spip /
SPIP
@@ -14,8 +14,9 @@ discard block |
||
| 14 | 14 | /* |
| 15 | 15 | * Test utilisateur |
| 16 | 16 | */ |
| 17 | -if (isset($_GET['test_ecran_securite'])) |
|
| 17 | +if (isset($_GET['test_ecran_securite'])) { |
|
| 18 | 18 | $ecran_securite_raison = 'test '._ECRAN_SECURITE; |
| 19 | +} |
|
| 19 | 20 | |
| 20 | 21 | /* |
| 21 | 22 | * Monitoring |
@@ -60,18 +61,21 @@ discard block |
||
| 60 | 61 | * (sauf pour id_table, qui n'est pas numérique jusqu'à [5743]) |
| 61 | 62 | * (id_base est une variable de la config des widgets de WordPress) |
| 62 | 63 | */ |
| 63 | -foreach ($_GET as $var => $val) |
|
| 64 | +foreach ($_GET as $var => $val) { |
|
| 64 | 65 | if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
| 65 | 66 | and !in_array($var, array('id_table', 'id_base'))) |
| 66 | 67 | $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
| 67 | -foreach ($_POST as $var => $val) |
|
| 68 | +} |
|
| 69 | +foreach ($_POST as $var => $val) { |
|
| 68 | 70 | if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
| 69 | 71 | and !in_array($var, array('id_table', 'id_base'))) |
| 70 | 72 | $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
| 71 | -foreach ($GLOBALS as $var => $val) |
|
| 73 | +} |
|
| 74 | +foreach ($GLOBALS as $var => $val) { |
|
| 72 | 75 | if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
| 73 | 76 | and !in_array($var, array('id_table', 'id_base'))) |
| 74 | 77 | $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
| 78 | +} |
|
| 75 | 79 | |
| 76 | 80 | /* |
| 77 | 81 | * Interdit la variable $cjpeg_command, qui était utilisée sans |
@@ -83,11 +87,13 @@ discard block |
||
| 83 | 87 | * Contrôle de quelques variables (XSS) |
| 84 | 88 | */ |
| 85 | 89 | foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
| 86 | - if (isset($_GET[$var])) |
|
| 87 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 88 | - if (isset($_POST[$var])) |
|
| 89 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 90 | -} |
|
| 90 | + if (isset($_GET[$var])) { |
|
| 91 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 92 | + } |
|
| 93 | + if (isset($_POST[$var])) { |
|
| 94 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 95 | + } |
|
| 96 | + } |
|
| 91 | 97 | |
| 92 | 98 | /* |
| 93 | 99 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
@@ -101,41 +107,49 @@ discard block |
||
| 101 | 107 | */ |
| 102 | 108 | if (isset($_REQUEST['mode']) and isset($_REQUEST['page']) |
| 103 | 109 | and !in_array($_REQUEST['mode'], array("6forum", "1comite")) |
| 104 | -and $_REQUEST['page'] == "identifiants") |
|
| 110 | +and $_REQUEST['page'] == "identifiants") { |
|
| 105 | 111 | $ecran_securite_raison = "identifiants"; |
| 112 | +} |
|
| 106 | 113 | |
| 107 | 114 | /* |
| 108 | 115 | * Agenda joue à l'injection php |
| 109 | 116 | */ |
| 110 | 117 | if (isset($_REQUEST['partie_cal']) |
| 111 | -and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) |
|
| 118 | +and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) { |
|
| 112 | 119 | $ecran_securite_raison = "partie_cal"; |
| 120 | +} |
|
| 113 | 121 | if (isset($_REQUEST['echelle']) |
| 114 | -and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) |
|
| 122 | +and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) { |
|
| 115 | 123 | $ecran_securite_raison = "echelle"; |
| 124 | +} |
|
| 116 | 125 | |
| 117 | 126 | /* |
| 118 | 127 | * Espace privé |
| 119 | 128 | */ |
| 120 | 129 | if (isset($_REQUEST['exec']) |
| 121 | -and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) |
|
| 130 | +and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) { |
|
| 122 | 131 | $ecran_securite_raison = "exec"; |
| 132 | +} |
|
| 123 | 133 | if (isset($_REQUEST['cherche_auteur']) |
| 124 | -and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) |
|
| 134 | +and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) { |
|
| 125 | 135 | $ecran_securite_raison = "cherche_auteur"; |
| 136 | +} |
|
| 126 | 137 | if (isset($_REQUEST['exec']) |
| 127 | 138 | and $_REQUEST['exec'] == 'auteurs' |
| 128 | -and preg_match(',[<],', (string)$_REQUEST['recherche'])) |
|
| 139 | +and preg_match(',[<],', (string)$_REQUEST['recherche'])) { |
|
| 129 | 140 | $ecran_securite_raison = "recherche"; |
| 141 | +} |
|
| 130 | 142 | if (isset($_REQUEST['exec']) |
| 131 | 143 | and $_REQUEST['exec'] == 'info_plugin' |
| 132 | -and preg_match(',[<],', (string)$_REQUEST['plugin'])) |
|
| 144 | +and preg_match(',[<],', (string)$_REQUEST['plugin'])) { |
|
| 133 | 145 | $ecran_securite_raison = "plugin"; |
| 146 | +} |
|
| 134 | 147 | if (isset($_REQUEST['exec']) |
| 135 | 148 | and $_REQUEST['exec'] == 'puce_statut' |
| 136 | 149 | and isset($_REQUEST['id']) |
| 137 | -and !intval($_REQUEST['id'])) |
|
| 150 | +and !intval($_REQUEST['id'])) { |
|
| 138 | 151 | $ecran_securite_raison = "puce_statut"; |
| 152 | +} |
|
| 139 | 153 | if (isset($_REQUEST['action']) |
| 140 | 154 | and $_REQUEST['action'] == 'configurer') { |
| 141 | 155 | if (@file_exists('inc_version.php') |
@@ -160,21 +174,24 @@ discard block |
||
| 160 | 174 | @get_magic_quotes_gpc() ? |
| 161 | 175 | stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), |
| 162 | 176 | chr(0) |
| 163 | -) !== false) |
|
| 177 | +) !== false) { |
|
| 164 | 178 | $ecran_securite_raison = "%00"; |
| 179 | +} |
|
| 165 | 180 | |
| 166 | 181 | /* |
| 167 | 182 | * Bloque les requêtes fond=formulaire_ |
| 168 | 183 | */ |
| 169 | 184 | if (isset($_REQUEST['fond']) |
| 170 | -and preg_match(',^formulaire_,i', $_REQUEST['fond'])) |
|
| 185 | +and preg_match(',^formulaire_,i', $_REQUEST['fond'])) { |
|
| 171 | 186 | $ecran_securite_raison = "fond=formulaire_"; |
| 187 | +} |
|
| 172 | 188 | |
| 173 | 189 | /* |
| 174 | 190 | * Bloque les requêtes du type ?GLOBALS[type_urls]=toto (bug vieux php) |
| 175 | 191 | */ |
| 176 | -if (isset($_REQUEST['GLOBALS'])) |
|
| 192 | +if (isset($_REQUEST['GLOBALS'])) { |
|
| 177 | 193 | $ecran_securite_raison = "GLOBALS[GLOBALS]"; |
| 194 | +} |
|
| 178 | 195 | |
| 179 | 196 | /* |
| 180 | 197 | * Bloque les requêtes des bots sur: |
@@ -185,29 +202,34 @@ discard block |
||
| 185 | 202 | (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
| 186 | 203 | or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
| 187 | 204 | ) |
