X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fcore.php;h=a490d1767e5fedc66f1afa5bb0f31038cbd828c2;hb=3dad95dda6e1f531a98ef326c6c43fde036d4727;hp=cc0c4f6a51acf5ca504f55d664bc1dcaf42e296c;hpb=97af9556686be91400a34c086ad8f1e23cbb2553;p=platal.git

diff --git a/modules/core.php b/modules/core.php
index cc0c4f6..a490d17 100644
--- a/modules/core.php
+++ b/modules/core.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -29,6 +29,7 @@ class CoreModule extends PLModule
             'login'       => $this->make_hook('login',      AUTH_COOKIE),
             'send_bug'    => $this->make_hook('bug', AUTH_COOKIE),
             'purge_cache' => $this->make_hook('purge_cache', AUTH_COOKIE, 'admin'),
+            'kill_sessions' => $this->make_hook('kill_sessions', AUTH_COOKIE, 'admin'),
             'get_rights'  => $this->make_hook('get_rights', AUTH_MDP, 'admin'),
 
             'wiki_help'    => $this->make_hook('wiki_help', AUTH_PUBLIC),
@@ -36,6 +37,7 @@ class CoreModule extends PLModule
 
             'valid.html'  => $this->make_hook('valid', AUTH_PUBLIC),
             'favicon.ico' => $this->make_hook('favicon', AUTH_PUBLIC),
+            'robots.txt'  => $this->make_hook('robotstxt', AUTH_PUBLIC, 'user', NO_HTTPS),
         );
     }
 
@@ -76,9 +78,23 @@ class CoreModule extends PLModule
         exit;
     }
 
+    function handler_robotstxt(&$page)
+    {
+        global $globals;
+        if (!$globals->core->restricted_platal) {
+            return PL_NOT_FOUND;
+        }
+
+        header('Content-Type: text/plain');
+        echo "User-agent: *\n";
+        echo "Disallow: /\n";
+        exit;
+    }
+
     function handler_purge_cache(&$page)
     {
         require_once 'wiki.inc.php';
+        S::assert_xsrf_token();
 
         $page->clear_compiled_tpl();
         wiki_clear_all_cache();
@@ -86,6 +102,11 @@ class CoreModule extends PLModule
         http_redirect(empty($_SERVER['HTTP_REFERER']) ? './' : $_SERVER['HTTP_REFERER']);
     }
 
+    function handler_kill_sessions(&$page)
+    {
+        kill_sessions();
+    }
+
     function handler_get_rights(&$page, $level)
     {
         if (S::has('suid')) {
@@ -94,7 +115,7 @@ class CoreModule extends PLModule
 
         if (isset($_SESSION['log'])) {
             $_SESSION['log']->log("suid_start", "login by ".S::v('forlife'));
-        }    
+        }
         $_SESSION['suid'] = $_SESSION;
         $_SESSION['perms'] =& XorgSession::make_perms($level);
 
@@ -107,6 +128,8 @@ class CoreModule extends PLModule
         $page->changeTpl('core/bug.tpl', SIMPLE);
         $page->addJsLink('close_on_esc.js');
         if (Env::has('send') && trim(Env::v('detailed_desc'))) {
+            S::assert_xsrf_token();
+
             $body = wordwrap(Env::v('detailed_desc'), 78) . "\n\n"
                   . "----------------------------\n"
                   . "Page        : " . Env::v('page') . "\n\n"
@@ -122,7 +145,7 @@ class CoreModule extends PLModule
             $mymail->setTxtBody($body);
             $mymail->send();
         } elseif (Env::has('send')) {
-            $page->trig("Merci de remplir une explication du problème rencontré");
+            $page->trigError("Merci de remplir une explication du problème rencontré");
         }
     }