1 files changed, 9 insertions, 19 deletions
diff --git a/beta_accents/app/include/ju.inc.php b/beta_accents/app/include/ju.inc.php
index 75fb4ee..a7154b7 100644
--- a/beta_accents/app/include/ju.inc.php
+++ b/beta_accents/app/include/ju.inc.php
@@ -2,6 +2,7 @@
 function traiter_formulaire_popfichier()
 {
 	require("include/ludo/config.inc.php");
+	require("include/tools.inc.php");
 	$file = "fichier";
 	if ( isset($CONFIG['UPLOAD']['relative_path']) ) { $basepath=$CONFIG['UPLOAD']['relative_path']; } else { $basepath='fichiers/';}
 	$basepath=$_SERVER['DOCUMENT_ROOT'].'/'.$basepath;
@@ -10,7 +11,7 @@ function traiter_formulaire_popfichier()
 	{
 		if($_FILES[$file]["error"] == 0)
 		{
-			//Récupération de l'extension
+			//R&eacute;cup&eacute;ration de l'extension
 			$ext = explode(".", $_FILES[$file]["name"]);
 			$ext = array_pop($ext);
 			if(is_numeric(array_search(strtolower($ext), $CONFIG["UPLOAD"]["accepted_files"])))
@@ -21,7 +22,7 @@ function traiter_formulaire_popfichier()
 					if(move_uploaded_file($_FILES[$file]["tmp_name"], $filepath))
 					{
 						if(isset($debug)) echo "DEBUG : basepath==$basepath\n";
-						$requete = "INSERT INTO AWOR_Fichier(nomFic, idR) VALUES ('"."r".$_GET["idR"]."_".$_FILES[$file]["name"]."', '".$_GET["idR"]."')";
+						$requete = "INSERT INTO AWOR_Fichier(nomFic, idR) VALUES ('"."r".addslashes_if_needed($_GET["idR"])."_".$_FILES[$file]["name"]."', '".addslashes_if_needed($_GET["idR"])."')";
 						if(mysql_query($requete) == false)
 						{
 							if(isset($debug)) echo "DEBUG : ".mysql_error()."<br/>\n";
@@ -72,7 +73,7 @@ function generate_html_reunion_fichiers($idR)
 	$resultat = mysql_query($requete);
 	if($resultat != false)
 	{
-		echo '<table cellspacing="0" class="fichiers" summary="Liste des fichiers postés par les participants de la réunion.">';
+		echo '<table cellspacing="0" class="fichiers" summary="Liste des fichiers post&eacute;s par les participants de la r&eacute;union.">';
 		echo '<thead>';
 		echo '<tr>';
 		echo '<th>Fichiers attach&eacute;s <a href="#" onclick="popon(\'popfichier\')">(Ajouter un fichier)</a></th>';
@@ -82,7 +83,7 @@ function generate_html_reunion_fichiers($idR)
 		{
 			while($fichier = mysql_fetch_array($resultat))
 			{
-				echo '<tr><td><a href="' . $basepath . $fichier["nomFic"].'" target="_blank" >'.$fichier["nomFic"]."</a></td></tr>\n";
+				echo '<tr><td><a href="' . str_replace(" ", "%20", urlencode($basepath . $fichier["nomFic"])).'" target="_blank" >'.htmlentities($fichier["nomFic"], ENT_QUOTES)."</a></td></tr>\n";
 			}
 		}
 		else
@@ -136,7 +137,7 @@ function traiter_formulaire_valider_creneau()
 		if(isset($debug)) echo $listeCreneau;
 		
 		//On recupere les creneaux ne faisant plus partie de la novuelle liste des creneaux
-		$requete = "SELECT * FROM AWOR_Creneau WHERE idR='".$_REQUEST["idR"]."' AND idC NOT IN ".$listeCreneau;
+		$requete = "SELECT idC FROM AWOR_Creneau WHERE idR='".$_REQUEST["idR"]."' AND idC NOT IN ".$listeCreneau;
 		//echo "DEBUG : $requete";
 		if($resultat = mysql_query($requete))
 		{
@@ -150,7 +151,8 @@ function traiter_formulaire_valider_creneau()
 
 function traiter_formulaire_maj_profil()
 {
-	$requete = "UPDATE AWOR_Personne SET courrielP = '".$_POST["courrielP"]."', loginP = '".$_POST["loginP"]."', nomP = '".$_POST["nomP"]."', prenomP = '".$_POST["prenomP"]."', methodeAuth = '".$_POST["methodeAuth"]."' WHERE idP = '".$_SESSION['session_idP']."'";
+	require_once ('include/tools.inc.php');
+	$requete = "UPDATE AWOR_Personne SET courrielP = '".addslashes_if_needed($_POST["courrielP"])."', loginP = '".addslashes_if_needed($_POST["loginP"])."', nomP = '".addslashes_if_needed($_POST["nomP"])."', prenomP = '".addslashes_if_needed($_POST["prenomP"])."', methodeAuth = '".addslashes_if_needed($_POST["methodeAuth"])."' WHERE idP = '".$_SESSION['session_idP']."'";
 	if(mysql_query($requete) == false) return "Une erreur MySQL est survenu : ".mysql_error();
 	$_SESSION['session_prenomP']	= $_POST["prenomP"];
 	$_SESSION['session_nomP'] 		= $_POST["nomP"];
@@ -208,7 +210,7 @@ function creneauExiste($idR, $heureD, $minD, $heureA, $minA, $jourA, $moisA, $an
 	$duree = $dateA - $dateD;
 	$dateD = date("Y-m-d G:i:s", $dateD);
 	$duree = $duree / 60;
-	$requete = "SELECT * FROM AWOR_Creneau WHERE idR='".$idR."' AND dateHeure='".$dateD."' AND duree=".$duree."";
+	$requete = "SELECT idC FROM AWOR_Creneau WHERE idR='".$idR."' AND dateHeure='".$dateD."' AND duree=".$duree."";
 	if($result = mysql_query($requete))
 	{
 		if(mysql_num_rows($result) > 0)
@@ -222,16 +224,4 @@ function creneauExiste($idR, $heureD, $minD, $heureA, $minA, $jourA, $moisA, $an
 		}
 	}
 }
-
-function addslashes_if_needed($texte)
-{
-	if(get_magic_quotes_gpc() == 0)
-	{
-		return addslashes($texte);
-	}
-	else
-	{
-		return $texte;
-	}
-}
 ?>
 \ No newline at end of file