| 188 | -) |
|
| 205 | +) { |
|
| 189 | 206 | $ecran_securite_raison = "robot agenda/double pagination"; |
| 207 | +} |
|
| 190 | 208 | |
| 191 | 209 | /* |
| 192 | 210 | * Bloque une vieille page de tests de CFG (<1.11) |
| 193 | 211 | * Bloque un XSS sur une page inexistante |
| 194 | 212 | */ |
| 195 | 213 | if (isset($_REQUEST['page'])) { |
| 196 | - if ($_REQUEST['page'] == 'test_cfg') |
|
| 197 | - $ecran_securite_raison = "test_cfg"; |
|
| 198 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 199 | - $ecran_securite_raison = "xsspage"; |
|
| 214 | + if ($_REQUEST['page'] == 'test_cfg') { |
|
| 215 | + $ecran_securite_raison = "test_cfg"; |
|
| 216 | + } |
|
| 217 | + if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) { |
|
| 218 | + $ecran_securite_raison = "xsspage"; |
|
| 219 | + } |
|
| 200 | 220 | if ($_REQUEST['page'] == '404' |
| 201 | - and isset($_REQUEST['erreur'])) |
|
| 202 | - $ecran_securite_raison = "xss404"; |
|
| 203 | -} |
|
| 221 | + and isset($_REQUEST['erreur'])) { |
|
| 222 | + $ecran_securite_raison = "xss404"; |
|
| 223 | + } |
|
| 224 | + } |
|
| 204 | 225 | |
| 205 | 226 | /* |
| 206 | 227 | * XSS par array |
| 207 | 228 | */ |
| 208 | -foreach (array('var_login') as $var) |
|
| 209 | -if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) |
|
| 229 | +foreach (array('var_login') as $var) { |
|
| 230 | + if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) |
|
| 210 | 231 | $ecran_securite_raison = "xss ".$var; |
| 232 | +} |
|
| 211 | 233 | |
| 212 | 234 | /* |
| 213 | 235 | * Parade antivirale contre un cheval de troie |
@@ -217,18 +239,21 @@ discard block |
||
| 217 | 239 | function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) { |
| 218 | 240 | // si jamais on est arrivé ici sur une erreur php |
| 219 | 241 | // et qu'un autre gestionnaire d'erreur est défini, l'appeller |
| 220 | - if ($b && $GLOBALS['tmp_xhgfjokl']) |
|
| 221 | - call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); |
|
| 242 | + if ($b && $GLOBALS['tmp_xhgfjokl']) { |
|
| 243 | + call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); |
|
| 244 | + } |
|
| 222 | 245 | } |
| 223 | 246 | } |
| 224 | -if (isset($_POST['tmp_lkojfghx3'])) |
|
| 247 | +if (isset($_POST['tmp_lkojfghx3'])) { |
|
| 225 | 248 | $ecran_securite_raison = "gumblar"; |
| 249 | +} |
|
| 226 | 250 | |
| 227 | 251 | /* |
| 228 | 252 | * Outils XML mal sécurisés < 2.0.9 |
| 229 | 253 | */ |
| 230 | -if (isset($_REQUEST['transformer_xml'])) |
|
| 254 | +if (isset($_REQUEST['transformer_xml'])) { |
|
| 231 | 255 | $ecran_securite_raison = "transformer_xml"; |
| 256 | +} |
|
| 232 | 257 | |
| 233 | 258 | /* |
| 234 | 259 | * Outils XML mal sécurisés again |
@@ -246,11 +271,13 @@ discard block |
||
| 246 | 271 | * Sauvegarde mal securisée < 2.0.9 |
| 247 | 272 | */ |
| 248 | 273 | if (isset($_REQUEST['nom_sauvegarde']) |
| 249 | -and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) |
|
| 274 | +and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) { |
|
| 250 | 275 | $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
| 276 | +} |
|
| 251 | 277 | if (isset($_REQUEST['znom_sauvegarde']) |
| 252 | -and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) |
|
| 278 | +and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) { |
|
| 253 | 279 | $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
| 280 | +} |
|
| 254 | 281 | |
| 255 | 282 | |
| 256 | 283 | /* |
@@ -258,8 +285,9 @@ discard block |
||
| 258 | 285 | * on vérifie 'page' pour ne pas bloquer ... drupal |
| 259 | 286 | */ |
| 260 | 287 | if (isset($_REQUEST['op']) and isset($_REQUEST['page']) |
| 261 | -and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) |
|
| 288 | +and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) { |
|
| 262 | 289 | $ecran_securite_raison = 'op'; |
| 290 | +} |
|
| 263 | 291 | |
| 264 | 292 | /* |
| 265 | 293 | * Forms & Table ne se méfiait pas assez des uploads de fichiers |
@@ -267,8 +295,9 @@ discard block |
||
| 267 | 295 | if (count($_FILES)){ |
| 268 | 296 | foreach($_FILES as $k => $v){ |
| 269 | 297 | if (preg_match(',^fichier_\d+$,', $k) |
| 270 | - and preg_match(',\.php,i', $v['name'])) |
|
| 271 | - unset($_FILES[$k]); |
|
| 298 | + and preg_match(',\.php,i', $v['name'])) { |
|
| 299 | + unset($_FILES[$k]); |
|
| 300 | + } |
|
| 272 | 301 | } |
| 273 | 302 | } |
| 274 | 303 | /* |
@@ -285,21 +314,24 @@ discard block |
||
| 285 | 314 | * reinstall=oui un peu trop permissif |
| 286 | 315 | */ |
| 287 | 316 | if (isset($_REQUEST['reinstall']) |
| 288 | -and $_REQUEST['reinstall'] == 'oui') |
|
| 317 | +and $_REQUEST['reinstall'] == 'oui') { |
|
| 289 | 318 | $ecran_securite_raison = 'reinstall=oui'; |
| 319 | +} |
|
| 290 | 320 | |
| 291 | 321 | /* |
| 292 | 322 | * Échappement xss referer |
| 293 | 323 | */ |
| 294 | -if (isset($_SERVER['HTTP_REFERER'])) |
|
| 324 | +if (isset($_SERVER['HTTP_REFERER'])) { |
|
| 295 | 325 | $_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##'); |
| 326 | +} |
|
| 296 | 327 | |
| 297 | 328 | |
| 298 | 329 | /* |
| 299 | 330 | * Echappement HTTP_X_FORWARDED_HOST |
| 300 | 331 | */ |
| 301 | -if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) |
|
| 332 | +if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { |
|
| 302 | 333 | $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________'); |
| 334 | +} |
|
| 303 | 335 | |
| 304 | 336 | |
| 305 | 337 | /* |
@@ -307,9 +339,10 @@ discard block |
||
| 307 | 339 | */ |
| 308 | 340 | if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false){ |
| 309 | 341 | $zzzz = implode("", array_keys($_REQUEST)); |
| 310 | - if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
|
| 311 | - $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
|
| 312 | -} |
|
| 342 | + if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) { |
|
| 343 | + $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
|
| 344 | + } |
|
| 345 | + } |
|
| 313 | 346 | |
| 314 | 347 | /* |
| 315 | 348 | * Injection par connect |
@@ -358,8 +391,9 @@ discard block |
||
| 358 | 391 | /* |
| 359 | 392 | * Bloque les bots quand le load déborde |
| 360 | 393 | */ |
| 361 | -if (!defined('_ECRAN_SECURITE_LOAD')) |
|
| 394 | +if (!defined('_ECRAN_SECURITE_LOAD')) { |
|
