From e869d0a65a1bcb5114d8947411417679120c18c5 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Sun, 25 Jun 2006 21:44:44 +0000
Subject: [PATCH] =?UTF-8?q?R=C3=A9solution=20des=20principaux=20cas=20bloq?=
=?UTF-8?q?uant=20le=20mod=5Fsecurity=20d'Apache=20(ticket=20#413).=20Les?=
=?UTF-8?q?=20redirections=20du=20r=C3=A9pertoire=20action/=20vers=20le=20?=
=?UTF-8?q?r=C3=A9pertoire=20exec/=20command=C3=A9es=20par=20ce=20dernier?=
=?UTF-8?q?=20sont=20=C3=A0=20pr=C3=A9sent=20toujours=20exprim=C3=A9es=20e?=
=?UTF-8?q?n=20relatif=20(c'=C3=A9tait=20d'ailleurs=20d=C3=A9j=C3=A0=20le?=
=?UTF-8?q?=20cas=20de=20certaines,=20qui=20n'utilisaient=20pas=20generer?=
=?UTF-8?q?=5Furl=5Fecrire),=20afin=20d'=C3=A9viter=20la=20production=20pa?=
=?UTF-8?q?ram=3Dhttp://=20...=20dans=20l'URL.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reste à traiter une redirection de action/ vers l'espace public, et toutes
les redirections public->public ou privé->privé, moins fréquentes mais à faire
au cas par cas.
---
ecrire/exec/articles.php | 4 ++--
ecrire/exec/breves_voir.php | 6 ++----
ecrire/exec/naviguer.php | 4 ++--
ecrire/inc/auteur_voir.php | 13 ++++++++-----
ecrire/inc/config.php | 3 +--
ecrire/inc/documents.php | 5 ++---
ecrire/inc/forum.php | 9 +++++----
ecrire/inc/logos.php | 2 +-
ecrire/inc/presentation.php | 5 +++--
ecrire/inc/session.php | 5 +++++
ecrire/inc/sites_voir.php | 8 ++++----
ecrire/inc/utils.php | 2 +-
12 files changed, 36 insertions(+), 30 deletions(-)
diff --git a/ecrire/exec/articles.php b/ecrire/exec/articles.php
index ba69ba1533..8893aee78d 100644
--- a/ecrire/exec/articles.php
+++ b/ecrire/exec/articles.php
@@ -206,7 +206,7 @@ if ($flag_auteur AND $statut_article == 'prepa') {
"<B>"._T('texte_proposer_publication')."</B>",
aide ("artprop"),
"\n<form method='post' action='",
- generer_action_auteur("instituer", "article-$id_article-prop", generer_url_ecrire('articles', "id_article=$id_article", true)),
+ redirige_action_auteur("instituer", "article-$id_article-prop", 'articles', "id_article=$id_article"),
"'>",
"<input type='submit' class='fondo' value=\"",
_T('bouton_demande_publication'),
@@ -1275,7 +1275,7 @@ function afficher_statut_articles($id_article, $rubrique_article, $statut_articl
if ($connect_statut == '0minirezo' AND acces_rubrique($rubrique_article)) {
echo "\n<form method='post' action='",
- generer_action_auteur("instituer", "article-$id_article", generer_url_ecrire('articles', "id_article=$id_article", true)),
+ redirige_action_auteur("instituer", "article-$id_article",'articles', "id_article=$id_article"),
"'>",
debut_cadre_relief("", true),
"\n<center>", "<B>",_T('texte_article_statut'),"</B>",
diff --git a/ecrire/exec/breves_voir.php b/ecrire/exec/breves_voir.php
index 161f4a247c..426953d3d0 100644
--- a/ecrire/exec/breves_voir.php
+++ b/ecrire/exec/breves_voir.php
@@ -193,15 +193,13 @@ if ($connect_statut=="0minirezo" AND acces_rubrique($id_rubrique) AND ($statut==
echo "<table>";
echo "<td align='right'>";
icone(_T('icone_publier_breve'),
- generer_action_auteur('instituer', "breve-$id_breve-publie",
- generer_url_ecrire("breves_voir","id_breve=$id_breve", true)), "breve-24.gif", "racine-24.gif");
+ redirige_action_auteur('instituer', "breve-$id_breve-publie","breves_voir","id_breve=$id_breve"), "breve-24.gif", "racine-24.gif");
echo "</td>";
echo "<td>", http_img_pack("rien.gif", ' ', "width='5'") ."</td>\n";
echo "<td align='right'>";
icone(_T('icone_refuser_breve'),
- generer_action_auteur('instituer', "breve-$id_breve-refuse",
- generer_url_ecrire("breves_voir","id_breve=$id_breve", true)), "breve-24.gif", "supprimer.gif");
+ redirige_action_auteur('instituer', "breve-$id_breve-refuse", "breves_voir","id_breve=$id_breve"), "breve-24.gif", "supprimer.gif");
