From c3ba9b0231a897f84a2273a5644583eee0f57076 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Sun, 19 Dec 2004 13:07:10 +0000
Subject: [PATCH] =?UTF-8?q?html=5Fentities=20syst=C3=A9matique=20pour=20HT?=
 =?UTF-8?q?TP=5FVARS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 formulaire_forum-dist.html     | 18 +++----
 formulaire_recherche-dist.html |  2 +-
 formulaire_site-dist.html      |  2 +-
 inc-admin.php3                 |  2 +-
 inc-balises.php3               | 10 ++--
 inc-ecrire_auteur.php3         |  6 +--
 inc-login.php3                 | 94 +++++++++++-----------------------
 inc-site.php3                  |  2 +-
 spip_cookie.php3               | 46 ++++++++++++-----
 9 files changed, 86 insertions(+), 96 deletions(-)

diff --git a/formulaire_forum-dist.html b/formulaire_forum-dist.html
index 2a5ef012e1..120e35d3e9 100644
--- a/formulaire_forum-dist.html
+++ b/formulaire_forum-dist.html
@@ -1,17 +1,17 @@
 <form action='[(#HTTP_VARS{url})]' method='post' name='formulaire'>
-      <input type='hidden' name='ajout_forum' value='oui' />
-      <input type='hidden' name='id_message' value='[(#HTTP_VARS{id_message})]' />
-      <input type='hidden' name='alea' value='[(#HTTP_VARS{alea})]' />
-      <input type='hidden' name='hash' value='[(#HTTP_VARS{hash})]' />
-      <input type='hidden' name='retour' value='[(#HTTP_VARS{retour})]' />
-      [(#HTTP_VARS{modere})]
-      [(#HTTP_VARS{afficher_non})]
-      [(#HTTP_VARS{previsu})
+      <input type='hidden' name='ajout_forum' value="oui" />
+      <input type='hidden' name='id_message' value="[(#HTTP_VARS{id_message})]" />
+      <input type='hidden' name='alea' value="[(#HTTP_VARS{alea})]" />
+      <input type='hidden' name='hash' value="[(#HTTP_VARS{hash})]" />
+      <input type='hidden' name='retour' value="[(#HTTP_VARS{retour})]" />
+      [(#HTTP_VARS{modere})<p>]
+      [(#HTTP_VARS*{afficher_non})]
+      [(#HTTP_VARS*{previsu})
       <fieldset class='spip_encadrer'>
 	<legend><b><:forum_titre:></b></legend>
 	<label>
 	  <input type='text' name='titre' 
-	    [value="> (#HTTP_VARS{titre}|supprimer_prefixe{'>'}|supprimer_numero|entites_html)" ]class='forml' size='40' />
+	    [value="> (#HTTP_VARS{titre}|supprimer_prefixe{'>'}|supprimer_numero)" ]class='forml' size='40' />
 	</label>
       </fieldset>
       <br />
diff --git a/formulaire_recherche-dist.html b/formulaire_recherche-dist.html
index 60b879736c..eab752223f 100644
--- a/formulaire_recherche-dist.html
+++ b/formulaire_recherche-dist.html
@@ -4,5 +4,5 @@
 		size='20'
 		class='formrecherche'
 		name='recherche'
-		value='[(#HTTP_VARS{recherche})]' />
+		value="[(#HTTP_VARS{recherche})]" />
 </form>
diff --git a/formulaire_site-dist.html b/formulaire_site-dist.html
index fbb5b8e70d..a5981e5fa2 100644
--- a/formulaire_site-dist.html
+++ b/formulaire_site-dist.html
@@ -5,6 +5,6 @@
 <input type="text" class="forml" name="url_site" value="" size="30"></div>
 <p><b><:form_prop_description:></b></p><br />
 <textarea name='description_site' rows='5' class='forml' cols='40' wrap=soft></textarea>
-<div align="right"><input type="submit" name="valider" class="spip_bouton" value=" <:bouton_valider:>">
+<div align="right"><input type="submit" name="valider" class="spip_bouton" value="<:bouton_valider:>">
 </div>
 </form>
diff --git a/inc-admin.php3 b/inc-admin.php3
index b1bdf8232e..3857a27545 100644
--- a/inc-admin.php3
+++ b/inc-admin.php3
@@ -60,7 +60,7 @@ function admin_dyn($id_article, $id_breve, $id_rubrique, $id_mot, $id_auteur, $d
 	$link->delVar('var_mode_objet');
 	$link->delVar('var_mode_affiche');
 	$action = $link->getUrl();
-	$action = quote_amp($action . ((strpos($action, '?') === false) ? '?' : '&'));
+	$action = ($action . ((strpos($action, '?') === false) ? '?' : '&'));
 
