diff --git a/admin/admin_access_area.php b/admin/admin_access_area.php index 8eda2c1..b9866a5 100644 --- a/admin/admin_access_area.php +++ b/admin/admin_access_area.php @@ -29,9 +29,7 @@ $msg = ''; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $day = date("d"); $month = date("m"); $year = date("Y"); diff --git a/admin/admin_accueil.php b/admin/admin_accueil.php index db2bfcb..6759510 100644 --- a/admin/admin_accueil.php +++ b/admin/admin_accueil.php @@ -17,9 +17,7 @@ */ include "../include/admin.inc.php"; $grr_script_name = "admin_accueil.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ((authGetUserLevel(getUserName(), -1, 'area') < 4) && (authGetUserLevel(getUserName(), -1, 'user') != 1)) { showAccessDenied($back); diff --git a/admin/admin_admin_site.php b/admin/admin_admin_site.php index cf81066..23f5e63 100644 --- a/admin/admin_admin_site.php +++ b/admin/admin_admin_site.php @@ -23,9 +23,8 @@ $id_site = get_default_site(); if (!isset($id_site)) settype($id_site, "integer"); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); + check_access(6, $back); if (Settings::get("module_multisite") != "Oui") { @@ -174,4 +173,4 @@ function site_go() echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_calend.php b/admin/admin_calend.php index 76e0b89..4471a81 100644 --- a/admin/admin_calend.php +++ b/admin/admin_calend.php @@ -19,8 +19,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_calend.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); // vérification des droits d'accès if(authGetUserLevel(getUserName(),-1,'area') < 5) diff --git a/admin/admin_calend2.php b/admin/admin_calend2.php index fb5d579..eec24bd 100644 --- a/admin/admin_calend2.php +++ b/admin/admin_calend2.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_calend2.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); check_access(4, $back); // Initialisation $etape = isset($_POST["etape"]) ? $_POST["etape"] : NULL; @@ -509,4 +507,4 @@ function validate_and_submit () echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_calend_ignore.php b/admin/admin_calend_ignore.php index e9cc1d8..db3f6b2 100644 --- a/admin/admin_calend_ignore.php +++ b/admin/admin_calend_ignore.php @@ -18,9 +18,9 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_calend_ignore.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + +$back = getBackUri(); + check_access(6, $back); # print the page header print_header("", "", "", $type="with_session"); diff --git a/admin/admin_calend_jour_cycle.php b/admin/admin_calend_jour_cycle.php index 6bf5b3a..233866d 100644 --- a/admin/admin_calend_jour_cycle.php +++ b/admin/admin_calend_jour_cycle.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_calend_jour_cycle.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_calend_jour_cycle.php"; $day = date("d"); $month = date("m"); diff --git a/admin/admin_calend_vacances_feries.php b/admin/admin_calend_vacances_feries.php index f684c24..ccce91b 100644 --- a/admin/admin_calend_vacances_feries.php +++ b/admin/admin_calend_vacances_feries.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_calend_vacances_feries.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); check_access(6, $back); # print the page header print_header("", "", "", $type="with_session"); diff --git a/admin/admin_cgu.php b/admin/admin_cgu.php index 6385043..0749fda 100644 --- a/admin/admin_cgu.php +++ b/admin/admin_cgu.php @@ -19,9 +19,7 @@ include "../include/admin.inc.php"; require_once("../include/pages.class.php"); $grr_script_name = "admin_cgu.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_cgu.php"; $day = date("d"); $month = date("m"); @@ -96,4 +94,4 @@ // fin de l'affichage de la colonne de droite echo ''; -?> \ No newline at end of file +?> diff --git a/admin/admin_change_pwd.php b/admin/admin_change_pwd.php index 714f68a..3516077 100644 --- a/admin/admin_change_pwd.php +++ b/admin/admin_change_pwd.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_change_pwd.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); check_access(6, $back); // Restriction dans le cas d'une démo VerifyModeDemo(); diff --git a/admin/admin_config.php b/admin/admin_config.php index 5e118a0..65b2194 100644 --- a/admin/admin_config.php +++ b/admin/admin_config.