From e86f73c76c95042b87928f59840f2a777da310f7 Mon Sep 17 00:00:00 2001
From: "Committo,Ergo:sum" <esj@rezo.net>
Date: Tue, 16 May 2006 17:31:22 +0000
Subject: [PATCH] =?UTF-8?q?http=5Fimg=5Fpack=20retire=20=C3=A0=20pr=C3=A9s?=
=?UTF-8?q?ent=20un=20guillemet=20dans=20l'argument=20Alt,=20c'est=20nette?=
=?UTF-8?q?ment=20plus=20efficace=20que=20de=20l'appeler=20avec=20un=20add?=
=?UTF-8?q?slashes=20qui=20n'arrange=20rien=20et=20complique=20la=20t?=
=?UTF-8?q?=C3=A2che=20#209.=20Elle=20est=20repartie.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
ecrire/exec/forum_envoi.php | 25 +++++++------------------
ecrire/inc/config.php | 2 +-
ecrire/inc/distant.php | 6 +++---
ecrire/inc/documents.php | 6 +++---
ecrire/inc/getdocument.php | 8 ++++----
ecrire/inc/minipres.php | 2 +-
6 files changed, 19 insertions(+), 30 deletions(-)
diff --git a/ecrire/exec/forum_envoi.php b/ecrire/exec/forum_envoi.php
index 4f5cab6542..d70b09c631 100644
--- a/ecrire/exec/forum_envoi.php
+++ b/ecrire/exec/forum_envoi.php
@@ -54,18 +54,7 @@ if ($valider_forum AND ($statut!='')) {
$titre_message = corriger_caracteres($titre_message);
$texte = corriger_caracteres($texte);
- spip_abstract_insert('spip_forum',
- "(titre, texte, date_heure, nom_site, url_site, statut, id_auteur, auteur, email_auteur, id_rubrique, id_parent, id_article, id_breve, id_message, id_syndic)",
- "('".addslashes($titre_message)."',
- '".addslashes($texte)."', NOW(),
- '".addslashes($nom_site)."',
- '".addslashes($url_site)."',
- '".addslashes($statut)."',
- $connect_id_auteur,
- '".addslashes($GLOBALS['auteur_session']['nom'])."',
- '".addslashes($GLOBALS['auteur_session']['email'])."',
- '$id_rubrique', '$id_parent', '$id_article', '$id_breve',
- '$id_message', '$id_syndic')");
+ spip_abstract_insert('spip_forum', "(titre, texte, date_heure, nom_site, url_site, statut, id_auteur, auteur, email_auteur, id_rubrique, id_parent, id_article, id_breve, id_message, id_syndic)", "('".addslashes($titre_message)."', '".addslashes($texte)."', NOW(), '".addslashes($nom_site)."', '".addslashes($url_site)."', '".addslashes($statut)."', $connect_id_auteur, '".addslashes($GLOBALS['auteur_session']['nom'])."', '".addslashes($GLOBALS['auteur_session']['email'])."', '$id_rubrique', '$id_parent', '$id_article', '$id_breve', '$id_message', '$id_syndic')");
calculer_threads();
@@ -143,12 +132,12 @@ if ($modif_forum == "oui") {
fin_cadre_thread_forum();
if ($titre_parent) {
- echo "</td></tr><tr>";
- echo "<td width=10 valign='top' background='" . _DIR_IMG_PACK . "rien.gif'>",
- http_img_pack("forum-droite$spip_lang_rtl.gif",
- addslashes($titre_parent),
- "width='10' height='13' border='0'"), "</td>\n";
- echo "</tr></table>";
+ echo "</td></tr><tr>",
+ "<td width=10 valign='top' background='",
+ _DIR_IMG_PACK ,
+ "rien.gif'>",
+ http_img_pack("forum-droite$spip_lang_rtl.gif", $titre_parent, "width='10' height='13' border='0'"),
+ "</td>\n</tr></table>";
}
}
else {
diff --git a/ecrire/inc/config.php b/ecrire/inc/config.php
index a778a47ca8..24dc7350f4 100644
--- a/ecrire/inc/config.php
+++ b/ecrire/inc/config.php
@@ -101,7 +101,7 @@ function avertissement_config() {
echo "<div class='verdana2' align='justify'>
<p align='center'><B>"._T('avis_attention')."</B></p>",
- http_img_pack("warning.gif", addslashes(_T('avis_attention')), "width='48' height='48' align='$spip_lang_right' style='padding-$spip_lang_left: 10px;'");
+ http_img_pack("warning.gif", (_T('avis_attention')), "width='48' height='48' align='$spip_lang_right' style='padding-$spip_lang_left: 10px;'");
echo _T('texte_inc_config');
diff --git a/ecrire/inc/distant.php b/ecrire/inc/distant.php
index ceebf09db2..2257f21c94 100644
--- a/ecrire/inc/distant.php
+++ b/ecrire/inc/distant.php
@@ -246,7 +246,7 @@ function fichier_copie_locale($source) {
function recuperer_infos_distantes($source, $max=0) {
$a = array();
-
+ $mime_type = '';
// On va directement charger le debut des images et des fichiers html,
// de maniere a attrapper le maximum d'infos (titre, taille, etc). Si
// ca echoue l'utilisateur devra les entrer...
