From a79e910da529d1f19df0cdcc29c20365dea93bc3 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Tue, 13 Jun 2006 15:21:32 +0000
Subject: [PATCH] lors de la suppression d'un logo, on pouvait arriver avec une
 methode POST bien qu'en provenance d'un lien simple. Ajout de 'unlink' dans
 l'action pour plus de robustesse

---
 ecrire/action/iconifier.php | 4 +++-
 ecrire/inc/logos.php        | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ecrire/action/iconifier.php b/ecrire/action/iconifier.php
index f4afd3c2b8..b9bcf1e35d 100644
--- a/ecrire/action/iconifier.php
+++ b/ecrire/action/iconifier.php
@@ -20,7 +20,8 @@ function action_iconifier_dist()
 		include_spip('inc/minipres');
 		minipres(_T('info_acces_interdit'));
 	}
-	if ($_SERVER['REQUEST_METHOD'] == 'POST') 
+	$arg = urldecode($arg);
+	if (!preg_match(',^unlink\s,',$arg))
 		action_spip_image_ajouter_dist();
 	else	action_spip_image_effacer_dist();
 }
@@ -28,6 +29,7 @@ function action_iconifier_dist()
 function action_spip_image_effacer_dist() {
 
 	global $arg;
+	$arg = preg_replace(',^unlink\s*,','',urldecode($arg));
 	if (!strstr($arg, ".."))
 		@unlink(_DIR_LOGOS . $arg);
 }
diff --git a/ecrire/inc/logos.php b/ecrire/inc/logos.php
index 5ffc961b36..19e2e1b565 100644
--- a/ecrire/inc/logos.php
+++ b/ecrire/inc/logos.php
@@ -68,7 +68,7 @@ function decrire_logo($id_objet, $mode, $id, $width, $height, $titre="", $script
 		"<font size='1'>" .
 		$xy .
 		"\n<br />[<a href='" .
-		generer_action_auteur("iconifier", "$nom.$format", generer_url_ecrire($script, "$id_objet=$id", true)) .
+		generer_action_auteur("iconifier", "unlink $nom.$format", generer_url_ecrire($script, "$id_objet=$id", true)) .
 		"'>".
 		_T('lien_supprimer') .
 		"</a>]</font>" .
-- 
GitLab