X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Flists.php;h=11c5d3f579898c0ec3e9c777481dfdcf09d3799a;hb=4f970ab081dfb75e7595d98c61e1660f76edab65;hp=89c21de799f715fffbc28a69231d33915654329d;hpb=787bb3d745141f2f85bd947ad7dd775d2c63f908;p=platal.git diff --git a/modules/lists.php b/modules/lists.php index 89c21de..11c5d3f 100644 --- a/modules/lists.php +++ b/modules/lists.php @@ -1,6 +1,6 @@ $this->make_hook('lists', AUTH_MDP), - 'lists/ajax' => $this->make_hook('ajax', AUTH_MDP, 'user', NO_AUTH), + 'lists/ajax' => $this->make_hook('ajax', AUTH_MDP, 'user', NO_AUTH), 'lists/create' => $this->make_hook('create', AUTH_MDP), 'lists/members' => $this->make_hook('members', AUTH_COOKIE), + 'lists/csv' => $this->make_hook('csv', AUTH_COOKIE), 'lists/annu' => $this->make_hook('annu', AUTH_COOKIE), 'lists/archives' => $this->make_hook('archives', AUTH_COOKIE), 'lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS), @@ -42,21 +43,15 @@ class ListsModule extends PLModule 'lists/soptions' => $this->make_hook('soptions', AUTH_MDP), 'lists/check' => $this->make_hook('check', AUTH_MDP), - 'admin/lists' => $this->make_hook('admin_all', AUTH_MDP, 'admin'), + 'admin/lists' => $this->make_hook('admin_all', AUTH_MDP, 'admin'), ); } - function on_subscribe($forlife, $uid, $promo, $password) - { - $this->prepare_client(null); - $this->client->subscribe("promo$promo"); - } - function prepare_client(&$page) { global $globals; - require_once dirname(__FILE__).'/lists/lists.inc.php'; + $this->load('lists.inc.php'); $this->client = new MMList(S::v('uid'), S::v('password')); return $globals->mail->domain; @@ -94,25 +89,30 @@ class ListsModule extends PLModule $page->changeTpl('lists/index.tpl'); $page->addJsLink('ajax.js'); - $page->assign('xorg_title','Polytechnique.org - Listes de diffusion'); + $page->setTitle('Listes de diffusion'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe(Get::v('del')); pl_redirect('lists'); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe(Get::v('add')); pl_redirect('lists'); } if (Post::has('promo_add')) { + S::assert_xsrf_token(); + $promo = Post::i('promo_add'); if ($promo >= 1900 and $promo < 2100) { $this->client->subscribe("promo$promo"); } else { - $page->trig("promo incorrecte, il faut une promo sur 4 chiffres."); + $page->trigSuccess("promo incorrecte, il faut une promo sur 4 chiffres."); } } + $listes = $this->client->get_lists(); $owner = array_filter($listes, 'filter_owner'); $listes = array_diff_key($listes, $owner); @@ -134,6 +134,8 @@ class ListsModule extends PLModule header('Content-Type: text/html; charset="UTF-8"'); $domain = $this->prepare_client($page); $page->changeTpl('lists/liste.inc.tpl', NO_SKIN); + S::assert_xsrf_token(); + if (Get::has('unsubscribe')) { $this->client->unsubscribe($list); } @@ -159,18 +161,32 @@ class ListsModule extends PLModule function handler_create(&$page) { + global $globals; + $page->changeTpl('lists/create.tpl'); + $user_promo = S::i('promo'); + $year = date('Y'); + $month = date('m'); + $young_promo = $very_young_promo = 0; + if ((($year > $user_promo) && ($month > 3)) && ($year < $user_promo + 5)) { + $young_promo = 1; + } + if ((($year > $user_promo) && ($month > 7)) && (($year < $user_promo + 1) && ($month < 8))) { + $very_young_promo = 1; + } + $page->assign('young_promo', $young_promo); + $page->assign('very_young_promo', $very_young_promo); + $owners = preg_split("/[\s]+/", Post::v('owners'), -1, PREG_SPLIT_NO_EMPTY); $members = preg_split("/[\s]+/", Post::v('members'), -1, PREG_SPLIT_NO_EMPTY); // click on validate button 'add_owner_sub' or type if (Post::has('add_owner_sub') && Post::has('add_owner')) { - require_once('user.func.inc.php'); // if we want to add an owner