echo "</td>";
echo "</table>";
diff --git a/ecrire/exec/naviguer.php b/ecrire/exec/naviguer.php
index beefb8b808..98a77b66e4 100644
--- a/ecrire/exec/naviguer.php
+++ b/ecrire/exec/naviguer.php
@@ -255,7 +255,7 @@ if ($id_rubrique>0 AND $GLOBALS['meta']['multi_rubriques'] == 'oui' AND ($GLOBAL
echo debut_block_invisible('languesrubrique');
echo "<div class='verdana2' align='center'>";
- echo menu_langues('changer_lang', $langue_rubrique, '', $langue_parent, generer_action_auteur('instituer', "langue-$id_rubrique-$id_parent", generer_url_ecrire("naviguer","id_rubrique=$id_rubrique", true)), $ze_logo, "supprimer.gif");
+ echo menu_langues('changer_lang', $langue_rubrique, '', $langue_parent, redirige_action_auteur('instituer', "langue-$id_rubrique-$id_parent","naviguer","id_rubrique=$id_rubrique"), $ze_logo, "supprimer.gif");
echo "</div>\n";
echo fin_block();
@@ -463,7 +463,7 @@ function bouton_supprimer_naviguer($id_rubrique, $id_parent, $ze_logo, $flag_edi
if (($id_rubrique>0) AND tester_rubrique_vide($id_rubrique) AND $flag_editable) {
echo "<p><div align='center'>";
- icone(_T('icone_supprimer_rubrique'), generer_action_auteur('supprimer', "rubrique-$id_rubrique", generer_url_ecrire("naviguer","id_rubrique=$id_parent", true)), $ze_logo, "supprimer.gif");
+ icone(_T('icone_supprimer_rubrique'), redirige_action_auteur('supprimer', "rubrique-$id_rubrique", "naviguer","id_rubrique=$id_parent"), $ze_logo, "supprimer.gif");
echo "</div><p>";
}
}
diff --git a/ecrire/inc/auteur_voir.php b/ecrire/inc/auteur_voir.php
index 61f6a57254..1b45371c7e 100644
--- a/ecrire/inc/auteur_voir.php
+++ b/ecrire/inc/auteur_voir.php
@@ -111,10 +111,13 @@ function auteur_voir_rubriques($id_auteur, $url_self)
if (!$restreint) {
echo _T('info_admin_gere_toutes_rubriques');
} else {
- $modif = ($connect_toutes_rubriques AND $connect_id_auteur != $id_auteur);
- $redirect = generer_url_ecrire($url_self, "id_auteur=$id_auteur", true);
- echo _T('info_admin_gere_rubriques');
- echo "\n<ul style='list-style-image: url(" . _DIR_IMG_PACK . "rubrique-12.gif)'>";
+ $modif = ($connect_toutes_rubriques AND $connect_id_auteur != $id_auteur) ? "id_auteur=$id_auteur" : '';
+
+ echo _T('info_admin_gere_rubriques'),
+ "\n<ul style='list-style-image: url(",
+ _DIR_IMG_PACK,
+ "rubrique-12.gif)'>";
+
while ($row_admin = spip_fetch_array($result_admin)) {
$id_rubrique = $row_admin["id_rubrique"];
@@ -123,7 +126,7 @@ function auteur_voir_rubriques($id_auteur, $url_self)
"</a>";
if ($modif) {
- echo " <font size='1'>[<a href='", generer_action_auteur('supprimer', "auteur_rubrique-$id_auteur-$id_rubrique", $redirect), "'>",
+ echo " <font size='1'>[<a href='", redirige_action_auteur('supprimer', "auteur_rubrique-$id_auteur-$id_rubrique", $url_self, $modif), "'>",
_T('lien_supprimer_rubrique'),
"</a>]</font>";
}
diff --git a/ecrire/inc/config.php b/ecrire/inc/config.php
index 24dc7350f4..cf851d1c9a 100644
--- a/ecrire/inc/config.php
+++ b/ecrire/inc/config.php
@@ -300,8 +300,7 @@ function appliquer_modifs_config() {
}
if ($purger_skel)
- redirige_par_entete(generer_action_auteur('purger', 'squelettes',
- _DIR_RESTREINT_ABS . self(), true));
+ redirige_par_entete(generer_action_auteur('purger', 'squelettes', _DIR_RESTREINT_ABS . self(), true));
}
diff --git a/ecrire/inc/documents.php b/ecrire/inc/documents.php
index 1b657ff856..e573874291 100644
--- a/ecrire/inc/documents.php
+++ b/ecrire/inc/documents.php
@@ -904,14 +904,13 @@ function afficher_rotateurs($album, $document, $type, $id_article, $id_document
function bouton_tourner_document($id_article, $id, $album, $rot, $type)
{
- return generer_action_auteur('tourner', $id, generer_url_ecrire($GLOBALS['exec'], ("id_$type=$id_article&show_docs=$id"), true) . "#$album") .
