From c6de0e1a2fd8ed56d5865db355c6db52da994095 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Mon, 5 Mar 2007 17:42:02 +0000
Subject: [PATCH] =?UTF-8?q?Malgr=C3=A9=20l'=C3=A9criture=20de=20generer=5F?=
=?UTF-8?q?url=5Fecrire,=20l'espace=20priv=C3=A9=20=C3=A9tait=20inaccessib?=
=?UTF-8?q?le=20sur=20un=20serveur=20dont=20le=20DirectoryIndex=20ne=20rab?=
=?UTF-8?q?at=20pas=20sur=20index.php.=20Donc:?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- introduction de la constante _SPIP_ECRIRE_SCRIPT qui est vide par defaut mais est mis à index.php si le serveur est connu pour ne pas faire ça;
- remplacement de tous les _DIR_RESTREINT et ./ utilisé comme URL par un appel à génerer_url_ecrire sans argument (plus les double cas particulier du cookie de correspondance qui veut une adresse absolue sans http:// devant).
---
ecrire/action/editer_article.php | 3 ++-
ecrire/action/editer_breve.php | 2 +-
ecrire/action/editer_rubrique.php | 3 ++-
ecrire/action/editer_site.php | 2 +-
ecrire/action/export_all.php | 2 +-
ecrire/balise/login_public.php | 3 +--
ecrire/exec/accueil.php | 7 +++--
ecrire/exec/menu_navigation.php | 2 +-
ecrire/exec/upgrade.php | 2 +-
ecrire/inc/actions.php | 5 ++--
ecrire/inc/admin.php | 45 +++++++++++++++----------------
ecrire/inc/commencer_page.php | 2 +-
ecrire/inc/utils.php | 23 +++++++++-------
ecrire/install/etape_6.php | 2 +-
14 files changed, 56 insertions(+), 47 deletions(-)
diff --git a/ecrire/action/editer_article.php b/ecrire/action/editer_article.php
index 37527f2b78..488f01c713 100644
--- a/ecrire/action/editer_article.php
+++ b/ecrire/action/editer_article.php
@@ -24,7 +24,8 @@ function action_editer_article_dist() {
if (!$id_article = intval($arg)) {
$id_parent = _request('id_parent');
$id_auteur = $GLOBALS['auteur_session']['id_auteur'];
- if (!($id_parent AND $id_auteur)) redirige_par_entete('./');
+ if (!($id_parent AND $id_auteur))
+ redirige_par_entete(generer_url_ecrire());
$id_article = insert_article($id_parent);
# cf. GROS HACK ecrire/inc/getdocument
diff --git a/ecrire/action/editer_breve.php b/ecrire/action/editer_breve.php
index 3b112d3246..a49e1e1219 100644
--- a/ecrire/action/editer_breve.php
+++ b/ecrire/action/editer_breve.php
@@ -42,7 +42,7 @@ function action_editer_breve_dist() {
}
// Erreur
else{
- redirige_par_entete('./');
+ redirige_par_entete(generer_url_ecrire());
}
// Rediriger le navigateur
diff --git a/ecrire/action/editer_rubrique.php b/ecrire/action/editer_rubrique.php
index e8f53604cc..1ae4554f17 100644
--- a/ecrire/action/editer_rubrique.php
+++ b/ecrire/action/editer_rubrique.php
@@ -21,7 +21,8 @@ function action_editer_rubrique_dist() {
$arg = $securiser_action();
if (!$id_rubrique = intval($arg)) {
- if ($arg != 'oui') redirige_par_entete('./');
+ if ($arg != 'oui')
+ redirige_par_entete(generer_url_ecrire());
$id_rubrique = insert_rubrique(_request('id_parent'));
}
diff --git a/ecrire/action/editer_site.php b/ecrire/action/editer_site.php
index 5951036acf..4af38a5b1b 100644
--- a/ecrire/action/editer_site.php
+++ b/ecrire/action/editer_site.php
@@ -63,7 +63,7 @@ function action_editer_site_dist() {
}
// Erreur
else {
- redirige_par_entete('./');
+ redirige_par_entete(generer_url_ecrire());
}
// Re-syndiquer le site
diff --git a/ecrire/action/export_all.php b/ecrire/action/export_all.php
index 9b28a38f9a..87b5b427ef 100644
--- a/ecrire/action/export_all.php
+++ b/ecrire/action/export_all.php
@@ -79,7 +79,7 @@ function action_export_all_dist()
echo "<p style='text-align: left'>".
