spip /
SPIP
@@ -15,7 +15,7 @@ discard block |
||
| 15 | 15 | * Test utilisateur |
| 16 | 16 | */ |
| 17 | 17 | if (isset($_GET['test_ecran_securite'])) { |
| 18 | - $ecran_securite_raison = 'test ' . _ECRAN_SECURITE; |
|
| 18 | + $ecran_securite_raison = 'test '._ECRAN_SECURITE; |
|
| 19 | 19 | } |
| 20 | 20 | |
| 21 | 21 | /* |
@@ -222,8 +222,8 @@ discard block |
||
| 222 | 222 | 'yats', |
| 223 | 223 | 'yeti', |
| 224 | 224 | 'zeerch' |
| 225 | - )) . ',i', |
|
| 226 | - (string)$_SERVER['HTTP_USER_AGENT'] |
|
| 225 | + )).',i', |
|
| 226 | + (string) $_SERVER['HTTP_USER_AGENT'] |
|
| 227 | 227 | ) |
| 228 | 228 | ); |
| 229 | 229 | } |
@@ -232,12 +232,12 @@ discard block |
||
| 232 | 232 | '_IS_BOT_FRIEND', |
| 233 | 233 | isset($_SERVER['HTTP_USER_AGENT']) |
| 234 | 234 | and preg_match( |
| 235 | - ',' . implode('|', array( |
|
| 235 | + ','.implode('|', array( |
|
| 236 | 236 | 'facebookexternalhit', |
| 237 | 237 | 'flipboardproxy', |
| 238 | 238 | 'wordpress' |
| 239 | - )) . ',i', |
|
| 240 | - (string)$_SERVER['HTTP_USER_AGENT'] |
|
| 239 | + )).',i', |
|
| 240 | + (string) $_SERVER['HTTP_USER_AGENT'] |
|
| 241 | 241 | ) |
| 242 | 242 | ); |
| 243 | 243 | } |
@@ -286,10 +286,10 @@ discard block |
||
| 286 | 286 | */ |
| 287 | 287 | foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
| 288 | 288 | if (isset($_GET[$var])) { |
| 289 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 289 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_GET[$var]); |
|
| 290 | 290 | } |
| 291 | 291 | if (isset($_POST[$var])) { |
| 292 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 292 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_POST[$var]); |
|
| 293 | 293 | } |
| 294 | 294 | } |
| 295 | 295 | |
@@ -297,8 +297,8 @@ discard block |
||
| 297 | 297 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
| 298 | 298 | */ |
| 299 | 299 | if (isset($_SERVER['REQUEST_URI'])) { |
| 300 | - if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) { |
|
| 301 | - $file = addslashes((string)$_GET['file']); |
|
| 300 | + if (preg_match(',^(.*/)?spip_acces_doc\.,', (string) $_SERVER['REQUEST_URI'])) { |
|
| 301 | + $file = addslashes((string) $_GET['file']); |
|
| 302 | 302 | } |
| 303 | 303 | } |
| 304 | 304 | |
@@ -318,13 +318,13 @@ discard block |
||
| 318 | 318 | */ |
| 319 | 319 | if ( |
| 320 | 320 | isset($_REQUEST['partie_cal']) |
| 321 | - and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal']) |
|
| 321 | + and $_REQUEST['partie_cal'] !== htmlentities((string) $_REQUEST['partie_cal']) |
|
| 322 | 322 | ) { |
| 323 | 323 | $ecran_securite_raison = "partie_cal"; |
| 324 | 324 | } |
| 325 | 325 | if ( |
| 326 | 326 | isset($_REQUEST['echelle']) |
| 327 | - and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle']) |
|
| 327 | + and $_REQUEST['echelle'] !== htmlentities((string) $_REQUEST['echelle']) |
|
| 328 | 328 | ) { |
| 329 | 329 | $ecran_securite_raison = "echelle"; |
| 330 | 330 | } |
@@ -334,13 +334,13 @@ discard block |
||
| 334 | 334 | */ |
| 335 | 335 | if ( |
| 336 | 336 | isset($_REQUEST['exec']) |
| 337 | - and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec']) |
|
| 337 | + and !preg_match(',^[\w-]+$,', (string) $_REQUEST['exec']) |
|
| 338 | 338 | ) { |
| 339 | 339 | $ecran_securite_raison = "exec"; |
| 340 | 340 | } |
| 341 | 341 | if ( |
| 342 | 342 | isset($_REQUEST['cherche_auteur']) |
| 343 | - and preg_match(',[<],', (string)$_REQUEST['cherche_auteur']) |
|
| 343 | + and preg_match(',[<],', (string) $_REQUEST['cherche_auteur']) |
|
| 344 | 344 | ) { |