+ return redirige_action_auteur('tourner', $id, $GLOBALS['exec'], "id_$type=$id_article&show_docs=$id#$album") .
"&var_rot=$rot";
}
function bouton_supprime_document_et_vignette($id_article, $type, $id_v, $album, $id_document=0)
{
-
- return generer_action_auteur('supprimer', "document-$id_v", generer_url_ecrire($GLOBALS['exec'], ("id_$type=$id_article"), true) . "#$album");
+ return redirige_action_auteur('supprimer', "document-$id_v", $GLOBALS['exec'], "id_$type=$id_article#$album");
}
diff --git a/ecrire/inc/forum.php b/ecrire/inc/forum.php
index 4451a78290..80eff67256 100644
--- a/ecrire/inc/forum.php
+++ b/ecrire/inc/forum.php
@@ -84,19 +84,20 @@ function boutons_controle_forum($id_forum, $forum_stat, $forum_id_auteur=0, $ref
return;
}
- $lien = _DIR_RESTREINT_ABS . str_replace('&', '&', self()) . "#id$id_forum";
+ $lien = str_replace('&', '&', self()) . "#id$id_forum";
if ($supprimer)
- $controle .= icone(_T('icone_supprimer_message'), generer_action_auteur('instituer', "forum-$id_forum $supprimer", $lien),
+ $controle .= icone(_T('icone_supprimer_message'), generer_action_auteur('instituer', "forum-$id_forum-$supprimer", _DIR_RESTREINT_ABS . $lien),
$logo,
"supprimer.gif", 'right', 'non');
if ($valider)
- $controle .= icone(_T('icone_valider_message'), generer_action_auteur('instituer', "forum-$id_forum-$valider", $lien),
+ $controle .= icone(_T('icone_valider_message'), generer_action_auteur('instituer', "forum-$id_forum-$valider", _DIR_RESTREINT_ABS . $lien),
$logo,
"creer.gif", 'right', 'non');
if ($valider_repondre) {
- $controle .= icone(_T('icone_valider_message') . " & " . _T('lien_repondre_message'), generer_action_auteur('instituer', "forum-$id_forum-$valider", generer_url_public('forum', "$ref&id_forum=$id_forum&retour=" . rawurlencode($lien), true)),
+ $dblret = rawurlencode(_DIR_RESTREINT_ABS . $lien);
+ $controle .= icone(_T('icone_valider_message') . " & " . _T('lien_repondre_message'), generer_action_auteur('instituer', "forum-$id_forum-$valider", generer_url_public('forum', "$ref&id_forum=$id_forum&retour=$dblret", true)),
$logo,
"creer.gif", 'right', 'non');
}
diff --git a/ecrire/inc/logos.php b/ecrire/inc/logos.php
index 24e9ed016d..8d01ae0df7 100644
--- a/ecrire/inc/logos.php
+++ b/ecrire/inc/logos.php
@@ -68,7 +68,7 @@ function decrire_logo($id_objet, $mode, $id, $width, $height, $titre="", $script
"<font size='1'>" .
$xy .
"\n<br />[<a href='" .
- generer_action_auteur("iconifier", "unlink $nom.$format", generer_url_ecrire($script, "$id_objet=$id", true)) .
+ redirige_action_auteur("iconifier", "unlink $nom.$format", $script, "$id_objet=$id") .
"'>".
_T('lien_supprimer') .
"</a>]</font>" .
diff --git a/ecrire/inc/presentation.php b/ecrire/inc/presentation.php
index f79c22b46f..9ba3d74bdd 100644
--- a/ecrire/inc/presentation.php
+++ b/ecrire/inc/presentation.php
@@ -2851,8 +2851,9 @@ function fin_page($credits='') {
}
function debloquer_article($arg, $texte) {
- $lien = _DIR_RESTREINT_ABS . parametre_url(self(), 'debloquer_article', $arg, '&');
- return "<a href='" . generer_action_auteur('instituer', "collaboration-$arg", $lien) .
