From dc7d27f8f274b0d0dc57ecd207cf1086260f92e8 Mon Sep 17 00:00:00 2001
From: Fil <fil@rezo.net>
Date: Sun, 9 Jan 2011 16:31:12 +0000
Subject: [PATCH] toujours securiser les DATA

---
 ecrire/public/interfaces.php | 5 +++++
 ecrire/public/references.php | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/ecrire/public/interfaces.php b/ecrire/public/interfaces.php
index a5db7b9d35..96c20326ba 100644
--- a/ecrire/public/interfaces.php
+++ b/ecrire/public/interfaces.php
@@ -273,6 +273,11 @@ function declarer_interfaces(){
 	$table_des_traitements['DESCRIPTIF_SITE_SPIP'][]= _TRAITEMENT_RACCOURCIS;
 	$table_des_traitements['ENV'][]= 'entites_html(%s,true)';
 
+	// valeur par defaut pour les balises non listees ci-dessus
+	$table_des_traitements['*'][]= '%s';
+	// toujours securiser les DATA
+	$table_des_traitements['*']['DATA']= 'safehtml(%s)';
+
 
 	// gerer l'affectation en 2 temps car si le pipe n'est pas encore declare, on ecrase les globales
 	$interfaces = pipeline('declarer_tables_interfaces',
diff --git a/ecrire/public/references.php b/ecrire/public/references.php
index b24bf4bc83..87da90a60c 100644
--- a/ecrire/public/references.php
+++ b/ecrire/public/references.php
@@ -330,9 +330,11 @@ function balise_distante_interdite($p) {
 function champs_traitements ($p) {
 	global $table_des_traitements;
 
-	if (!isset($table_des_traitements[$p->nom_champ]))
-		return $p->code;
-	$ps = $table_des_traitements[$p->nom_champ];
+	if (isset($table_des_traitements[$p->nom_champ]))
+		$ps = $table_des_traitements[$p->nom_champ];
+	else
+		$ps = $table_des_traitements['*'];
+
 	if (is_array($ps)) {
 	  // new style
 
-- 
GitLab