X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fgoogleapps.php;h=d22f9b2cb0a3706fe935ac7ad125ecd5ee491b66;hb=a5878ac19cc6ea75a753470cf68b7d2180d6cd51;hp=fda080fffb42597888ab1b7fbc31aad94e1e3251;hpb=a33b54151c3af49a696c5a3cc317b2e6dfee3aa5;p=platal.git

diff --git a/modules/googleapps.php b/modules/googleapps.php
index fda080f..d22f9b2 100644
--- a/modules/googleapps.php
+++ b/modules/googleapps.php
@@ -68,11 +68,14 @@ class GoogleAppsModule extends PLModule
                 } else if ($subaction == 'nosync') {
                     $account->set_password_sync(false);
                 } else if (Post::has('response2') && !$account->sync_password) {
+                    S::assert_xsrf_token();
                     $account->set_password(Post::v('response2'));
                 }
             }
 
             if ($action == 'suspend' && Post::has('suspend') && $account->active()) {
+                S::assert_xsrf_token();
+
                 if ($account->pending_update_suspension) {
                     $page->trig("Ton compte est déjà en cours de désactivation.");
                 } else {
@@ -93,6 +96,8 @@ class GoogleAppsModule extends PLModule
                 $page->assign('password_sync', Get::b('password_sync', true));
             }
             if ($action == 'create' && Post::has('password_sync') && Post::has('redirect_mails')) {
+                S::assert_xsrf_token();
+
                 $password_sync = Post::b('password_sync');
                 $redirect_mails = Post::b('redirect_mails');
                 if ($password_sync) {