diff --git a/.gitattributes b/.gitattributes
index 91a9c5a2bb78e7c610b8ba9067cb3a31653310e3..23377fd530c150fd9266f3819782ea02a3b79e10 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -495,6 +495,7 @@ ecrire/inc/plugin.php -text
ecrire/inc/popularites.php -text
ecrire/inc/referencer_traduction.php -text
ecrire/inc/regler_moderation.php -text
+ecrire/inc/safehtml.php -text
ecrire/inc/securiser_action.php -text
ecrire/inc/selectionner.php -text
ecrire/inc/selectionner_auteur.php -text
diff --git a/ecrire/inc/safehtml.php b/ecrire/inc/safehtml.php
new file mode 100644
index 0000000000000000000000000000000000000000..215cb1e14b2bfe966e3fa1d5106ec8cb83fcbcf6
--- /dev/null
+++ b/ecrire/inc/safehtml.php
@@ -0,0 +1,53 @@
+<?php
+
+/***************************************************************************\
+ * SPIP, Systeme de publication pour l'internet *
+ * *
+ * Copyright (c) 2001-2006 *
+ * Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James *
+ * *
+ * Ce programme est un logiciel libre distribue sous licence GNU/GPL. *
+ * Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne. *
+\***************************************************************************/
+
+
+if (!defined("_ECRIRE_INC_VERSION")) return;
+
+// Controle la presence de la lib safehtml et cree la fonction
+// de transformation du texte qui l'exploite
+if (@is_dir(_DIR_RESTREINT.'safehtml')) {
+ function inc_safehtml_dist($t) {
+ static $process, $test;
+
+ if (!$test) {
+ if ($f = include_spip('safehtml/classes/safehtml', false)) {
+ define('XML_HTMLSAX3', dirname($f).'/');
+ include($f);
+ $process = new safehtml();
+ $process->deleteTags[] = 'param'; // sinon bug Firefox
+ } else die('pas de safe');
+ if ($process)
+ $test = 1; # ok
+ else
+ $test = -1; # se rabattre sur interdire_scripts
+ }
+
+ if ($test > 0) {
+ # reset ($process->clear() ne vide que _xhtml...),
+ # on doit pouvoir programmer ca plus propremement
+ $process->_counter = array();
+ $process->_stack = array();
+ $process->_dcCounter = array();
+ $process->_dcStack = array();
+ $process->_listScope = 0;
+ $process->_liStack = array();
+# $process->parse(''); # cas particulier ?
+ $process->clear();
+ $t = $process->parse($t);
+ }
+
+ return $t;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/ecrire/inc/texte.php b/ecrire/inc/texte.php
index 649502bf28bcee4cc4c518ba16638b3ea3a77252..c900867b6eaeff8a16021c3e65d716d95e462266 100644
--- a/ecrire/inc/texte.php
+++ b/ecrire/inc/texte.php
@@ -430,7 +430,7 @@ function interdire_scripts($t) {
// Securite : utiliser SafeHTML s'il est present dans ecrire/safehtml/
// http://doc.spip.org/@safehtml
function safehtml($t) {
- static $process, $test;
+ static $safehtml;
# attention safehtml nettoie deux ou trois caracteres de plus. A voir
if (strpos($t,'<')===false)
@@ -439,32 +439,10 @@ function safehtml($t) {
$t = interdire_scripts($t);
$t = echappe_js($t);
- if (!$test) {
- if ($f = include_spip('safehtml/classes/safehtml', false)) {
- define('XML_HTMLSAX3', dirname($f).'/');
- include($f);
- $process = new safehtml();
- $process->deleteTags[] = 'param'; // sinon bug Firefox
- } else die('pas de safe');
- if ($process)
- $test = 1; # ok
- else
- $test = -1; # se rabattre sur interdire_scripts
- }
-
- if ($test > 0) {
- # reset ($process->clear() ne vide que _xhtml...),
- # on doit pouvoir programmer ca plus propremement
- $process->_counter = array();
- $process->_stack = array();
- $process->_dcCounter = array();
- $process->_dcStack = array();
- $process->_listScope = 0;
- $process->_liStack = array();
-# $process->parse(''); # cas particulier ?
- $process->clear();
- $t = $process->parse($t);
- }
+ if (!isset($safehtml))
+ $safehtml = charger_fonction('safehtml', 'inc');
+ if ($safehtml)
+ $t = $safehtml($t);
return interdire_scripts($t); # gere le < ?php > en plus
}