| 362 | 395 | define('_ECRAN_SECURITE_LOAD', 4); |
| 396 | +} |
|
| 363 | 397 | |
| 364 | 398 | if ( |
| 365 | 399 | defined('_ECRAN_SECURITE_LOAD') |
@@ -23,18 +23,18 @@ discard block |
||
| 23 | 23 | * var_isbot=1 peut etre utilise pour monitorer la disponibilite pour les bots (sujets a 503 de delestage si |
| 24 | 24 | * le load depasse ECRAN_SECURITE_LOAD) |
| 25 | 25 | */ |
| 26 | -if (!defined('_IS_BOT') and isset($_GET['var_isbot'])){ |
|
| 26 | +if (!defined('_IS_BOT') and isset($_GET['var_isbot'])) { |
|
| 27 | 27 | define('_IS_BOT', $_GET['var_isbot'] ? true : false); |
| 28 | 28 | } |
| 29 | 29 | |
| 30 | 30 | /* |
| 31 | 31 | * Détecteur de robot d'indexation |
| 32 | 32 | */ |
| 33 | -if (!defined('_IS_BOT')){ |
|
| 33 | +if (!defined('_IS_BOT')) { |
|
| 34 | 34 | define('_IS_BOT', |
| 35 | 35 | isset($_SERVER['HTTP_USER_AGENT']) |
| 36 | 36 | and preg_match(',' |
| 37 | - . implode ('|', array( |
|
| 37 | + . implode('|', array( |
|
| 38 | 38 | // mots generiques |
| 39 | 39 | 'bot', |
| 40 | 40 | 'slurp', |
@@ -175,18 +175,18 @@ discard block |
||
| 175 | 175 | 'yats', |
| 176 | 176 | 'yeti', |
| 177 | 177 | 'zeerch' |
| 178 | - )) . ',i', |
|
| 179 | - (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 178 | + )).',i', |
|
| 179 | + (string) $_SERVER['HTTP_USER_AGENT']) |
|
| 180 | 180 | ); |
| 181 | 181 | } |
| 182 | -if (!defined('_IS_BOT_FRIEND')){ |
|
| 182 | +if (!defined('_IS_BOT_FRIEND')) { |
|
| 183 | 183 | define('_IS_BOT_FRIEND', |
| 184 | 184 | isset($_SERVER['HTTP_USER_AGENT']) |
| 185 | - and preg_match(',' . implode ('|', array( |
|
| 185 | + and preg_match(','.implode('|', array( |
|
| 186 | 186 | 'facebookexternalhit', |
| 187 | 187 | 'flipboardproxy' |
| 188 | - )) . ',i', |
|
| 189 | - (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 188 | + )).',i', |
|
| 189 | + (string) $_SERVER['HTTP_USER_AGENT']) |
|
| 190 | 190 | ); |
| 191 | 191 | } |
| 192 | 192 | |
@@ -200,15 +200,15 @@ discard block |
||
| 200 | 200 | foreach ($_GET as $var => $val) |
| 201 | 201 | if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
| 202 | 202 | and !in_array($var, array('id_table', 'id_base'))) |
| 203 | - $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
|
| 203 | + $_GET[$var] = is_array($_GET[$var]) ? @array_map('intval', $_GET[$var]) : intval($_GET[$var]); |
|
| 204 | 204 | foreach ($_POST as $var => $val) |
| 205 | 205 | if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
| 206 | 206 | and !in_array($var, array('id_table', 'id_base'))) |
| 207 | - $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
|
| 207 | + $_POST[$var] = is_array($_POST[$var]) ? @array_map('intval', $_POST[$var]) : intval($_POST[$var]); |
|
| 208 | 208 | foreach ($GLOBALS as $var => $val) |
| 209 | 209 | if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
| 210 | 210 | and !in_array($var, array('id_table', 'id_base'))) |
| 211 | - $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
|
| 211 | + $GLOBALS[$var] = is_array($GLOBALS[$var]) ? @array_map('intval', $GLOBALS[$var]) : intval($GLOBALS[$var]); |
|
| 212 | 212 | |
| 213 | 213 | /* |
| 214 | 214 | * Interdit la variable $cjpeg_command, qui était utilisée sans |
@@ -219,18 +219,18 @@ discard block |
||
| 219 | 219 | /* |
| 220 | 220 | * Contrôle de quelques variables (XSS) |
| 221 | 221 | */ |
| 222 | -foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
|
| 222 | +foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
|
| 223 | 223 | if (isset($_GET[$var])) |
| 224 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 224 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_GET[$var]); |
|
| 225 | 225 | if (isset($_POST[$var])) |
| 226 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 226 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_POST[$var]); |
|
| 227 | 227 | } |
| 228 | 228 | |
| 229 | 229 | /* |
| 230 | 230 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
| 231 | 231 | */ |
| 232 | -if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) { |
|
| 233 | - $file = addslashes((string)$_GET['file']); |
|
| 232 | +if (preg_match(',^(.*/)?spip_acces_doc\.,', (string) $_SERVER['REQUEST_URI'])) { |
|
| 233 | + $file = addslashes((string) $_GET['file']); |
|
| 234 | 234 | } |
| 235 | 235 | |
| 236 | 236 | /* |
@@ -245,28 +245,28 @@ discard block |
||
| 245 | 245 | * Agenda joue à l'injection php |
| 246 | 246 | */ |
| 247 | 247 | if (isset($_REQUEST['partie_cal']) |
| 248 | -and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) |
|
| 248 | +and $_REQUEST['partie_cal'] !== htmlentities((string) $_REQUEST['partie_cal'])) |
|
| 249 | 249 | $ecran_securite_raison = "partie_cal"; |
| 250 | 250 | if (isset($_REQUEST['echelle']) |
| 251 | -and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) |
|
| 251 | +and $_REQUEST['echelle'] !== htmlentities((string) $_REQUEST['echelle'])) |
|
| 252 | 252 | $ecran_securite_raison = "echelle"; |
| 253 | 253 | |
| 254 | 254 | /* |
| 255 | 255 | * Espace privé |
| 256 | 256 | */ |
| 257 | 257 | if (isset($_REQUEST['exec']) |
| 258 | -and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) |
|
| 258 | +and !preg_match(',^[\w-]+$,', (string) $_REQUEST['exec'])) |
|
| 259 | 259 | $ecran_securite_raison = "exec"; |
| 260 | 260 | if (isset($_REQUEST['cherche_auteur']) |
| 261 | -and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) |
|
| 261 | +and preg_match(',[<],', (string) $_REQUEST['cherche_auteur'])) |
|
| 262 | 262 | $ecran_securite_raison = "cherche_auteur"; |
| 263 | 263 | if (isset($_REQUEST['exec']) |
| 264 | 264 | and $_REQUEST['exec'] == 'auteurs' |
| 265 | -and preg_match(',[<],', (string)$_REQUEST['recherche'])) |
|
| 265 | +and preg_match(',[<],', (string) $_REQUEST['recherche'])) |
|
| 266 | 266 | $ecran_securite_raison = "recherche"; |
| 267 | 267 | if (isset($_REQUEST['exec']) |
| 268 | 268 | and $_REQUEST['exec'] == 'info_plugin' |
| 269 | -and preg_match(',[<],', (string)$_REQUEST['plugin'])) |
|
| 269 | +and preg_match(',[<],', (string) $_REQUEST['plugin'])) |
|
| 270 | 270 | $ecran_securite_raison = "plugin"; |
| 271 | 271 | if (isset($_REQUEST['exec']) |
| 272 | 272 | and $_REQUEST['exec'] == 'puce_statut' |
@@ -279,7 +279,7 @@ discard block |
||
| 279 | 279 | or @file_exists('ecrire/inc_version.php')) { |
