From 0b187fcce27f8786840075af7bb4e49351ec20c5 Mon Sep 17 00:00:00 2001 From: "Committo,Ergo:sum" <esj@rezo.net> Date: Sat, 3 Jan 2009 08:57:53 +0000 Subject: [PATCH] =?UTF-8?q?Ce=20n'=C3=A9tait=20pas=20un=20trou=20de=20s?= =?UTF-8?q?=C3=A9curit=C3=A9=20mais=20c'=C3=A9tait=20imprudent.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ecrire/exec/documenter.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ecrire/exec/documenter.php b/ecrire/exec/documenter.php index 6b6bc124c3..f5000abccd 100644 --- a/ecrire/exec/documenter.php +++ b/ecrire/exec/documenter.php @@ -15,23 +15,25 @@ if (!defined("_ECRIRE_INC_VERSION")) return; // http://doc.spip.org/@exec_documenter_dist function exec_documenter_dist() { - $type = _request("type"); - $script = _request("script"); // generalisation a tester + $script = _request('script'); // generalisation a tester + $iframe = _request('iframe'); + $album = _request('s'); + $type = _request('type'); $id = intval(_request(id_table_objet($type))); - exec_documenter_args($id, $type, $script, _request('s')); + exec_documenter_args($id, $type, $script, $album, $iframe); } // http://doc.spip.org/@exec_documenter_args -function exec_documenter_args($id, $type, $script, $album='') +function exec_documenter_args($id, $type, $script, $album='', $iframe=false) { - if (!$id OR !autoriser('modifier', $type, $id)) { + if (!$id OR !autoriser('modifier', $type, $id) OR !preg_match('/^\w*$/', $script)) { include_spip('inc/minipres'); echo minipres(); } else { $album = !$album ? 'documents' : 'portfolio'; include_spip('inc/actions'); $documenter = charger_fonction('documenter', 'inc'); - if(_request("iframe")=="iframe") { + if ($iframe==='iframe') { $res = $documenter($id, $type, "portfolio", 'ajax', '', $script). $documenter($id, $type, "documents", 'ajax', '', $script); ajax_retour("<div class='upload_answer upload_document_added'>".$res."</div>",false); -- GitLab