X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Faxletter.php;h=68577c56b6ee2bdfc6f677c28599a68d2f445cc0;hb=6dae45b393a59fd04713b9c651ff0970aeec84d7;hp=6209a3af222ee133c70e0e755b26aaa745a4f999;hpb=030038cdcaff4e8c7655a571bb9b1150679a036c;p=platal.git
diff --git a/modules/axletter.php b/modules/axletter.php
index 6209a3a..68577c5 100644
--- a/modules/axletter.php
+++ b/modules/axletter.php
@@ -1,6 +1,6 @@
assign('count', $res->numRows());
$page->assign('new', AXLetter::awaiting());
}
$page->assign('axs', AXLetter::subscriptionState());
@@ -78,18 +80,19 @@ class AXLetterModule extends PLModule
$page->changeTpl('axletter/edit.tpl');
- $saved = Post::i('saved');
- $new = false;
- $id = Post::i('id');
- $shortname = trim(Post::v('shortname'));
- $subject = trim(Post::v('subject'));
- $title = trim(Post::v('title'));
- $body = rtrim(Post::v('body'));
- $signature = trim(Post::v('signature'));
- $promo_min = Post::i('promo_min');
- $promo_max = Post::i('promo_max');
- $echeance = Post::has('echeance_date') ? Post::v('echeance_date') . ' ' . Post::v('echeance_time')
- : Post::v('echeance');
+ $saved = Post::i('saved');
+ $new = false;
+ $id = Post::i('id');
+ $short_name = trim(Post::v('short_name'));
+ $subject = trim(Post::v('subject'));
+ $title = trim(Post::v('title'));
+ $body = rtrim(Post::v('body'));
+ $signature = trim(Post::v('signature'));
+ $promo_min = Post::i('promo_min');
+ $promo_max = Post::i('promo_max');
+ $echeance = Post::has('echeance_date') ?
+ preg_replace('/^(\d\d\d\d)(\d\d)(\d\d)$/', '\1-\2-\3', Post::v('echeance_date')) . ' ' . Post::v('echeance_time')
+ : Post::v('echeance');
$echeance_date = Post::v('echeance_date');
$echeance_time = Post::v('echeance_time');
@@ -107,6 +110,8 @@ class AXLetterModule extends PLModule
$new = true;
}
} elseif (Post::has('valid')) {
+ S::assert_xsrf_token();
+
if (!$subject && $title) {
$subject = $title;
}
@@ -124,19 +129,19 @@ class AXLetterModule extends PLModule
$page->trig("L'intervalle de promotions n'est pas valide");
Post::kill('valid');
}
- if (empty($shortname)) {
+ if (empty($short_name)) {
$page->trig("L'annonce doit avoir un nom raccourci pour simplifier la navigation dans les archives");
Post::kill('valid');
- } elseif (!preg_match('/^[a-z][-a-z0-9]*[a-z0-9]$/', $shortname)) {
+ } elseif (!preg_match('/^[a-z][-a-z0-9]*[a-z0-9]$/', $short_name)) {
$page->trig("Le nom raccourci n'est pas valide, il doit comporter au moins 2 caractères et n'être composé "
. "que de chiffres, lettres et tirets");
Post::kill('valid');
- } elseif ($shortname != Post::v('old_shortname')) {
- $res = XDB::query("SELECT id FROM axletter WHERE shortname = {?}", $shortname);
+ } elseif ($short_name != Post::v('old_short_name')) {
+ $res = XDB::query("SELECT id FROM axletter WHERE short_name = {?}", $short_name);
if ($res->numRows() && $res->fetchOneCell() != $id) {
- $page->trig("Le nom $shortname est déjà utilisé, merci d'en choisir un autre");
- $shortname = Post::v('old_shortname');
- if (empty($shortname)) {
+ $page->trig("Le nom $short_name est déjà utilisé, merci d'en choisir un autre");
+ $short_name = Post::v('old_short_name');
+ if (empty($short_name)) {
Post::kill('valid');
}
}
@@ -145,16 +150,42 @@ class AXLetterModule extends PLModule
switch (@Post::v('valid')) {
case 'Aperçu':
require_once dirname(__FILE__) . '/axletter/axletter.inc.php';
- $al = new AXLetter(array($id, $shortname, $subject, $title, $body, $signature,
+ $al = new AXLetter(array($id, $short_name, $subject, $title, $body, $signature,
$promo_min, $promo_max, $echeance, 0, 'new'));
$al->toHtml($page, S::v('prenom'), S::v('nom'), S::v('femme'));
break;
case 'Confirmer':
XDB::execute("REPLACE INTO axletter
- SET id = {?}, shortname = {?}, subject = {?}, title = {?}, body = {?},
+ SET id = {?}, short_name = {?}, subject = {?}, title = {?}, body = {?},
signature = {?}, promo_min = {?}, promo_max = {?}, echeance = {?}",
- $id, $shortname, $subject, $title, $body, $signature, $promo_min, $promo_max, $echeance);
+ $id, $short_name, $subject, $title, $body, $signature, $promo_min, $promo_max, $echeance);
+ if (!$saved) {
+ global $globals;
+ $mailer = new PlMailer();
+ $mailer->setFrom("support@" . $globals->mail->domain);