$n,
- " <a href='" . _DIR_RESTREINT . "'>".
+ " <a href='" . generer_url_ecrire() . "'>".
_T('info_sauvegarde_reussi_03')
. "</a> "
._T('info_sauvegarde_reussi_04')
diff --git a/ecrire/balise/login_public.php b/ecrire/balise/login_public.php
index eb2f93b54f..a5a69b2512 100644
--- a/ecrire/balise/login_public.php
+++ b/ecrire/balise/login_public.php
@@ -52,8 +52,7 @@ function login_explicite($login, $cible) {
} else {
if (preg_match(",[?&]url=([^&]*),", $action, $m))
$cible = rawurldecode($m[1]);
- else
- $cible = _DIR_RESTREINT ;
+ else $cible = generer_url_ecrire();
}
verifier_visiteur();
diff --git a/ecrire/exec/accueil.php b/ecrire/exec/accueil.php
index 43b9d1a661..fc33dbfda7 100644
--- a/ecrire/exec/accueil.php
+++ b/ecrire/exec/accueil.php
@@ -193,6 +193,8 @@ function colonne_droite_neq4($id_rubrique, $activer_breves,
if (!$_COOKIE['spip_admin']) {
$cookie = rawurlencode("@$connect_login");
+ $retour = rawurlencode(_DIR_RESTREINT_ABS . _SPIP_ECRIRE_SCRIPT);
+ $lien = generer_url_public('spip_cookie', "cookie_admin=$cookie&url=$retour");
$gadget .= "<div> </div>".
"<table width='95%'><tr>".
"<td style='width: 100%'>".
@@ -203,7 +205,7 @@ function colonne_droite_neq4($id_rubrique, $activer_breves,
http_img_pack("rien.gif", ' ', "width='10'") .
"</td>".
"<td style='width: 250px'>".
- icone_horizontale(_T('icone_activer_cookie'), generer_url_public('spip_cookie', "cookie_admin=$cookie&url=".rawurlencode(_DIR_RESTREINT_ABS)), "cookie-24.gif", "", false).
+ icone_horizontale(_T('icone_activer_cookie'), $lien,"cookie-24.gif", "", false).
"</td></tr></table>";
}
@@ -249,8 +251,9 @@ function personnel_accueil($coockcookie)
//
if ($coockcookie) {
+ $lien = generer_url_public("spip_cookie", "cookie_admin=non&url=".rawurlencode(_DIR_RESTREINT_ABS . _SPIP_ECRIRE_SCRIPT));
$t = _T('icone_supprimer_cookie');
- $t = icone_horizontale($t, generer_url_public("spip_cookie", "cookie_admin=non&url=".rawurlencode(_DIR_RESTREINT_ABS)), "cookie-24.gif", "", false);
+ $t = icone_horizontale($t, $lien, "cookie-24.gif", "", false);
if ($GLOBALS['spip_display'] != 1)
$t = str_replace('</td></tr></table>',
aide("cookie").'</td></tr></table>',
diff --git a/ecrire/exec/menu_navigation.php b/ecrire/exec/menu_navigation.php
index de8b03fd37..129868af0f 100644
--- a/ecrire/exec/menu_navigation.php
+++ b/ecrire/exec/menu_navigation.php
@@ -42,7 +42,7 @@ function exec_menu_navigation_dist() {
if (spip_num_rows($vos_articles) > 0) {
$gadget .= "<div> </div>";
$gadget .= "<div class='bandeau_rubriques' style='z-index: 1;'>";
- $gadget .= bandeau_titre_boite2(afficher_plus('./') . '<b>' . _T('info_articles_proposes') . '</b>', "article-24.gif", $couleur_foncee, 'white', false);
+ $gadget .= bandeau_titre_boite2(afficher_plus(generer_url_ecrire()) . '<b>' . _T('info_articles_proposes') . '</b>', "article-24.gif", $couleur_foncee, 'white', false);
$gadget .= "<div class='plan-articles'>";
while($row = spip_fetch_array($vos_articles)) {
$id_article = $row['id_article'];
diff --git a/ecrire/exec/upgrade.php b/ecrire/exec/upgrade.php
index 9ee787775f..6d3a9c4971 100644
--- a/ecrire/exec/upgrade.php
+++ b/ecrire/exec/upgrade.php
@@ -62,7 +62,7 @@ function exec_upgrade_dist() {
// Qu'est-ce que tu fais ici?
