From dd3c22c81c6a1ead958a2062d836f7beb8ee5058 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Mon, 26 Jun 2006 21:28:29 +0000
Subject: [PATCH] =?UTF-8?q?Ticket=20#413:=20nouvelle=20charette=20d'URL=20?=
=?UTF-8?q?relatives=20pour=20les=20URL=20pass=C3=A9es=20en=20param=C3=A8t?=
=?UTF-8?q?re,=20=C3=A0=20l'aide=20de=20generer=5Furl=5Fretour,=20variante?=
=?UTF-8?q?=20de=20generer=5Furl=5Fecrire=20produisant=20du=20relatif=20et?=
=?UTF-8?q?=20appliquant=20rawurlencode.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Restent à vérifier quelques appels à rawurlencode qui contiennent peut-etre encore d'autres URL absolues, mais il s'agit d'appels peu fréquents.
---
ecrire/balise/url_logout.php | 9 +++------
ecrire/exec/accueil.php | 3 ++-
ecrire/exec/articles.php | 11 ++++-------
ecrire/exec/articles_forum.php | 2 +-
ecrire/exec/breves_voir.php | 6 ++++--
ecrire/exec/forum.php | 19 ++++++++-----------
ecrire/exec/forum_envoi.php | 11 ++++-------
ecrire/exec/message.php | 5 ++---
ecrire/exec/mots_edit.php | 2 +-
ecrire/exec/mots_tous.php | 6 +++---
ecrire/exec/naviguer.php | 2 +-
ecrire/exec/sites.php | 26 ++++++++++----------------
ecrire/inc/mots.php | 18 +++++++++---------
ecrire/inc/presentation.php | 11 ++++++-----
ecrire/inc/utils.php | 11 ++++++++---
15 files changed, 66 insertions(+), 76 deletions(-)
diff --git a/ecrire/balise/url_logout.php b/ecrire/balise/url_logout.php
index 1b6e5f8e9d..7ec3fbfde4 100644
--- a/ecrire/balise/url_logout.php
+++ b/ecrire/balise/url_logout.php
@@ -21,14 +21,11 @@ function balise_URL_LOGOUT_stat ($args, $filtres) {
}
function balise_URL_LOGOUT_dyn($cible) {
- if (!$login = $GLOBALS['auteur_session']['login'])
+ if (!$login = rawurlencode($GLOBALS['auteur_session']['login']))
return '';
- if (!$cible)
- $cible = self();
+ if (!$cible) $cible = self();
- return generer_url_public('spip_cookie',
- "logout_public=".rawurlencode($login)."&url=" . rawurlencode($cible)
- );
+ return generer_url_public('spip_cookie',"logout_public=$login&url=" . rawurlencode($cible));
}
?>
diff --git a/ecrire/exec/accueil.php b/ecrire/exec/accueil.php
index 6ff0990407..68a4d54617 100644
--- a/ecrire/exec/accueil.php
+++ b/ecrire/exec/accueil.php
@@ -220,6 +220,7 @@ if ($spip_display == 4) {
if (/* $connect_statut == "0minirezo" AND */ $spip_display != 4) {
if (!$_COOKIE['spip_admin']) {
+ $cookie = rawurlencode("@$connect_login");
$gadget .= "<div> </div>".
"<table width=95%><tr>".
"<td width=100%>".
@@ -230,7 +231,7 @@ if (/* $connect_statut == "0minirezo" AND */ $spip_display != 4) {
http_img_pack("rien.gif", ' ', "width='10'") .
"</td>".
"<td width='250'>".
- icone_horizontale(_T('icone_activer_cookie'), generer_url_public('spip_cookie', "cookie_admin=".rawurlencode("@$connect_login")."&url=".rawurlencode(_DIR_RESTREINT_ABS)), "cookie-24.gif", "", false).
+ icone_horizontale(_T('icone_activer_cookie'), generer_url_public('spip_cookie', "cookie_admin=$cookie&url=".rawurlencode(_DIR_RESTREINT_ABS)), "cookie-24.gif", "", false).
