From b5d9653d042b3d1d9d1d2f6b092f8fd05a630356 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Fri, 29 Jun 2007 09:19:20 +0000
Subject: [PATCH] =?UTF-8?q?Extension=20de=20la=20fonction=20=5Fq=20aux=20t?=
 =?UTF-8?q?ableau=20et=20utilisation=20=C3=A0=20qq=20endroits.=20Et=20?=
 =?UTF-8?q?=C3=A9vacuation=20de=203=20occurrences=20d'un=204e=20argument?=
 =?UTF-8?q?=20d'ajax=5Faction=5Fgreffe=20qui=20n'en=20a=20que=20trois.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ecrire/exec/accueil.php         | 3 ++-
 ecrire/inc/documenter.php       | 2 +-
 ecrire/inc/instituer_auteur.php | 3 ++-
 ecrire/inc/legender.php         | 2 +-
 ecrire/inc/tourner.php          | 2 +-
 ecrire/inc/utils.php            | 4 +++-
 ecrire/public/criteres.php      | 2 +-
 7 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/ecrire/exec/accueil.php b/ecrire/exec/accueil.php
index 9e44eea427..bc453a4471 100644
--- a/ecrire/exec/accueil.php
+++ b/ecrire/exec/accueil.php
@@ -386,7 +386,8 @@ function etat_base_accueil()
 function accueil_liste_participants()
 {
 	global $spip_lang_left;
-	$q = spip_query("SELECT COUNT(*) AS cnt, statut FROM spip_auteurs GROUP BY statut HAVING cnt <>0 AND statut IN ('" . join("','", $GLOBALS['liste_des_statuts']) . "')");
+
+	$q = spip_query("SELECT COUNT(*) AS cnt, statut FROM spip_auteurs GROUP BY statut HAVING cnt <>0 AND statut IN (".  _q($GLOBALS['liste_des_statuts']) . ")");
 
 	$cpt = array();
 	while($row=spip_fetch_array($q)) $cpt[$row['statut']] = $row['cnt']; 
diff --git a/ecrire/inc/documenter.php b/ecrire/inc/documenter.php
index bec62341e3..ca949ea292 100644
--- a/ecrire/inc/documenter.php
+++ b/ecrire/inc/documenter.php
@@ -115,5 +115,5 @@ function inc_documenter_dist(
 	. "</table>"
 	. $pied;
 
-	return ajax_action_greffe("documenter", "$s$doc", $res, '');
+	return ajax_action_greffe("documenter", "$s$doc", $res);
 }
diff --git a/ecrire/inc/instituer_auteur.php b/ecrire/inc/instituer_auteur.php
index 73bb9f33a1..8d74c9e775 100644
--- a/ecrire/inc/instituer_auteur.php
+++ b/ecrire/inc/instituer_auteur.php
@@ -72,7 +72,8 @@ function choix_statut_auteur($statut, $id_auteur, $ancre) {
 	// Chercher tous les statuts non standards.
 	// Le count(*) ne sert pas, mais en son absence
 	// SQL (enfin, une version de SQL) renvoie un ensemble vide !
-	$q = spip_query($r ="SELECT statut, count(*) FROM spip_auteurs WHERE statut NOT IN ('" . join("','", $GLOBALS['liste_des_statuts']) . "') GROUP BY statut");
+	$q = spip_query("SELECT statut, count(*) FROM spip_auteurs WHERE statut NOT IN (" . _q($GLOBALS['liste_des_statuts']) . ") GROUP BY statut");
+
 	$hstatut = htmlentities($statut);
 	while ($r = spip_fetch_array($q, SPIP_NUM)) {
 		$nom = htmlentities($r[0]);
diff --git a/ecrire/inc/legender.php b/ecrire/inc/legender.php
index 40609df71f..87710af96f 100644
--- a/ecrire/inc/legender.php
+++ b/ecrire/inc/legender.php
@@ -147,7 +147,7 @@ function inc_legender_dist($id_document, $document, $script, $type, $id, $ancre,
 		$corps .= icone_horizontale($texte, $action, $supp, "supprimer.gif", false);
 
 	$corps = block_parfois_visible("legender-aff-$id_document", sinon($entete,_T('info_sans_titre')), $corps, "text-align:center;", $flag);
-	return ajax_action_greffe("legender", $id_document, $corps,'');
+	return ajax_action_greffe("legender", $id_document, $corps);
 }
 
 
diff --git a/ecrire/inc/tourner.php b/ecrire/inc/tourner.php
index d6c97926d2..4f03427ef5 100644
--- a/ecrire/inc/tourner.php
+++ b/ecrire/inc/tourner.php
@@ -76,7 +76,7 @@ function inc_tourner_dist($id_document, $document, $script, $flag, $type)
 	.  $id_document
 	. "&gt;</div>";
 
-	return ajax_action_greffe("tourner", $id_document, $res, '');
+	return ajax_action_greffe("tourner", $id_document, $res);
 }
 
 // http://doc.spip.org/@boutons_rotateurs
diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index da80efd621..131458d974 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -227,7 +227,9 @@ function spip_query($query, $serveur='') {
 // a demenager dans base/abstract_sql a terme
 // http://doc.spip.org/@_q
 function _q($a) {
-	return (is_int($a)) ? strval($a) : ("'" . addslashes($a) . "'");
+	return (is_int($a)) ? strval($a) : 
+		(!is_array($a) ? ("'" . addslashes($a) . "'")
+		 : join(",", array_map('_q', $a)));
 }
 
 // Renvoie le _GET ou le _POST emis par l'utilisateur
diff --git a/ecrire/public/criteres.php b/ecrire/public/criteres.php
index 0b1c0a3c6c..7abaa5c2e6 100644
--- a/ecrire/public/criteres.php
+++ b/ecrire/public/criteres.php
@@ -665,7 +665,7 @@ function critere_IN_dist ($idb, &$boucles, $crit)
 			$op = '<>';
 	} else $op = '=';
 
-	$arg = "FIELD($arg,\" . join(',',array_map('_q', $var)) . \")";
+	$arg = "FIELD($arg,\" . _q($var) . \")";
 	if ($boucles[$idb]->group) $arg = "SUM($arg)";
 	$boucles[$idb]->select[]=  "$arg AS cpt$cpt";
 	$op = array("'$op'", "'cpt$cpt'", 0);
-- 
GitLab