dépôts
/
lhc
/
web
/
www.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[SPIP] ~maj 3.0.10 --> 3.0.14
[lhc/web/www.git]
/
www
/
config
/
ecran_securite.php
diff --git
a/www/config/ecran_securite.php
b/www/config/ecran_securite.php
index
63ee299
..
7e6ec1c
100644
(file)
--- a/
www/config/ecran_securite.php
+++ b/
www/config/ecran_securite.php
@@
-5,7
+5,7
@@
* ------------------
*/
* ------------------
*/
-define('_ECRAN_SECURITE', '1.1.
7'); // 24 mai 2013
+define('_ECRAN_SECURITE', '1.1.
8'); // 2013-08-29
/*
* Documentation : http://www.spip.net/fr_article4200.html
/*
* Documentation : http://www.spip.net/fr_article4200.html
@@
-253,11
+253,12
@@
if (strpos($_SERVER['REQUEST_URI'],"ecrire/")!==false){
if (isset($_REQUEST['connect'])
AND
// cas qui permettent de sortir d'un commentaire PHP
if (isset($_REQUEST['connect'])
AND
// cas qui permettent de sortir d'un commentaire PHP
- (strpos($_REQUEST['connect'], "?".">")!==false
+ (strpos($_REQUEST['connect'], "?")!==false
+ OR strpos($_REQUEST['connect'], ">")!==false
OR strpos($_REQUEST['connect'], "\n")!==false
OR strpos($_REQUEST['connect'], "\r")!==false)
) {
OR strpos($_REQUEST['connect'], "\n")!==false
OR strpos($_REQUEST['connect'], "\r")!==false)
) {
- $_REQUEST['connect'] = str_replace(array("?"
.
">", "\r", "\n"), "", $_REQUEST['connect']);
+ $_REQUEST['connect'] = str_replace(array("?"
,
">", "\r", "\n"), "", $_REQUEST['connect']);
if (isset($_GET['connect'])) $_GET['connect'] = $_REQUEST['connect'];
if (isset($_POST['connect'])) $_POST['connect'] = $_REQUEST['connect'];
}
if (isset($_GET['connect'])) $_GET['connect'] = $_REQUEST['connect'];
if (isset($_POST['connect'])) $_POST['connect'] = $_REQUEST['connect'];
}
@@
-316,4
+317,4
@@
if (
}
}
-?>
\ No newline at end of file
+?>