X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fmarketing.php;h=41219afe3aca3dd63519dc59ad5c4a1a27263153;hb=dbbfabe9138005367547465c13e50b98f121bc36;hp=deb12be0bfea6b0b3e62428dca515111c5e0495c;hpb=b8971a3ed64f3ba69becf1cd8f3b32ee2292026d;p=platal.git

diff --git a/modules/marketing.php b/modules/marketing.php
index deb12be..41219af 100644
--- a/modules/marketing.php
+++ b/modules/marketing.php
@@ -40,7 +40,7 @@ class MarketingModule extends PLModule
     {
         $page->changeTpl('marketing/index.tpl');
 
-        $page->setTitle('Polytechnique.org - Marketing');
+        $page->setTitle('Marketing');
 
         // Quelques statistiques
 
@@ -105,6 +105,7 @@ class MarketingModule extends PLModule
         }
 
         if ($action == 'del') {
+            S::assert_xsrf_token();
             Marketing::clear($uid, $value);
         }
 
@@ -128,15 +129,18 @@ class MarketingModule extends PLModule
         }
 
         if ($action == 'relforce') {
+            S::assert_xsrf_token();
+
             $market = Marketing::get($uid, Post::v('to'));
             if (is_null($market)) {
                 $market = new Marketing($uid, Post::v('to'), 'default', null, 'staff');
             }
             $market->send(Post::v('title'), Post::v('message'));
-            $page->trigSuccess("Mail envoyé");
+            $page->trigSuccess("Email envoyé");
         }
 
         if ($action == 'insrel') {
+            S::assert_xsrf_token();
             if (Marketing::relance($uid)) {
                 $page->trigSuccess('relance faite');
             }
@@ -194,11 +198,13 @@ class MarketingModule extends PLModule
         $page->assign('user', $user_data);
 
         $email = null;
+        require_once 'emails.inc.php';
         if (Post::has('mail')) {
-            require_once 'emails.inc.php';
             $email = valide_email(Post::v('mail'));
         }
         if (Post::has('valide') && isvalid_email_redirection($email)) {
+            S::assert_xsrf_token();
+
             // security stuff
             check_email($email, "Proposition d'une adresse surveillee pour " . $user->login() . " par " . S::user()->login());
             $res = XDB::query("SELECT  flags
@@ -260,8 +266,10 @@ class MarketingModule extends PLModule
             $page->assign('promo', $promo);
 
             if (Post::has('valide')) {
+                S::assert_xsrf_token();
                 $email = trim(Post::v('mail'));
 
+                require_once 'emails.inc.php';
                 if (!isvalid_email_redirection($email)) {
                     $page->trigError("Email invalide !");
                 } else {