"</td></tr></table>";
}
}
diff --git a/ecrire/exec/articles.php b/ecrire/exec/articles.php
index 8893aee78d..85090cb60d 100644
--- a/ecrire/exec/articles.php
+++ b/ecrire/exec/articles.php
@@ -971,9 +971,8 @@ function rechercher_auteurs_articles($cherche_auteur, $id_article, $id_rubrique,
AND $GLOBALS['connect_toutes_rubriques']) {
echo "<div style='width: 200px;'>";
- $retour = rawurlencode(generer_url_ecrire("articles","id_article=$id_article"));
$titre = rawurlencode($cherche_auteur);
- icone_horizontale(_T('icone_creer_auteur'), generer_url_ecrire("auteur_infos","ajouter_id_article=$id_article&nom=$titre&redirect=$retour"), "redacteurs-24.gif", "creer.gif");
+ icone_horizontale(_T('icone_creer_auteur'), generer_url_ecrire("auteur_infos","ajouter_id_article=$id_article&nom=$titre&redirect=" . generer_url_retour("articles","id_article=$id_article")), "redacteurs-24.gif", "creer.gif");
echo "</div> ";
// message pour ne pas afficher le second bouton "creer un auteur"
@@ -1091,8 +1090,7 @@ function ajouter_auteurs_articles($id_article, $id_rubrique, $les_auteurs, $flag
AND $connect_toutes_rubriques
AND !$supprimer_bouton_creer_auteur) {
echo "<td width='200'>";
- $retour = rawurlencode(generer_url_ecrire("articles","id_article=$id_article"));
- icone_horizontale(_T('icone_creer_auteur'), generer_url_ecrire("auteur_infos","ajouter_id_article=$id_article&redirect=$retour"), "redacteurs-24.gif", "creer.gif");
+ icone_horizontale(_T('icone_creer_auteur'), generer_url_ecrire("auteur_infos","ajouter_id_article=$id_article&redirect=" .generer_url_retour("articles","id_article=$id_article")), "redacteurs-24.gif", "creer.gif");
echo "</td>";
echo "<td width='20'> </td>";
}
@@ -1216,12 +1214,11 @@ function affiche_forums_article($id_article, $id_rubrique, $titre, $debut, $mute
echo "<BR><BR>";
- $forum_retour = generer_url_ecrire("articles","id_article=$id_article", true);
if (!$mute) {
$tm = rawurlencode($titre);
echo "\n<div align='center'>";
- icone(_T('icone_poster_message'), generer_url_ecrire("forum_envoi","statut=prive&adresse_retour=" . rawurlencode($forum_retour) . "&id_article=$id_article&titre_message=$tm"), "forum-interne-24.gif", "creer.gif");
+ icone(_T('icone_poster_message'), generer_url_ecrire("forum_envoi","statut=prive&id_article=$id_article&titre_message=$tm&url=" . generer_url_retour("articles","id_article=$id_article")), "forum-interne-24.gif", "creer.gif");
echo "</div>";
}
@@ -1249,7 +1246,7 @@ function affiche_forums_article($id_article, $id_rubrique, $titre, $debut, $mute
$result_forum = spip_query("SELECT * FROM spip_forum WHERE statut='prive' AND id_article='$id_article' AND id_parent=0 ORDER BY date_heure DESC" . " LIMIT $debut,$total_afficher" );
# " LIMIT $total_afficher OFFSET $debut" # PG
- afficher_forum($result_forum, $forum_retour, $mute);
+ afficher_forum($result_forum, "articles","id_article=$id_article", $mute);
if (!$debut) $debut = 0;
$total_afficher = 8;
diff --git a/ecrire/exec/articles_forum.php b/ecrire/exec/articles_forum.php
index e6d3dd6cf3..a563215599 100644
--- a/ecrire/exec/articles_forum.php
+++ b/ecrire/exec/articles_forum.php
@@ -50,7 +50,7 @@ function exec_articles_forum_dist()