| 280 | 280 | function action_configurer() { |
| 281 | 281 | include_spip('inc/autoriser'); |
| 282 | - if(!autoriser('configurer', _request('configuration'))) { |
|
| 282 | + if (!autoriser('configurer', _request('configuration'))) { |
|
| 283 | 283 | include_spip('inc/minipres'); |
| 284 | 284 | echo minipres(_T('info_acces_interdit')); |
| 285 | 285 | exit; |
@@ -320,7 +320,7 @@ discard block |
||
| 320 | 320 | */ |
| 321 | 321 | if (_IS_BOT and ( |
| 322 | 322 | (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
| 323 | - or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
|
| 323 | + or (strpos((string) $_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string) $_SERVER['REQUEST_URI'])) |
|
| 324 | 324 | ) |
| 325 | 325 | ) |
| 326 | 326 | $ecran_securite_raison = "robot agenda/double pagination"; |
@@ -332,7 +332,7 @@ discard block |
||
| 332 | 332 | if (isset($_REQUEST['page'])) { |
| 333 | 333 | if ($_REQUEST['page'] == 'test_cfg') |
| 334 | 334 | $ecran_securite_raison = "test_cfg"; |
| 335 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 335 | + if ($_REQUEST['page'] !== htmlspecialchars((string) $_REQUEST['page'])) |
|
| 336 | 336 | $ecran_securite_raison = "xsspage"; |
| 337 | 337 | if ($_REQUEST['page'] == '404' |
| 338 | 338 | and isset($_REQUEST['erreur'])) |
@@ -370,12 +370,12 @@ discard block |
||
| 370 | 370 | /* |
| 371 | 371 | * Outils XML mal sécurisés again |
| 372 | 372 | */ |
| 373 | -if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec']=='valider_xml'){ |
|
| 373 | +if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'valider_xml') { |
|
| 374 | 374 | $url = trim($_REQUEST['var_url']); |
| 375 | - if (strncmp($url,'/',1)==0 |
|
| 376 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) |
|
| 377 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) |
|
| 378 | - or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { |
|
| 375 | + if (strncmp($url, '/', 1) == 0 |
|
| 376 | + or (($p = strpos($url, '..')) !== false AND strpos($url, '..', $p + 3) !== false) |
|
| 377 | + or (($p = strpos($url, '..')) !== false AND strpos($url, 'IMG', $p + 3) !== false) |
|
| 378 | + or (strpos($url, '://') !== false or strpos($url, ':\\') !== false)) { |
|
| 379 | 379 | $ecran_securite_raison = 'URL interdite pour var_url'; |
| 380 | 380 | } |
| 381 | 381 | } |
@@ -384,10 +384,10 @@ discard block |
||
| 384 | 384 | * Sauvegarde mal securisée < 2.0.9 |
| 385 | 385 | */ |
| 386 | 386 | if (isset($_REQUEST['nom_sauvegarde']) |
| 387 | -and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) |
|
| 387 | +and strstr((string) $_REQUEST['nom_sauvegarde'], '/')) |
|
| 388 | 388 | $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
| 389 | 389 | if (isset($_REQUEST['znom_sauvegarde']) |
| 390 | -and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) |
|
| 390 | +and strstr((string) $_REQUEST['znom_sauvegarde'], '/')) |
|
| 391 | 391 | $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
| 392 | 392 | |
| 393 | 393 | |
@@ -402,8 +402,8 @@ discard block |
||
| 402 | 402 | /* |
| 403 | 403 | * Forms & Table ne se méfiait pas assez des uploads de fichiers |
| 404 | 404 | */ |
| 405 | -if (count($_FILES)){ |
|
| 406 | - foreach($_FILES as $k => $v){ |
|
| 405 | +if (count($_FILES)) { |
|
| 406 | + foreach ($_FILES as $k => $v) { |
|
| 407 | 407 | if (preg_match(',^fichier_\d+$,', $k) |
| 408 | 408 | and preg_match(',\.php,i', $v['name'])) |
| 409 | 409 | unset($_FILES[$k]); |
@@ -413,7 +413,7 @@ discard block |
||
| 413 | 413 | * et Contact trop laxiste avec une variable externe |
| 414 | 414 | * on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout |
| 415 | 415 | */ |
| 416 | -if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']){ |
|
| 416 | +if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']) { |
|
| 417 | 417 | unset($_REQUEST['pj_enregistrees_nom']); |
| 418 | 418 | unset($_GET['pj_enregistrees_nom']); |
| 419 | 419 | unset($_POST['pj_enregistrees_nom']); |
@@ -443,7 +443,7 @@ discard block |
||
| 443 | 443 | /* |
| 444 | 444 | * Réinjection des clés en html dans l'admin r19561 |
| 445 | 445 | */ |
| 446 | -if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false){ |
|
| 446 | +if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false) { |
|
| 447 | 447 | $zzzz = implode("", array_keys($_REQUEST)); |
| 448 | 448 | if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
| 449 | 449 | $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
@@ -73,16 +73,16 @@ discard block |
||
| 73 | 73 | protected $_lcount = 19; |
| 74 | 74 | protected $_vcount = 21; |
| 75 | 75 | protected $_tcount = 28; |
| 76 | - protected $_ncount = 588; // _vcount * _tcount |
|
| 76 | + protected $_ncount = 588; // _vcount * _tcount |
|
| 77 | 77 | protected $_scount = 11172; // _lcount * _tcount * _vcount |
| 78 | 78 | protected $_error = false; |
| 79 | 79 | protected static $_mb_string_overload = null; |
| 80 | 80 | // See {@link set_paramter()} for details of how to change the following |
| 81 | 81 | // settings from within your script / application |
| 82 | - protected $_api_encoding = 'utf8'; // Default input charset is UTF-8 |
|
| 83 | - protected $_allow_overlong = false; // Overlong UTF-8 encodings are forbidden |
|
| 84 | - protected $_strict_mode = false; // Behave strict or not |
|
| 85 | - protected $_idn_version = 2003; // Can be either 2003 (old, default) or 2008 |
|
| 82 | + protected $_api_encoding = 'utf8'; // Default input charset is UTF-8 |
|
| 83 | + protected $_allow_overlong = false; // Overlong UTF-8 encodings are forbidden |
|
| 84 | + protected $_strict_mode = false; // Behave strict or not |
|
| 85 | + protected $_idn_version = 2003; // Can be either 2003 (old, default) or 2008 |
|
| 86 | 86 | |
| 87 | 87 | /** |
| 88 | 88 | * the constructor |
@@ -140,7 +140,7 @@ discard block |
||
| 140 | 140 | $this->_api_encoding = $v; |
| 141 | 141 | break; |
| 142 | 142 | default: |
| 143 | - $this->_error('Set Parameter: Unknown parameter ' . $v . ' for option ' . $k); |
|
| 143 | + $this->_error('Set Parameter: Unknown parameter '.$v.' for option '.$k); |
|
| 144 | 144 | return false; |
| 145 | 145 | } |
| 146 | 146 | break; |
@@ -154,7 +154,7 @@ discard block |
||