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_config.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_config.php"; $day = date("d"); $month = date("m"); diff --git a/admin/admin_config_calend2.php b/admin/admin_config_calend2.php index 066200c..c6d1e75 100644 --- a/admin/admin_config_calend2.php +++ b/admin/admin_config_calend2.php @@ -17,9 +17,7 @@ */ $grr_script_name = "admin_config_calend2.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); check_access(6, $back); # print the page header print_header("", "", "", $type="with_session"); @@ -144,4 +142,4 @@ echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_config_calend3.php b/admin/admin_config_calend3.php index cdf2bb5..24aa680 100644 --- a/admin/admin_config_calend3.php +++ b/admin/admin_config_calend3.php @@ -96,8 +96,7 @@ function cal3($month, $year) $s .= "\n"; return $s; } -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); check_access(6, $back); print_header("", "", "", $type = "with_session"); // Affichage de la colonne de gauche @@ -230,4 +229,4 @@ function check (select) } - \ No newline at end of file + diff --git a/admin/admin_config_imap.php b/admin/admin_config_imap.php index edf08c8..e770a5c 100644 --- a/admin/admin_config_imap.php +++ b/admin/admin_config_imap.php @@ -45,9 +45,7 @@ $grrSettings['imap_statut'] = $_POST['imap_statut']; } } -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ((isset($imap_restrictions)) && ($imap_restrictions == true)) { showAccessDenied($back); @@ -311,4 +309,4 @@ echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_config_ldap.php b/admin/admin_config_ldap.php index 805cf9d..f7d3f7e 100644 --- a/admin/admin_config_ldap.php +++ b/admin/admin_config_ldap.php @@ -162,9 +162,7 @@ "; } -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ((authGetUserLevel(getUserName(), -1) < 6) && ($valid != 'yes')) { showAccessDenied($back); diff --git a/admin/admin_confirm_change_date_bookings.php b/admin/admin_confirm_change_date_bookings.php index ecdc174..bdcdd71 100644 --- a/admin/admin_confirm_change_date_bookings.php +++ b/admin/admin_confirm_change_date_bookings.php @@ -19,9 +19,8 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_confirm_change_date_bookings.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + +$back = getBackUri(); unset($display); $display = isset($_GET["display"]) ? $_GET["display"] : NULL; $day = date("d"); diff --git a/admin/admin_corresp_statut.php b/admin/admin_corresp_statut.php index 02c1b5e..5ff710e 100644 --- a/admin/admin_corresp_statut.php +++ b/admin/admin_corresp_statut.php @@ -17,9 +17,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_config_sso.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if (Settings::get("sso_ac_corr_profil_statut") != 'y') { showAccessDenied($back); @@ -76,9 +74,7 @@ else $msg = get_vocab("message_records"); } -$back = ""; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); //print the page header print_header("", "", "", $type="with_session"); // Affichage de la colonne de gauche diff --git a/admin/admin_delete_entry_after.php b/admin/admin_delete_entry_after.php index e07b688..322643e 100644 --- a/admin/admin_delete_entry_after.php +++ b/admin/admin_delete_entry_after.php @@ -17,9 +17,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_delete_entry_after.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_config.php"; if (!Settings::load()) { @@ -132,4 +130,4 @@ echo "".get_vocab('returnprev')."

"; -include "../include/trailer.inc.php"; ?> \ No newline at end of file +include "../include/trailer.inc.php"; ?> diff --git a/admin/admin_delete_entry_before.php b/admin/admin_delete_entry_before.php index eebc5d7..8a8f0fb 100644 --- a/admin/admin_delete_entry_before.php +++ b/admin/admin_delete_entry_before.php @@ -17,9 +17,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_delete_entry_before.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_config.php"; if (!Settings::load()) { @@ -130,4 +128,4 @@ echo "".get_vocab('returnprev')."