   // en preview pas de stat ni de debug
 	if (!$var_preview) {
diff --git a/inc-balises.php3 b/inc-balises.php3
index dbda7ed0ff..6435f9fa0c 100644
--- a/inc-balises.php3
+++ b/inc-balises.php3
@@ -1,4 +1,3 @@
-
 <?php
 
 //
@@ -50,7 +49,8 @@ function champs_traitements ($p) {
 		'URL_RUBRIQUE' => 'htmlspecialchars(vider_url(%s))',
 		'URL_SITE_SPIP' => 'htmlspecialchars(vider_url(%s))',
 		'URL_SITE' => 'htmlspecialchars(vider_url(%s))',
-		'URL_SYNDIC' => 'htmlspecialchars(vider_url(%s))'
+		'URL_SYNDIC' => 'htmlspecialchars(vider_url(%s))',
+		'HTTP_VARS' => 'htmlspecialchars(%s)'
 	);
 	$ps = $traitements[$p->nom_champ];
 	if (!$ps) return $p->code;
@@ -423,13 +423,13 @@ function balise_LOGIN_PUBLIC_dist($p) {
 
 function balise_URL_LOGOUT_dist($p) {
 	if ($p->fonctions) {
-	$url = "&url=".$p->fonctions[0];
+	$url = "'" . $p->fonctions[0] . "'";
 	$p->fonctions = array();
 	} else {
-	$url = '&url=\'.urlencode(\$clean_link->getUrl()).\'';
+	$url = '\$clean_link->getUrl()';
 	}
 	$p->code = '("<"."?php if (\$GLOBALS[\'auteur_session\'][\'login\'])
-{ echo \'spip_cookie.php3?logout_public=\'.\$GLOBALS[\'auteur_session\'][\'login\'].\'' . $url . '\'; } ?".">")';
+    { echo \'spip_cookie.php3?logout_public=\'.\$GLOBALS[\'auteur_session\'][\'login\'].\'&amp;var_url=\' .urlencode(' . $url . '); } ?".">")';
 	$p->statut = 'php';
 	return $p;
 }
diff --git a/inc-ecrire_auteur.php3 b/inc-ecrire_auteur.php3
index 34f3c9de5e..441a4dc641 100644
--- a/inc-ecrire_auteur.php3
+++ b/inc-ecrire_auteur.php3
@@ -45,10 +45,10 @@ function ecrire_auteur_dyn($id_auteur, $mail, $sujet, $texte, $adres) {
 		      'action' => $link->getUrl(),
 		      'id_auteur' => $id_auteur,
 		      'mailko' => $mailko ? $spip_lang_rtl : '',
-		      'mail' => entites_html($adres),
+		      'mail' => $adres,
 		      'sujetko' => ($texte && !$sujet) ? $spip_lang_rtl : '',
-		      'sujet' => entites_html($sujet),
-		      'texte' => entites_html($texte),
+		      'sujet' => $sujet,
+		      'texte' => $texte,
 		      'valide' => ($validable ?
 				    _T('form_prop_confirmer_envoi') :
 				    _T('form_prop_envoyer'))
diff --git a/inc-login.php3 b/inc-login.php3
index ebe6b5ac6a..df818a9c58 100644
--- a/inc-login.php3
+++ b/inc-login.php3
@@ -10,29 +10,6 @@ include_ecrire("inc_session.php3");
 include_ecrire("inc_filtres.php3");
 include_ecrire("inc_texte.php3");
 
-// gerer l'auth http
-function auth_http($url, $essai_auth_http) {
-	$lien = " [<a href='" . _DIR_RESTREINT_ABS . "'>"._T('login_espace_prive')."</a>]";
-	if ($essai_auth_http == 'oui') {
-		include_ecrire('inc_session.php3');
-		if (!verifier_php_auth()) {
-		  $url = quote_amp(urlencode($url));
-			$page_erreur = "<b>"._T('login_connexion_refusee')."</b><p />"._T('login_login_pass_incorrect')."<p />[<a href='./'>"._T('login_retour_site')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&amp;url=$url'>"._T('login_nouvelle_tentative')."</a>]";
-			if (ereg(_DIR_RESTREINT_ABS, $url))
-			  $page_erreur .= $lien;
-			ask_php_auth($page_erreur);
-		}
-		else
-			redirige_par_entete($url);
-	}
-	// si demande logout auth_http
-	else if ($essai_auth_http == 'logout') {
-		include_ecrire('inc_session.php3');
-		ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p />"._T('login_verifiez_navigateur')."<p />[<a href='./'>"._T('login_retour_public')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&amp;redirect=ecrire'>"._T('login_test_navigateur')."</a>] $lien");
-		exit;
-	}
-}
-
 // fonction pour les balises #LOGIN_*
 
