versions ($debut = 0, $id_secteur = 0, $uniq_auteur = fa
}
if (strlen($lang) > 0)
- $req_where .= " AND articles.lang=" . spip_abstract_quote($lang);
+ $req_where .= " AND articles.lang=" . _q($lang);
if ($id_secteur > 0)
$req_where .= " AND articles.id_secteur = ".intval($id_secteur);
diff --git a/ecrire/inc/syndic.php b/ecrire/inc/syndic.php
index a4e44a838fbfa5e18f7989438d77b0eaaade413d..87042e1c51370ca4b5d7b493a3c1a6686499dad3 100644
--- a/ecrire/inc/syndic.php
+++ b/ecrire/inc/syndic.php
@@ -351,9 +351,9 @@ function inserer_article_syndique ($data, $now_id_syndic, $statut, $url_site, $u
// Creer le lien s'il est nouveau - cle=(id_syndic,url)
$le_lien = substr($data['url'], 0,255);
- $n = spip_num_rows(spip_query("SELECT * FROM spip_syndic_articles WHERE url=" . spip_abstract_quote($le_lien) . " AND id_syndic=$now_id_syndic"));
+ $n = spip_num_rows(spip_query("SELECT * FROM spip_syndic_articles WHERE url=" . _q($le_lien) . " AND id_syndic=$now_id_syndic"));
if ($n == 0 and !spip_sql_error()) {
- spip_query("INSERT INTO spip_syndic_articles (id_syndic, url, date, statut) VALUES ('$now_id_syndic', " . spip_abstract_quote($le_lien) . ", FROM_UNIXTIME(".$data['date']."), '$statut')");
+ spip_query("INSERT INTO spip_syndic_articles (id_syndic, url, date, statut) VALUES ('$now_id_syndic', " . _q($le_lien) . ", FROM_UNIXTIME(".$data['date']."), '$statut')");
$ajout = true;
}
@@ -391,7 +391,7 @@ function inserer_article_syndique ($data, $now_id_syndic, $statut, $url_site, $u
}
// Mise a jour du contenu (titre,auteurs,description,date?,source...)
- spip_query("UPDATE spip_syndic_articles SET titre=" . spip_abstract_quote($data['titre']) . ", ".$update_date." lesauteurs=" . spip_abstract_quote($data['lesauteurs']) . ", descriptif=" . spip_abstract_quote($desc) . ", lang=".spip_abstract_quote(substr($data['lang'],0,10)).", source=".spip_abstract_quote(substr($data['source'],0,255)).", url_source=".spip_abstract_quote(substr($data['url_source'],0,255)).", tags=" . spip_abstract_quote($tags) . " WHERE id_syndic='$now_id_syndic' AND url=" . spip_abstract_quote($le_lien));
+ spip_query("UPDATE spip_syndic_articles SET titre=" . _q($data['titre']) . ", ".$update_date." lesauteurs=" . _q($data['lesauteurs']) . ", descriptif=" . _q($desc) . ", lang="._q(substr($data['lang'],0,10)).", source="._q(substr($data['source'],0,255)).", url_source="._q(substr($data['url_source'],0,255)).", tags=" . _q($tags) . " WHERE id_syndic='$now_id_syndic' AND url=" . _q($le_lien));
// Point d'entree post_syndication
pipeline('post_syndication',
@@ -451,14 +451,14 @@ function syndic_a_jour($now_id_syndic, $statut = 'off') {
// moderation automatique des liens qui sont sortis du feed
if (count($urls) > 0
AND $row['miroir'] == 'oui') {
- spip_query("UPDATE spip_syndic_articles SET statut='off', maj=maj WHERE id_syndic=$now_id_syndic AND NOT (url IN (" . join(",", array_map('spip_abstract_quote',$urls)) . "))");
+ spip_query("UPDATE spip_syndic_articles SET statut='off', maj=maj WHERE id_syndic=$now_id_syndic AND NOT (url IN (" . join(",", array_map('_q',$urls)) . "))");
}
// suppression apres 2 mois des liens qui sont sortis du feed