"; -include "../include/trailer.inc.php"; ?> \ No newline at end of file +include "../include/trailer.inc.php"; ?> diff --git a/admin/admin_edit_room.php b/admin/admin_edit_room.php index a151374..161bb87 100644 --- a/admin/admin_edit_room.php +++ b/admin/admin_edit_room.php @@ -86,9 +86,7 @@ $moderate = 0; settype($type_affichage_reser, "integer"); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if (isset($_POST["change_room_and_back"])) { diff --git a/admin/admin_email_manager.php b/admin/admin_email_manager.php index 9e20725..00f8867 100644 --- a/admin/admin_email_manager.php +++ b/admin/admin_email_manager.php @@ -24,9 +24,8 @@ settype($room,"integer"); if (!isset($id_area)) settype($id_area,"integer"); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + +$back = getBackUri(); check_access(4, $back); // tableau des ressources auxquelles l'utilisateur n'a pas accès $tab_rooms_noaccess = verif_acces_ressource(getUserName(), 'all'); @@ -278,4 +277,4 @@ function room_go() echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_import_entries_csv_udt.php b/admin/admin_import_entries_csv_udt.php index 4741ced..20d721e 100644 --- a/admin/admin_import_entries_csv_udt.php +++ b/admin/admin_import_entries_csv_udt.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_import_entries_csv_udt.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_config.php"; if (!Settings::load()) { @@ -604,4 +602,4 @@ function entre_reservation($room_id,$jour_semaine,$name,$description, // Retour au calendrier } -?> \ No newline at end of file +?> diff --git a/admin/admin_import_users_csv.php b/admin/admin_import_users_csv.php index 0f82e22..3f89932 100644 --- a/admin/admin_import_users_csv.php +++ b/admin/admin_import_users_csv.php @@ -19,9 +19,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_import_users_csv.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ((authGetUserLevel(getUserName(), -1) < 6) && (authGetUserLevel(getUserName(), -1, 'user') != 1)) { showAccessDenied($back); diff --git a/admin/admin_import_users_elycee.php b/admin/admin_import_users_elycee.php index 7a06f1e..635c0e9 100644 --- a/admin/admin_import_users_elycee.php +++ b/admin/admin_import_users_elycee.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_import_users_elycee.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ((authGetUserLevel(getUserName(), -1) < 6) && (authGetUserLevel(getUserName(), -1, 'user') != 1)) { showAccessDenied($back); @@ -286,4 +284,4 @@ echo ""; // fin de la colonne droite ?> - \ No newline at end of file + diff --git a/admin/admin_import_xml_edt.php b/admin/admin_import_xml_edt.php index 6b5ffd6..64869d2 100644 --- a/admin/admin_import_xml_edt.php +++ b/admin/admin_import_xml_edt.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_import_xml_edt.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $_SESSION['chemin_retour'] = "admin_config.php"; if (!Settings::load()) { @@ -539,4 +537,4 @@ function entre_reservation($room_id,$jour_semaine,$name,$description, // Retour au calendrier } -?> \ No newline at end of file +?> diff --git a/admin/admin_maj.php b/admin/admin_maj.php index daf846a..b135009 100644 --- a/admin/admin_maj.php +++ b/admin/admin_maj.php @@ -203,9 +203,7 @@ function traite_requete($requete = "") die(); } -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ((authGetUserLevel(getUserName(),-1) < 6) && ($valid != 'yes') && $connexionAdminMAJ == 1) { @@ -1126,4 +1124,4 @@ function traite_requete($requete = "") echo ""; echo ""; echo ""; -} \ No newline at end of file +} diff --git a/admin/admin_overload.php b/admin/admin_overload.php index 903beb6..434acef 100644 --- a/admin/admin_overload.php +++ b/admin/admin_overload.php @@ -17,9 +17,9 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_overload.