 function login($cible, $prive = 'prive') {
@@ -128,48 +105,43 @@ function login_pour_tous($cible, $prive, $message, $action, $mode) {
 	}
 
 	if ($echec_cookie) {
-		$res = "<div><h3 class='spip'>" .
-		(_T('erreur_probleme_cookie')) .
-		'</h3><div style="font-family: Verdana, arial,helvetica,sans-serif; font-size: 12px;"><p /><b>' .
-		_T('login_cookie_oblige')."</b> " .
-		_T('login_cookie_accepte')."\n";
+		$message = '<h3 class="spip">' .
+		  (_T('erreur_probleme_cookie')) .
+		  '</h3><b>' .
+		  _T('login_cookie_oblige')."</b> " .
+		  _T('login_cookie_accepte')."<p />\n";
 	}
-	else {
-		$res = '<div><div style="font-family: Verdana,arial,helvetica,sans-serif; font-size: 12px;">' .
-		(!$message ? '' :
-			("<br />" . 
-			_T("forum_vous_enregistrer") . 
-			" <a $pass_popup>" .
-			_T("forum_vous_inscrire") .
-			"</a><p />\n")) ;
+	else { if ($message)
+	    $message = "<br />" . 
+	      _T("forum_vous_enregistrer") . 
+	      " <a $pass_popup>" .
+	      _T("forum_vous_inscrire") .
+	      "</a><p />\n" ;
 	}
 
+	$res = $message .
+	  '<div style="font-family: Verdana,arial,helvetica,sans-serif; font-size: 12px;">';
+
 # Affichage du formulaire de login avec un challenge MD5 en javascript
 # si jaja actif, on affiche le login en 'dur', et on le passe en champ hidden
 # sinon , le login est modifiable (puisque le challenge n'est pas utilise)
 