| 154 | 154 | if (in_array($v, array('2003', '2008'))) { |
| 155 | 155 | $this->_idn_version = $v; |
| 156 | 156 | } else { |
| 157 | - $this->_error('Set Parameter: Unknown parameter ' . $v . ' for option ' . $k); |
|
| 157 | + $this->_error('Set Parameter: Unknown parameter '.$v.' for option '.$k); |
|
| 158 | 158 | } |
| 159 | 159 | break; |
| 160 | 160 | case 'encode_german_sz': // Deprecated |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | } |
| 166 | 166 | break; |
| 167 | 167 | default: |
| 168 | - $this->_error('Set Parameter: Unknown option ' . $k); |
|
| 168 | + $this->_error('Set Parameter: Unknown option '.$k); |
|
| 169 | 169 | return false; |
| 170 | 170 | } |
| 171 | 171 | } |
@@ -188,7 +188,7 @@ discard block |
||
| 188 | 188 | case 'ucs4_array': |
| 189 | 189 | break; |
| 190 | 190 | default: |
| 191 | - $this->_error('Unknown encoding ' . $one_time_encoding); |
|
| 191 | + $this->_error('Unknown encoding '.$one_time_encoding); |
|
| 192 | 192 | return false; |
| 193 | 193 | } |
| 194 | 194 | } |
@@ -206,7 +206,7 @@ discard block |
||
| 206 | 206 | list ($email_pref, $input) = explode('@', $input, 2); |
| 207 | 207 | $arr = explode('.', $input); |
| 208 | 208 | foreach ($arr as $k => $v) { |
| 209 | - if (preg_match('!^' . preg_quote($this->_punycode_prefix, '!') . '!', $v)) { |
|
| 209 | + if (preg_match('!^'.preg_quote($this->_punycode_prefix, '!').'!', $v)) { |
|
| 210 | 210 | $conv = $this->_decode($v); |
| 211 | 211 | if ($conv) { |
| 212 | 212 | $arr[$k] = $conv; |
@@ -216,7 +216,7 @@ discard block |
||
| 216 | 216 | $input = join('.', $arr); |
| 217 | 217 | $arr = explode('.', $email_pref); |
| 218 | 218 | foreach ($arr as $k => $v) { |
| 219 | - if (preg_match('!^' . preg_quote($this->_punycode_prefix, '!') . '!', $v)) { |
|
| 219 | + if (preg_match('!^'.preg_quote($this->_punycode_prefix, '!').'!', $v)) { |
|
| 220 | 220 | $conv = $this->_decode($v); |
| 221 | 221 | if ($conv) { |
| 222 | 222 | $arr[$k] = $conv; |
@@ -224,7 +224,7 @@ discard block |
||
| 224 | 224 | } |
| 225 | 225 | } |
| 226 | 226 | $email_pref = join('.', $arr); |
| 227 | - $return = $email_pref . '@' . $input; |
|
| 227 | + $return = $email_pref.'@'.$input; |
|
| 228 | 228 | } elseif (preg_match('![:\./]!', $input)) { // Or a complete domain name (with or without paths / parameters) |
| 229 | 229 | // No no in strict mode |
| 230 | 230 | if ($this->_strict_mode) { |
@@ -241,13 +241,13 @@ discard block |
||
| 241 | 241 | } |
| 242 | 242 | } |
| 243 | 243 | $parsed['host'] = join('.', $arr); |
| 244 | - $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'] . (strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')). |
|
| 245 | - (empty($parsed['user']) ? '' : $parsed['user'] . (empty($parsed['pass']) ? '' : ':' . $parsed['pass']) . '@'). |
|
| 244 | + $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'].(strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')). |
|
| 245 | + (empty($parsed['user']) ? '' : $parsed['user'].(empty($parsed['pass']) ? '' : ':'.$parsed['pass']).'@'). |
|
| 246 | 246 | $parsed['host']. |
| 247 | - (empty($parsed['port']) ? '' : ':' . $parsed['port']). |
|
| 247 | + (empty($parsed['port']) ? '' : ':'.$parsed['port']). |
|
| 248 | 248 | (empty($parsed['path']) ? '' : $parsed['path']). |
| 249 | - (empty($parsed['query']) ? '' : '?' . $parsed['query']). |
|
| 250 | - (empty($parsed['fragment']) ? '' : '#' . $parsed['fragment']); |
|
| 249 | + (empty($parsed['query']) ? '' : '?'.$parsed['query']). |
|
| 250 | + (empty($parsed['fragment']) ? '' : '#'.$parsed['fragment']); |
|
| 251 | 251 | } else { // parse_url seems to have failed, try without it |
| 252 | 252 | $arr = explode('.', $input); |
| 253 | 253 | foreach ($arr as $k => $v) { |
@@ -265,8 +265,8 @@ discard block |
||
| 265 | 265 | // The output is UTF-8 by default, other output formats need conversion here |
| 266 | 266 | // If one time encoding is given, use this, else the objects property |
| 267 | 267 | switch (($one_time_encoding) ? $one_time_encoding : $this->_api_encoding) { |
| 268 | - case 'utf8': return $return; // break; |
|
| 269 | - case 'ucs4_string': return $this->_ucs4_to_ucs4_string($this->_utf8_to_ucs4($return)); // break; |
|
| 268 | + case 'utf8' : return $return; // break; |
|
| 269 | + case 'ucs4_string': return $this->_ucs4_to_ucs4_string($this->_utf8_to_ucs4($return)); // break; |
|
| 270 | 270 | case 'ucs4_array': return $this->_utf8_to_ucs4($return); // break; |
| 271 | 271 | default: $this->_error('Unsupported output format'); return false; |
| 272 | 272 | } |
@@ -283,15 +283,14 @@ discard block |
||
| 283 | 283 | // Forcing conversion of input to UCS4 array |
| 284 | 284 | // If one time encoding is given, use this, else the objects property |
| 285 | 285 | switch ($one_time_encoding ? $one_time_encoding : $this->_api_encoding) { |
| 286 | - case 'utf8': |
|
| 287 | - $decoded = $this->_utf8_to_ucs4($decoded); |
|
| 286 | + case 'utf8' : $decoded = $this->_utf8_to_ucs4($decoded); |
|
| 288 | 287 | break; |
| 289 | 288 | case 'ucs4_string': |
| 290 | 289 | $decoded = $this->_ucs4_string_to_ucs4($decoded); |
| 291 | 290 | case 'ucs4_array': |
| 292 | 291 | break; |
| 293 | 292 | default: |
| 294 | - $this->_error('Unsupported input format: ' . ($one_time_encoding ? $one_time_encoding : $this->_api_encoding)); |
|
| 293 | + $this->_error('Unsupported input format: '.($one_time_encoding ? $one_time_encoding : $this->_api_encoding)); |
|
| 295 | 294 | return false; |
| 296 | 295 | } |
| 297 | 296 | |
@@ -380,13 +379,13 @@ discard block |
||
| 380 | 379 | } |
| 381 | 380 | } |
| 382 | 381 | $parsed['host'] = join('.', $arr); |
| 383 | - $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'] . (strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')). |
|
| 384 | - (empty($parsed['user']) ? '' : $parsed['user'] . (empty($parsed['pass']) ? '' : ':' . $parsed['pass']) . '@'). |
|
| 382 | + $return = (empty($parsed['scheme']) ? '' : $parsed['scheme'].(strtolower($parsed['scheme']) == 'mailto' ? ':' : '://')). |
|
| 383 | + (empty($parsed['user']) ? '' : $parsed['user'].(empty($parsed['pass']) ? '' : ':'.$parsed['pass']).'@'). |
|
| 385 | 384 | $parsed['host']. |
| 386 | - (empty($parsed['port']) ? '' : ':' . $parsed['port']). |
|
