From 7c71ed3a17428d967e166777fcc39a8c34c1f6dc Mon Sep 17 00:00:00 2001
From: "brunobergot@gmail.com" <>
Date: Tue, 17 Apr 2012 18:12:52 +0000
Subject: [PATCH] =?UTF-8?q?report=20de=20http://core.spip.org/projects/spi?=
 =?UTF-8?q?p/repository/revisions/19252=20:=20XSS=20dans=20l'espace=20priv?=
 =?UTF-8?q?=C3=A9=20(Christophe=20Imberti)=20on=20incr=C3=A9mentera=20la?=
 =?UTF-8?q?=20version=20bient=C3=B4t...?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ecran_securite.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ecran_securite.php b/ecran_securite.php
index 9192923..071380a 100644
--- a/ecran_securite.php
+++ b/ecran_securite.php
@@ -86,6 +86,10 @@ AND !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec']))
 if (isset($_REQUEST['cherche_auteur'])
 AND preg_match(',[<],', (string)$_REQUEST['cherche_auteur']))
 	$ecran_securite_raison = "cherche_auteur";
+if (isset($_REQUEST['exec'])
+AND $_REQUEST['exec'] == 'auteurs'
+AND preg_match(',[<],', (string)$_REQUEST['recherche']))
+	$ecran_securite_raison = "recherche";
 if (isset($_REQUEST['action'])
 AND $_REQUEST['action'] == 'configurer') {
 	if (@file_exists('inc_version.php')
-- 
GitLab