$res = spip_query("SELECT pied.*, max(thread.date_heure) AS date FROM spip_forum AS pied, spip_forum AS thread WHERE pied.id_article='$id_article' AND pied.id_parent=0 AND pied.statut IN ('publie', 'off', 'prop') AND thread.id_thread=pied.id_forum GROUP BY id_thread ORDER BY date DESC LIMIT $debut, $pack");
- afficher_forum($res,"", $id_article);
+ afficher_forum($res,"", '', $id_article);
fin_page();
}
diff --git a/ecrire/exec/breves_voir.php b/ecrire/exec/breves_voir.php
index 426953d3d0..3d8db42c55 100644
--- a/ecrire/exec/breves_voir.php
+++ b/ecrire/exec/breves_voir.php
@@ -215,10 +215,12 @@ fin_cadre_relief();
// Forums
//
+ $tm = rawurlencode($titre);
+
echo "<BR><BR>";
echo "\n<div align='center'>";
- icone(_T('icone_poster_message'), generer_url_ecrire("forum_envoi", "statut=prive&id_breve=$id_breve&titre_message=".rawurlencode($titre) . "&adresse_retour=".rawurlencode( generer_url_ecrire("breves_voir", "id_breve=$id_breve"))),
+ icone(_T('icone_poster_message'), generer_url_ecrire("forum_envoi", "statut=prive&id_breve=$id_breve&titre_message=$tm&url=".generer_url_retour("breves_voir", "id_breve=$id_breve")),
"forum-interne-24.gif", "creer.gif");
echo "</div>";
@@ -226,7 +228,7 @@ echo "</div>";
echo "<P align='left'>";
-afficher_forum(spip_query("SELECT * FROM spip_forum WHERE statut='prive' AND id_breve='$id_breve' AND id_parent=0 ORDER BY date_heure DESC LIMIT 20"), generer_url_ecrire("breves_voir", "id_breve=$id_breve"));
+ afficher_forum(spip_query("SELECT * FROM spip_forum WHERE statut='prive' AND id_breve='$id_breve' AND id_parent=0 ORDER BY date_heure DESC LIMIT 20"), "breves_voir", "id_breve=$id_breve");
fin_page();
}
diff --git a/ecrire/exec/forum.php b/ecrire/exec/forum.php
index b6557b9c31..4dd9b3d5a1 100644
--- a/ecrire/exec/forum.php
+++ b/ecrire/exec/forum.php
@@ -17,7 +17,7 @@ include_spip('inc/texte');
charger_generer_url();
include_spip('inc/rubriques');
-function liste_numeros_forum($urlforum, $debut, $total)
+function liste_numeros_forum($script, $debut, $total)
{
echo "\n<p>";
for ($i = 0; $i < $total; $i = $i + 10){
@@ -25,7 +25,7 @@ function liste_numeros_forum($urlforum, $debut, $total)
if ($i == $debut)
echo "\n<FONT SIZE='3'><B>$i</B></FONT>";
else
- echo "\n<A HREF='$urlforum&debut=$i'>$i</A>";
+ echo "\n<a href='", generer_url_ecrire($script, "debut=$i"), "'>$i</a>";
}
echo "\n</p>\n";
}
@@ -40,12 +40,12 @@ function exec_forum_dist()
debut_page(_T('titre_page_forum'), "redacteurs", "privadm");
$statutforum = 'privadm';
$logo = "forum-admin-24.gif";
- $urlforum = generer_url_ecrire('forum_admin');
+ $script = 'forum_admin';
} else {
debut_page(_T('titre_forum'), "redacteurs", "forum-interne");
$statutforum = 'privrac';
$logo = "forum-interne-24.gif";
- $urlforum = generer_url_ecrire('forum','', true);
+ $script = 'forum';
}
debut_gauche();
@@ -68,14 +68,11 @@ function exec_forum_dist()
$total = ($row = spip_fetch_array($result_forum)) ? $row['cnt'] : 0;
- if ($total > 10) liste_numeros_forum($urlforum, $debut, $total);
+ if ($total > 10) liste_numeros_forum($script, $debut, $total);
+ $tm = rawurlencode(filtrer_entites(_T('texte_nouveau_message')));
echo "<p><div align='center'>";
- icone (_T('icone_poster_message'), generer_url_ecrire("forum_envoi",
- "statut=$statutforum&adresse_retour=" .
- rawurlencode($urlforum) .
- "&titre_message=" .
