'special' => true);
}
- $exclude = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' ';
+ $exclude = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' ';
$priority = rand(0, 510);
do {
$priority = (int)($priority/2);
} elseif ($action && (!trim($texte) || !trim($titre))) {
$page->trigError("L'article doit avoir un titre et un contenu");
} elseif ($action) {
+ S::assert_xsrf_token();
+
require_once 'validations.inc.php';
$evtreq = new EvtReq($titre, $texte, $promo_min, $promo_max,
$peremption, $valid_mesg, S::v('uid'), $upload);
}
if (Post::v('action') == 'Pas d\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
XDB::execute("DELETE FROM evenements_photo WHERE eid = {?}", $eid);
$action = 'edit';
} elseif (Post::v('action') == 'Supprimer l\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
$action = 'edit';
} elseif (Post::v('action') == "Proposer" && $eid) {
+ S::assert_xsrf_token();
$promo_min = Post::i('promo_min');
$promo_max = Post::i('promo_max');
if (($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) ||
} else {
switch ($action) {
case 'delete':
+ S::assert_xsrf_token();
XDB::execute('DELETE from evenements
WHERE id = {?}', $eid);
break;
case "archive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",archive")
WHERE id = {?}', $eid);
break;
case "unarchive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"archive","")
WHERE id = {?}', $eid);
break;
case "valid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",valide")
WHERE id = {?}', $eid);
break;
case "unvalid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"valide", "")
WHERE id = {?}', $eid);