if (count($urls) > 0
AND $row['oubli'] == 'oui') {
$time = date('U') - 61*24*3600; # deux mois
- spip_query("DELETE FROM spip_syndic_articles WHERE id_syndic=$now_id_syndic AND UNIX_TIMESTAMP(maj) < $time AND UNIX_TIMESTAMP(date) < $time AND NOT (url IN (" . join(",", array_map('spip_abstract_quote',$urls)) . "))");
+ spip_query("DELETE FROM spip_syndic_articles WHERE id_syndic=$now_id_syndic AND UNIX_TIMESTAMP(maj) < $time AND UNIX_TIMESTAMP(date) < $time AND NOT (url IN (" . join(",", array_map('_q',$urls)) . "))");
}
diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index f9bea78c610c10cdba5bef8a0ed0fd2ed06c0317..163e4187d27fb3706d08e2ce43ed7d6c30ce5393 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -223,8 +223,9 @@ function spip_query($query, $serveur='') {
// a demenager dans base/abstract_sql a terme
-// http://doc.spip.org/@spip_abstract_quote
-function spip_abstract_quote($arg_sql) {
+function spip_abstract_quote($arg_sql) {return _q($arg_sql);}
+
+function _q($arg_sql) {
return (is_int($arg_sql)) ? $arg_sql : ("'" . addslashes($arg_sql) . "'");
}
diff --git a/ecrire/inc/visites.php b/ecrire/inc/visites.php
index 6db6e9e1f688eeb33b75decc76f48130bcbcf1a5..3ffec8cf711faebdb16fd83fa513243b23142823 100644
--- a/ecrire/inc/visites.php
+++ b/ecrire/inc/visites.php
@@ -135,7 +135,7 @@ function calculer_visites($t) {
// s'assurer d'un slot pour chacun
foreach ($referers as $referer => $num) {
$referer_md5 = '0x'.substr(md5($referer), 0, 15);
- $insert[] = "('$date', " . spip_abstract_quote($referer) . ",
+ $insert[] = "('$date', " . _q($referer) . ",
$referer_md5)";
$ar[$num][] = $referer_md5;
}
@@ -155,7 +155,7 @@ function calculer_visites($t) {
foreach ($referers_a as $id_article => $referers)
foreach ($referers as $referer => $num) {
$referer_md5 = '0x'.substr(md5($referer), 0, 15);
- $insert[] = "('$date', " . spip_abstract_quote($referer) . ",
+ $insert[] = "('$date', " . _q($referer) . ",
$referer_md5, $id_article)";
$ar[$num][] = "(id_article=$id_article AND referer_md5=$referer_md5)";
}
diff --git a/ecrire/inc_version.php b/ecrire/inc_version.php
index 66e4257ccb9474546a8c1cdb42b57c8e4bf914b9..c1623abd46190dd0cc44721c522c4f5f0d9bfeee 100644
--- a/ecrire/inc_version.php
+++ b/ecrire/inc_version.php
@@ -216,7 +216,8 @@ $plugins = array(); // voir le contenu du repertoire /plugins/
$surcharges = array(); // format 'inc_truc' => '/plugins/chose/inc_truc2.php'
// Masquer les warning
-error_reporting(E_ALL ^ E_NOTICE);
+//error_reporting(E_ALL ^ E_NOTICE);
+error_reporting(E_ALL);
// Variables du compilateur de squelettes
diff --git a/ecrire/index.php b/ecrire/index.php
index bfe2efe3ba329ca42bbbe7de134d87f72a551fe9..db511398b472eccc1dc61b0eb3b1148a2ada5ba2 100644
--- a/ecrire/index.php
+++ b/ecrire/index.php
@@ -106,7 +106,7 @@ if (isset($set_options) AND ($set_options == 'avancees' OR $set_options == 'basi
$prefs_mod = true;
}
if ($prefs_mod AND !$var_auth)
- spip_query("UPDATE spip_auteurs SET prefs = " . spip_abstract_quote(serialize($prefs)) . " WHERE id_auteur = $connect_id_auteur");
+ spip_query("UPDATE spip_auteurs SET prefs = " . _q(serialize($prefs)) . " WHERE id_auteur = $connect_id_auteur");
