+/*
+ * Outils XML mal sécurisés again
+ */
+if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec']=='valider_xml'){
+ $url = trim($_REQUEST['var_url']);
+ if (strncmp($url,'/',1)==0
+ or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false)
+ or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) {
+ $ecran_securite_raison = 'URL interdite pour var_url';
+ }
+}
+