+ $lien = parametre_url(self(), 'debloquer_article', $arg, '&');
+ return "<a href='" .
+ generer_action_auteur('instituer', "collaboration-$arg", _DIR_RESTREINT_ABS . $lien) .
"' title=\"" .
entites_html($texte) .
"\">$texte " .
diff --git a/ecrire/inc/session.php b/ecrire/inc/session.php
index 61b601486a..98e2e81b50 100644
--- a/ecrire/inc/session.php
+++ b/ecrire/inc/session.php
@@ -293,6 +293,11 @@ function generer_action_auteur($action, $arg, $redirect="", $no_entites=false)
return generer_url_action($action, "arg=$arg&id_auteur=$connect_id_auteur&hash=$hash$redirect", $no_entites);
}
+function redirige_action_auteur($action, $arg, $ret, $gra)
+{
+ return generer_action_auteur($action, $arg, generer_url_ecrire($ret, $gra, true, _DIR_RESTREINT_ABS));
+}
+
function determine_upload()
{
global $connect_toutes_rubriques, $connect_login, $connect_statut ;
diff --git a/ecrire/inc/sites_voir.php b/ecrire/inc/sites_voir.php
index 1eafcf671d..347c292490 100644
--- a/ecrire/inc/sites_voir.php
+++ b/ecrire/inc/sites_voir.php
@@ -110,7 +110,7 @@ function afficher_syndic_articles($titre_table, $requete, $id = 0) {
$col = (($connect_statut == '0minirezo') ? 3 : 2) + ($id==0);
$tmp_var = substr(md5(join(' ',$requete)), 0, 4);
$deb_aff = intval(_request('t_' .$tmp_var));
- $redirect = generer_url_ecrire($GLOBALS['exec'], ('t_' .$tmp_var . '=' . $deb_aff) . (!$id ? '' : "&id_syndic=$id"), true);
+ $redirect = ('t_' .$tmp_var . '=' . $deb_aff) . (!$id ? '' : "&id_syndic=$id");
if (!$requete['FROM']) $requete['FROM']= 'spip_syndic_articles';
if (!$id) {
@@ -208,11 +208,11 @@ function afficher_syndic_articles_boucle($row, &$my_sites, $bof, $redirect)
if ($connect_statut == '0minirezo'){
if ($statut == "publie"){
- $s = "[<a href='". generer_action_auteur("instituer", "syndic_article-$id_syndic_article-refuse", $redirect) . "'><font color='black'>"._T('info_bloquer_lien')."</font></a>]";
+ $s = "[<a href='". redirige_action_auteur("instituer", "syndic_article-$id_syndic_article-refuse", $GLOBALS['exec'], $redirect) . "'><font color='black'>"._T('info_bloquer_lien')."</font></a>]";
}
else if ($statut == "refuse"){
- $s = "[<a href='". generer_action_auteur("instituer", "syndic_article-$id_syndic_article-publie", $redirect) . "'>"._T('info_retablir_lien')."</a>]";
+ $s = "[<a href='". redirige_action_auteur("instituer", "syndic_article-$id_syndic_article-publie", $GLOBALS['exec'], $redirect) . "'>"._T('info_retablir_lien')."</a>]";
}
else if ($statut == "off"
AND $my_sites[$id_syndic]['miroir'] == 'oui') {
@@ -220,7 +220,7 @@ function afficher_syndic_articles_boucle($row, &$my_sites, $bof, $redirect)
}
else /* 'dispo' ou 'off' (dans le cas ancien site 'miroir') */
{
- $s = "[<a href='". generer_action_auteur("instituer", "syndic_article-$id_syndic_article-publie", $redirect) . "'>"._T('info_valider_lien')."</a>]";
+ $s = "[<a href='". redirige_action_auteur("instituer", "syndic_article-$id_syndic_article-publie", $GLOBALS['exec'], $redirect) . "'>"._T('info_valider_lien')."</a>]";
}
$vals[] = $s;
}
diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index f4a6ec21c1..af68ca80a9 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -722,7 +722,7 @@ function url_de_base() {
function generer_url_ecrire($script, $args="", $no_entities=false, $rel=false) {
if (!$rel)
$rel = url_de_base() . _DIR_RESTREINT_ABS;
- else
+ else if (!is_string($rel))
$rel = _DIR_RESTREINT ? _DIR_RESTREINT : './';
if ($script AND $script<>'accueil')
--
GitLab