dépôts
/
ptitvelo
/
web
/
www.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
~maj v3.0.19-->v3.0.21
[ptitvelo/web/www.git]
/
www
/
ecrire
/
inc
/
texte.php
diff --git
a/www/ecrire/inc/texte.php
b/www/ecrire/inc/texte.php
index
af706b3
..
c0cec0b
100644
(file)
--- a/
www/ecrire/inc/texte.php
+++ b/
www/ecrire/inc/texte.php
@@
-156,6
+156,7
@@
function typo($letexte, $echapper=true, $connect=null, $env=array()) {
if (is_null($connect)){
$connect = '';
$interdire_script = true;
if (is_null($connect)){
$connect = '';
$interdire_script = true;
+ $env['espace_prive'] = 1;
}
// Echapper les codes <html> etc
}
// Echapper les codes <html> etc
@@
-183,6
+184,12
@@
function typo($letexte, $echapper=true, $connect=null, $env=array()) {
if ($interdire_script)
$letexte = interdire_scripts($letexte);
if ($interdire_script)
$letexte = interdire_scripts($letexte);
+ // Dans l'espace prive on se mefie de tout contenu dangereux
+ // https://core.spip.net/issues/3371
+ if (isset($env['espace_prive']) AND $env['espace_prive']){
+ $letexte = echapper_html_suspect($letexte);
+ }
+
return $letexte;
}
return $letexte;
}