+ $mailer->setSubject("Un nouveau projet de mail de l'AX vient d'être proposé");
+ $mailer->setTxtBody("Un nouveau mail vient d'être rédigé en prévision d'un envoi prochain. Vous pouvez "
+ . "le modifier jusqu'à ce qu'il soit verrouillé pour l'envoi\n\n"
+ . "Le sujet du mail : $subject\n"
+ . "L'échéance d'envoi est fixée à $echeance.\n"
+ . "Le mail pourra néanmoins partir avant cette échéance si un administrateur de "
+ . "Polytechnique.org le valide.\n\n"
+ . "Pour modifier, valider ou annuler le mail :\n"
+ . "https://www.polytechnique.org/ax/edit\n"
+ . "-- \n"
+ . "Association Polytechnique.org\n");
+ $res = XDB::iterRow("SELECT IF(u.nom_usage != '', u.nom_usage, u.nom) AS nom,
+ u.prenom, a.alias AS bestalias
+ FROM axletter_rights AS ar
+ INNER JOIN auth_user_md5 AS u USING(user_id)
+ INNER JOIN aliases AS a ON (u.user_id = a.id
+ AND FIND_IN_SET('bestalias', a.flags))");
+ while (list($nom, $prenom, $alias) = $res->next()) {
+ $mailer->addTo("$nom $prenom <$alias@{$globals->mail->domain}>");
+ }
+ $mailer->send();
+ }
$saved = true;
$echeance_date = null;
$echeance_time = null;
@@ -163,7 +194,7 @@ class AXLetterModule extends PLModule
}
}
$page->assign('id', $id);
- $page->assign('shortname', $shortname);
+ $page->assign('short_name', $short_name);
$page->assign('subject', $subject);
$page->assign('title', $title);
$page->assign('body', $body);
@@ -179,23 +210,6 @@ class AXLetterModule extends PLModule
if (!$saved) {
$select = '';
- $time = time() + 3600 * 24 * 2;
- for ($i = 0 ; $i < 15 ; $i++) {
- $time += 3600 * 24;
- $p_stamp = date('Ymd', $time);
- $year = date('Y', $time);
- $month = date('m', $time);
- $day = date('d', $time);
-
- if ($p_stamp == $echeance_date) {
- $sel = ' selected="selected"';
- } else {
- $sel = '';
- }
- $select .= "\n";
- }
- $page->assign('echeance_date', $select);
- $select = '';
for ($i = 0 ; $i < 24 ; $i++) {
$stamp = sprintf('%02d:00:00', $i);
if ($stamp == $echeance_time) {
@@ -206,23 +220,18 @@ class AXLetterModule extends PLModule
$select .= "\n";
}
$page->assign('echeance_time', $select);
- }
+ }
}
function handler_cancel(&$page, $force = null)
{
require_once dirname(__FILE__) . '/axletter/axletter.inc.php';
- if (!AXLetter::hasPerms()) {
- return PL_FORBIDDEN;
- }
-
- $url = parse_url($_SERVER['HTTP_REFERER']);
- if ($force != 'force' && trim($url['path'], '/') != 'ax/edit') {
+ if (!AXLetter::hasPerms() || !S::has_xsrf_token()) {
return PL_FORBIDDEN;
}
$al = AXLetter::awaiting();
- if (!$alg) {
+ if (!$al) {
$page->kill("Aucune lettre en attente");
return;
}
@@ -237,12 +246,7 @@ class AXLetterModule extends PLModule
function handler_valid(&$page, $force = null)
{
require_once dirname(__FILE__) . '/axletter/axletter.inc.php';
- if (!AXLetter::hasPerms()) {
- return PL_FORBIDDEN;
- }
-
- $url = parse_url($_SERVER['HTTP_REFERER']);
- if ($force != 'force' && trim($url['path'], '/') != 'ax/edit') {
+ if (!AXLetter::hasPerms() || !S::has_xsrf_token()) {
return PL_FORBIDDEN;
}
@@ -285,6 +289,8 @@ class AXLetterModule extends PLModule
$uid = Post::v('uid');
}
if ($uid) {
+ S::assert_xsrf_token();
+
$uids = preg_split('/ *[,;\: ] */', $uid);
foreach ($uids as $uid) {
switch ($action) {
@@ -296,7 +302,7 @@ class AXLetterModule extends PLModule
break;
}
if (!$res) {
- $page->trig("Personne ne oorrespond à l'identifiant '$uid'");
+ $page->trig("Personne ne correspond à l'identifiant '$uid'");
}
}
}
@@ -308,7 +314,7 @@ class AXLetterModule extends PLModule
INNER JOIN auth_user_md5 AS u USING(user_id)
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie')");
$page->assign('admins', $res);
-
+
$importer = new CSVImporter('axletter_ins');
$importer->registerFunction('user_id', 'email vers Id X.org', array($this, 'idFromMail'));
$importer->forceValue('hash', array($this, 'createHash'));
@@ -333,7 +339,7 @@ class AXLetterModule extends PLModule
$user = $email;
$domain = $globals->mail->domain2;
} else {
- list($user, $domain) = explode('@', $email);
+ list($user, $domain) = explode('@', $email);
}
if ($domain != $globals->mail->domain && $domain != $globals->mail->domain2
&& $domain != $globals->mail->alias_dom && $domain != $globals->mail->alias_dom2) {