- rawurlencode(filtrer_entites(_T('texte_nouveau_message')))),
+ icone (_T('icone_poster_message'), generer_url_ecrire("forum_envoi", "statut=$statutforum&titre_message=$tm&url=" . generer_url_retour($script)),
$logo, "creer.gif");
echo "</div></p>";
@@ -83,7 +80,7 @@ function exec_forum_dist()
$limit = $debut ? "LIMIT $debut,10" : "LIMIT 10" ;
$result_forum = spip_query("SELECT * FROM spip_forum WHERE statut='$statutforum' AND id_parent=0 ORDER BY date_heure DESC $limit");
- afficher_forum($result_forum,$urlforum);
+ afficher_forum($result_forum,$script,'');
echo "</div>";
diff --git a/ecrire/exec/forum_envoi.php b/ecrire/exec/forum_envoi.php
index c03771348d..4b04c5ce06 100644
--- a/ecrire/exec/forum_envoi.php
+++ b/ecrire/exec/forum_envoi.php
@@ -20,7 +20,7 @@ include_spip('base/abstract_sql');
function exec_forum_envoi_dist()
{
global
- $adresse_retour,
+ $url,
$connect_id_auteur,
$id_article,
$id_breve,
@@ -48,8 +48,6 @@ global
if ($modif_forum != "oui")
$titre_message = ereg_replace("^([^>])", "> \\1", $titre_message);
-$adresse_retour = rawurldecode($adresse_retour);
-
if ($valider_forum AND ($statut!='')) {
$titre_message = corriger_caracteres($titre_message);
$texte = corriger_caracteres($texte);
@@ -62,7 +60,7 @@ if ($valider_forum AND ($statut!='')) {
spip_query("UPDATE spip_auteurs_messages SET vu = 'non' WHERE id_message='$id_message'");
}
- redirige_par_entete($adresse_retour);
+ redirige_par_entete(rawurldecode($url));
}
if ($id_message) debut_page(_T('titre_page_forum_envoi'), "asuivre", "messagerie");
@@ -155,7 +153,7 @@ if ($forum_stat == "prive") $logo = "forum-interne-24.gif";
else if ($forum_stat == "privrac") $logo = "forum-interne-24.gif";
else $logo = "forum-public-24.gif";
-icone(_T('icone_retour'), $adresse_retour, $logo);
+icone(_T('icone_retour'), rawurldecode($url), $logo);
echo "</TD>";
echo "<TD><IMG SRC='" . _DIR_IMG_PACK . "rien.gif' WIDTH=10 BORDER=0></td><TD WIDTH=\"100%\">";
@@ -168,8 +166,7 @@ if (!$modif_forum OR $modif_forum == "oui") {
echo "<input type='hidden' name='modif_forum' value='oui'>\n";
}
- echo "<input type='hidden' name='adresse_retour' value=\"",
- rawurlencode($adresse_retour), "\" />\n",
+ echo "<input type='hidden' name='url' value=\"$url\" />\n",
"<input type='hidden' name='id_rubrique' value=\"", $id_rubrique, "\" />\n",
"<input type='hidden' name='id_parent' value=\"", $id_parent, "\" />\n",
"<input type='hidden' name='id_article' value=\"", $id_article, "\" />\n",
diff --git a/ecrire/exec/message.php b/ecrire/exec/message.php
index 615fed5bca..3e649226fd 100644
--- a/ecrire/exec/message.php
+++ b/ecrire/exec/message.php
@@ -233,15 +233,14 @@ function http_ajouter_participants($ze_auteurs, $id_message)
function http_afficher_forum_perso($id_message, $titre)
{
- $forum_retour = rawurlencode(generer_url_ecrire("message","id_message=$id_message", true));
$utitre = rawurlencode($titre);
echo "<br /><br />\n<div align='center'>";
- icone(_T('icone_poster_message'), generer_url_ecrire("forum_envoi","statut=perso&adresse_retour=$forum_retour&id_message=$id_message&titre_message=$utitre"), "forum-interne-24.gif", "creer.gif");
+ icone(_T('icone_poster_message'), generer_url_ecrire("forum_envoi","statut=perso&id_message=$id_message&titre_message=$utitre&url=" . generer_url_retour("message","id_message=$id_message")), "forum-interne-24.gif", "creer.gif");
echo "</div>\n<p align='left'>";
$query_forum = spip_query("SELECT * FROM spip_forum WHERE statut='perso' AND id_message='$id_message' AND id_parent=0 ORDER BY date_heure DESC LIMIT 20");
- afficher_forum($query_forum, $forum_retour);
+ afficher_forum($query_forum, "message","id_message=$id_message");
echo "\n</p>";
}
diff --git a/ecrire/exec/mots_edit.php b/ecrire/exec/mots_edit.php