 	if ($login) {
-
 		$session = "<br /><br /><label><b>"._T('login_login2')."</b><br /></label>\n<input type='text' name='session_login' class='forml' value=\"$login\" size='40' />";
-		if (!$source_auteur) 
-			$challenge = '';
-		else {
-			$challenge = 
-		  (" onSubmit='if (this.session_password.value) {
+
+		$res .= (!$source_auteur ? '' : http_script('', _DIR_INCLUDE . 'md5.js')) .
+		  "<form name='form_login' action='spip_cookie.php3' method='post'" .
+		  (!$source_auteur ?  '' : 
+		   (" onSubmit='if (this.session_password.value) {
 				this.session_password_md5.value = calcMD5(\"$alea_actuel\" + this.session_password.value);
 				this.next_session_password_md5.value = calcMD5(\"$alea_futur\" + this.session_password.value);
 				this.session_password.value = \"\";
-			}'");
-			$res .= http_script('', _DIR_INCLUDE . 'md5.js');
-		}
-		$res .= "<form name='form_login' action='spip_cookie.php3' method='post'" .
-		  $challenge .
-		  ">\n" .
-		  "<input type='hidden' name='session_login_hidden' value='$login' />\n" .
+			}'")) .
+		  ">\n<input type='hidden' name='session_login_hidden' value='$login' />\n" .
 		  "<div class='spip_encadrer' style='text-align:".$GLOBALS["spip_lang_left"].";'>\n" .
 		  (!$erreur ? '' : "<div class='reponse_formulaire'><b>$erreur</b></div>\n") .
-		  (!$challenge ? $session :
-		   http_script("document.write('".addslashes(_T('login_login'))." <b>$login</b><br /><a href=\"spip_cookie.php3?cookie_admin=non&amp;url=".rawurlencode($action)."\"><font size=\"2\">["._T('login_autre_identifiant')."]</font></a>');",
+		  (!$source_auteur ? $session :
+		   http_script("document.write('".addslashes(_T('login_login'))." <b>$login</b><br /><a href=\"spip_cookie.php3?cookie_admin=non&amp;var_url=".rawurlencode($action)."\"><font size=\"2\">["._T('login_autre_identifiant')."]</font></a>');",
 			       '',
 				"<font face='Georgia, Garamond, Times, serif' size='3'>" .
 				_T('login_non_securise') .
@@ -181,25 +153,22 @@ function login_pour_tous($cible, $prive, $message, $action, $mode) {
 		  "<label for='session_remember'>" .
 		  _T('login_rester_identifie') .
 		  "</label>" .
-		  "<input type='hidden' name='url' value='$cible' />\n" .
 		  "<input type='hidden' name='session_password_md5' value='' />\n" .
 		  "<input type='hidden' name='next_session_password_md5' value='' />\n" .
-		  "<div align='right'><input type='submit' class='spip_bouton' value='"._T('bouton_valider')."' /></div>\n" .
-		  "</div>" .
-		  "</form>";
-	}
+		  "<input type='hidden' name='var_url' value='$cible' />\n" .
+		  "<div align='right'><input type='submit' class='spip_bouton' value='"._T('bouton_valider')."' /></div>\n</div></form>";
+			}
 	else { // demander seulement le login
 		$action = quote_amp($action);
-		$res .= "<form name='form_login' action='$action' method='post'>\n" .
+		$res .= 
+		"<form name='form_login' action='$action' method='post'>\n" .
 		  "<div class='spip_encadrer' style='text-align:".$GLOBALS["spip_lang_left"].";'>";
 		if ($erreur) $res .= "<span style='color:red;'><b>$erreur</b></span><p />";
 		$res .=
 		  "<label><b>"._T('login_login2')."</b><br /></label>" .
 		  "<input type='text' name='var_login' class='forml' value=\"\" size='40' />\n" .
 		  "<input type='hidden' name='var_url' value='$cible' />\n" .
-		  "<div align='right'><input type='submit' class='spip_bouton' value='"._T('bouton_valider')."'/></div>\n" .
-		  "</div>" .
-		  "</form>";
+		  "<div align='right'><input type='submit' class='spip_bouton' value='"._T('bouton_valider')."'/></div>\n</div></form>";
 	}
 
 	// Gerer le focus
@@ -211,7 +180,7 @@ function login_pour_tous($cible, $prive, $message, $action, $mode) {
 		$res .= "<form action='spip_cookie.php3' method='get'><fieldset>\n<p>"
 			. _T('login_preferez_refuser')
 			. "<input type='hidden' name='essai_auth_http' value='oui'/>\n"
-			. "<input type='hidden' name='url' value='$cible'/>\n"
+			. "<input type='hidden' name='var_url' value='$cible'/>\n"
 			. "<div align='right'><input type='submit' class='spip_bouton' value='"._T('login_sans_cookiie')."'/></div>\n"
 			.  "</fieldset></form>\n";
 	}
@@ -240,8 +209,7 @@ function login_pour_tous($cible, $prive, $message, $action, $mode) {
 	  $res .= " [<a href='$url_site'>"._T('login_retoursitepublic')."</a>]";
 	}
 
-	return $res .  "</div></div></div>";
-
+	return $res .  "</div></div>";
 }
 
 ?>
diff --git a/inc-site.php3 b/inc-site.php3
index 06fe67b451..a5827c7703 100644
--- a/inc-site.php3
+++ b/inc-site.php3
@@ -40,7 +40,7 @@ function site_dyn($id_rubrique, $nom_site, $url_site, $description_site) {
 		spip_query("INSERT INTO spip_syndic (nom_site, url_site, id_rubrique, descriptif, date, date_syndic, statut, syndication) VALUES ('$nom_site', '$url_site', $id_rubrique, '$description_site', NOW(), NOW(), 'prop', 'non')");
 		$res =  _T('form_prop_enregistre');
 	} else {
-		$res .= "<p> "._T('form_prop_non_enregistre') . "</p>";
+		$res .= _T('form_prop_non_enregistre');
 	}
 		
 	return "<div class='reponse_formulaire'>$res</div>";
diff --git a/spip_cookie.php3 b/spip_cookie.php3
index 84f12dd85f..84f9ae1cb8 100644
--- a/spip_cookie.php3
+++ b/spip_cookie.php3
@@ -3,6 +3,30 @@
 include ("ecrire/inc_version.php3");
 include_ecrire ("inc_session.php3");
 
