X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fgoogleapps.php;h=d22f9b2cb0a3706fe935ac7ad125ecd5ee491b66;hb=6dae45b393a59fd04713b9c651ff0970aeec84d7;hp=a78ab6c96ecd66439d169119f33e151fed126e3d;hpb=53ee429b076f679168fda0301651a21b00ddf0e3;p=platal.git

diff --git a/modules/googleapps.php b/modules/googleapps.php
index a78ab6c..d22f9b2 100644
--- a/modules/googleapps.php
+++ b/modules/googleapps.php
@@ -64,15 +64,18 @@ class GoogleAppsModule extends PLModule
                 if ($subaction == 'sync') {
                     $account->set_password_sync(true);
                     $account->set_password(S::v('password'));
-                    $page->trig("Ton mot de passe Google Apps sera dorénavant synchronisé avec ton mot de passe Polytechnique.org.");
+                    pl_redirect('googleapps#password');
                 } else if ($subaction == 'nosync') {
                     $account->set_password_sync(false);
                 } else if (Post::has('response2') && !$account->sync_password) {
+                    S::assert_xsrf_token();
                     $account->set_password(Post::v('response2'));
                 }
             }
 
             if ($action == 'suspend' && Post::has('suspend') && $account->active()) {
+                S::assert_xsrf_token();
+
                 if ($account->pending_update_suspension) {
                     $page->trig("Ton compte est déjà en cours de désactivation.");
                 } else {
@@ -93,6 +96,8 @@ class GoogleAppsModule extends PLModule
                 $page->assign('password_sync', Get::b('password_sync', true));
             }
             if ($action == 'create' && Post::has('password_sync') && Post::has('redirect_mails')) {
+                S::assert_xsrf_token();
+
                 $password_sync = Post::b('password_sync');
                 $redirect_mails = Post::b('redirect_mails');
                 if ($password_sync) {