X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=www%2Fecrire%2Finc%2Ftexte.php;fp=www%2Fecrire%2Finc%2Ftexte.php;h=c0cec0be8c296419e4fa8c9938935462d85d35e1;hb=f854641371bdfbaba8fbab6212853d9795ba8cc8;hp=af706b3e931b1105e03a0392a1fff124b979a996;hpb=d18fcb8f27a4016e3fa7b50a9b2255d529dca543;p=ptitvelo%2Fweb%2Fwww.git

diff --git a/www/ecrire/inc/texte.php b/www/ecrire/inc/texte.php
index af706b3..c0cec0b 100644
--- a/www/ecrire/inc/texte.php
+++ b/www/ecrire/inc/texte.php
@@ -156,6 +156,7 @@ function typo($letexte, $echapper=true, $connect=null, $env=array()) {
 	if (is_null($connect)){
 		$connect = '';
 		$interdire_script = true;
+		$env['espace_prive'] = 1;
 	}
 
 	// Echapper les codes <html> etc
@@ -183,6 +184,12 @@ function typo($letexte, $echapper=true, $connect=null, $env=array()) {
 	if ($interdire_script)
 		$letexte = interdire_scripts($letexte);
 
+	// Dans l'espace prive on se mefie de tout contenu dangereux
+	// https://core.spip.net/issues/3371
+	if (isset($env['espace_prive']) AND $env['espace_prive']){
+		$letexte = echapper_html_suspect($letexte);
+	}
+
 	return $letexte;
 }