+
+// gerer l'auth http
+function auth_http($url, $essai_auth_http) {
+	$lien = " [<a href='" . _DIR_RESTREINT_ABS . "'>"._T('login_espace_prive')."</a>]";
+	if ($essai_auth_http == 'oui') {
+		include_ecrire('inc_session.php3');
+		if (!verifier_php_auth()) {
+		  $url = quote_amp(urlencode($url));
+			$page_erreur = "<b>"._T('login_connexion_refusee')."</b><p />"._T('login_login_pass_incorrect')."<p />[<a href='./'>"._T('login_retour_site')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&amp;var_url=$url'>"._T('login_nouvelle_tentative')."</a>]";
+			if (ereg(_DIR_RESTREINT_ABS, $url))
+			  $page_erreur .= $lien;
+			ask_php_auth($page_erreur);
+		}
+		else
+			redirige_par_entete($url);
+	}
+	// si demande logout auth_http
+	else if ($essai_auth_http == 'logout') {
+		include_ecrire('inc_session.php3');
+		ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p />"._T('login_verifiez_navigateur')."<p />[<a href='./'>"._T('login_retour_public')."</a>] [<a href='spip_cookie.php3?essai_auth_http=oui&amp;redirect=ecrire'>"._T('login_test_navigateur')."</a>] $lien");
+		exit;
+	}
+}
+
 // rejoue le cookie pour renouveler spip_session
 if ($change_session == 'oui') {
 	if (verifier_session($spip_session)) {
@@ -24,22 +48,21 @@ if ($change_session == 'oui') {
 		exit;
 	}
 }
-#spip_log("cookie: $url");
+#spip_log("cookie: $var_url");
 
-if ($url)  $url = urldecode($url);
+if ($var_url)  $var_url = urldecode($var_url);
 
 // tentative de connexion en auth_http
 if ($essai_auth_http AND !$ignore_auth_http) {
-	include_local ("inc-login.php3");
-	auth_http(($url ? $url : _DIR_RESTREINT_ABS), $essai_auth_http);
+	auth_http(($var_url ? $var_url : _DIR_RESTREINT_ABS), $essai_auth_http);
 	exit;
 }
 
 // cas particulier, logout dans l'espace public
 if ($logout_public) {
 	$logout = $logout_public;
-	if (!$url)
-		$url = 'index.php3';
+	if (!$var_url)
+		$var_url = 'index.php3';
 }
 // tentative de logout
 if ($logout) {
@@ -52,13 +75,12 @@ if ($logout) {
 			spip_setcookie('spip_session', $spip_session, time() - 3600 * 24);
 		}
 		if ($PHP_AUTH_USER AND !$ignore_auth_http) {
-			include_local ("inc-login.php3");
-			auth_http(($url ? $url : _DIR_RESTREINT_ABS), 'logout');
+			auth_http(($var_url ? $var_url : _DIR_RESTREINT_ABS), 'logout');
 		}
 		unset ($auteur_session);
 	}
 
-	redirige_par_entete($url ? $url : "spip_login.php3");
+	redirige_par_entete($var_url ? $var_url : "spip_login.php3");
 }
 
 // en cas de login sur bonjour=oui, on tente de poser un cookie
@@ -67,12 +89,12 @@ if ($logout) {
 if ($test_echec_cookie == 'oui') {
 	spip_setcookie('spip_session', 'test_echec_cookie');
 	redirige_par_entete("spip_login.php3?var_echec_cookie=oui&var_url=" .
-			    ($url ? $url : _DIR_RESTREINT_ABS));
+			    ($var_url ? $var_url : _DIR_RESTREINT_ABS));
 }
 
 // Tentative de login
 unset ($cookie_session);
-$redirect = ($url ? $url : _DIR_RESTREINT_ABS);
+$redirect = ($var_url ? $var_url : _DIR_RESTREINT_ABS);
 if ($essai_login == "oui") {
 	// Recuperer le login en champ hidden
 	if ($session_login_hidden AND !$session_login)
@@ -122,7 +144,7 @@ if ($essai_login == "oui") {
 		$redirect .= (strpos($redirect, "?") ? "&" : "?") . "var_login=$login";
 		if ($session_password || $session_password_md5)
 			$redirect .= '&var_erreur=pass';
-		$redirect .= '&var_url=' . $url;
+		$redirect .= '&var_url=' . $var_url;
 	}
  }
 
-- 
GitLab