From 0b187fcce27f8786840075af7bb4e49351ec20c5 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Sat, 3 Jan 2009 08:57:53 +0000
Subject: [PATCH] =?UTF-8?q?Ce=20n'=C3=A9tait=20pas=20un=20trou=20de=20s?=
 =?UTF-8?q?=C3=A9curit=C3=A9=20mais=20c'=C3=A9tait=20imprudent.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ecrire/exec/documenter.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ecrire/exec/documenter.php b/ecrire/exec/documenter.php
index 6b6bc124c3..f5000abccd 100644
--- a/ecrire/exec/documenter.php
+++ b/ecrire/exec/documenter.php
@@ -15,23 +15,25 @@ if (!defined("_ECRIRE_INC_VERSION")) return;
 // http://doc.spip.org/@exec_documenter_dist
 function exec_documenter_dist()
 {
-	$type = _request("type");
-	$script = _request("script"); // generalisation a tester
+	$script = _request('script'); // generalisation a tester
+	$iframe = _request('iframe');
+	$album = _request('s');
+	$type = _request('type');
 	$id = intval(_request(id_table_objet($type)));
-	exec_documenter_args($id, $type, $script, _request('s'));
+	exec_documenter_args($id, $type, $script, $album, $iframe);
 }
 
 // http://doc.spip.org/@exec_documenter_args
-function exec_documenter_args($id, $type, $script, $album='')
+function exec_documenter_args($id, $type, $script, $album='', $iframe=false)
 {
-	if (!$id OR !autoriser('modifier', $type, $id)) {
+	if (!$id OR !autoriser('modifier', $type, $id) OR !preg_match('/^\w*$/', $script)) {
 		include_spip('inc/minipres');
 		echo minipres();
 	} else {
 		$album = !$album ? 'documents' :  'portfolio';
 		include_spip('inc/actions');
 		$documenter = charger_fonction('documenter', 'inc');
-		if(_request("iframe")=="iframe") { 
+		if ($iframe==='iframe') { 
 			$res = $documenter($id, $type, "portfolio", 'ajax', '', $script).
 			  $documenter($id, $type, "documents", 'ajax', '', $script);
 			ajax_retour("<div class='upload_answer upload_document_added'>".$res."</div>",false);
-- 
GitLab