if (isset($set_ecran)) {
// Poser un cookie, car ce reglage depend plus du navigateur que de l'utilisateur
@@ -139,7 +139,7 @@ if (isset($GLOBALS['_COOKIE']['spip_lang_ecrire'])) {
// si authentifie, changer definitivement si ce n'est fait
else { if (($spip_lang_ecrire <> $auteur_session['lang'])
AND changer_langue($spip_lang_ecrire)) {
- spip_query("UPDATE spip_auteurs SET lang = " . spip_abstract_quote($spip_lang_ecrire) . " WHERE id_auteur = " . intval($auteur_session['id_auteur']));
+ spip_query("UPDATE spip_auteurs SET lang = " . _q($spip_lang_ecrire) . " WHERE id_auteur = " . intval($auteur_session['id_auteur']));
$auteur_session['lang'] = $var_lang_ecrire;
$var_f = charger_fonction('session', 'inc');
$var_f($auteur_session);
diff --git a/ecrire/install/etape_6.php b/ecrire/install/etape_6.php
index efb18c017683b3cec25288f318267df6b13a1a2e..f4ebdb169a01792c01d3a6c11dd4699646cd0504 100644
--- a/ecrire/install/etape_6.php
+++ b/ecrire/install/etape_6.php
@@ -48,7 +48,7 @@ function install_etape_6_dist()
# pour le passwd, bizarrement il faut le convertir comme s'il avait
# ete tape en iso-8859-1 ; car c'est en fait ce que voit md5.js
$pass = unicode2charset(utf_8_to_unicode($pass), 'iso-8859-1');
- $result = spip_query("SELECT id_auteur FROM spip_auteurs WHERE login=" . spip_abstract_quote($login));
+ $result = spip_query("SELECT id_auteur FROM spip_auteurs WHERE login=" . _q($login));
unset($id_auteur);
if ($row = spip_fetch_array($result)) $id_auteur = $row['id_auteur'];
@@ -57,14 +57,14 @@ function install_etape_6_dist()
$htpass = generer_htpass($pass);
if ($id_auteur) {
- spip_query("UPDATE spip_auteurs SET nom=" . spip_abstract_quote($nom) . ", email=" . spip_abstract_quote($email) . ", login=" . spip_abstract_quote($login) . ", pass='$mdpass', alea_actuel='', alea_futur=FLOOR(32000*RAND()), htpass='$htpass', statut='0minirezo' WHERE id_auteur=$id_auteur");
+ spip_query("UPDATE spip_auteurs SET nom=" . _q($nom) . ", email=" . _q($email) . ", login=" . _q($login) . ", pass='$mdpass', alea_actuel='', alea_futur=FLOOR(32000*RAND()), htpass='$htpass', statut='0minirezo' WHERE id_auteur=$id_auteur");
}
else {
- spip_query("INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(" . spip_abstract_quote($nom) . "," . spip_abstract_quote($email) . "," . spip_abstract_quote($login) . ",'$mdpass','$htpass',FLOOR(32000*RAND()),'0minirezo')");
+ spip_query("INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(" . _q($nom) . "," . _q($email) . "," . _q($login) . ",'$mdpass','$htpass',FLOOR(32000*RAND()),'0minirezo')");
}
// inserer email comme email webmaster principal
- spip_query("REPLACE spip_meta (nom, valeur) VALUES ('email_webmaster', " . spip_abstract_quote($email) . ")");
+ spip_query("REPLACE spip_meta (nom, valeur) VALUES ('email_webmaster', " . _q($email) . ")");
}
include_spip('inc/config');
diff --git a/ecrire/install/etape_ldap5.php b/ecrire/install/etape_ldap5.php
index d1531b16175c48db74648fd84fd3fe276cd67da4..9897e306239471536554938b91a177945d8079a3 100644
--- a/ecrire/install/etape_ldap5.php
+++ b/ecrire/install/etape_ldap5.php
@@ -25,7 +25,7 @@ function install_etape_ldap5_dist()
