RGPD cookie uniquement en mode admin et avertissement, logo journal

author: polo <ordipolo@gmx.fr> 2024-02-08 04:31:14 +0100
committer: polo <ordipolo@gmx.fr> 2024-02-08 04:31:14 +0100
commit: ccc9a05b758f1dc0313b96807edfc447a9e8d278 (patch)
tree: 114808e506b2bedabdc3ad09770edd7e5eb64e81 /controller/ckeditor.php
parent: 1ad47a7ca38e679a50c8dfee004db88b1633d7cf (diff)
download: melaine-ccc9a05b758f1dc0313b96807edfc447a9e8d278.tar.gz
melaine-ccc9a05b758f1dc0313b96807edfc447a9e8d278.tar.bz2
melaine-ccc9a05b758f1dc0313b96807edfc447a9e8d278.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/controller/ckeditor.php b/controller/ckeditor.php
index 1707128..d0c5824 100644
--- a/controller/ckeditor.php
+++ b/controller/ckeditor.php
@@ -18,8 +18,9 @@ function preparationCKeditor($html)
        header('Location: index.php?erreur=empty_input');
    }
-    // supprimer espaces, tabulations et sauts de ligne en début et fin de chaine
+    // sécuriser le HTML
-    $html = trim($html);
+    require('controller/Security.php');
+    $html = Security::secureString($html);
    // supprimer les sauts de ligne
    $sautsDeLigne = array("\n", "\r", "\r\n");
@@ -58,7 +59,7 @@ function getFileCodeFromHTTPReferrer(): string
 function submitCKeditor()
 {
    // déjà fait mais on ne sait jamais
-    if(!isset($_SESSION['admin']) || $_SESSION['admin'] != 1)
+    if(!isset($_SESSION))
    {
        header('Location: index.php?page=' . $_GET['page'] . '&erreur=connexion');
        exit();
author	polo <ordipolo@gmx.fr>	2024-02-08 04:31:14 +0100
committer	polo <ordipolo@gmx.fr>	2024-02-08 04:31:14 +0100
commit	ccc9a05b758f1dc0313b96807edfc447a9e8d278 (patch)
tree	114808e506b2bedabdc3ad09770edd7e5eb64e81 /controller/ckeditor.php
parent	1ad47a7ca38e679a50c8dfee004db88b1633d7cf (diff)
download	melaine-ccc9a05b758f1dc0313b96807edfc447a9e8d278.tar.gz melaine-ccc9a05b758f1dc0313b96807edfc447a9e8d278.tar.bz2 melaine-ccc9a05b758f1dc0313b96807edfc447a9e8d278.zip