index fb50f4faee..62fbd40df2 100644
--- a/ecrire/exec/mots_edit.php
+++ b/ecrire/exec/mots_edit.php
@@ -149,7 +149,7 @@ debut_raccourcis();
if ($connect_statut == '0minirezo' AND $connect_toutes_rubriques AND $id_groupe) {
icone_horizontale(_T('icone_modif_groupe_mots'), generer_url_ecrire("mots_type","id_groupe=$id_groupe"), "groupe-mot-24.gif", "edit.gif");
- icone_horizontale(_T('icone_creation_mots_cles'), generer_url_ecrire("mots_edit", "new=oui&id_groupe=$id_groupe&redirect=" . rawurlencode(generer_url_ecrire('mots_tous'))), "mot-cle-24.gif", "creer.gif");
+ icone_horizontale(_T('icone_creation_mots_cles'), generer_url_ecrire("mots_edit", "new=oui&id_groupe=$id_groupe&redirect=" . generer_url_retour('mots_tous')), "mot-cle-24.gif", "creer.gif");
}
icone_horizontale(_T('icone_voir_tous_mots_cles'), generer_url_ecrire("mots_tous",""), "mot-cle-24.gif", "rien.gif");
diff --git a/ecrire/exec/mots_tous.php b/ecrire/exec/mots_tous.php
index 594e5f4ffb..c8f73e6f2d 100644
--- a/ecrire/exec/mots_tous.php
+++ b/ecrire/exec/mots_tous.php
@@ -49,7 +49,7 @@ function exec_mots_tous_dist()
// si le mot n'est pas lie, on demande sa suppression
if ($nb_articles + $nb_breves + $nb_sites + $nb_forum == 0) {
- redirige_par_entete(generer_url_ecrire("mots_edit","supp_mot=$id_mot&redirect_ok=oui&redirect=" . rawurlencode(generer_url_ecrire('mots_tous')), true));
+ redirige_par_entete(generer_url_ecrire("mots_edit","supp_mot=$id_mot&redirect_ok=oui&redirect=" . generer_url_retour('mots_tous'), true));
} // else traite plus loin (confirmation de suppression)
}
}
@@ -117,7 +117,7 @@ if ($conf_mot>0) {
echo _T('info_delet_mots_cles', array('titre_mot' => $titre_mot, 'type_mot' => $type_mot, 'texte_lie' => $texte_lie));
echo "<UL>";
- echo "<LI><B><A href='", generer_url_ecrire('mots_edit', "supp_mot=$id_mot&redirect_ok=oui&redirect=" . rawurlencode(generer_url_ecrire('mots_tous'))),
+ echo "<LI><B><A href='", generer_url_ecrire('mots_edit', "supp_mot=$id_mot&redirect_ok=oui&redirect=" . generer_url_retour('mots_tous')),
"'>",
_T('item_oui'),
"</A>,</B> ",
@@ -205,7 +205,7 @@ while ($row_groupes = spip_fetch_array($result_groupes)) {
}
echo "<td>";
echo "<div align='$spip_lang_right'>";
- icone(_T('icone_creation_mots_cles'), generer_url_ecrire("mots_edit","new=oui&id_groupe=$id_groupe&redirect=" . rawurlencode(generer_url_ecrire('mots_tous'))), "mot-cle-24.gif", "creer.gif");
+ icone(_T('icone_creation_mots_cles'), generer_url_ecrire("mots_edit","new=oui&id_groupe=$id_groupe&redirect=" . generer_url_retour('mots_tous')), "mot-cle-24.gif", "creer.gif");
echo "</div>";
echo "</td></tr></table>";
}
diff --git a/ecrire/exec/naviguer.php b/ecrire/exec/naviguer.php
index 98a77b66e4..52158df1ac 100644
--- a/ecrire/exec/naviguer.php
+++ b/ecrire/exec/naviguer.php
@@ -391,7 +391,7 @@ if ($relief) {
if ($id_rubrique > 0 AND ($flag_editable OR $GLOBALS['meta']["proposer_sites"]> 0)) {
echo "<div align='$spip_lang_right'>";
- icone(_T('info_sites_referencer'), generer_url_ecrire('sites_edit', "id_rubrique=$id_rubrique&redirect=" . rawurlencode(generer_url_ecrire('naviguer', "id_rubrique=$id_rubrique"))), "site-24.gif", "creer.gif");
+ icone(_T('info_sites_referencer'), generer_url_ecrire('sites_edit', "id_rubrique=$id_rubrique&redirect=" . generer_url_retour('naviguer', "id_rubrique=$id_rubrique")), "site-24.gif", "creer.gif");
echo "</div><p>";
}
}
diff --git a/ecrire/exec/sites.php b/ecrire/exec/sites.php
index 19253d04bd..e6d8bd40da 100644
--- a/ecrire/exec/sites.php
+++ b/ecrire/exec/sites.php
@@ -45,7 +45,6 @@ function exec_sites_dist()
$old_syndic,
$oubli,
$redirect,
- $redirect_ok,
$reload,
$resume,
$spip_display,
@@ -58,7 +57,7 @@ function exec_sites_dist()
$id_rubrique = intval($id_parent); // pas toujours present, mais tant pis.
