diff options
Diffstat (limited to 'beta_accents/app/include/ju.inc.php')
-rw-r--r-- | beta_accents/app/include/ju.inc.php | 28 |
1 files changed, 9 insertions, 19 deletions
diff --git a/beta_accents/app/include/ju.inc.php b/beta_accents/app/include/ju.inc.php index 75fb4ee..a7154b7 100644 --- a/beta_accents/app/include/ju.inc.php +++ b/beta_accents/app/include/ju.inc.php @@ -2,6 +2,7 @@ function traiter_formulaire_popfichier() { require("include/ludo/config.inc.php"); + require("include/tools.inc.php"); $file = "fichier"; if ( isset($CONFIG['UPLOAD']['relative_path']) ) { $basepath=$CONFIG['UPLOAD']['relative_path']; } else { $basepath='fichiers/';} $basepath=$_SERVER['DOCUMENT_ROOT'].'/'.$basepath; @@ -10,7 +11,7 @@ function traiter_formulaire_popfichier() { if($_FILES[$file]["error"] == 0) { - //Récupération de l'extension + //Récupération de l'extension $ext = explode(".", $_FILES[$file]["name"]); $ext = array_pop($ext); if(is_numeric(array_search(strtolower($ext), $CONFIG["UPLOAD"]["accepted_files"]))) @@ -21,7 +22,7 @@ function traiter_formulaire_popfichier() if(move_uploaded_file($_FILES[$file]["tmp_name"], $filepath)) { if(isset($debug)) echo "DEBUG : basepath==$basepath\n"; - $requete = "INSERT INTO AWOR_Fichier(nomFic, idR) VALUES ('"."r".$_GET["idR"]."_".$_FILES[$file]["name"]."', '".$_GET["idR"]."')"; + $requete = "INSERT INTO AWOR_Fichier(nomFic, idR) VALUES ('"."r".addslashes_if_needed($_GET["idR"])."_".$_FILES[$file]["name"]."', '".addslashes_if_needed($_GET["idR"])."')"; if(mysql_query($requete) == false) { if(isset($debug)) echo "DEBUG : ".mysql_error()."<br/>\n"; @@ -72,7 +73,7 @@ function generate_html_reunion_fichiers($idR) $resultat = mysql_query($requete); if($resultat != false) { - echo '<table cellspacing="0" class="fichiers" summary="Liste des fichiers postés par les participants de la réunion.">'; + echo '<table cellspacing="0" class="fichiers" summary="Liste des fichiers postés par les participants de la réunion.">'; echo '<thead>'; echo '<tr>'; echo '<th>Fichiers attachés <a href="#" onclick="popon(\'popfichier\')">(Ajouter un fichier)</a></th>'; @@ -82,7 +83,7 @@ function generate_html_reunion_fichiers($idR) { while($fichier = mysql_fetch_array($resultat)) { - echo '<tr><td><a href="' . $basepath . $fichier["nomFic"].'" target="_blank" >'.$fichier["nomFic"]."</a></td></tr>\n"; + echo '<tr><td><a href="' . str_replace(" ", "%20", urlencode($basepath . $fichier["nomFic"])).'" target="_blank" >'.htmlentities($fichier["nomFic"], ENT_QUOTES)."</a></td></tr>\n"; } } else @@ -136,7 +137,7 @@ function traiter_formulaire_valider_creneau() if(isset($debug)) echo $listeCreneau; //On recupere les creneaux ne faisant plus partie de la novuelle liste des creneaux - $requete = "SELECT * FROM AWOR_Creneau WHERE idR='".$_REQUEST["idR"]."' AND idC NOT IN ".$listeCreneau; + $requete = "SELECT idC FROM AWOR_Creneau WHERE idR='".$_REQUEST["idR"]."' AND idC NOT IN ".$listeCreneau; //echo "DEBUG : $requete"; if($resultat = mysql_query($requete)) { @@ -150,7 +151,8 @@ function traiter_formulaire_valider_creneau() function traiter_formulaire_maj_profil() { - $requete = "UPDATE AWOR_Personne SET courrielP = '".$_POST["courrielP"]."', loginP = '".$_POST["loginP"]."', nomP = '".$_POST["nomP"]."', prenomP = '".$_POST["prenomP"]."', methodeAuth = '".$_POST["methodeAuth"]."' WHERE idP = '".$_SESSION['session_idP']."'"; + require_once ('include/tools.inc.php'); + $requete = "UPDATE AWOR_Personne SET courrielP = '".addslashes_if_needed($_POST["courrielP"])."', loginP = '".addslashes_if_needed($_POST["loginP"])."', nomP = '".addslashes_if_needed($_POST["nomP"])."', prenomP = '".addslashes_if_needed($_POST["prenomP"])."', methodeAuth = '".addslashes_if_needed($_POST["methodeAuth"])."' WHERE idP = '".$_SESSION['session_idP']."'"; if(mysql_query($requete) == false) return "Une erreur MySQL est survenu : ".mysql_error(); $_SESSION['session_prenomP'] = $_POST["prenomP"]; $_SESSION['session_nomP'] = $_POST["nomP"]; @@ -208,7 +210,7 @@ function creneauExiste($idR, $heureD, $minD, $heureA, $minA, $jourA, $moisA, $an $duree = $dateA - $dateD; $dateD = date("Y-m-d G:i:s", $dateD); $duree = $duree / 60; - $requete = "SELECT * FROM AWOR_Creneau WHERE idR='".$idR."' AND dateHeure='".$dateD."' AND duree=".$duree.""; + $requete = "SELECT idC FROM AWOR_Creneau WHERE idR='".$idR."' AND dateHeure='".$dateD."' AND duree=".$duree.""; if($result = mysql_query($requete)) { if(mysql_num_rows($result) > 0) @@ -222,16 +224,4 @@ function creneauExiste($idR, $heureD, $minD, $heureA, $minA, $jourA, $moisA, $an } } } - -function addslashes_if_needed($texte) -{ - if(get_magic_quotes_gpc() == 0) - { - return addslashes($texte); - } - else - { - return $texte; - } -} ?>
\ No newline at end of file |