diff --git a/ecrire/exec/export_all.php b/ecrire/exec/export_all.php
index 951e57b5a5f7d251d36925e2669ef4c8f5d8229f..c696da0eba5f2b68abffbb017c4af7caee79138b 100644
--- a/ecrire/exec/export_all.php
+++ b/ecrire/exec/export_all.php
@@ -33,7 +33,7 @@ function exec_export_all_dist()
 		// creer l'en tete du fichier a partir de l'espace public
 		// creer aussi la meta
 			include_spip('inc/headers');
-			redirige_par_entete(generer_action_auteur("export_all", "start,$gz,$archive,$rub", '', true));
+			redirige_par_entete(generer_action_auteur("export_all", "start,$gz,$archive,$rub", '', true, true));
 		} else {
 			$f = charger_fonction('accueil');
 			$f();
diff --git a/ecrire/inc/securiser_action.php b/ecrire/inc/securiser_action.php
index 82439f8695c550a42d8fdb4d81cff15c66bd5879..0f344da5d1babce4064fdef1be4ae2224c3002de 100644
--- a/ecrire/inc/securiser_action.php
+++ b/ecrire/inc/securiser_action.php
@@ -36,7 +36,7 @@ function inc_securiser_action_dist($action='', $arg='', $redirect="", $mode=fals
 // Attention: PHP applique urldecode sur $_GET mais pas sur $_POST
 // cf http://fr.php.net/urldecode#48481
 // http://doc.spip.org/@securiser_action_auteur
-function securiser_action_auteur($action, $arg, $redirect="", $mode=false, $att='')
+function securiser_action_auteur($action, $arg, $redirect="", $mode=false, $att)
 {
 	static $id_auteur=0, $pass;
 	if (!$id_auteur) {
@@ -48,10 +48,10 @@ function securiser_action_auteur($action, $arg, $redirect="", $mode=false, $att=
 		if ($mode===-1)
 			return array('action'=>$action,'arg'=>$arg,'hash'=>$hash);
 		else
-			return generer_url_action($action, "arg=$arg&hash=$hash" . (!$r ? '' : "&redirect=$r"), $mode);
+			return generer_url_action($action, "arg=$arg&hash=$hash" . (!$r ? '' : "&redirect=$r"), $mode, $att);
 	}
 
-	$att .=	" style='margin: 0px; border: 0px'";
+	$att .= " style='margin: 0px; border: 0px'";
 	if ($redirect)
 		$redirect = "\n\t\t<input name='redirect' type='hidden' value='". str_replace("'", '&#39;', $redirect) ."' />";
 	$mode .= $redirect . "
diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index 0e93044c9ebc58306c6655ab2f414cca23f92703..d2f42907c562ebcef1333f81e61ad60de9c800f8 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -956,11 +956,13 @@ function generer_form_action($script, $corps, $atts='') {
 }
 
 // http://doc.spip.org/@generer_url_action
-function generer_url_action($script, $args="", $no_entities=false ,$rel = false) {
+function generer_url_action($script, $args="", $no_entities=false , $public = false) {
 	// si l'on est dans l'espace prive, on garde dans l'url
 	// l'exec a l'origine de l'action, qui permet de savoir si il est necessaire
 	// ou non de proceder a l'authentification (cas typique de l'install par exemple)
-	$url = _DIR_RACINE  ? generer_url_ecrire(_request('exec')) :  generer_url_public();
+	$url = (_DIR_RACINE  AND !$public)
+	  ? generer_url_ecrire(_request('exec'))
+	  :  generer_url_public();
 	$url = parametre_url($url,'action',$script);
 	if ($args) $url .= quote_amp('&'.$args);