Secured actions’ predefined functions

Secured actions are rarely directly generated by calling the securiser_action() function, but more frequently by calling a function which itself then calls the security function.

The ecrire/inc/actions.php file contains a large number of these functions.


In particular, the generer_action_auteur() function directly calls the securiser_action function, passing a secured URL by default.


This function takes two parameters instead of the 3rd redirection argument: the name of an exec file, and the arguments to be passed. SPIP then creates the redirection URL automatically.


Same as the previous function except that it generates a POST form by default.


Generate a link to change the display preferences in the private area:

$url = generer_action_auteur('preferer',"display:1", $self);

Run an action when editing a news item, then redirect to the news item view.

$href = redirige_action_auteur('editer_breve',$id_breve,'breves_voir', "id_breve=$id_breve");

Post a form, then redirect to the "admin_plugin" page. $corps contains the contents of the form to activate a plugin.

echo redirige_action_post('activer_plugins','activer', 'admin_plugin','', $corps);

Author Mark Baber Published : Updated : 12/05/17

Translations : English, français