projects
/
platal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge commit 'origin/master' into hruid
[platal.git]
/
modules
/
xnetevents.php
diff --git
a/modules/xnetevents.php
b/modules/xnetevents.php
index
136e5b4
..
071ea7d
100644
(file)
--- a/
modules/xnetevents.php
+++ b/
modules/xnetevents.php
@@
-58,6
+58,7
@@
class XnetEventsModule extends PLModule
if (!may_update()) {
return PL_FORBIDDEN;
}
if (!may_update()) {
return PL_FORBIDDEN;
}
+ S::assert_xsrf_token();
$res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements
WHERE eid = {?} AND asso_id = {?}",
$res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements
WHERE eid = {?} AND asso_id = {?}",
@@
-178,7
+179,7
@@
class XnetEventsModule extends PLModule
function handler_sub(&$page, $eid = null)
{
function handler_sub(&$page, $eid = null)
{
-
require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php'
;
+
$this->load('xnetevents.inc.php')
;
$page->changeTpl('xnetevents/subscribe.tpl');
$evt = get_event_detail($eid);
$page->changeTpl('xnetevents/subscribe.tpl');
$evt = get_event_detail($eid);
@@
-202,6
+203,8
@@
class XnetEventsModule extends PLModule
if (!Post::has('submit')) {
return;
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$moments = Post::v('moment', array());
}
$moments = Post::v('moment', array());
@@
-263,7
+266,7
@@
class XnetEventsModule extends PLModule
function handler_csv(&$page, $eid = null, $item_id = null)
{
function handler_csv(&$page, $eid = null, $item_id = null)
{
-
require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php'
;
+
$this->load('xnetevents.inc.php')
;
if (!is_numeric($item_id)) {
$item_id = null;
if (!is_numeric($item_id)) {
$item_id = null;
@@
-298,7
+301,7
@@
class XnetEventsModule extends PLModule
{
global $globals;
{
global $globals;
-
require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php'
;
+
$this->load('xnetevents.inc.php')
;
$evt = get_event_detail($eid);
if (!$evt) {
return PL_FORBIDDEN;
$evt = get_event_detail($eid);
if (!$evt) {
return PL_FORBIDDEN;
@@
-361,7
+364,9
@@
class XnetEventsModule extends PLModule
$page->assign('moments', $moments);
if (Post::v('intitule')) {
$page->assign('moments', $moments);
if (Post::v('intitule')) {
- require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
+ S::assert_xsrf_token();
+
+ $this->load('xnetevents.inc.php');
$short_name = event_change_shortname($page, $eid,
$infos['short_name'],
Env::v('short_name', ''));
$short_name = event_change_shortname($page, $eid,
$infos['short_name'],
Env::v('short_name', ''));
@@
-438,7
+443,7
@@
class XnetEventsModule extends PLModule
// request for a new payment
if (Post::v('paiement_id') == -1 && $money_defaut >= 0) {
require_once 'validations.inc.php';
// request for a new payment
if (Post::v('paiement_id') == -1 && $money_defaut >= 0) {
require_once 'validations.inc.php';
- $p = new PayReq(S::
v('uid'
),
+ $p = new PayReq(S::
user(
),
Post::v('intitule')." - ".$globals->asso('nom'),
Post::v('site'), $money_defaut,
Post::v('confirmation'), 0, 999,
Post::v('intitule')." - ".$globals->asso('nom'),
Post::v('site'), $money_defaut,
Post::v('confirmation'), 0, 999,
@@
-512,7
+517,7
@@
class XnetEventsModule extends PLModule
{
global $globals;
{
global $globals;
-
require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php'
;
+
$this->load('xnetevents.inc.php')
;
$evt = get_event_detail($eid, $item_id);
if (!$evt) {
$evt = get_event_detail($eid, $item_id);
if (!$evt) {
@@
-525,6
+530,8
@@
class XnetEventsModule extends PLModule
}
if (may_update() && Post::v('adm')) {
}
if (may_update() && Post::v('adm')) {
+ S::assert_xsrf_token();
+
$member = get_infos(Post::v('mail'));
if (!$member) {
$page->trigError("Membre introuvable");
$member = get_infos(Post::v('mail'));
if (!$member) {
$page->trigError("Membre introuvable");