dépôts / lhc / web / www.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[SPIP] ~v3.2.4-->v3.2.5
[lhc/web/www.git] / www / ecrire / inc / securiser_action.php
diff --git a/www/ecrire/inc/securiser_action.php b/www/ecrire/inc/securiser_action.php
index 91eabf1..52e8ff1 100644 (file)
--- a/www/ecrire/inc/securiser_action.php
+++ b/www/ecrire/inc/securiser_action.php
@@ -3,7 +3,7 @@
 /***************************************************************************\
  *  SPIP, Systeme de publication pour l'internet                           *
  *                                                                         *
- *  Copyright (c) 2001-2017                                                *
+ *  Copyright (c) 2001-2019                                                *
  *  Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James  *
  *                                                                         *
  *  Ce programme est un logiciel libre distribue sous licence GNU/GPL.     *
@@ -184,14 +184,16 @@ function caracteriser_auteur($id_auteur = null) {
 function _action_auteur($action, $id_auteur, $pass, $alea) {
        static $sha = array();
        if (!isset($sha[$id_auteur . $pass . $alea])) {
-               if (!isset($GLOBALS['meta'][$alea]) and _request('exec') !== 'install') {
-                       include_spip('inc/acces');
-                       charger_aleas();
-                       if (empty($GLOBALS['meta'][$alea])) {
-                               include_spip('inc/minipres');
-                               echo minipres();
-                               spip_log("$alea indisponible");
-                               exit;
+               if (!isset($GLOBALS['meta'][$alea])) {
+                       if (!$exec = _request('exec') or !autoriser_sans_cookie($exec)){
+                               include_spip('inc/acces');
+                               charger_aleas();
+                               if (empty($GLOBALS['meta'][$alea])){
+                                       include_spip('inc/minipres');
+                                       echo minipres();
+                                       spip_log("$alea indisponible");
+                                       exit;
+                               }
                        }
                }
                include_spip('auth/sha256.inc');
Site oueb de l'Heureux Cyclage