if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe(Get::v('del'));
pl_redirect('lists');
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe(Get::v('add'));
pl_redirect('lists');
}
if (Post::has('promo_add')) {
+ S::assert_xsrf_token();
+
$promo = Post::i('promo_add');
if ($promo >= 1900 and $promo < 2100) {
$this->client->subscribe("promo$promo");
$page->trigSuccess("promo incorrecte, il faut une promo sur 4 chiffres.");
}
}
+
$listes = $this->client->get_lists();
$owner = array_filter($listes, 'filter_owner');
$listes = array_diff_key($listes, $owner);
header('Content-Type: text/html; charset="UTF-8"');
$domain = $this->prepare_client($page);
$page->changeTpl('lists/liste.inc.tpl', NO_SKIN);
+ S::assert_xsrf_token();
+
if (Get::has('unsubscribe')) {
$this->client->unsubscribe($list);
}
function handler_create(&$page)
{
+ global $globals;
+
$page->changeTpl('lists/create.tpl');
$owners = preg_split("/[\s]+/", Post::v('owners'), -1, PREG_SPLIT_NO_EMPTY);
}
// click on validate button 'add_member_sub'
+ require_once('user.func.inc.php');
if (Post::has('add_member_sub') && Post::has('add_member')) {
- require_once('user.func.inc.php');
$forlifes = get_users_forlife_list(Post::v('add_member'), true);
if (!is_null($forlifes)) {
$members = array_merge($members, $forlifes);
}
}
+ if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
+ } else {
+ $forlifes = get_users_forlife_list($upload->getContents(), true);
+ if (!is_null($forlifes)) {
+ $members = array_merge($members, $forlifes);
+ }
+ }
+ }
ksort($owners);
$owners = array_unique($owners);
ksort($members);
$members = array_unique($members);
- $page->assign('owners', join(' ', $owners));
- $page->assign('members', join(' ', $members));
+ $page->assign('owners', join("\n", $owners));
+ $page->assign('members', join("\n", $members));
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$asso = Post::v('asso');
if (($asso == "binet") || ($asso == "alias")) {
$promo = Post::i('promo');
- $domain = $promo . '.polytechnique.org';
+ $domain = $promo . '.' . $globals->mail->domain;
if (($promo < 1921) || ($promo > date('Y'))) {
$page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.');
$res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new);
} else {
$res = XDB::query("SELECT COUNT(*) FROM aliases WHERE alias={?}", $liste);
- $domain = "polytechnique.org";
+ $domain = $globals->mail->domain;
}
}
$n = $res->fetchOneCell();
if ($n) {
- $page->trigError('Cette «adresse souhaitée» est déjà prise.');
+ $page->trigError('L\'«adresse souhaitée» est déjà prise.');
}
if (!Post::v('desc')) {
$page->changeTpl('lists/members.tpl');
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe($liste);
pl_redirect('lists/members/'.$liste);
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe($liste);
pl_redirect('lists/members/'.$liste);
}
$this->prepare_client($page);
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe($liste);
pl_redirect('lists/annu/'.$liste);
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe($liste);
pl_redirect('lists/annu/'.$liste);
}
$view = new ArraySet($users);
$view->addMod('trombi', 'Trombinoscope', true, array('with_promo' => true));
if (empty($GLOBALS['IS_XNET_SITE'])) {
- $view->addMod('minifiche', 'Minifiches', false);
+ $view->addMod('minifiche', 'Mini-fiches', false);
}
$view->addMod('geoloc', 'Planisphère');
$view->apply("lists/annu/$liste", $page, $action, $subaction);
$page->register_modifier('hdc', 'list_header_decode');
if (Env::has('sadd') || Env::has('sdel')) {
+ S::assert_xsrf_token();
+
if (Env::has('sadd')) { /* 4 = SUBSCRIBE */
$sub = $this->client->get_pending_sub($liste, Env::v('sadd'));
$this->client->handle_request($liste,Env::v('sadd'),4,'');
}
if (Post::has('moderate_mails') && Post::has('select_mails')) {
+ S::assert_xsrf_token();
+
$mails = array_keys(Post::v('select_mails'));
foreach($mails as $mail) {
$this->moderate_mail($domain, $liste, $mail);
$page->changeTpl('lists/admin.tpl');
if (Env::has('send_mark')) {
+ S::assert_xsrf_token();
+
$actions = Env::v('mk_action');
$uids = Env::v('mk_uid');
$mails = Env::v('mk_email');
}
if (Env::has('add_member')) {
+ S::assert_xsrf_token();
+
require_once('user.func.inc.php');
$members = get_users_forlife_list(Env::v('add_member'),
false,
}
}
+ if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ S::assert_xsrf_token();
+
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
+ } else {
+ $members = get_users_forlife_list($upload->getContents(),
+ false,
+ array('ListsModule', 'no_login_callback'));
+ $arr = $this->client->mass_subscribe($liste, $members);
+ if (is_array($arr)) {
+ foreach($arr as $addr) {
+ $page->trigSuccess("{$addr[0]} inscrit.");
+ }
+ }
+ }
+ }
+
if (Env::has('del_member')) {
+ S::assert_xsrf_token();
+
if (strpos(Env::v('del_member'), '@') === false) {
$this->client->mass_unsubscribe(
$liste, array(Env::v('del_member').'@'.$globals->mail->domain));
}
if (Env::has('add_owner')) {
+ S::assert_xsrf_token();
+
require_once('user.func.inc.php');
$owners = get_users_forlife_list(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback'));
if ($owners) {
}
if (Env::has('del_owner')) {
+ S::assert_xsrf_token();
+
if (strpos(Env::v('del_owner'), '@') === false) {
$this->client->del_owner($liste, Env::v('del_owner').'@'.$globals->mail->domain);
} else {
$page->changeTpl('lists/options.tpl');
if (Post::has('submit')) {
+ S::assert_xsrf_token();
+
$values = $_POST;
$values = array_map('utf8_decode', $values);
$spamlevel = intval($values['bogo_level']);
}
$this->client->set_owner_options($liste, $values);
} elseif (isvalid_email(Post::v('atn_add'))) {
+ S::assert_xsrf_token();
$this->client->add_to_wl($liste, Post::v('atn_add'));
} elseif (Get::has('atn_del')) {
+ S::assert_xsrf_token();
$this->client->del_from_wl($liste, Get::v('atn_del'));
pl_redirect('lists/options/'.$liste);
}
$page->changeTpl('lists/delete.tpl');
if (Post::v('valid') == 'OUI') {
+ S::assert_xsrf_token();
+
if ($this->client->delete_list($liste, Post::b('del_archive'))) {
foreach (array('', '-owner', '-admin', '-bounces', '-unsubscribe') as $app) {
XDB::execute("DELETE FROM $table
$page->changeTpl('lists/soptions.tpl');
if (Post::has('submit')) {
+ S::assert_xsrf_token();
+
$values = $_POST;
$values = array_map('utf8_decode', $values);
unset($values['submit']);
$page->changeTpl('lists/check.tpl');
if (Post::has('correct')) {
+ S::assert_xsrf_token();
$this->client->check_options($liste, true);
}