| 385 | + (empty($parsed['port']) ? '' : ':'.$parsed['port']). |
|
| 387 | 386 | (empty($parsed['path']) ? '' : $parsed['path']). |
| 388 | - (empty($parsed['query']) ? '' : '?' . $parsed['query']). |
|
| 389 | - (empty($parsed['fragment']) ? '' : '#' . $parsed['fragment']); |
|
| 387 | + (empty($parsed['query']) ? '' : '?'.$parsed['query']). |
|
| 388 | + (empty($parsed['fragment']) ? '' : '#'.$parsed['fragment']); |
|
| 390 | 389 | return $return; |
| 391 | 390 | } |
| 392 | 391 | |
@@ -409,11 +408,11 @@ discard block |
||
| 409 | 408 | { |
| 410 | 409 | $decoded = array(); |
| 411 | 410 | // find the Punycode prefix |
| 412 | - if (!preg_match('!^' . preg_quote($this->_punycode_prefix, '!') . '!', $encoded)) { |
|
| 411 | + if (!preg_match('!^'.preg_quote($this->_punycode_prefix, '!').'!', $encoded)) { |
|
| 413 | 412 | $this->_error('This is not a punycode string'); |
| 414 | 413 | return false; |
| 415 | 414 | } |
| 416 | - $encode_test = preg_replace('!^' . preg_quote($this->_punycode_prefix, '!') . '!', '', $encoded); |
|
| 415 | + $encode_test = preg_replace('!^'.preg_quote($this->_punycode_prefix, '!').'!', '', $encoded); |
|
| 417 | 416 | // If nothing left after removing the prefix, it is hopeless |
| 418 | 417 | if (!$encode_test) { |
| 419 | 418 | $this->_error('The given encoded string was empty'); |
@@ -439,8 +438,7 @@ discard block |
||
| 439 | 438 | for ($old_idx = $idx, $w = 1, $k = $this->_base; 1; $k += $this->_base) { |
| 440 | 439 | $digit = $this->_decode_digit($encoded{$enco_idx++}); |
| 441 | 440 | $idx += $digit * $w; |
| 442 | - $t = ($k <= $bias) ? $this->_tmin : |
|
| 443 | - (($k >= $bias + $this->_tmax) ? $this->_tmax : ($k - $bias)); |
|
| 441 | + $t = ($k <= $bias) ? $this->_tmin : (($k >= $bias + $this->_tmax) ? $this->_tmax : ($k - $bias)); |
|
| 444 | 442 | if ($digit < $t) { |
| 445 | 443 | break; |
| 446 | 444 | } |
@@ -513,7 +511,7 @@ discard block |
||
| 513 | 511 | return $encoded; // All codepoints were basic ones |
| 514 | 512 | } |
| 515 | 513 | // Start with the prefix; copy it to output |
| 516 | - $encoded = $this->_punycode_prefix . $encoded; |
|
| 514 | + $encoded = $this->_punycode_prefix.$encoded; |
|
| 517 | 515 | // If we have basic code points in output, add an hyphen to the end |
| 518 | 516 | if ($codecount) { |
| 519 | 517 | $encoded .= '-'; |
@@ -540,8 +538,7 @@ discard block |
||
| 540 | 538 | $delta++; |
| 541 | 539 | } elseif ($decoded[$i] == $cur_code) { |
| 542 | 540 | for ($q = $delta, $k = $this->_base; 1; $k += $this->_base) { |
| 543 | - $t = ($k <= $bias) ? $this->_tmin : |
|
| 544 | - (($k >= $bias + $this->_tmax) ? $this->_tmax : $k - $bias); |
|
| 541 | + $t = ($k <= $bias) ? $this->_tmin : (($k >= $bias + $this->_tmax) ? $this->_tmax : $k - $bias); |
|
| 545 | 542 | if ($q < $t) { |
| 546 | 543 | break; |
| 547 | 544 | } |
@@ -628,12 +625,12 @@ discard block |
||
| 628 | 625 | } |
| 629 | 626 | // Try to find prohibited input |
| 630 | 627 | if (in_array($v, self::$NP['prohibit']) || in_array($v, self::$NP['general_prohibited'])) { |
| 631 | - $this->_error('NAMEPREP: Prohibited input U+' . sprintf('%08X', $v)); |
|
| 628 | + $this->_error('NAMEPREP: Prohibited input U+'.sprintf('%08X', $v)); |
|
| 632 | 629 | return false; |
| 633 | 630 | } |
| 634 | 631 | foreach (self::$NP['prohibit_ranges'] as $range) { |
| 635 | 632 | if ($range[0] <= $v && $v <= $range[1]) { |
| 636 | - $this->_error('NAMEPREP: Prohibited input U+' . sprintf('%08X', $v)); |
|
| 633 | + $this->_error('NAMEPREP: Prohibited input U+'.sprintf('%08X', $v)); |
|
| 637 | 634 | return false; |
| 638 | 635 | } |
| 639 | 636 | } |
@@ -869,7 +866,7 @@ discard block |
||
| 869 | 866 | $output[$out_len] = $v; |
| 870 | 867 | ++$out_len; |
| 871 | 868 | if ('add' == $mode) { |
| 872 | - $this->_error('Conversion from UTF-8 to UCS-4 failed: malformed input at byte ' . $k); |
|
| 869 | + $this->_error('Conversion from UTF-8 to UCS-4 failed: malformed input at byte '.$k); |
|
| 873 | 870 | return false; |
| 874 | 871 | } |
| 875 | 872 | continue; |
@@ -894,7 +891,7 @@ discard block |
||
| 894 | 891 | $next_byte = 4; |
| 895 | 892 | $v = ($v - 252) << 30; |
| 896 | 893 | } else { |
| 897 | - $this->_error('This might be UTF-8, but I don\'t understand it at byte ' . $k); |
|
| 894 | + $this->_error('This might be UTF-8, but I don\'t understand it at byte '.$k); |
|
| 898 | 895 | return false; |
| 899 | 896 | } |
| 900 | 897 | if ('add' == $mode) { |
@@ -907,7 +904,7 @@ discard block |
||
| 907 | 904 | if (!$this->_allow_overlong && $test == 'range') { |
| 908 | 905 | $test = 'none'; |
| 909 | 906 | if (($v < 0xA0 && $start_byte == 0xE0) || ($v < 0x90 && $start_byte == 0xF0) || ($v > 0x8F && $start_byte == 0xF4)) { |
| 910 | - $this->_error('Bogus UTF-8 character detected (out of legal range) at byte ' . $k); |
|
| 907 | + $this->_error('Bogus UTF-8 character detected (out of legal range) at byte '.$k); |
|
| 911 | 908 | return false; |
| 912 | 909 | } |
| 913 | 910 | } |
@@ -916,7 +913,7 @@ discard block |
||
| 916 | 913 | $output[($out_len - 1)] += $v; |
| 917 | 914 | --$next_byte; |
| 918 | 915 | } else { |
| 919 | - $this->_error('Conversion from UTF-8 to UCS-4 failed: malformed input at byte ' . $k); |
|
| 916 | + $this->_error('Conversion from UTF-8 to UCS-4 failed: malformed input at byte '.$k); |
|
| 920 | 917 | return false; |
| 921 | 918 | } |
| 922 | 919 | if ($next_byte < 0) { |
@@ -940,13 +937,13 @@ discard block |
||
| 940 | 937 | if ($v < 128) { // 7bit are transferred literally |
| 941 | 938 | $output .= chr($v); |
| 942 | 939 | } elseif ($v < (1 << 11)) { // 2 bytes |
| 943 | - $output .= chr(192 + ($v >> 6)) . chr(128 + ($v & 63)); |
|
| 940 | + $output .= chr(192 + ($v >> 6)).chr(128 + ($v & 63)); |
|
| 944 | 941 | } elseif ($v < (1 << 16)) { // 3 bytes |
| 945 | - $output .= chr(224 + ($v >> 12)) . chr(128 + (($v >> 6) & 63)) . chr(128 + ($v & 63)); |
|
| 942 | + $output .= chr(224 + ($v >> 12)).chr(128 + (($v >> 6) & 63)).chr(128 + ($v & 63)); |
|
| 946 | 943 | } elseif ($v < (1 << 21)) { // 4 bytes |
| 947 | - $output .= chr(240 + ($v >> 18)) . chr(128 + (($v >> 12) & 63)) . chr(128 + (($v >> 6) & 63)) . chr(128 + ($v & 63)); |
|
| 944 | + $output .= chr(240 + ($v >> 18)).chr(128 + (($v >> 12) & 63)).chr(128 + (($v >> 6) & 63)).chr(128 + ($v & 63)); |