else
redirige_par_entete(generer_url_ecrire('install'));
- spip_query("REPLACE spip_meta (nom, valeur) VALUES ('ldap_statut_import', " . spip_abstract_quote($statut_ldap) . " )");
+ spip_query("REPLACE spip_meta (nom, valeur) VALUES ('ldap_statut_import', " . _q($statut_ldap) . " )");
@unlink(_FILE_META);
echo "<B>"._T('info_ldap_ok')."</B>";
diff --git a/ecrire/public/balises.php b/ecrire/public/balises.php
index b63ea4e655bbc153b8ba5f9f59861107e5e1f047..3d4c66f984f574e1d653d2d008b49758d643a577 100644
--- a/ecrire/public/balises.php
+++ b/ecrire/public/balises.php
@@ -402,8 +402,8 @@ function balise_EXPOSER_dist($p)
// Gerer la notation [(#EXPOSER|on,off)]
$onoff = array_shift($a);
ereg("([^,]*)(,(.*))?", $onoff[0], $regs);
- $on = "" . spip_abstract_quote($regs[1]);
- $off = "" . spip_abstract_quote($regs[3]) ;
+ $on = "" . _q($regs[1]);
+ $off = "" . _q($regs[3]) ;
// autres filtres
array_shift($p->param);
}
diff --git a/ecrire/public/criteres.php b/ecrire/public/criteres.php
index 03cca9a3a985b5b278c58bd2c14d4d323cfffe6e..4eae23190d2e3839ccae6e3014e0ae96b75b8350 100644
--- a/ecrire/public/criteres.php
+++ b/ecrire/public/criteres.php
@@ -271,7 +271,7 @@ function critere_parinverse($idb, &$boucles, $crit, $sens) {
if (!$t) $t = $r; else $t = "spip_$t";
$desc = $tables_des_serveurs_sql[$s][$t];
if (is_array($desc['field'])){
- $liste_field = implode(',',array_map('spip_abstract_quote',array_keys($desc['field'])));
+ $liste_field = implode(',',array_map('_q',array_keys($desc['field'])));
$order =
"((\$x = preg_replace(\"/\\W/\",'',$order)) ? ( in_array(\$x,array($liste_field)) ? ('$boucle->id_table.' . \$x$sens):(\$x$sens) ) : '')";
}
@@ -557,9 +557,9 @@ function calculer_criteres ($idb, &$boucles) {
function kwote($lisp)
{
if (preg_match(",^(\n//[^\n]*\n)? *'(.*)' *$,", $lisp, $r))
- return $r[1] . "\"" . spip_abstract_quote(str_replace(array("\\'","\\\\"),array("'","\\"),$r[2])) . "\"" ;
+ return $r[1] . "\"" . _q(str_replace(array("\\'","\\\\"),array("'","\\"),$r[2])) . "\"" ;
else
- return "spip_abstract_quote($lisp)";
+ return "_q($lisp)";
}
// http://doc.spip.org/@critere_IN_dist
@@ -576,7 +576,7 @@ function critere_IN_dist ($idb, &$boucles, $crit)
if (is_numeric($r[2]))
$x .= "\n\t$var" . "[]= $r[2];";
else
- $x .= "\n\t$var" . "[]= " . spip_abstract_quote($r[2]) . ";";
+ $x .= "\n\t$var" . "[]= " . _q($r[2]) . ";";
} else {
// Pour permettre de passer des tableaux de valeurs
// on repere l'utilisation brute de #ENV**{X},
@@ -594,7 +594,7 @@ function critere_IN_dist ($idb, &$boucles, $crit)
$op = '<>';
} else $op = '=';
- $arg = "FIELD($arg,\" . join(',',array_map('spip_abstract_quote', $var)) . \")";
+ $arg = "FIELD($arg,\" . join(',',array_map('_q', $var)) . \")";
if ($boucles[$idb]->group) $arg = "SUM($arg)";
$boucles[$idb]->select[]= "$arg AS cpt$cpt";
$op = array("'$op'", "'cpt$cpt'", 0);
diff --git a/ecrire/urls/html.php b/ecrire/urls/html.php
index 1a7e3de133f3eda005ce430a121fb21d6e100799..3be956208730864c96f1e20a8197f74c544b3a3f 100644
--- a/ecrire/urls/html.php
+++ b/ecrire/urls/html.php
@@ -100,7 +100,7 @@ function recuperer_parametres_url($fond, $url) {