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + +$back = getBackUri(); + $day = date("d"); $month = date("m"); $year = date("Y"); diff --git a/admin/admin_purge_accounts.php b/admin/admin_purge_accounts.php index 254af14..0be8755 100644 --- a/admin/admin_purge_accounts.php +++ b/admin/admin_purge_accounts.php @@ -17,9 +17,8 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_user.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); + $display = isset($_GET["display"]) ? $_GET["display"] : NULL; $order_by = isset($_GET["order_by"]) ? $_GET["order_by"] : NULL; $msg = ''; diff --git a/admin/admin_right.php b/admin/admin_right.php index 176157b..f670bd1 100644 --- a/admin/admin_right.php +++ b/admin/admin_right.php @@ -17,9 +17,9 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_right.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + +$back = getBackUri(); + $id_area = isset($_POST["id_area"]) ? $_POST["id_area"] : (isset($_GET["id_area"]) ? $_GET["id_area"] : NULL); $room = isset($_POST["room"]) ? $_POST["room"] : (isset($_GET["room"]) ? $_GET["room"] : NULL); if (isset($room)) @@ -503,4 +503,4 @@ function room_go() echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_right_admin.php b/admin/admin_right_admin.php index 7634e33..1995b34 100644 --- a/admin/admin_right_admin.php +++ b/admin/admin_right_admin.php @@ -21,9 +21,9 @@ $id_area = isset($_POST["id_area"]) ? $_POST["id_area"] : (isset($_GET["id_area"]) ? $_GET["id_area"] : NULL); if (!isset($id_area)) settype($id_area,"integer"); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + +$back = getBackUri(); + $day = date("d"); $month = date("m"); $year = date("Y"); @@ -236,4 +236,4 @@ function area_go() echo ""; ?> - \ No newline at end of file + diff --git a/admin/admin_room.php b/admin/admin_room.php index 0b0072e..aa1d318 100644 --- a/admin/admin_room.php +++ b/admin/admin_room.php @@ -26,9 +26,7 @@ if (!isset($id_site)) $id_site = isset($_POST['id_site']) ? $_POST['id_site'] : (isset($_GET['id_site']) ? $_GET['id_site'] : -1); settype($id_site,"integer"); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $day = date("d"); $month = date("m"); $year = date("Y"); @@ -345,4 +343,4 @@ function site_go() echo "\n"; ?> - \ No newline at end of file + diff --git a/admin/admin_room_del.php b/admin/admin_room_del.php index e9550b7..98982a8 100644 --- a/admin/admin_room_del.php +++ b/admin/admin_room_del.php @@ -29,8 +29,7 @@ settype($id_area,"integer"); if (isset($id_site)) settype($id_site,"integer"); -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if ($type == "room") { if ((authGetUserLevel(getUserName(),$room) < 4) || (!verif_acces_ressource(getUserName(), $room))) @@ -137,4 +136,4 @@ } ?> - \ No newline at end of file + diff --git a/admin/admin_save_mysql.php b/admin/admin_save_mysql.php index 1070684..3838583 100644 --- a/admin/admin_save_mysql.php +++ b/admin/admin_save_mysql.php @@ -51,9 +51,7 @@ else { include "../include/admin.inc.php"; - $back = ''; - if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + $back = getBackUri(); if (authGetUserLevel(getUserName(),-1) < 6) { showAccessDenied($back); @@ -193,4 +191,4 @@ function mysql_version() } $fd.="#********* fin du fichier ***********"; echo $fd; -?> \ No newline at end of file +?