if ($spip_version == $version_installee)
- redirige_par_entete('./');
+ redirige_par_entete(generer_url_ecrire());
// On passe a l'upgrade
include_spip('inc/admin');
diff --git a/ecrire/inc/actions.php b/ecrire/inc/actions.php
index 57260f1e69..3015ac28fc 100644
--- a/ecrire/inc/actions.php
+++ b/ecrire/inc/actions.php
@@ -274,13 +274,14 @@ function verifier_php_auth() {
function ask_php_auth($pb, $raison, $retour, $url='', $re='', $lien='') {
@Header("WWW-Authenticate: Basic realm=\"espace prive\"");
@Header("HTTP/1.0 401 Unauthorized");
- echo "<b>$pb</b><p>$raison</p>[<a href='./'>$retour</a>] ";
+ $ici = generer_url_ecrire();
+ echo "<b>$pb</b><p>$raison</p>[<a href='$ici'>$retour</a>] ";
if ($url) {
echo "[<a href='", generer_url_public('spip_cookie',"essai_auth_http=oui&$url"), "'>$re</a>]";
}
if ($lien)
- echo " [<a href='" . _DIR_RESTREINT_ABS . "'>"._T('login_espace_prive')."</a>]";
+ echo " [<a href='$ici'>"._T('login_espace_prive')."</a>]";
exit;
}
diff --git a/ecrire/inc/admin.php b/ecrire/inc/admin.php
index 06346b59af..ef5850fe48 100644
--- a/ecrire/inc/admin.php
+++ b/ecrire/inc/admin.php
@@ -54,37 +54,35 @@ function debut_admin($script, $action, $commentaire='') {
return true;
}
$form = $commentaire
- . "<form action='./' method='post'>"
- . copy_request($script)
- . '<input type="hidden" name="validation_admin" value="'.$signal.'" />'
- . bouton_suivant(_T('bouton_valider'))
- . "</form>";
+ . copy_request($script,
+ ('<input type="hidden" name="validation_admin" value="'.$signal.'" />'
+ . bouton_suivant(_T('bouton_valider'))));
+
$js = '';
}
else {
$form = $commentaire
- . "<form action='./' method='post'>"
- . copy_request($script)
- . fieldset(_T('info_authentification_ftp').aide("ftp_auth"),
- array(
- 'fichier' => array(
- 'label' => _T('info_creer_repertoire'),
- 'valeur' => $signal
- )),
- ('<br />'
- . _T('info_creer_repertoire_2', array('repertoire' => joli_repertoire($dir)))
- . bouton_suivant(_T('bouton_recharger_page'))))
- . "</form>";
- $js = " onload='document.forms[0].fichier.value=\"\";barre_inserer(\"$signal\", document.forms[0].fichier)'";
- }
+ . copy_request($script,
+ (fieldset(_T('info_authentification_ftp').aide("ftp_auth"),
+ array(
+ 'fichier' => array(
+ 'label' => _T('info_creer_repertoire'),
+ 'valeur' => $signal
+ )),
+ ('<br />'
+ . _T('info_creer_repertoire_2', array('repertoire' => joli_repertoire($dir)))
+ . bouton_suivant(_T('bouton_recharger_page'))))));
// code volontairement tordu:
// provoquer la copie dans le presse papier du nom du repertoire
// en remettant a vide le champ pour que ca marche aussi en cas
// de JavaScript inactif.
- echo minipres(_T('info_action', array('action' => $action)),
- $form, $js);
+
+ $js = " onload='document.forms[0].fichier.value=\"\";barre_inserer(\"$signal\", document.forms[0].fichier)'";
+ }
+
+ echo minipres(_T('info_action', array('action' => $action)), $form, $js);
exit;
}
@@ -103,7 +101,7 @@ function fin_admin($action) {
// http://doc.spip.org/@copy_request
-function copy_request($script)
+function copy_request($script, $suite)
{
$hidden = "";
$args = $_POST;
@@ -115,6 +113,7 @@ function copy_request($script)
entites_html($c) .
