summaryrefslogtreecommitdiff
path: root/beta_accents/app/include/ju.inc.php
diff options
context:
space:
mode:
authorLudovic Pouzenc <ludovic@pouzenc.fr>2018-06-30 11:39:33 +0200
committerLudovic Pouzenc <ludovic@pouzenc.fr>2018-06-30 11:39:33 +0200
commit9738017972a6d4fea655926525b3c67dd85740cf (patch)
tree938d6f26c138d7c176c821bafc513362186a8ca7 /beta_accents/app/include/ju.inc.php
parent5dac82f52f45ad27f16ec2ff63ee75e2f39ef942 (diff)
download2007-AWOR-9738017972a6d4fea655926525b3c67dd85740cf.tar.gz
2007-AWOR-9738017972a6d4fea655926525b3c67dd85740cf.tar.bz2
2007-AWOR-9738017972a6d4fea655926525b3c67dd85740cf.zip
Version beta_accents 2007-03-12+17:26:00 - 2007-03-14+17:35:14
Diffstat (limited to 'beta_accents/app/include/ju.inc.php')
-rw-r--r--beta_accents/app/include/ju.inc.php28
1 files changed, 9 insertions, 19 deletions
diff --git a/beta_accents/app/include/ju.inc.php b/beta_accents/app/include/ju.inc.php
index 75fb4ee..a7154b7 100644
--- a/beta_accents/app/include/ju.inc.php
+++ b/beta_accents/app/include/ju.inc.php
@@ -2,6 +2,7 @@
function traiter_formulaire_popfichier()
{
require("include/ludo/config.inc.php");
+ require("include/tools.inc.php");
$file = "fichier";
if ( isset($CONFIG['UPLOAD']['relative_path']) ) { $basepath=$CONFIG['UPLOAD']['relative_path']; } else { $basepath='fichiers/';}
$basepath=$_SERVER['DOCUMENT_ROOT'].'/'.$basepath;
@@ -10,7 +11,7 @@ function traiter_formulaire_popfichier()
{
if($_FILES[$file]["error"] == 0)
{
- //Récupération de l'extension
+ //R&eacute;cup&eacute;ration de l'extension
$ext = explode(".", $_FILES[$file]["name"]);
$ext = array_pop($ext);
if(is_numeric(array_search(strtolower($ext), $CONFIG["UPLOAD"]["accepted_files"])))
@@ -21,7 +22,7 @@ function traiter_formulaire_popfichier()
if(move_uploaded_file($_FILES[$file]["tmp_name"], $filepath))
{
if(isset($debug)) echo "DEBUG : basepath==$basepath\n";
- $requete = "INSERT INTO AWOR_Fichier(nomFic, idR) VALUES ('"."r".$_GET["idR"]."_".$_FILES[$file]["name"]."', '".$_GET["idR"]."')";
+ $requete = "INSERT INTO AWOR_Fichier(nomFic, idR) VALUES ('"."r".addslashes_if_needed($_GET["idR"])."_".$_FILES[$file]["name"]."', '".addslashes_if_needed($_GET["idR"])."')";
if(mysql_query($requete) == false)
{
if(isset($debug)) echo "DEBUG : ".mysql_error()."<br/>\n";
@@ -72,7 +73,7 @@ function generate_html_reunion_fichiers($idR)
$resultat = mysql_query($requete);
if($resultat != false)
{
- echo '<table cellspacing="0" class="fichiers" summary="Liste des fichiers postés par les participants de la réunion.">';
+ echo '<table cellspacing="0" class="fichiers" summary="Liste des fichiers post&eacute;s par les participants de la r&eacute;union.">';
echo '<thead>';
echo '<tr>';
echo '<th>Fichiers attach&eacute;s <a href="#" onclick="popon(\'popfichier\')">(Ajouter un fichier)</a></th>';
@@ -82,7 +83,7 @@ function generate_html_reunion_fichiers($idR)
{
while($fichier = mysql_fetch_array($resultat))
{
- echo '<tr><td><a href="' . $basepath . $fichier["nomFic"].'" target="_blank" >'.$fichier["nomFic"]."</a></td></tr>\n";
+ echo '<tr><td><a href="' . str_replace(" ", "%20", urlencode($basepath . $fichier["nomFic"])).'" target="_blank" >'.htmlentities($fichier["nomFic"], ENT_QUOTES)."</a></td></tr>\n";
}
}
else
@@ -136,7 +137,7 @@ function traiter_formulaire_valider_creneau()
if(isset($debug)) echo $listeCreneau;
//On recupere les creneaux ne faisant plus partie de la novuelle liste des creneaux
- $requete = "SELECT * FROM AWOR_Creneau WHERE idR='".$_REQUEST["idR"]."' AND idC NOT IN ".$listeCreneau;
+ $requete = "SELECT idC FROM AWOR_Creneau WHERE idR='".$_REQUEST["idR"]."' AND idC NOT IN ".$listeCreneau;
//echo "DEBUG : $requete";
if($resultat = mysql_query($requete))
{
@@ -150,7 +151,8 @@ function traiter_formulaire_valider_creneau()
function traiter_formulaire_maj_profil()
{
- $requete = "UPDATE AWOR_Personne SET courrielP = '".$_POST["courrielP"]."', loginP = '".$_POST["loginP"]."', nomP = '".$_POST["nomP"]."', prenomP = '".$_POST["prenomP"]."', methodeAuth = '".$_POST["methodeAuth"]."' WHERE idP = '".$_SESSION['session_idP']."'";
+ require_once ('include/tools.inc.php');
+ $requete = "UPDATE AWOR_Personne SET courrielP = '".addslashes_if_needed($_POST["courrielP"])."', loginP = '".addslashes_if_needed($_POST["loginP"])."', nomP = '".addslashes_if_needed($_POST["nomP"])."', prenomP = '".addslashes_if_needed($_POST["prenomP"])."', methodeAuth = '".addslashes_if_needed($_POST["methodeAuth"])."' WHERE idP = '".$_SESSION['session_idP']."'";
if(mysql_query($requete) == false) return "Une erreur MySQL est survenu : ".mysql_error();
$_SESSION['session_prenomP'] = $_POST["prenomP"];
$_SESSION['session_nomP'] = $_POST["nomP"];
@@ -208,7 +210,7 @@ function creneauExiste($idR, $heureD, $minD, $heureA, $minA, $jourA, $moisA, $an
$duree = $dateA - $dateD;
$dateD = date("Y-m-d G:i:s", $dateD);
$duree = $duree / 60;
- $requete = "SELECT * FROM AWOR_Creneau WHERE idR='".$idR."' AND dateHeure='".$dateD."' AND duree=".$duree."";
+ $requete = "SELECT idC FROM AWOR_Creneau WHERE idR='".$idR."' AND dateHeure='".$dateD."' AND duree=".$duree."";
if($result = mysql_query($requete))
{
if(mysql_num_rows($result) > 0)
@@ -222,16 +224,4 @@ function creneauExiste($idR, $heureD, $minD, $heureA, $minA, $jourA, $moisA, $an
}
}
}
-
-function addslashes_if_needed($texte)
-{
- if(get_magic_quotes_gpc() == 0)
- {
- return addslashes($texte);
- }
- else
- {
- return $texte;
- }
-}
?> \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 17:54:46 +0000