- $h = generer_url_entite_absolue(intval(_request('id')), $type, $m, '', true);
+
+ if (preg_match('/^\w+$/', $type)) {
+ $h = generer_url_entite_absolue($id, $type, '', '', true);
+ }
+ else if ($page = _request('page')
+ AND preg_match('/^\w+$/', $page)) {
+ $h = generer_url_public($page, '', true);
+ }
+ else return;
+
+ if ($m > '')
+ $h = parametre_url($h, 'var_mode', $m);
+
+ if ($m == 'preview'
+ AND defined('_PREVIEW_TOKEN')
+ AND _PREVIEW_TOKEN
+ AND autoriser('previsualiser')
+ AND $aut = $GLOBALS['visiteur_session']['id_auteur'] ) {
+ include_spip('inc/securiser_action');
+ $token = _action_auteur('previsualiser', $aut, null, 'alea_ephemere');
+ $h = parametre_url($h, 'var_previewtoken', "$aut*$token");
+ }
+