@@ -255,8 +255,8 @@ function recuperer_infos_distantes($source, $max=0) {
$t = preg_match(",\nContent-Type: *([^[:space:];]*),i",
"\n$headers", $regs);
if ($t) {
- $mime_type = addslashes(trim($regs[1]));
- $t = spip_fetch_array(spip_query("SELECT id_type,extension FROM spip_types_documents WHERE mime_type='$mime_type'"));
+ $mime_type = (trim($regs[1]));
+ $t = spip_fetch_array(spip_query("SELECT id_type,extension FROM spip_types_documents WHERE mime_type='" . addslashes($mime_type) ."'"));
}
if ($t) {
spip_log("mime-type $mime_type ok");
diff --git a/ecrire/inc/documents.php b/ecrire/inc/documents.php
index e5655499cc..39856bdd80 100644
--- a/ecrire/inc/documents.php
+++ b/ecrire/inc/documents.php
@@ -1346,9 +1346,9 @@ function maj_documents ($id_objet, $type) {
// "securite" : verifier que le document est bien lie a l'objet
$result_doc = spip_query("SELECT * FROM spip_documents_".$type."s WHERE id_document=".$id_document." AND id_".$type." = $id_objet");
if (spip_num_rows($result_doc) > 0) {
- $titre_document = addslashes(corriger_caracteres(
+ $titre_document = (corriger_caracteres(
$_POST['titre_document']));
- $descriptif_document = addslashes(corriger_caracteres(
+ $descriptif_document = (corriger_caracteres(
$_POST['descriptif_document']));
// taille du document (cas des embed)
@@ -1358,7 +1358,7 @@ function maj_documents ($id_objet, $type) {
hauteur='$hauteur_document'";
else $wh = "";
- spip_query("UPDATE spip_documents SET titre='$titre_document', descriptif='$descriptif_document' $wh WHERE id_document=".$id_document);
+ spip_query("UPDATE spip_documents SET titre='" . addslashes($titre_document) . "', descriptif='" . addslashes($descriptif_document) . "' $wh WHERE id_document=".$id_document);
// Date du document (uniquement dans les rubriques)
if ($_POST['jour_doc']) {
diff --git a/ecrire/inc/getdocument.php b/ecrire/inc/getdocument.php
index d5b0af1f43..ce4ecf58b4 100644
--- a/ecrire/inc/getdocument.php
+++ b/ecrire/inc/getdocument.php
@@ -138,8 +138,8 @@ function check_upload_error($error, $msg='') {
function accepte_fichier_upload ($f) {
if (!ereg(".*__MACOSX/", $f)
AND !ereg("^\.", basename($f))) {
- $ext = corriger_extension(addslashes(strtolower(substr(strrchr($f, "."), 1))));
- $row = @spip_fetch_array(spip_query("SELECT extension FROM spip_types_documents WHERE extension='$ext' AND upload='oui'"));
+ $ext = corriger_extension((strtolower(substr(strrchr($f, "."), 1))));
+ $row = @spip_fetch_array(spip_query("SELECT extension FROM spip_types_documents WHERE extension='" . addslashes($ext) . "' AND upload='oui'"));
return $row;
}
}
@@ -222,10 +222,10 @@ function ajouter_un_document ($source, $nom_envoye, $type_lien, $id_lien, $mode,
// - quel numero dans spip_types_documents ? =-(
// - est-ce "inclus" comme une image ?
ereg("\.([^.]+)$", $nom_envoye, $match);
- $ext = addslashes(corriger_extension(strtolower($match[1])));
+ $ext = (corriger_extension(strtolower($match[1])));
// Si le fichier est de type inconnu, on va le stocker en .zip
- $q = spip_query("SELECT * FROM spip_types_documents WHERE extension='$ext' AND upload='oui'");
+ $q = spip_query("SELECT * FROM spip_types_documents WHERE extension='" . addslashes($ext) . "' AND upload='oui'");
if (!$row = spip_fetch_array($q)) {
/* STOCKER LES DOCUMENTS INCONNUS AU FORMAT .BIN */
diff --git a/ecrire/inc/minipres.php b/ecrire/inc/minipres.php
index 049cea472c..e599d845c3 100644
--- a/ecrire/inc/minipres.php
+++ b/ecrire/inc/minipres.php
@@ -168,7 +168,7 @@ function http_href($href, $clic, $title='', $style='', $class='', $evt='') {
function http_img_pack($img, $alt, $att, $title='') {
return "<img src='" . _DIR_IMG_PACK . $img
. ("'\nalt=\"" .
- ($alt ? $alt : ($title ? $title : ereg_replace('\..*$','',$img)))
+ ($alt ? str_replace('"','',$alt) : ($title ? $title : ereg_replace('\..*$','',$img)))
. '" ')
. ($title ? " title=\"$title\"" : '')
. $att . " />";
--
GitLab