|
| 948 | 945 | } else { |
| 949 | - $this->_error('Conversion from UCS-4 to UTF-8 failed: malformed input at byte ' . $k); |
|
| 946 | + $this->_error('Conversion from UCS-4 to UTF-8 failed: malformed input at byte '.$k); |
|
| 950 | 947 | return false; |
| 951 | 948 | } |
| 952 | 949 | } |
@@ -965,7 +962,7 @@ discard block |
||
| 965 | 962 | // Take array values and split output to 4 bytes per value |
| 966 | 963 | // The bit mask is 255, which reads &11111111 |
| 967 | 964 | foreach ($input as $v) { |
| 968 | - $output .= chr(($v >> 24) & 255) . chr(($v >> 16) & 255) . chr(($v >> 8) & 255) . chr($v & 255); |
|
| 965 | + $output .= chr(($v >> 24) & 255).chr(($v >> 16) & 255).chr(($v >> 8) & 255).chr($v & 255); |
|
| 969 | 966 | } |
| 970 | 967 | return $output; |
| 971 | 968 | } |
@@ -995,7 +992,7 @@ discard block |
||
| 995 | 992 | $out_len++; |
| 996 | 993 | $output[$out_len] = 0; |
| 997 | 994 | } |
| 998 | - $output[$out_len] += ord($input{$i}) << (8 * (3 - ($i % 4) ) ); |
|
| 995 | + $output[$out_len] += ord($input{$i}) << (8 * (3 - ($i % 4))); |
|
| 999 | 996 | } |
| 1000 | 997 | return $output; |
| 1001 | 998 | } |
@@ -19,8 +19,8 @@ |
||
| 19 | 19 | $primary = id_table_objet($objet); |
| 20 | 20 | |
| 21 | 21 | $select = "$primary as id,lang"; |
| 22 | - $where = 'id_trad=' . intval($id_trad); |
|
| 23 | - $trouver_table = charger_fonction('trouver_table','base'); |
|
| 22 | + $where = 'id_trad='.intval($id_trad); |
|
| 23 | + $trouver_table = charger_fonction('trouver_table', 'base'); |
|
| 24 | 24 | $desc = $trouver_table($table_objet_sql); |
| 25 | 25 | if (isset($desc['field']['statut'])) { |
| 26 | 26 | $select .= ',statut'; |
@@ -154,7 +154,7 @@ |
||
| 154 | 154 | ) { |
| 155 | 155 | return parametre_url(parametre_url(generer_url_ecrire('message_edit', 'new=oui'), 'to', $id_auteur), 'redirect', self()); |
| 156 | 156 | } elseif (strlen($email) and autoriser('voir', 'auteur', $id_auteur)) { |
| 157 | - return 'mailto:' . $email; |
|
| 157 | + return 'mailto:'.$email; |
|
| 158 | 158 | } else { |
| 159 | 159 | return ''; |
| 160 | 160 | } |
@@ -46,7 +46,7 @@ |
||
| 46 | 46 | $les_couleurs = $couleurs(array(), true); |
| 47 | 47 | foreach ($les_couleurs as $k => $c) { |
| 48 | 48 | $valeurs['_couleurs_url'][$k] = generer_url_public('style_prive.css', 'ltr=' |
| 49 | - . $GLOBALS['spip_lang_left'] . '&' |
|
| 49 | + . $GLOBALS['spip_lang_left'].'&' |
|
| 50 | 50 | . $couleurs($k)); |
| 51 | 51 | $valeurs['couleurs'][$k] = $c; |
| 52 | 52 | } |
@@ -107,7 +107,7 @@ |
||
| 107 | 107 | '_publiable' => $publiable, |
| 108 | 108 | '_label' => isset($desc['texte_changer_statut']) ? $desc['texte_changer_statut'] : 'texte_article_statut', |
| 109 | 109 | '_aide' => isset($desc['aide_changer_statut']) ? $desc['aide_changer_statut'] : '', |
| 110 | - '_hidden' => "<input type='hidden' name='statut_old' value='" . $v['statut'] . "' />", |
|
| 110 | + '_hidden' => "<input type='hidden' name='statut_old' value='".$v['statut']."' />", |
|
| 111 | 111 | ); |
| 112 | 112 | |
| 113 | 113 | #if (!count($valeurs['statuts'])) |
@@ -167,7 +167,7 @@ discard block |
||
| 167 | 167 | unset($erreurs['new_login']); |
| 168 | 168 | } |
| 169 | 169 | |
| 170 | - $auth_methode = sql_getfetsel('source', 'spip_auteurs', 'id_auteur=' . intval($id_auteur)); |
|
| 170 | + $auth_methode = sql_getfetsel('source', 'spip_auteurs', 'id_auteur='.intval($id_auteur)); |
|
| 171 | 171 | $auth_methode = ($auth_methode ? $auth_methode : 'spip'); |
| 172 | 172 | include_spip('inc/auth'); |
| 173 | 173 | |
@@ -182,7 +182,7 @@ discard block |
||
| 182 | 182 | if (!autoriser('modifier', 'auteur', $id_auteur, null, array('email' => '?')) |
| 183 | 183 | and $GLOBALS['visiteur_session']['id_auteur'] == $id_auteur |
| 184 | 184 | and !strlen(trim($email)) |
| 185 | - and $email != ($email_ancien = sql_getfetsel('email', 'spip_auteurs', 'id_auteur=' . intval($id_auteur))) |
|
| 185 | + and $email != ($email_ancien = sql_getfetsel('email', 'spip_auteurs', 'id_auteur='.intval($id_auteur))) |
|
| 186 | 186 | ) { |
| 187 | 187 | $erreurs['email'] = (($id_auteur == $GLOBALS['visiteur_session']['id_auteur']) ? _T('form_email_non_valide') : _T('form_prop_indiquer_email')); |
| 188 | 188 | } else { |
@@ -197,18 +197,18 @@ discard block |
||
| 197 | 197 | #Nouvel auteur |
| 198 | 198 | if (intval($id_auteur) == 0) { |
| 199 | 199 | #Un auteur existe deja avec cette adresse ? |
| 200 | - if (sql_countsel('spip_auteurs', 'email=' . sql_quote($email)) > 0) { |
|
| 200 | + if (sql_countsel('spip_auteurs', 'email='.sql_quote($email)) > 0) { |
|
| 201 | 201 | $erreurs['email'] = _T('erreur_email_deja_existant'); |
| 202 | 202 | } |
| 203 | 203 | } else { |
| 204 | 204 | #Un auteur existe deja avec cette adresse ? et n'est pas le user courant. |
| 205 | 205 | if ((sql_countsel( |
| 206 | 206 | 'spip_auteurs', |
| 207 | - 'email=' . sql_quote($email) |
|
| 207 | + 'email='.sql_quote($email) |
|
| 208 | 208 | ) > 0) and ($id_auteur != ($id_auteur_ancien = sql_getfetsel( |
| 209 | 209 | 'id_auteur', |
| 210 | 210 | 'spip_auteurs', |
| 211 | - 'email=' . sql_quote($email) |
|
| 211 | + 'email='.sql_quote($email) |
|
| 212 | 212 | )))) { |
| 213 | 213 | $erreurs['email'] = _T('erreur_email_deja_existant'); |
| 214 | 214 | } |
@@ -225,7 +225,7 @@ discard block |
||
| 225 | 225 | // corriger un cas si frequent : www.example.org sans le http:// qui precede |
| 226 | 226 | if ($url = _request('url_site') and !tester_url_absolue($url)) { |
| 227 | 227 | if (strpos($url, ':') === false and strncasecmp($url, 'www.', 4) === 0) { |
| 228 | - $url = 'http://' . $url; |
|
| 228 | + $url = 'http://'.$url; |
|
| 229 | 229 | set_request('url_site', $url); |
| 230 | 230 | } |
| 231 | 231 | } |
@@ -322,7 +322,7 @@ discard block |
||
| 322 | 322 | // et de revenir sur son profil |
| 323 | 323 | if ($GLOBALS['visiteur_session']['id_auteur'] == $id_auteur |
| 324 | 324 | and $email_nouveau != |
| 325 | - ($email_ancien = sql_getfetsel('email', 'spip_auteurs', 'id_auteur=' . intval($id_auteur))) |
|
| 325 | + ($email_ancien = sql_getfetsel('email', 'spip_auteurs', 'id_auteur='.intval($id_auteur))) |
|
| 326 | 326 | ) { |
| 327 | 327 | $envoyer_mail = charger_fonction('envoyer_mail', 'inc'); |
