.'/'.S::v('forlife').'.jpg';
if (Env::has('upload')) {
+ S::assert_xsrf_token();
+
$upload = new PlUpload(S::v('forlife'), 'photo');
if (!$upload->upload($_FILES['userfile']) && !$upload->download(Env::v('photo'))) {
$page->trigError('Une erreur est survenue lors du téléchargement du fichier');
}
}
} elseif (Env::has('trombi')) {
+ S::assert_xsrf_token();
+
$upload = new PlUpload(S::v('forlife'), 'photo');
if ($upload->copyFrom($trombi_x)) {
$myphoto = new PhotoReq(S::v('uid'), $upload);
}
}
} elseif (Env::v('suppr')) {
+ S::assert_xsrf_token();
+
XDB::execute('DELETE FROM photo
WHERE uid = {?}',
S::v('uid'));
S::v('uid'));
$globals->updateNbValid();
} elseif (Env::v('cancel')) {
+ S::assert_xsrf_token();
+
$sql = XDB::query('DELETE FROM requests
WHERE user_id={?} AND type="photo"',
S::v('uid'));
if (!Env::has('promo_sortie')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$promo_sortie = Env::i('promo_sortie');
$page->assign('usage_req', $nom_usage);
if (Env::has('submit') && ($nom_usage != $usage_old)) {
+ S::assert_xsrf_token();
+
// on vient de recevoir une requete, differente de l'ancien nom d'usage
if ($nom_usage == $nom) {
$page->assign('same', true);
list($forlife, $promo) = $q->fetchOneRow();
switch ($action) {
-
case "original":
header("Content-type: image/jpeg");
readfile("/home/web/trombino/photos".$promo."/".$forlife.".jpg");
break;
case "new":
+ S::assert_xsrf_token();
+
$data = file_get_contents($_FILES['userfile']['tmp_name']);
list($x, $y) = getimagesize($_FILES['userfile']['tmp_name']);
$mimetype = substr($_FILES['userfile']['type'], 6);
break;
case "delete":
+ S::assert_xsrf_token();
+
XDB::execute('DELETE FROM photo WHERE uid = {?}', $uid);
break;
}
projects / platal.git / blobdiff