> diff --git a/admin/admin_site.php b/admin/admin_site.php index c2d5fe6..55c8c9a 100644 --- a/admin/admin_site.php +++ b/admin/admin_site.php @@ -328,17 +328,13 @@ function check_right($id) // Debut de l'affichage de la page include_once('../include/admin.inc.php'); $grr_script_name = 'admin_site.php'; - if (authGetUserLevel(getUserName(), -1, 'site') < 4) - { - $back = ''; - if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + $back = getBackUri(); + + if (authGetUserLevel(getUserName(), -1, 'site') < 4){ showAccessDenied($back); exit(); } - $back = ""; - if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + // print the page header print_header("", "", "", $type="with_session"); // Affichage de la colonne de gauche @@ -381,4 +377,4 @@ function check_right($id) echo "\n"; ?> - \ No newline at end of file + diff --git a/admin/admin_type.php b/admin/admin_type.php index 1a5cf36..17c0774 100644 --- a/admin/admin_type.php +++ b/admin/admin_type.php @@ -16,9 +16,7 @@ */ include "../include/admin.inc.php"; $grr_script_name = "admin_type.php"; -$back = ""; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); check_access(6, $back); if ((isset($_GET['msg'])) && isset($_SESSION['displ_msg']) && ($_SESSION['displ_msg'] == 'yes') ) $msg = $_GET['msg']; diff --git a/admin/admin_type_area.php b/admin/admin_type_area.php index 2a271ab..6891b5b 100644 --- a/admin/admin_type_area.php +++ b/admin/admin_type_area.php @@ -20,16 +20,12 @@ $grr_script_name = "admin_type_area.php"; // Initialisation $id_area = isset($_GET["id_area"]) ? $_GET["id_area"] : NULL; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $day = date("d"); $month = date("m"); $year = date("Y"); check_access(4, $back); -$back = ""; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + // Gestion du retour à la page précédente sans enregistrement if (isset($_GET['change_done'])) { diff --git a/admin/admin_type_modify.php b/admin/admin_type_modify.php index 4c8ac82..7da9000 100644 --- a/admin/admin_type_modify.php +++ b/admin/admin_type_modify.php @@ -19,9 +19,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_type_modify.php"; $ok = NULL; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $day = date("d"); $month = date("m"); $year = date("Y"); diff --git a/admin/admin_user.php b/admin/admin_user.php index 8375ef9..f7c3a52 100644 --- a/admin/admin_user.php +++ b/admin/admin_user.php @@ -18,9 +18,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_user.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $display = isset($_GET["display"]) ? $_GET["display"] : NULL; $order_by = isset($_GET["order_by"]) ? $_GET["order_by"] : NULL; $msg = ''; diff --git a/admin/admin_user_mdp_facile.php b/admin/admin_user_mdp_facile.php index 747ba5c..c6cd763 100644 --- a/admin/admin_user_mdp_facile.php +++ b/admin/admin_user_mdp_facile.php @@ -17,9 +17,7 @@ include "../include/admin.inc.php"; $grr_script_name = "admin_user_mdp_facile.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $display = isset($_GET["display"]) ? $_GET["display"] : NULL; $order_by = isset($_GET["order_by"]) ? $_GET["order_by"] : NULL; $msg = ''; diff --git a/admin/admin_user_modify.php b/admin/admin_user_modify.php index 123560e..83dbbd0 100644 --- a/admin/admin_user_modify.php +++ b/admin/admin_user_modify.php @@ -17,9 +17,8 @@ */ include "../include/admin.inc.php"; $grr_script_name = "admin_user_modify.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); + if ((authGetUserLevel(getUserName(), -1) < 6) && (authGetUserLevel(getUserName(), -1, 'user') != 1)) { showAccessDenied($back); diff --git a/admin/admin_view_connexions.php b/admin/admin_view_connexions.php index 515f998..25c6d42 100644 --- a/admin/admin_view_connexions.php +++ b/admin/admin_view_connexions.php @@ -17,9 +17,7 @@ */ include "../include/admin.inc.php"; $grr_script_name = "admin_view_connexions.php"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); $day = date("d"); $month = date("m"); $year = date("Y"); diff --git a/del_entry.php b/del_entry.php index b539386..8f1d04f 100644 --- a/del_entry.php +++ b/del_entry.php @@ -49,9 +49,7 @@ $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); - $back = ""; - if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); + $back = getBackUri(); if (authGetUserLevel(getUserName(), -1) < 1) { showAccessDenied($back); diff --git a/edit_entry.php b/edit_entry.php index d04681a..822b996 100644 --- a/edit_entry.php +++ b/edit_entry.php @@ -86,9 +86,7 @@ $qui_peut_reserver_pour = grr_sql_query1("SELECT qui_peut_reserver_pour FROM ".TABLE_PREFIX."