From 332b6cdabb0c1d4d00d40d431e45c4c49eae70f6 Mon Sep 17 00:00:00 2001
From: Fil <fil@rezo.net>
Date: Wed, 6 Apr 2011 21:32:51 +0000
Subject: [PATCH] report de r17662 + meilleur controle de la variable script

---
 ecrire/inc/utils.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index d35e47ff6c..25154378d9 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -1250,15 +1250,17 @@ function generer_url_prive($script, $args="", $no_entities=false) {
 function generer_form_ecrire($script, $corps, $atts='', $submit='') {
 	global $spip_lang_right;
 
+	$script1 = array_shift(explode('&', $script));
+
 	return "<form action='"
 	. ($script ? generer_url_ecrire($script) : '')
 	. "' "
 	. ($atts ? $atts : " method='post'")
 	.  "><div>\n"
-	. "<input type='hidden' name='exec' value='$script' />"
+	. "<input type='hidden' name='exec' value='$script1' />"
 	. $corps
 	. (!$submit ? '' :
-	     ("<div style='text-align: $spip_lang_right'><input class='fondo' type='submit' value='$submit' /></div>"))
+	     ("<div style='text-align: $spip_lang_right'><input class='fondo' type='submit' value=\"".entites_html($submit)."\" /></div>"))
 	. "</div></form>\n";
 }
 
-- 
GitLab