← Back to branch summary

~ubuntu-branches/debian/squeeze/spip/squeeze

« back to all changes in this revision

Viewing changes to ecrire/public/aiguiller.php

  • Committer: Bazaar Package Importer
  • Author(s): Romain Beauxis
  • Date: 2009-08-09 11:13:15 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20090809111315-c4by9u6jxz7c2ulp
Tags: 2.0.9-1
New upstream release, fixing security issue.
See: http://www.spip-contrib.net/SPIP-Security-Alert-new-version
for more details.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ecrire/public/aiguiller.php
10
10
 *  Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne.   *
11
11
\***************************************************************************/
12
12
 
13
 
 
14
13
if (!defined("_ECRIRE_INC_VERSION")) return;
15
14
 
16
15
// http://doc.spip.org/@traiter_appels_actions
45
44
                        if (($v=_request('var_ajax'))
46
45
                          AND ($v!=='form')
47
46
                          AND ($args = _request('var_ajax_env'))) {
48
 
                                $url = parametre_url($url,'var_ajax',$v,'&');   
49
 
                                $url = parametre_url($url,'var_ajax_env',$args,'&');   
 
47
                                $url = parametre_url($url,'var_ajax',$v,'&');
 
48
                                $url = parametre_url($url,'var_ajax_env',$args,'&');
 
49
                                // passer l'ancre en variable pour pouvoir la gerer cote serveur
 
50
                                $url = preg_replace(',#([^#&?]+)$,',"&var_ajax_ancre=\\1",$url);
50
51
                        }
51
52
                        $url = str_replace('&','&',$url); // les redirections se font en &, pas en en &
52
53
                        redirige_par_entete($url);
92
93
                        $contexte = array_merge($args, $contexte);
93
94
                        $page = recuperer_fond($fond,$contexte,array('trim'=>false));
94
95
                        $texte = $page;
 
96
                        if ($ancre = _request('var_ajax_ancre')){
 
97
                                $texte = "<a href='#$ancre' name='ajax_ancre' style='display:none;'>anchor</a>".$texte;
 
98
                        }
95
99
                }
96
100
                else 
97
101
                        $texte = _L('signature ajax bloc incorrecte');
140
144
                                        );
141
145
                if ((count($post["erreurs_$form"])==0)){
142
146
                        $rev = "";
 
147
                        $retour = "";
143
148
                        if ($traiter = charger_fonction("traiter","formulaires/$form/",true))
144
149
                                $rev = call_user_func_array($traiter,$args);
145
150
 
185
190
                                        // le bon mode de redirection (302 et on ne revient pas ici, ou javascript et on continue)
186
191
                                        if (isset($rev['redirect']) AND $rev['redirect']){
187
192
                                                include_spip('inc/headers');
188
 
                                                $post["message_ok_$form"] .= redirige_formulaire($rev['redirect']);
 
193
                                                list($masque,$message) = redirige_formulaire($rev['redirect'], '','ajaxform');
 
194
                                                $post["message_ok_$form"] .= $message;
 
195
                                                $retour .= $masque;
189
196
                                        }
190
197
                                }
191
198
                        }
196
203
                                include_spip('inc/actions');
197
204
                                include_spip('public/assembler');
198
205
                                array_unshift($args,$form);
199
 
                                $retour = inclure_balise_dynamique(call_user_func_array('balise_formulaire__dyn',$args),false);
 
206
                                $retour .= inclure_balise_dynamique(call_user_func_array('balise_formulaire__dyn',$args),false);
200
207
                                // on ajoute un br en display none en tete du retour ajax pour regler un bug dans IE6/7
201
208
                                // sans cela le formulaire n'est pas actif apres le hit ajax
202
209
                                $retour = "<br class='bugajaxie' style='display:none;'/>".$retour;