_room WHERE id='".$room."'"); $active_cle = grr_sql_query1("SELECT active_cle FROM ".TABLE_PREFIX."_room WHERE id='".$room."'"); $periodiciteConfig = Settings::get("periodicite"); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars( $_SERVER['HTTP_REFERER']); +$back = getBackUri(); $longueur_liste_ressources_max = Settings::get("longueur_liste_ressources_max"); if ($longueur_liste_ressources_max == '') $longueur_liste_ressources_max = 20; @@ -1291,4 +1289,4 @@ function changeRooms( formObj ) \ No newline at end of file + ?> diff --git a/edit_entry_handler.php b/edit_entry_handler.php index 7dd32ad..1cc9965 100644 --- a/edit_entry_handler.php +++ b/edit_entry_handler.php @@ -167,12 +167,7 @@ include "include/trailer.inc.php"; die(); } -$back = (isset($_SERVER['HTTP_REFERER']))? htmlspecialchars($_SERVER['HTTP_REFERER']) :''; -//if (isset($_SERVER['HTTP_REFERER'])) -// $back = htmlspecialchars($_SERVER['HTTP_REFERER']); -// page de retour -$ret_page = (isset($_GET['page_ret']))? $_GET['page_ret'] : $back; - +$back = getBackUri(); $area = mrbsGetRoomArea($_GET['rooms'][0]); $overload_data = array(); $overload_fields_list = mrbsOverloadGetFieldslist($area); diff --git a/include/planning_init.inc.php b/include/planning_init.inc.php index 46a59e3..8d40d2a 100644 --- a/include/planning_init.inc.php +++ b/include/planning_init.inc.php @@ -66,9 +66,7 @@ $day = 1; */ // Lien de retour -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); // Type de session if ((Settings::get("authentification_obli") == 0) && (getUserName() == '')) @@ -166,4 +164,4 @@ echo '

'; - ?> \ No newline at end of file + ?> diff --git a/report.php b/report.php index ae58d49..8d00177 100644 --- a/report.php +++ b/report.php @@ -40,9 +40,7 @@ else $_GET['pview'] = 1; //Récupération des informations relatives au serveur. -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); //Renseigne les droits de l'utilisateur, si les droits sont insufisants, l'utilisateur est avertit. if (!verif_access_search(getUserName())) { diff --git a/validation.php b/validation.php index 619d210..1ab34a2 100644 --- a/validation.php +++ b/validation.php @@ -43,9 +43,7 @@ $class_image = "print_image"; else $class_image = "image"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if (($settings->get("authentification_obli") == 0) && (getUserName() == '')) $type_session = "no_session"; else diff --git a/view_entry.php b/view_entry.php index b4514ca..e21db4a 100644 --- a/view_entry.php +++ b/view_entry.php @@ -54,10 +54,9 @@ } else die(); -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars_decode($_SERVER['HTTP_REFERER']); -// echo $back; + +$back = getBackUri(); + if (isset($_GET["action_moderate"])){ // ici on a l'id de la réservation, on peut donc construire un lien de retour complet, à la bonne date et avec la ressource précise /* $page = $_GET["page"]; diff --git a/year.php b/year.php index 6453c96..2f6b9d0 100644 --- a/year.php +++ b/year.php @@ -99,9 +99,7 @@ $type_session = "no_session"; else $type_session = "with_session"; -$back = ''; -if (isset($_SERVER['HTTP_REFERER'])) - $back = htmlspecialchars($_SERVER['HTTP_REFERER']); +$back = getBackUri(); if (check_begin_end_bookings($day, $from_month, $from_year)) { showNoBookings($day, $from_month, $from_year, $back);