$id_syndic = intval($id_syndic);
-
+ $redirect_args = '';
//
// Creation d'un site
//
@@ -110,8 +109,7 @@ if ($analyser_site == 'oui' AND $flag_editable) {
$syndication = $v[syndic] ? 'oui' : 'non';
$result = spip_query("UPDATE spip_syndic SET nom_site=" . spip_abstract_quote($nom_site) . ", url_site=" . spip_abstract_quote($url) . ", url_syndic=" . spip_abstract_quote($url_syndic) . ", descriptif=" . spip_abstract_quote($descriptif) . ", syndication='$syndication', statut='$statut' WHERE id_syndic=$id_syndic");
if ($syndication == 'oui') syndic_a_jour($id_syndic);
- $redirect = generer_url_ecrire('sites',("id_syndic=$id_syndic". ($redirect ? "&redirect=$redirect" : "")), true);
- $redirect_ok = 'oui';
+ $redirect_args = "id_syndic=$id_syndic";
}
}
@@ -168,8 +166,8 @@ if (strval($nom_site)!='' AND $modifier_site == 'oui' AND $flag_editable) {
marquer_indexer('syndic', $id_syndic);
}
}
- $redirect = generer_url_ecrire('sites',("id_syndic=$id_syndic". ($redirect ? "&redirect=$redirect" : "") . ($reload ? "&reload=$reload" : '')), true);
- $redirect_ok = 'oui';
+
+ $redirect_args = "id_syndic=$id_syndic" .($reload ? "&reload=$reload" : '');
}
@@ -180,8 +178,8 @@ if ($jour AND $flag_administrable) {
calculer_rubriques();
}
-if ($redirect AND $redirect_ok == 'oui') {
- redirige_par_entete($redirect);
+if ($redirect AND $redirect_args) {
+ redirige_par_entete(generer_url_ecrire('sites', $redirect_args . "&redirect=$redirect", true));
}
// Appliquer le choix resume/fulltexte (necessite un reload)
@@ -526,18 +524,14 @@ fin_cadre_relief();
// Forums
//
-echo "<br><br>\n";
-
- $forum_retour = generer_url_ecrire("sites","id_syndic=$id_syndic", '&');
+ echo "<br /><br />\n<div align='center'>";
-echo "<div align='center'>";
- icone (_T('icone_poster_message'), generer_url_ecrire('forum_envoi',"id_syndic=$id_syndic&statut=prive&adresse_retour=".rawurlencode($forum_retour)."&titre_message=$nom_site"), "forum-interne-24.gif", "creer.gif");
-echo "</div>";
+ icone (_T('icone_poster_message'), generer_url_ecrire('forum_envoi',"id_syndic=$id_syndic&statut=prive&titre_message=$nom_site&url=".generer_url_retour("sites","id_syndic=$id_syndic")), "forum-interne-24.gif", "creer.gif");
-echo "<p align='left'>\n";
+ echo "</div><p align='left'>\n";
$result_forum = spip_query("SELECT * FROM spip_forum WHERE statut='prive' AND id_syndic=$id_syndic AND id_parent=0 ORDER BY date_heure DESC LIMIT 20");
-afficher_forum($result_forum, $forum_retour);
+afficher_forum($result_forum, "sites","id_syndic=$id_syndic");
fin_page();
diff --git a/ecrire/inc/mots.php b/ecrire/inc/mots.php
index c7a5e356bb..8eba7e99a6 100644
--- a/ecrire/inc/mots.php
+++ b/ecrire/inc/mots.php
@@ -101,12 +101,12 @@ function mots_ressemblants($mot, $table_mots, $table_ids='') {
* specifie, plus le formulaire d'ajout de mot-cle
*/
-function formulaire_mots($table, $id_objet, $nouv_mot, $supp_mot, $cherche_mot, $flag_editable, $retour) {
+// $retour ne sert plus car deductible des autres
+
+function formulaire_mots($table, $id_objet, $nouv_mot, $supp_mot, $cherche_mot, $flag_editable, $retour='') {
global $connect_statut, $connect_toutes_rubriques, $options;