| 328 | 328 | $texte = _T( |
@@ -352,11 +352,11 @@ discard block |
||
| 352 | 352 | $erreurs = auteur_reset_password($res['id_auteur'], $erreurs); |
| 353 | 353 | if (isset($erreurs['message_ok'])) { |
| 354 | 354 | if (!isset($res['message_ok'])) $res['message_ok'] = ''; |
| 355 | - $res['message_ok'] = trim($res['message_ok'] . ' ' . $erreurs['message_ok']); |
|
| 355 | + $res['message_ok'] = trim($res['message_ok'].' '.$erreurs['message_ok']); |
|
| 356 | 356 | } |
| 357 | 357 | if (isset($erreurs['message_erreur']) and $erreurs['message_erreur']) { |
| 358 | 358 | if (!isset($res['message_erreur'])) $res['message_erreur'] = ''; |
| 359 | - $res['message_erreur'] = trim($res['message_erreur'] . ' ' . $erreurs['message_erreur']); |
|
| 359 | + $res['message_erreur'] = trim($res['message_erreur'].' '.$erreurs['message_erreur']); |
|
| 360 | 360 | } |
| 361 | 361 | } |
| 362 | 362 | |
@@ -383,7 +383,7 @@ discard block |
||
| 383 | 383 | |
| 384 | 384 | |
| 385 | 385 | function auteur_reset_password($id_auteur, $erreurs = array()) { |
| 386 | - $auteur = sql_fetsel('*', 'spip_auteurs', 'id_auteur=' . intval($id_auteur)); |
|
| 386 | + $auteur = sql_fetsel('*', 'spip_auteurs', 'id_auteur='.intval($id_auteur)); |
|
| 387 | 387 | $config = auteurs_edit_config($auteur); |
| 388 | 388 | |
| 389 | 389 | if ($config['edit_pass']) { |
@@ -409,21 +409,21 @@ discard block |
||
| 409 | 409 | * @param array $contexte |
| 410 | 410 | * @return string |
| 411 | 411 | */ |
| 412 | -function auteur_regenerer_identifiants($id_auteur, $notifier=true, $contexte = array()) { |
|
| 413 | - if ($id_auteur){ |
|
| 412 | +function auteur_regenerer_identifiants($id_auteur, $notifier = true, $contexte = array()) { |
|
| 413 | + if ($id_auteur) { |
|
| 414 | 414 | $set = array(); |
| 415 | 415 | include_spip('inc/access'); |
| 416 | 416 | $set['pass'] = creer_pass_aleatoire(); |
| 417 | 417 | |
| 418 | 418 | include_spip('action/editer_auteur'); |
| 419 | - auteur_modifier($id_auteur,$set); |
|
| 419 | + auteur_modifier($id_auteur, $set); |
|
| 420 | 420 | |
| 421 | - $row = sql_fetsel('*','spip_auteurs','id_auteur='.intval($id_auteur)); |
|
| 421 | + $row = sql_fetsel('*', 'spip_auteurs', 'id_auteur='.intval($id_auteur)); |
|
| 422 | 422 | include_spip('inc/filtres'); |
| 423 | 423 | if ($notifier |
| 424 | 424 | and $row['email'] |
| 425 | 425 | and email_valide($row['email']) |
| 426 | - and trouver_fond($fond = 'modeles/mail_nouveaux_identifiants')){ |
|
| 426 | + and trouver_fond($fond = 'modeles/mail_nouveaux_identifiants')) { |
|
| 427 | 427 | // envoyer l'email avec login/pass |
| 428 | 428 | $c = array( |
| 429 | 429 | 'id_auteur' => $id_auteur, |
@@ -436,7 +436,7 @@ discard block |
||
| 436 | 436 | $contexte = array_merge($contexte, $c); |
| 437 | 437 | $message = recuperer_fond($fond, $contexte); |
| 438 | 438 | include_spip("inc/notifications"); |
| 439 | - notifications_envoyer_mails($row['email'],$message); |
|
| 439 | + notifications_envoyer_mails($row['email'], $message); |
|
| 440 | 440 | |
| 441 | 441 | return $row['email']; |
| 442 | 442 | } |
@@ -351,11 +351,15 @@ |
||
| 351 | 351 | $erreurs = array(); |
| 352 | 352 | $erreurs = auteur_reset_password($res['id_auteur'], $erreurs); |
| 353 | 353 | if (isset($erreurs['message_ok'])) { |
| 354 | - if (!isset($res['message_ok'])) $res['message_ok'] = ''; |
|
| 354 | + if (!isset($res['message_ok'])) { |
|
| 355 | + $res['message_ok'] = ''; |
|
| 356 | + } |
|
| 355 | 357 | $res['message_ok'] = trim($res['message_ok'] . ' ' . $erreurs['message_ok']); |
| 356 | 358 | } |
| 357 | 359 | if (isset($erreurs['message_erreur']) and $erreurs['message_erreur']) { |
| 358 | - if (!isset($res['message_erreur'])) $res['message_erreur'] = ''; |
|
| 360 | + if (!isset($res['message_erreur'])) { |
|
| 361 | + $res['message_erreur'] = ''; |
|
| 362 | + } |
|
| 359 | 363 | $res['message_erreur'] = trim($res['message_erreur'] . ' ' . $erreurs['message_erreur']); |
| 360 | 364 | } |
| 361 | 365 | } |
@@ -39,7 +39,7 @@ discard block |
||
| 39 | 39 | // un checkbox seul de name X non coche n'est pas poste. |
| 40 | 40 | // on verifie le champ X_check qui indique que la checkbox etait presente dans le formulaire. |
| 41 | 41 | foreach (array('multi_secteurs') as $m) { |
| 42 | - if (!is_null(_request($m . '_check'))) { |
|
| 42 | + if (!is_null(_request($m.'_check'))) { |
|
| 43 | 43 | ecrire_meta($m, _request($m) ? 'oui' : 'non'); |
| 44 | 44 | } |
| 45 | 45 | } |
@@ -112,12 +112,12 @@ discard block |
||
| 112 | 112 | . "'>" |
| 113 | 113 | . "<input type='hidden' name='{$name}[]' value='$code_langue'>" // necessaire ... |
| 114 | 114 | . "<input type='checkbox' name='{$name}[]' id='{$name}_$code_langue' value='$code_langue' checked='checked' disabled='disabled' />" |
| 115 | - . "<label for='{$name}_$code_langue'>" . $nom_langue . " <span class='code_langue'>[$code_langue]</span></label>" |
|
| 115 | + . "<label for='{$name}_$code_langue'>".$nom_langue." <span class='code_langue'>[$code_langue]</span></label>" |
|
| 116 | 116 | . '</li>'; |
| 117 | 117 | } |
| 118 | 118 | |
| 119 | 119 | if ($res) { |
| 120 | - $res = "<ul id='langues_bloquees'>" . $res . "</ul><div class='nettoyeur'></div>"; |
|
| 120 | + $res = "<ul id='langues_bloquees'>".$res."</ul><div class='nettoyeur'></div>"; |
|
| 121 | 121 | } |
| 122 | 122 | |
| 123 | 123 | $res .= "<ul id='langues_proposees'>"; |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | . "<label for='{$name}_$code_langue'" |
| 138 | 138 | . ($checked ? " class='on'" : '') |
| 139 | 139 | . '>' |
| 140 | - . $nom_langue . " <span class='code_langue'>[$code_langue]</span></label>" |
|
| 140 | + . $nom_langue." <span class='code_langue'>[$code_langue]</span></label>" |
|
| 141 | 141 | . '</li>'; |
| 142 | 142 | } |
| 143 | 143 | } |
@@ -62,5 +62,5 @@ |
||
| 62 | 62 | $reload = texte_script(couper(_request('nom_site'), 35)); |
| 63 | 63 | $reload = "<script type='text/javascript'>if (window.jQuery) jQuery('#bando_identite .nom_site_spip .nom').html('$reload');</script>"; |
| 64 | 64 | |
| 65 | - return array('message_ok' => _T('config_info_enregistree') . $reload, 'editable' => true); |
|
| 65 | + return array('message_ok' => _T('config_info_enregistree').$reload, 'editable' => true); |
|
| 66 | 66 | } |
