if (!may_update()) {
return PL_FORBIDDEN;
}
+ S::assert_xsrf_token();
$res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements
WHERE eid = {?} AND asso_id = {?}",
XDB::execute("DELETE FROM requests
WHERE type = 'paiements' AND data LIKE {?}",
PayReq::same_event($eid, $globals->asso('id')));
- update_NbValid();
+ $globals->updateNbValid();
}
if ($action == 'archive') {
function handler_sub(&$page, $eid = null)
{
- require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
+ $this->load('xnetevents.inc.php');
$page->changeTpl('xnetevents/subscribe.tpl');
$evt = get_event_detail($eid);
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$moments = Post::v('moment', array());
function handler_csv(&$page, $eid = null, $item_id = null)
{
- require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
+ $this->load('xnetevents.inc.php');
if (!is_numeric($item_id)) {
$item_id = null;
{
global $globals;
- require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
+ $this->load('xnetevents.inc.php');
$evt = get_event_detail($eid);
if (!$evt) {
return PL_FORBIDDEN;
$page->assign('moments', $moments);
if (Post::v('intitule')) {
- require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
+ S::assert_xsrf_token();
+
+ $this->load('xnetevents.inc.php');
$short_name = event_change_shortname($page, $eid,
$infos['short_name'],
Env::v('short_name', ''));
{
global $globals;
- require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
+ $this->load('xnetevents.inc.php');
$evt = get_event_detail($eid, $item_id);
if (!$evt) {
}
if (may_update() && Post::v('adm')) {
+ S::assert_xsrf_token();
+
$member = get_infos(Post::v('mail'));
if (!$member) {
$page->trigError("Membre introuvable");
projects / platal.git / blobdiff