global $spip_lang_rtl, $spip_lang_right, $spip_lang;
- $retour = rawurlencode($retour);
-
if ($table == 'articles') {
$table_id = 'id_article';
$objet = 'article';
@@ -199,7 +199,7 @@ function formulaire_mots($table, $id_objet, $nouv_mot, $supp_mot, $cherche_mot,
AND $connect_toutes_rubriques ) {
echo "<div style='width: 200px;'>";
$titre = rawurlencode($cherche_mot);
- icone_horizontale(_T('icone_creer_mot_cle'), generer_url_ecrire("mots_edit","new=oui&ajouter_id_article=$id_objet&table=$table&table_id=$table_id&titre=$titre&redirect=$retour"), "mot-cle-24.gif", "creer.gif");
+ icone_horizontale(_T('icone_creer_mot_cle'), generer_url_ecrire("mots_edit","new=oui&ajouter_id_article=$id_objet&table=$table&table_id=$table_id&titre=$titre&redirect=" . generer_url_retour($url_base, "$table_id=$id_objet")), "mot-cle-24.gif", "creer.gif");
echo "</div> ";
}
@@ -243,7 +243,7 @@ function formulaire_mots($table, $id_objet, $nouv_mot, $supp_mot, $cherche_mot,
//
$visible = $nouveaux_mots||$cherche_mot||$supp_mot;
- afficher_mots_cles($flag_editable, $id_objet, $retour, $table, $table_id, $url_base, $visible);
+ afficher_mots_cles($flag_editable, $id_objet, $table, $table_id, $url_base, $visible);
fin_cadre_enfonce();
}
@@ -277,7 +277,7 @@ function affiche_mots_ressemblant($cherche_mot, $id_objet, $resultat, $table_id,
}
-function afficher_mots_cles($flag_editable, $id_objet, $retour, $table, $table_id, $url_base, $visible)
+function afficher_mots_cles($flag_editable, $id_objet, $table, $table_id, $url_base, $visible)
{
global $spip_lang_rtl, $spip_lang, $spip_lang_right, $connect_statut, $connect_toutes_rubriques, $options;
@@ -292,7 +292,7 @@ function afficher_mots_cles($flag_editable, $id_objet, $retour, $table, $table_i
$tableau= array();
$cle = http_img_pack('petite-cle.gif', "", "width='23' height='12'");
- $ret = rawurlencode(generer_url_ecrire($url_base, "$table_id=$id_objet#mots"));
+ $ret = generer_url_retour($url_base, "$table_id=$id_objet#mots");
while ($row = spip_fetch_array($result)) {
$id_mot = $row['id_mot'];
@@ -420,7 +420,7 @@ function afficher_mots_cles($flag_editable, $id_objet, $retour, $table, $table_i
if ($connect_statut == '0minirezo' AND $options == "avancees" AND $connect_toutes_rubriques) {
echo "<tr><td></td><td colspan='2'>";
echo "<div style='width: 200px;'>";
- icone_horizontale(_T('icone_creer_mot_cle'), generer_url_ecrire("mots_edit","new=oui&ajouter_id_article=$id_objet&table=$table&table_id=$table_id&redirect=$retour"), "mot-cle-24.gif", "creer.gif");
+ icone_horizontale(_T('icone_creer_mot_cle'), generer_url_ecrire("mots_edit","new=oui&ajouter_id_article=$id_objet&table=$table&table_id=$table_id&redirect=" . generer_url_retour($url_base, "$table_id=$id_objet")), "mot-cle-24.gif", "creer.gif");
echo "</div> ";
echo "</td></tr>";
}
@@ -617,7 +617,7 @@ function afficher_groupe_mots_boucle($row, $occurrences)
if ($connect_statut == "0minirezo" OR $occurrences['articles'][$id_mot] > 0)
$s = "<a href='" .
- generer_url_ecrire('mots_edit', "id_mot=$id_mot&redirect=" . rawurlencode(generer_url_ecrire('mots_tous'))) .
+ generer_url_ecrire('mots_edit', "id_mot=$id_mot&redirect=" . generer_url_retour('mots_tous')) .