$url_propre = (preg_replace('/^[_+-]{0,2}(.*?)[_+-]{0,2}(\.html)?$/',
'$1', $url_propre));
$id = id_table_objet($fond);
- $r = spip_query("SELECT $id AS id FROM spip_" . table_objet($fond) . " WHERE url_propre = " . spip_abstract_quote($url_propre));
+ $r = spip_query("SELECT $id AS id FROM spip_" . table_objet($fond) . " WHERE url_propre = " . _q($url_propre));
if ($r AND $r = spip_fetch_array($r))
$contexte[$id] = $r['id'];
}
diff --git a/ecrire/urls/page.php b/ecrire/urls/page.php
index 52c46b1af8d6de139dd344f4fa83d93d4254ecea..38a04f4eed83b92309df26e038c96e49c156d33b 100644
--- a/ecrire/urls/page.php
+++ b/ecrire/urls/page.php
@@ -108,7 +108,7 @@ function recuperer_parametres_url(&$fond, $url) {
'$1', $url_propre));
$r = "spip_" . table_objet($fond);
$id = id_table_objet($fond);
- $r = spip_query("SELECT $id AS id FROM $r WHERE url_propre = " . spip_abstract_quote($url_propre));
+ $r = spip_query("SELECT $id AS id FROM $r WHERE url_propre = " . _q($url_propre));
if ($r AND $r = spip_fetch_array($r))
$contexte[$id] = $r['id'];
}
diff --git a/ecrire/urls/propres.php b/ecrire/urls/propres.php
index 4b106c2ad6bf9ff9554d32cab14dd704ea413b46..8e2f47bd98a80fa79134947c55b87bfa9c86f935 100644
--- a/ecrire/urls/propres.php
+++ b/ecrire/urls/propres.php
@@ -114,7 +114,7 @@ function _generer_url_propre($type, $id_objet) {
$lock = "url $type $id_objet";
spip_get_lock($lock, 10);
- $n = spip_num_rows(spip_query("SELECT $col_id FROM $table WHERE url_propre=" . spip_abstract_quote($url) . " AND $col_id != $id_objet LIMIT 1"));
+ $n = spip_num_rows(spip_query("SELECT $col_id FROM $table WHERE url_propre=" . _q($url) . " AND $col_id != $id_objet LIMIT 1"));
if ($n > 0) {
$url = $url.','.$id_objet;
}
@@ -126,7 +126,7 @@ function _generer_url_propre($type, $id_objet) {
$url = $url.','.$id_objet;
// Mettre a jour dans la base
- spip_query("UPDATE $table SET url_propre=" . spip_abstract_quote($url) . " WHERE $col_id=$id_objet");
+ spip_query("UPDATE $table SET url_propre=" . _q($url) . " WHERE $col_id=$id_objet");
spip_release_lock($lock);
@@ -295,7 +295,7 @@ function recuperer_parametres_url(&$fond, $url) {
$table = "spip_".table_objet($type);
$col_id = id_table_objet($type);
- $result = spip_query("SELECT $col_id FROM $table WHERE url_propre=" . spip_abstract_quote($url_propre));
+ $result = spip_query("SELECT $col_id FROM $table WHERE url_propre=" . _q($url_propre));
if ($row = spip_fetch_array($result)) {
$contexte[$col_id] = $row[$col_id];
diff --git a/ecrire/urls/standard.php b/ecrire/urls/standard.php
index ab3f0ca04572a01a46f2810f21aa867fc7d64215..c4118aa6b268c7f5a96395e7c75734d9921539be 100644
--- a/ecrire/urls/standard.php
+++ b/ecrire/urls/standard.php
@@ -79,7 +79,7 @@ function recuperer_parametres_url(&$fond, $url) {
$url_propre = (preg_replace('/^[_+-]{0,2}(.*?)[_+-]{0,2}(\.html)?$/',
'$1', $url_propre));
$id = id_table_objet($fond);
- $r = spip_query("SELECT $id AS id FROM spip_" . table_objet($fond) . " WHERE url_propre = " . spip_abstract_quote($url_propre));
+ $r = spip_query("SELECT $id AS id FROM spip_" . table_objet($fond) . " WHERE url_propre = " . _q($url_propre));
if ($r AND $r = spip_fetch_array($r))
$contexte[$id] = $r['id'];
}