X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=www%2Fconfig%2Fecran_securite.php;h=ba47691976cc7bfe7a84f578fdeb5992c8150a89;hb=68c056f85760071502e5620621b286acb49efeb1;hp=826d3c31067c59ef957e1735a99379281b6944d3;hpb=639fab9ee1fc4b73b592d48f4b6c252330324eae;p=lhc%2Fweb%2Fwww.git diff --git a/www/config/ecran_securite.php b/www/config/ecran_securite.php index 826d3c31..ba476919 100644 --- a/www/config/ecran_securite.php +++ b/www/config/ecran_securite.php @@ -5,7 +5,7 @@ * ------------------ */ -define('_ECRAN_SECURITE', '1.2.7'); // 2016-09-30 +define('_ECRAN_SECURITE', '1.3.0'); // 2017-03-06 /* * Documentation : http://www.spip.net/fr_article4200.html @@ -38,7 +38,7 @@ if (!defined('_IS_BOT')) // MSIE 6.0 est un botnet 99,9% du temps, on traite donc ce USER_AGENT comme un bot . 'MSIE 6\.0|' // UA plus cibles - . '80legs|accoona|AltaVista|ASPSeek|Baidu|Charlotte|EC2LinkFinder|eStyle|flipboard|hootsuite|FunWebProducts|Google|Genieo|INA dlweb|InfegyAtlas|Java VM|LiteFinder|Lycos|MetaURI|Moreover|Rambler|Scooter|ScrubbyBloglines|Yahoo|Yeti' + . '80legs|accoona|AltaVista|ASPSeek|Baidu|Charlotte|EC2LinkFinder|eStyle|flipboard|hootsuite|FunWebProducts|Google|Genieo|INA dlweb|InfegyAtlas|Java VM|LiteFinder|Lycos|MegaIndex|MetaURI|Moreover|Rambler|Scrapy|Scooter|ScrubbyBloglines|Yahoo|Yeti' . ',i', (string) $_SERVER['HTTP_USER_AGENT']) ); @@ -71,7 +71,7 @@ $cjpeg_command = ''; /* * Contrôle de quelques variables (XSS) */ -foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre') as $var) { +foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { if (isset($_GET[$var])) $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); if (isset($_POST[$var])) @@ -116,6 +116,15 @@ if (isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'auteurs' and preg_match(',[<],', (string)$_REQUEST['recherche'])) $ecran_securite_raison = "recherche"; +if (isset($_REQUEST['exec']) +and $_REQUEST['exec'] == 'info_plugin' +and preg_match(',[<],', (string)$_REQUEST['plugin'])) + $ecran_securite_raison = "plugin"; +if (isset($_REQUEST['exec']) +and $_REQUEST['exec'] == 'puce_statut' +and isset($_REQUEST['id']) +and !intval($_REQUEST['id'])) + $ecran_securite_raison = "puce_statut"; if (isset($_REQUEST['action']) and $_REQUEST['action'] == 'configurer') { if (@file_exists('inc_version.php')