From dd902f2ec75f8707462ae2e49e7f6e7f710db2b9 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Mon, 14 Nov 2005 13:12:22 +0000
Subject: [PATCH] controle_petition dans le moule, avec un bel XSS en moins
---
.gitattributes | 1 +
ecrire/controle_petition.php3 | 76 +---------------------------
ecrire/inc_controle_petition.php | 85 ++++++++++++++++++++++++++++++++
3 files changed, 88 insertions(+), 74 deletions(-)
create mode 100644 ecrire/inc_controle_petition.php
diff --git a/.gitattributes b/.gitattributes
index 646fbb1a8a..c7c5f7a7f5 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -271,6 +271,7 @@ ecrire/inc_brouteur.php -text
ecrire/inc_brouteur_frame.php -text
ecrire/inc_config-fonctions.php -text
ecrire/inc_controle_forum.php -text
+ecrire/inc_controle_petition.php -text
ecrire/inc_cookie.php -text
ecrire/inc_forum_admin.php -text
ecrire/inc_headers.php -text
diff --git a/ecrire/controle_petition.php3 b/ecrire/controle_petition.php3
index eea37307ad..712c461828 100644
--- a/ecrire/controle_petition.php3
+++ b/ecrire/controle_petition.php3
@@ -10,79 +10,7 @@
* Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne. *
\***************************************************************************/
-
-
include ("inc.php3");
-include_ecrire("inc_presentation.php3");
-include_ecrire("inc_texte.php3");
-include_ecrire("inc_urls.php3");
-include_ecrire("inc_rubriques.php3");
-include ("inc_signatures.php3");
-
-function message_de_signature($row)
-{
- return propre(echapper_tags($row['message']));
-}
-
-
-debut_page(_T('titre_page_controle_petition'), "redacteurs", "suivi-petition");
-debut_gauche();
-
-//
-// Raccourcis
-//
-/*
- debut_raccourcis();
- // rien
- fin_raccourcis();
-*/
-
-debut_droite();
-
-
-echo "<div class='serif2'>";
-
-if ($connect_statut == "0minirezo") {
- gros_titre(_T('titre_suivi_petition'));
-
- if ($supp_petition){
- $query_forum = "UPDATE spip_signatures SET statut='poubelle' WHERE id_signature=$supp_petition";
- $result_forum = spip_query($query_forum);
- }
-
- if ($add_petition){
- $query_forum = "UPDATE spip_signatures SET statut='publie' WHERE id_signature=$add_petition";
- $result_forum = spip_query($query_forum);
- }
-
- // Invalider les pages ayant trait aux petitions
- if ($id_signature = ($add_petition?$add_petition:$supp_petition)) {
- include_ecrire('inc_invalideur.php3');
- list ($id_article) = spip_fetch_array(spip_query("SELECT id_article
- FROM spip_signatures WHERE id_signature=$id_signature"));
- suivre_invalideur("id='varia/pet$id_article'");
- }
-
- if (!$debut) $debut = 0;
-
- spip_query("DELETE FROM spip_signatures WHERE NOT (statut='publie' OR statut='poubelle') AND date_time<DATE_SUB(NOW(),INTERVAL 10 DAY)");
-
- controle_signatures('controle_petition.php3',
- $id_article,
- $debut,
- "(statut='publie' OR statut='poubelle')",
- "date_time DESC");
-
- }
-else {
- echo "<B>"._T('avis_non_acces_page')."</B>";
-}
-
-
-echo "</div>";
-
-fin_page();
-
-
+$var_f = include_fonction(basename($SCRIPT_NAME, _EXTENSION_PHP));
+$var_f(intval($id_article), intval($add_petition), intval($supp_petition), intval($debut));
?>
-
diff --git a/ecrire/inc_controle_petition.php b/ecrire/inc_controle_petition.php
new file mode 100644
index 0000000000..8f1e5a3167
--- /dev/null
+++ b/ecrire/inc_controle_petition.php
@@ -0,0 +1,85 @@
+<?php
+
+/***************************************************************************\
+ * SPIP, Systeme de publication pour l'internet *
+ * *
+ * Copyright (c) 2001-2005 *
+ * Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James *
+ * *
+ * Ce programme est un logiciel libre distribue sous licence GNU/GPL. *
+ * Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne. *
+\***************************************************************************/
+
+include_ecrire("inc_presentation.php3");
+include ("inc_signatures.php3");
+
+function message_de_signature($row)
+{
+ return propre(echapper_tags($row['message']));
+}
+
+
+function controle_petition($id_article, $add_petition, $supp_petition, $debut)
+{
+ global $connect_statut;
+ debut_page(_T('titre_page_controle_petition'), "redacteurs", "suivi-petition");
+ debut_gauche();
+
+//
+// Raccourcis
+//
+/*
+ debut_raccourcis();
+ // rien
+ fin_raccourcis();
+*/
+
+debut_droite();
+
+
+echo "<div class='serif2'>";
+
+if ($connect_statut == "0minirezo") {
+ gros_titre(_T('titre_suivi_petition'));
+
+ if ($supp_petition){
+ $query_forum = "UPDATE spip_signatures SET statut='poubelle' WHERE id_signature=$supp_petition";
+ $result_forum = spip_query($query_forum);
+ }
+
+ if ($add_petition){
+ $query_forum = "UPDATE spip_signatures SET statut='publie' WHERE id_signature=$add_petition";
+ $result_forum = spip_query($query_forum);
+ }
+
+ // Invalider les pages ayant trait aux petitions
+ if ($id_signature = ($add_petition?$add_petition:$supp_petition)) {
+ include_ecrire('inc_invalideur.php3');
+ list ($id_article) = spip_fetch_array(spip_query("SELECT id_article
+ FROM spip_signatures WHERE id_signature=$id_signature"));
+ suivre_invalideur("id='varia/pet$id_article'");
+ }
+
+ if (!$debut) $debut = 0;
+
+ spip_query("DELETE FROM spip_signatures WHERE NOT (statut='publie' OR statut='poubelle') AND date_time<DATE_SUB(NOW(),INTERVAL 10 DAY)");
+
+ controle_signatures('controle_petition.php3',
+ $id_article,
+ $debut,
+ "(statut='publie' OR statut='poubelle')",
+ "date_time DESC");
+
+ }
+else {
+ echo "<B>"._T('avis_non_acces_page')."</B>";
+}
+
+
+echo "</div>";
+
+fin_page();
+
+}
+?>
+
--
GitLab