"' />";
}
- return $hidden;
+ return "<form action='" . generer_url_ecrire() .
+ "' method='post'><div>$hidden$suite</div></form>";
}
?>
diff --git a/ecrire/inc/commencer_page.php b/ecrire/inc/commencer_page.php
index 8bb3c82c84..251e58e781 100644
--- a/ecrire/inc/commencer_page.php
+++ b/ecrire/inc/commencer_page.php
@@ -93,7 +93,7 @@ function init_body($rubrique='accueil', $sous_rubrique='accueil', $id_rubrique='
if ($spip_display == "4") {
$res .= "<ul>"
- . "\n<li><a href='./'>"._T('icone_a_suivre')."</a></li>"
+ . "\n<li><a href='" . generer_url_ecrire() ."'>"._T('icone_a_suivre')."</a></li>"
. "\n<li><a href='" . generer_url_ecrire("naviguer") . "'>"._T('icone_edition_site')."</a></li>"
. "\n<li><a href='" . generer_url_ecrire("forum"). "'>"._T('titre_forum')."</a></li>"
. "\n<li><a href='" . generer_url_ecrire("auteurs") . "'>"._T('icone_auteurs')."</a></li>"
diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index 70db96f46c..2cb71400a2 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -756,16 +756,12 @@ function url_de_base() {
// http://httpd.apache.org/docs/2.0/mod/mod_dir.html
// http://doc.spip.org/@generer_url_ecrire
-function generer_url_ecrire($script, $args="", $no_entities=false, $rel=false) {
+function generer_url_ecrire($script='', $args="", $no_entities=false, $rel=false) {
if (!$rel)
- $rel = url_de_base() . _DIR_RESTREINT_ABS;
+ $rel = url_de_base() . _DIR_RESTREINT_ABS . _SPIP_ECRIRE_SCRIPT;
else if (!is_string($rel))
- $rel = _DIR_RESTREINT ? _DIR_RESTREINT : './';
-
- // Les anciens IIS n'acceptent pas les POST sur ecrire/ (#419)
- // meme pb sur thttpd cf. http://forum.spip.org/fr_184153.html
- if (preg_match(',IIS|thttpd,',$_SERVER['SERVER_SOFTWARE']))
- $rel .= 'index.php';
+ $rel = _DIR_RESTREINT ? _DIR_RESTREINT :
+ ('./' . _SPIP_ECRIRE_SCRIPT);
if ($script AND $script<>'accueil')
$args = "?exec=$script" . (!$args ? '' : "&$args");
@@ -1002,9 +998,18 @@ function spip_initialisation($pi=NULL, $pa=NULL, $ti=NULL, $ta=NULL) {
"<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Frameset//EN' 'http://www.w3.org/TR/1999/REC-html401-19991224/frameset.dtd'>");
// L'adresse de base du site ; on peut mettre '' si la racine est geree par
- // le script index.php
+ // le script de l'espace public, alias index.php
define('_SPIP_SCRIPT', 'spip.php');
+ // le script de l'espace prive
+ // Mettre a "index.php" si DirectoryIndex ne le fait pas ou pb connexes:
+ // les anciens IIS n'acceptent pas les POST sur ecrire/ (#419)
+ // meme pb sur thttpd cf. http://forum.spip.org/fr_184153.html
+
+ define('_SPIP_ECRIRE_SCRIPT', // true ? #decommenter ici et commenter la
+ preg_match(',IIS|thttpd,',$_SERVER['SERVER_SOFTWARE']) ?
+ 'index.php' : '');
+
// le nom du repertoire plugins/
define('_DIR_PLUGINS', _DIR_RACINE . "plugins/");
diff --git a/ecrire/install/etape_6.php b/ecrire/install/etape_6.php
index 5bf4b722b1..fc68a30dd6 100644
--- a/ecrire/install/etape_6.php
+++ b/ecrire/install/etape_6.php
@@ -103,7 +103,7 @@ function install_etape_6_dist()
@unlink(_FILE_CHMOD_INS . _FILE_TMP . '.php');
}
- echo "<form action='./' method='post'><div>";
+ echo "<form action='", generer_url_ecrire(), "' method='post'><div>";
echo bouton_suivant();
echo "</div></form>";
echo install_fin_html();
--
GitLab