diff --git a/ecrire/auth/sha256.inc.php b/ecrire/auth/sha256.inc.php
index b67e0f8c5c3fe1223a60adf6c4d213d1954c2438..fed57e3cc110b933937c3c9954188b4c089d86e9 100644
--- a/ecrire/auth/sha256.inc.php
+++ b/ecrire/auth/sha256.inc.php
@@ -210,8 +210,10 @@ if (!class_exists('nanoSha2'))
 					$pad = ceil(($length+1+32/$this->bytesString)/$npad)*$npad-32/$this->bytesString;
 					$ords = array_pad($ords,$pad,0);
 					$mask = (1 << $this->bytesString) - 1;
-					for($i = 0; $i < count($ords) * $this->bytesString; $i += $this->bytesString)
+					for($i = 0; $i < count($ords) * $this->bytesString; $i += $this->bytesString) {
+						if (!isset($bin[$i>>5])) { $bin[$i>>5] = 0; } // pour eviter des notices.
 						$bin[$i>>5] |= ($ords[$i / $this->bytesString] & $mask) << (24 - $i%32);
+					}
 					$bin[] = $length*$this->bytesString;
 					return $bin;
 				}
diff --git a/ecrire/inc/actions.php b/ecrire/inc/actions.php
index c7d3c13a9be131cffd91bf202e1daf6a27dbfcb1..76369053bc151db304863c623821f374d93c95ef 100644
--- a/ecrire/inc/actions.php
+++ b/ecrire/inc/actions.php
@@ -72,6 +72,7 @@ function ajax_retour($corps, $content_type = null){
 		$c = $GLOBALS['meta']["charset"];
 		header('Content-Type: '.$content_type.'; charset='.$c);
 		$debut = (($xml AND strlen(trim($corps))) ? '<'."?xml version='1.0' encoding='".$c."'?".">\n" : '');
+		$fin = "";
 	}
 	echo $debut, $corps, $fin, $e;
 }
diff --git a/ecrire/inc/autoriser.php b/ecrire/inc/autoriser.php
index 44f7bcc5e2f90e677ea34de828b039ffaae2a3ae..e380ecab72af852095a294b22d2ed9b3fb5b54c8 100644
--- a/ecrire/inc/autoriser.php
+++ b/ecrire/inc/autoriser.php
@@ -83,7 +83,7 @@ function autoriser_dist($faire, $type='', $id=0, $qui = NULL, $opt = NULL) {
 	if (_ADMINS_RESTREINTS AND is_array($qui))
 		$qui['restreint'] = liste_rubriques_auteur($qui['id_auteur']);
 
-	if (_DEBUG_AUTORISER) spip_log("autoriser $faire $type $id ($qui[nom]) ?");
+	if (_DEBUG_AUTORISER) spip_log("autoriser $faire $type $id (" . (isset($qui['nom']) ? $qui['nom'] : '') . ") ?");
 
 	// passer par objet_type pour avoir les alias
 	// et supprimer les _
@@ -122,7 +122,7 @@ function autoriser_dist($faire, $type='', $id=0, $qui = NULL, $opt = NULL) {
 		}
 	}
 
-	if (_DEBUG_AUTORISER) spip_log("$f($faire,$type,$id,$qui[nom]): ".($a?'OK':'niet'));
+	if (_DEBUG_AUTORISER) spip_log("$f($faire,$type,$id," . (isset($qui['nom']) ? $qui['nom'] : '') . "): ".($a?'OK':'niet'));
 
 	return $a;
 }
diff --git a/ecrire/public.php b/ecrire/public.php
index d3de10f39770b6386b3fcb806376266cb4f522ae..4f9cc6785096e20c3f3fb76abec5a71350f3fb01 100644
--- a/ecrire/public.php
+++ b/ecrire/public.php
@@ -133,7 +133,7 @@ if (isset($GLOBALS['_INC_PUBLIC']) AND $GLOBALS['_INC_PUBLIC']) {
 
 	$affiche_boutons_admin = ($html AND ((
 		isset($_COOKIE['spip_admin'])
-		AND !$flag_preserver
+		AND (!isset($flag_preserver) OR !$flag_preserver)
 				   ) OR $debug));
 
 	if ($affiche_boutons_admin)
diff --git a/prive/formulaires/login.php b/prive/formulaires/login.php
index 83db68680da799cc40e1246c36773ca841a9e85a..d05fdf5d2ff128bf6dd40accec8509dd5e50b1e2 100644
--- a/prive/formulaires/login.php
+++ b/prive/formulaires/login.php
@@ -47,10 +47,10 @@ function formulaires_login_charger_dist($cible="",$login="",$prive=null)
 	$valeurs = array(
 		'var_login' => $login,
 		'editable' => !$row,
-		'cnx' => $row['cnx'],
+		'cnx' => isset($row['cnx']) ? $row['cnx'] : '',
 		'auth_http' => login_auth_http(),
 		'rester_connecte' => ((_RENOUVELLE_ALEA < 12*3600)? '' : ' '),
-		'_logo' => $row['logo'],
+		'_logo' => isset($row['logo']) ? $row['logo'] : '',
 		'_alea_actuel' => isset($row['alea_actuel'])?$row['alea_actuel']:'',
 		'_alea_futur' => isset($row['alea_futur'])?$row['alea_futur']:'',
 		'_pipeline' => 'affiche_formulaire_login', // faire passer le formulaire dans un pipe dedie pour les methodes auth