diff --git a/ecrire/balise/url_.php b/ecrire/balise/url_.php
index 41948547fa1e5b662af96e99ebc5eee483ffa24e..60b23db70b37226daa82ca60be7b5ebaf1b2105e 100644
--- a/ecrire/balise/url_.php
+++ b/ecrire/balise/url_.php
@@ -43,8 +43,9 @@ function generer_generer_url($type, $p)
return "'./?page=$type&id_$type=' . $_id . '&connect=$s'";
else {
$u = "quete_meta('adresse_site', '$s')";
- $f = "$_id . '&file=' . quete_fichier($_id,'$s')";
- return "$u . '?action=acceder_document&arg=' .$f";
+ $d = "quete_meta('dir_img', '$s')";
+ $f = "quete_fichier($_id,'$s')";
+ return "$u . '/' .\n\t$d . $f";
}
}
}
diff --git a/ecrire/inc/autoriser.php b/ecrire/inc/autoriser.php
index 5f5aabce1dc74ca51271ce1d9589f92fad829fc7..850d41813e970e1804c88c21a309083056349877 100644
--- a/ecrire/inc/autoriser.php
+++ b/ecrire/inc/autoriser.php
@@ -520,11 +520,11 @@ function autoriser_chargerftp_dist($faire, $type, $id, $qui, $opt) {
// http://doc.spip.org/@autoriser_document_voir_dist
function autoriser_document_voir_dist($faire, $type, $id, $qui, $opt) {
- if (($id = intval($id)) <= 0) return false;
-
if ($GLOBALS['meta']["creer_htaccess"] != 'oui')
return true;
+ if (($id = intval($id)) <= 0) return false;
+
if (in_array($qui['statut'], array('0minirezo', '1comite')))
return true;
diff --git a/ecrire/inc/config.php b/ecrire/inc/config.php
index 87842e64b1f7097aa9961bae0b3ca5d42c497485..518dd728ee6be27ffdbfeefb774e149fc6eed884 100644
--- a/ecrire/inc/config.php
+++ b/ecrire/inc/config.php
@@ -80,8 +80,9 @@ function liste_metas()
'documents_article' => 'non',
'documents_rubrique' => 'non',
- 'charset' => _DEFAULT_CHARSET,
'syndication_integrale' => 'oui',
+ 'charset' => _DEFAULT_CHARSET,
+ 'dir_img' => substr(_DIR_IMG,strlen(_DIR_RACINE)),
'multi_articles' => 'non',
'multi_rubriques' => 'non',
@@ -196,8 +197,6 @@ function appliquer_modifs_config() {
set_request('langues_multilingue', join($i, ","));
}
- $liste_meta = array_keys(liste_metas());
-
// Modification du reglage accepter_inscriptions => vider le cache
// (pour repercuter la modif sur le panneau de login)
if ($i = _request('accepter_inscriptions')
@@ -206,9 +205,12 @@ function appliquer_modifs_config() {
suivre_invalideur("1"); # tout effacer
}
- foreach($liste_meta as $i)
- if (!(_request($i)===NULL))
- ecrire_meta($i, _request($i));
+ foreach(liste_metas() as $i => $v) {
+ if (($x =_request($i))!==NULL)
+ ecrire_meta($i, $x);
+ elseif (!isset($GLOBALS['meta'][$i]))
+ ecrire_meta($i, $v);
+ }
if ($lang = _request('changer_langue_site')) {
include_spip('inc/lang');
diff --git a/ecrire/inc/documents.php b/ecrire/inc/documents.php
index 3fcaacd004db0a5f806d567aefb84514e94dc384..32e83c374cf9ba776b31aa5e71292d7999ad8242 100644
--- a/ecrire/inc/documents.php
+++ b/ecrire/inc/documents.php
@@ -63,7 +63,10 @@ function generer_url_document_dist($id_document, $args='', $ancre='') {
$f = $row['fichier'];
- if ($row['distant'] == 'oui') return get_spip_doc($f);
+ // Si droit de voir tous les docs, pas seulement celui-ci
+ // il est inutilement couteux de rajouter une protection
+ if (($row['distant'] == 'oui') OR !autoriser('voir', 'document'))
+ return get_spip_doc($f);
include_spip('inc/securiser_action');
diff --git a/ecrire/inc_version.php b/ecrire/inc_version.php
index 52f3c1432b40e3513deec88344d1f09545c0584b..d9e4fd8fcfe52f618b445023f1fc3bf7937de862 100644
--- a/ecrire/inc_version.php
+++ b/ecrire/inc_version.php
@@ -293,7 +293,7 @@ $liste_des_forums = array(
// (= numero SVN de leur derniere modif cassant la compatibilite)
$spip_version_code = 11056;
// version de la base SQL (= numero SVN de sa derniere modif)
-$spip_version = 11042;
+$spip_version = 11088;
// version de l'interface a la base
$spip_sql_version = 1;