"' class='liste-mot'>".typo($titre_mot)."</a>";
else $s = typo($titre_mot);
diff --git a/ecrire/inc/presentation.php b/ecrire/inc/presentation.php
index 9ba3d74bdd..0ba6e29aa9 100644
--- a/ecrire/inc/presentation.php
+++ b/ecrire/inc/presentation.php
@@ -1381,7 +1381,7 @@ function affiche_auteur_boucle($row, &$tous_id)
// Afficher les forums
//
-function afficher_forum($request, $adresse_retour, $controle_id_article = false) {
+function afficher_forum($request, $retour, $arg, $controle_id_article = false) {
global $spip_display;
static $compteur_forum = 0;
static $nb_forum = array();
@@ -1400,8 +1400,8 @@ function afficher_forum($request, $adresse_retour, $controle_id_article = false)
(($statut=="prive" OR $statut=="privrac" OR $statut=="privadm" OR $statut=="perso")
OR ($statut=="publie" AND $id_parent > 0))) {
- afficher_forum_thread($row, $controle_id_article, $compteur_forum, $nb_forum, $i, $adresse_retour);
- afficher_forum(spip_query("SELECT * FROM spip_forum WHERE id_parent='" . $row['id_forum'] . "'" . ($controle_id_article ? " AND statut<>'off'" : '') . " ORDER BY date_heure"), $adresse_retour, $controle_id_article);
+ afficher_forum_thread($row, $controle_id_article, $compteur_forum, $nb_forum, $i, $retour, $arg);
+ afficher_forum(spip_query("SELECT * FROM spip_forum WHERE id_parent='" . $row['id_forum'] . "'" . ($controle_id_article ? " AND statut<>'off'" : '') . " ORDER BY date_heure"), $retour, $arg, $controle_id_article);
}
$i[$compteur_forum]++;
}
@@ -1410,7 +1410,7 @@ function afficher_forum($request, $adresse_retour, $controle_id_article = false)
$compteur_forum--;
}
-function afficher_forum_thread($row, $controle_id_article, $compteur_forum, $nb_forum, $i, $adresse_retour) {
+function afficher_forum_thread($row, $controle_id_article, $compteur_forum, $nb_forum, $i, $retour, $arg) {
global $spip_lang_rtl, $spip_lang_left, $spip_lang_right, $spip_display;
static $voir_logo = array(); // pour ne calculer qu'une fois
@@ -1504,8 +1504,9 @@ function afficher_forum_thread($row, $controle_id_article, $compteur_forum, $nb_
}
if (!$controle_id_article) {
+ $tm = rawurlencode($titre);
echo "<div align='right' class='verdana1'>";
- echo "<b><a href='", generer_url_ecrire("forum_envoi","id_parent=$id_forum&adresse_retour=" . rawurlencode($adresse_retour) . "&titre_message=".rawurlencode($titre) .'#formulaire'),
+ echo "<b><a href='", generer_url_ecrire("forum_envoi","id_parent=$id_forum&titre_message=$tm&url=" . generer_url_retour($retour, $arg) .'#formulaire'),
"'>",
_T('lien_repondre_message'),
"</a></b></div>";
diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index af68ca80a9..1cc4a83f65 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -541,13 +541,13 @@ function cron ($gourmand=false) {
// envoyer le navigateur sur une nouvelle adresse
// en evitant les attaques par la redirection (souvent indique par 1 $_GET)
-function redirige_par_entete($url, $fin="") {
+function redirige_par_entete($url) {
# en theorie on devrait faire ca tout le temps, mais quand la chaine
# commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne
if ($url[0]=='?')
$url = url_de_base().$url;
- @header("Location: " . strtr("$url$fin", "\n\r", " "));
+ @header("Location: " . strtr($url, "\n\r", " "));
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
@@ -556,7 +556,7 @@ function redirige_par_entete($url, $fin="") {
<body>
<h1>302 Found</h1>
<a href="'
-.quote_amp("$url$fin")
+.quote_amp($url)
.'">Click here</a>.
</body></html>';
@@ -733,6 +733,11 @@ function generer_url_ecrire($script, $args="", $no_entities=false, $rel=false) {
return $rel . ($no_entities ? $args : str_replace('&', '&', $args));
}
+function generer_url_retour($script, $args="")
+{
+ return rawurlencode(generer_url_ecrire($script, $args, true, true));
+}
+
//
// Adresse des scripts publics (a passer dans inc-urls...)
//
--
GitLab