function _add_rss_link(&$page)
{
- if (!S::has('core_rss_hash')) {
+ if (!S::hasAuthToken()) {
return;
}
$page->setRssLink('Polytechnique.org :: Carnet',
- '/carnet/rss/'.S::v('hruid').'/'.S::v('core_rss_hash').'/rss.xml');
+ '/carnet/rss/'.S::v('hruid').'/'.S::v('token').'/rss.xml');
}
function handler_index(&$page)
// For XSRF protection, checks both the normal xsrf token, and the special RSS token.
// It allows direct linking to contact adding in the RSS feed.
- if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+ if (Env::v('action') && Env::v('token') !== S::v('token')) {
S::assert_xsrf_token();
}
switch (Env::v('action')) {
function handler_ical(&$page, $alias = null, $hash = null)
{
- require_once 'rss.inc.php';
- $uid = init_rss(null, $alias, $hash, false);
- if (S::logged()) {
- if (!$uid) {
- $uid = S::i('uid');
- } else if ($uid != S::i('uid')) {
- send_warning_email("Récupération d\'un autre utilisateur ($uid)");
+ $user = Platal::session()->tokenAuth($alias, $hash);
+ if (is_null($user)) {
+ if (S::logged()) {
+ $user == S::user();
+ } else {
+ return PL_FORBIDDEN;
}
- } else if (!$uid) {
- exit;
}
require_once 'ical.inc.php';
FROM contacts AS c
INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
- WHERE c.uid = {?}', $uid);
+ WHERE c.uid = {?}', $user->id());
$annivs = Array();
while (list($prenom, $nom, $promo, $naissance, $end, $ts, $hruid) = $res->next()) {