Author: pierre.andrews@gmail.com
Date: Tue Mar 14 11:48:20 2006
New Revision: 2361

Log:
une action prete pour le inplace-editor ajax et une correction de securite sur l'autre action

Added:
    _plugins_/_amelioration_admin_/types_documents/action/types_documents_update.php
Modified:
    _plugins_/_amelioration_admin_/types_documents/action/types_documents_insert.php

Modified: _plugins_/_amelioration_admin_/types_documents/action/types_documents_insert.php

--- _plugins_/_amelioration_admin_/types_documents/action/types_documents_insert.php (original)
+++ _plugins_/_amelioration_admin_/types_documents/action/types_documents_insert.php Tue Mar 14 11:48:20 2006
@@ -21,15 +21,15 @@
function action_types_documents_insert() {
   $redirect = _request('redirect');
   $hash = _request('hash');
- $id_auteur = _request('id_auteur');
+ $id_auteur = intval(_request('id_auteur'));
   $date_comp = _request('date_comp');

- $ext = _request('ext');
- $titre = _request('titre');
- $desc = _request('desc');
+ $ext = addslashes(_request('ext'));
+ $titre = addslashes(_request('titre'));
+ $desc = addslashes(_request('desc'));
   $upload = _request('upload')?'oui':'non';
- $mime_type = _request('mime');
- $inclus = _request('inclus');
+ $mime_type = addslashes(_request('mime'));
+ $inclus = addslashes(_request('inclus'));

   include_spip("inc/session");
   if (!verifier_action_auteur("types_documents $date_comp", $hash, $id_auteur)) {

Added: _plugins_/_amelioration_admin_/types_documents/action/types_documents_update.php

--- _plugins_/_amelioration_admin_/types_documents/action/types_documents_update.php (added)
+++ _plugins_/_amelioration_admin_/types_documents/action/types_documents_update.php Tue Mar 14 11:48:20 2006
@@ -0,0 +1,74 @@
+<?php
+
+// Fichier créé pour SPIP avec un bout de code emprunté à celui ci.
+// Distribué sans garantie sous licence GPL./
+// Copyright (C) 2006 Pierre ANDREWS
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+//celle la n'est appelee qu'avec de l'ajax...
+function action_types_documents_update() {
+ $hash = _request('hash');
+ $id_auteur = intval(_request('id_auteur'));
+ $date_comp = _request('date_comp');
+
+ include_spip("inc/session");
+ if (!verifier_action_auteur("types_documents $date_comp", $hash, $id_auteur)) {
+ include_spip('inc/minipres');
+ minipres(_T('info_acces_interdit'));
+ }
+
+ $table_pref = 'spip';
+ if ($GLOBALS['table_prefix']) $table_pref = $GLOBALS['table_prefix'];
+
+ $id_type = intval(_request('id_type'));
+
+ $fields = array('titre',
+ 'extension',
+ 'mime_type',
+ 'inclus',
+ 'description');
+
+ $setter = '';
+ $f = '';
+ $new_val = 'error...';
+
+ //on cherche le champ à mettre à jour (field) et sa valeur (value)
+ foreach($fields as $fi) {
+ $f = addslashes(_request('field'));
+ if($f == $fi) {
+ $val = addslashes(_request('value'));
+ $setter = "$fi='$val'";
+ $new_val = $val;
+ break;
+ }
+ }
+
+ /************************************************************************/
+ /* update */
+ /************************************************************************/
+ if($setter) {
+ $rez = spip_query("UPDATE ".$table_pref."_types_documents SET $setter WHERE id_type=$id_type");
+ if($row = spip_fetch_array()) {
+ $new_val = $row[$f];
+ }
+ spip_free_result($rez);
+ }
+
+ //on retourne la nouvelle valeure
+ echo $new_val;
+}
+?>
+