From 3ccd09b1d7fdfc31274b57e799bd2cb447630f1b Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Fri, 17 Nov 2023 15:37:11 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20suite=20=C3=A0=20#20=20les=20appels=20?=
 =?UTF-8?q?=C3=A0=20autoriser(voir,=20document,xx)=20doivent=20ajouter=20l?=
 =?UTF-8?q?'option=20htaccess=20si=20ils=20se=20contentaient=20avant=20d'u?=
 =?UTF-8?q?ne=20valeur=20non=20false?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 accesrestreint_pipelines.php | 2 +-
 action/api_docrestreint.php  | 2 +-
 action/autoriser.php         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/accesrestreint_pipelines.php b/accesrestreint_pipelines.php
index 775a396..d7ffda7 100644
--- a/accesrestreint_pipelines.php
+++ b/accesrestreint_pipelines.php
@@ -105,7 +105,7 @@ function accesrestreint_page_indisponible($contexte) {
 				}
 
 				include_spip('inc/autoriser');
-				if ($publie and !autoriser('voir', $objet, $id)) {
+				if ($publie and !autoriser('voir', $objet, $id, null, $objet === 'document' ? ['htaccess' => true]: [])) {
 					// c'est un contenu restreint
 					$contexte['status'] = '401';
 					$contexte['code'] = '401 Unauthorized';
diff --git a/action/api_docrestreint.php b/action/api_docrestreint.php
index e93d8ac..b9b0c19 100644
--- a/action/api_docrestreint.php
+++ b/action/api_docrestreint.php
@@ -450,7 +450,7 @@ class Accesrestreint_document {
 			include_spip('inc/autoriser');
 		}
 
-		if (!autoriser('voir', 'document', $doc['id_document'])) {
+		if (!autoriser('voir', 'document', $doc['id_document'], null, ['htaccess' => true])) {
 			spip_log('acces interdit, pas autorise a voir le document #' . $doc['id_document'] . ' : ' . $this->_fichier, 'accesrestreint');
 			return false;
 		}
diff --git a/action/autoriser.php b/action/autoriser.php
index ded7c8d..216c456 100644
--- a/action/autoriser.php
+++ b/action/autoriser.php
@@ -24,7 +24,7 @@ function action_autoriser_dist() {
 	$arg = intval(_request('arg'));
 
 	if (
-		!autoriser('voir', 'document', $arg)
+		!autoriser('voir', 'document', $arg, null, ['htaccess' => true])
 		or !($row = sql_fetsel('fichier', 'spip_documents', 'id_document=' . intval($arg)))
 		or !($file = $row['fichier'])
 		or !(file_exists($file))
-- 
GitLab