From d3b82961d51b54ebedb98eaefb8eb2888645c01b Mon Sep 17 00:00:00 2001
From: "fil@rezo.net" <>
Date: Thu, 24 Mar 2011 21:25:36 +0000
Subject: [PATCH] protection contre un XSS sur la page 404

---
 ecran_securite.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ecran_securite.php b/ecran_securite.php
index 878f80a..b93ea8e 100644
--- a/ecran_securite.php
+++ b/ecran_securite.php
@@ -5,7 +5,7 @@
  * ------------------
  */
 
-define('_ECRAN_SECURITE', '1.0.0'); // 7 fev 2011
+define('_ECRAN_SECURITE', '1.0.1'); // 24 mars 2011
 
 /*
  * Documentation : http://www.spip.net/fr_article4200.html
@@ -146,6 +146,9 @@ if (isset($_REQUEST['page'])) {
 		$ecran_securite_raison = "test_cfg";
 	if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page']))
 		$ecran_securite_raison = "xsspage";
+	if ($_REQUEST['page'] == '404'
+	AND isset($_REQUEST['erreur']))
+		$ecran_securite_raison = "xss404";
 }
 
 /*
-- 
GitLab