$promo_sortie = $res->fetchOneCell();
$page->assign('promo_sortie', $promo_sortie);
$promo_sortie = $res->fetchOneCell();
$page->assign('promo_sortie', $promo_sortie);
// For XSRF protection, checks both the normal xsrf token, and the special RSS token.
// It allows direct linking to contact adding in the RSS feed.
// For XSRF protection, checks both the normal xsrf token, and the special RSS token.
// It allows direct linking to contact adding in the RSS feed.
- if (Env::v('action') && (S::has_xsrf_token() || Env::v('token') === S::v('core_rss_hash'))) {
- switch (Env::v('action')) {
- case 'retirer':
+ if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+ S::assert_xsrf_token();
+ }
+ switch (Env::v('action')) {
+ case 'retirer':
if (is_numeric($user)) {
if (XDB::execute('DELETE FROM contacts
WHERE uid = {?} AND contact = {?}',
if (is_numeric($user)) {
if (XDB::execute('DELETE FROM contacts
WHERE uid = {?} AND contact = {?}',