From fb03e93a467a3e02334d82404746b3d91b60e7e4 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Wed, 23 Aug 2006 10:18:53 +0000
Subject: [PATCH] =?UTF-8?q?S=C3=A9curit=C3=A9=20Ajax:=20depuis=20que=20les?=
=?UTF-8?q?=20formulaires=20sont=20appelables=20par=20des=20scripts=20auto?=
=?UTF-8?q?nomes,=20il=20faut=20rev=C3=A9rifier=20les=20droits=20du=20conn?=
=?UTF-8?q?ect=C3=A9=20sur=20l'objet=20sur=20lequel=20s'applique=20le=20fo?=
=?UTF-8?q?rmulaire.=20Autrement=20les=20simples=20r=C3=A9dacteurs=20et=20?=
=?UTF-8?q?les=20admins=20restreint=20peuvent=20se=20fabriquer=20un=20form?=
=?UTF-8?q?ulaire=20modifiant=20les=20annexes=20(pi=C3=A8ces=20jointes,=20?=
=?UTF-8?q?forums,=20p=C3=A9tition=20etc)=20d'un=20objet=20qu'il=20n'admin?=
=?UTF-8?q?istre=20pas.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
ecrire/exec/documenter.php | 8 ++++++++
ecrire/exec/petitionner.php | 6 ++++++
ecrire/exec/poster.php | 6 ++++++
ecrire/exec/tourner.php | 8 ++++++++
ecrire/exec/virtualiser.php | 10 ++++++++--
ecrire/inc/auth.php | 17 +++++++++++++++++
6 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/ecrire/exec/documenter.php b/ecrire/exec/documenter.php
index 6f73fc4f5a..5d6d78b562 100644
--- a/ecrire/exec/documenter.php
+++ b/ecrire/exec/documenter.php
@@ -19,6 +19,14 @@ function exec_documenter_dist()
$id = intval($id);
$id_document = intval($id_document);
+ if (!($type == 'article'
+ ? acces_article($id)
+ : acces_rubrique($id))) {
+ spip_log("Tentative d'intrusion de " . $GLOBALS['auteur_session']['nom'] . " dans " . $GLOBALS['exec']);
+ include_spip('inc/minipres');
+ minipres(_T('info_acces_interdit'));
+ }
+
include_spip('inc/documents');
include_spip('inc/presentation');
diff --git a/ecrire/exec/petitionner.php b/ecrire/exec/petitionner.php
index 5d42d4d503..3f7f03ac44 100644
--- a/ecrire/exec/petitionner.php
+++ b/ecrire/exec/petitionner.php
@@ -18,6 +18,12 @@ function exec_petitionner_dist()
global $id_article, $script;
$id_article = intval($id_article);
+ if (!acces_article($id_article)) {
+ spip_log("Tentative d'intrusion de " . $GLOBALS['auteur_session']['nom'] . " dans " . $GLOBALS['exec']);
+ include_spip('inc/minipres');
+ minipres(_T('info_acces_interdit'));
+ }
+
include_spip('inc/petition');
include_spip('inc/presentation');
include_spip('inc/actions');
diff --git a/ecrire/exec/poster.php b/ecrire/exec/poster.php
index b7617d9e68..659d3c3679 100644
--- a/ecrire/exec/poster.php
+++ b/ecrire/exec/poster.php
@@ -18,6 +18,12 @@ function exec_poster_dist()
global $id_article, $script;
$id_article = intval($id_article);
+ if (!acces_article($id_article)) {
+ spip_log("Tentative d'intrusion de " . $GLOBALS['auteur_session']['nom'] . " dans " . $GLOBALS['exec']);
+ include_spip('inc/minipres');
+ minipres(_T('info_acces_interdit'));
+ }
+
include_spip('inc/forum');
include_spip('inc/actions');
diff --git a/ecrire/exec/tourner.php b/ecrire/exec/tourner.php
index c0190d5b09..049600a380 100644
--- a/ecrire/exec/tourner.php
+++ b/ecrire/exec/tourner.php
@@ -19,6 +19,14 @@ function exec_tourner_dist()
$id = intval($id);
$id_document = intval($id_document);
+ if (!($type == 'article'
+ ? acces_article($id)
+ : acces_rubrique($id))) {
+ spip_log("Tentative d'intrusion de " . $GLOBALS['auteur_session']['nom'] . " dans " . $GLOBALS['exec']);
+ include_spip('inc/minipres');
+ minipres(_T('info_acces_interdit'));
+ }
+
include_spip('inc/documents');
include_spip('inc/presentation');
diff --git a/ecrire/exec/virtualiser.php b/ecrire/exec/virtualiser.php
index d4f125ddef..e20013e26a 100644
--- a/ecrire/exec/virtualiser.php
+++ b/ecrire/exec/virtualiser.php
@@ -40,7 +40,7 @@ function formulaire_virtualiser($id_article, $virtuel, $script, $args)
. _T('bouton_changer')
. "' style='font-size:10px' /></div>";
- return ajax_action_auteur('virtualiser', $id_article, $r, $script, $args, $args);
+ return ajax_action_auteur('virtualiser', $id_article, $script, $args, $r);
}
// http://doc.spip.org/@exec_virtualiser_dist
@@ -49,9 +49,15 @@ function exec_virtualiser_dist()
global $id_article, $script;
$id_article = intval($id_article);
+ if (!acces_article($id_article)) {
+ spip_log("Tentative d'intrusion de " . $GLOBALS['auteur_session']['nom'] . " dans " . $GLOBALS['exec']);
+ include_spip('inc/minipres');
+ minipres(_T('info_acces_interdit'));
+ }
+
include_spip('inc/actions');
- return formulaire_virtualiser($id_article, 'ajax', $script, "&id_article=$id_article");
+ return formulaire_virtualiser($id_article, 'ajax', $script, "id_article=$id_article");
}
?>
diff --git a/ecrire/inc/auth.php b/ecrire/inc/auth.php
index 0a9ebca352..0787d68e6e 100644
--- a/ecrire/inc/auth.php
+++ b/ecrire/inc/auth.php
@@ -40,6 +40,23 @@ function acces_mots() {
return $connect_toutes_rubriques;
}
+function acces_article($id_article)
+{
+ global $connect_id_auteur;
+
+ $row = spip_fetch_array(spip_query("SELECT id_rubrique, statut FROM spip_articles WHERE id_article=$id_article"));
+
+ if (acces_rubrique($row['id_rubrique'])) return true;
+
+ $s = spip_num_rows(spip_query("SELECT id_auteur FROM spip_auteurs_articles WHERE id_article=$id_article AND id_auteur=$connect_id_auteur LIMIT 1"));
+
+ if (!$s) return false;
+
+ $s = $row['statut'];
+
+ return ($s == 'prepa' OR $s == 'prop' OR $s == 'poubelle');
+}
+
// http://doc.spip.org/@auth_rubrique
function auth_rubrique()
{
--
GitLab