| 345 | 345 | $ecran_securite_raison = "cherche_auteur"; |
| 346 | 346 | } |
@@ -348,7 +348,7 @@ discard block |
||
| 348 | 348 | isset($_REQUEST['exec']) |
| 349 | 349 | and $_REQUEST['exec'] == 'auteurs' |
| 350 | 350 | and isset($_REQUEST['recherche']) |
| 351 | - and preg_match(',[<],', (string)$_REQUEST['recherche']) |
|
| 351 | + and preg_match(',[<],', (string) $_REQUEST['recherche']) |
|
| 352 | 352 | ) { |
| 353 | 353 | $ecran_securite_raison = "recherche"; |
| 354 | 354 | } |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | isset($_REQUEST['exec']) |
| 357 | 357 | and $_REQUEST['exec'] == 'info_plugin' |
| 358 | 358 | and isset($_REQUEST['plugin']) |
| 359 | - and preg_match(',[<],', (string)$_REQUEST['plugin']) |
|
| 359 | + and preg_match(',[<],', (string) $_REQUEST['plugin']) |
|
| 360 | 360 | ) { |
| 361 | 361 | $ecran_securite_raison = "plugin"; |
| 362 | 362 | } |
@@ -383,7 +383,7 @@ discard block |
||
| 383 | 383 | echo minipres(_T('info_acces_interdit')); |
| 384 | 384 | exit; |
| 385 | 385 | } |
| 386 | - require _DIR_RESTREINT . 'action/configurer.php'; |
|
| 386 | + require _DIR_RESTREINT.'action/configurer.php'; |
|
| 387 | 387 | action_configurer_dist(); |
| 388 | 388 | } |
| 389 | 389 | } |
@@ -435,9 +435,9 @@ discard block |
||
| 435 | 435 | if (_IS_BOT) { |
| 436 | 436 | if ( |
| 437 | 437 | (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
| 438 | - or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
|
| 439 | - or (isset($_REQUEST['calendrier_annee']) and strpos((string)$_SERVER['REQUEST_URI'], 'debut_')) |
|
| 440 | - or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string)$_SERVER['REQUEST_URI'])) |
|
| 438 | + or (strpos((string) $_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string) $_SERVER['REQUEST_URI'])) |
|
| 439 | + or (isset($_REQUEST['calendrier_annee']) and strpos((string) $_SERVER['REQUEST_URI'], 'debut_')) |
|
| 440 | + or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string) $_SERVER['REQUEST_URI'])) |
|
| 441 | 441 | ) { |
| 442 | 442 | $ecran_securite_raison = "robot agenda/double pagination"; |
| 443 | 443 | } |
@@ -451,7 +451,7 @@ discard block |
||
| 451 | 451 | if ($_REQUEST['page'] == 'test_cfg') { |
| 452 | 452 | $ecran_securite_raison = "test_cfg"; |
| 453 | 453 | } |
| 454 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) { |
|
| 454 | + if ($_REQUEST['page'] !== htmlspecialchars((string) $_REQUEST['page'])) { |
|
| 455 | 455 | $ecran_securite_raison = "xsspage"; |
| 456 | 456 | } |
| 457 | 457 | if ( |
@@ -467,7 +467,7 @@ discard block |
||
| 467 | 467 | */ |
| 468 | 468 | foreach (array('var_login') as $var) { |
| 469 | 469 | if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) { |
| 470 | - $ecran_securite_raison = "xss " . $var; |
|
| 470 | + $ecran_securite_raison = "xss ".$var; |
|
| 471 | 471 | } |
| 472 | 472 | } |
| 473 | 473 | |
@@ -515,13 +515,13 @@ discard block |
||
| 515 | 515 | */ |
| 516 | 516 | if ( |
| 517 | 517 | isset($_REQUEST['nom_sauvegarde']) |
| 518 | - and strstr((string)$_REQUEST['nom_sauvegarde'], '/') |
|
| 518 | + and strstr((string) $_REQUEST['nom_sauvegarde'], '/') |
|
| 519 | 519 | ) { |
| 520 | 520 | $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
| 521 | 521 | } |
| 522 | 522 | if ( |
| 523 | 523 | isset($_REQUEST['znom_sauvegarde']) |
| 524 | - and strstr((string)$_REQUEST['znom_sauvegarde'], '/') |
|
| 524 | + and strstr((string) $_REQUEST['znom_sauvegarde'], '/') |
|
| 525 | 525 | ) { |
| 526 | 526 | $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
| 527 | 527 | } |