and then type , then both // add_owner_sub and add_owner are filled. - $oforlifes = get_users_forlife_list(Post::v('add_owner'), true); - $mforlifes = get_users_forlife_list(Post::v('add_member'), true); + $oforlifes = User::getBulkForlifeEmails(Post::v('add_owner'), true); + $mforlifes = User::getBulkForlifeEmails(Post::v('add_member'), true); if (!is_null($oforlifes)) { $owners = array_merge($owners, $oforlifes); } @@ -183,57 +199,99 @@ class ListsModule extends PLModule // click on validate button 'add_member_sub' if (Post::has('add_member_sub') && Post::has('add_member')) { - require_once('user.func.inc.php'); - $forlifes = get_users_forlife_list(Post::v('add_member'), true); + $forlifes = User::getBulkForlifeEmails(Post::v('add_member'), true); if (!is_null($forlifes)) { $members = array_merge($members, $forlifes); } } + if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { + $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); + if (!$upload) { + $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier'); + } else { + $forlifes = User::getBulkForlifeEmails($upload->getContents(), true); + if (!is_null($forlifes)) { + $members = array_merge($members, $forlifes); + } + } + } ksort($owners); $owners = array_unique($owners); ksort($members); $members = array_unique($members); - $page->assign('owners', join(' ', $owners)); - $page->assign('members', join(' ', $members)); + $page->assign('owners', join("\n", $owners)); + $page->assign('members', join("\n", $members)); if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } + $asso = Post::v('asso'); $liste = Post::v('liste'); if (empty($liste)) { - $page->trig('champs «addresse souhaitée» vide'); + $page->trigError('Le champ «adresse souhaitée» est vide.'); } if (!preg_match("/^[a-zA-Z0-9\-]*$/", $liste)) { - $page->trig('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets'); + $page->trigError('Le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets.'); } - $res = XDB::query("SELECT COUNT(*) FROM aliases WHERE alias={?}", $liste); - $n = $res->fetchOneCell(); + if (($asso == "binet") || ($asso == "alias")) { + $promo = Post::i('promo'); + $domain = $promo . '.' . $globals->mail->domain; + + if (($promo < 1921) || ($promo > date('Y'))) { + $page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.'); + } + + $new = $liste . '@' . $domain; + $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new); + + } else { + if ($asso == "groupex") { + $groupex_name = Post::v('groupex_name'); + + $res_groupe = XDB::query('SELECT mail_domain FROM groupex.asso WHERE nom={?}', $groupex_name); + $domain = $res_groupe->fetchOneCell(); + + if (!$domain) { + $page->trigError('Il n\'y a aucun groupe de ce nom sur Polytechnique.net.'); + } + + $new = $liste . '@' . $domain; + $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new); + } else { + $res = XDB::query("SELECT COUNT(*) FROM aliases WHERE alias={?}", $liste); + $domain = $globals->mail->domain; + } + } + + $n = $res->fetchOneCell(); if ($n) { - $page->trig('cet alias est déjà pris'); + $page->trigError('L\'«adresse souhaitée» est déjà prise.'); } - if (!Post::v(desc)) { - $page->trig('le sujet est vide'); + if (!Post::v('desc')) { + $page->trigError('Le sujet est vide.'); } if (!count($owners)) { - $page->trig('pas de gestionnaire'); + $page->trigError('Il n\'y a pas de gestionnaire.'); } if (count($members)<4) { - $page->trig('pas assez de membres'); + $page->trigError('Il n\'y a pas assez de membres.'); } if (!$page->nb_errs()) { $page->assign('created', true); require_once 'validations.inc.php'; - $req = new ListeReq(S::v('uid'), $liste, + $req = new ListeReq(S::user(), $asso, $liste, $domain, Post::v('desc'), Post::i('advertise'), Post::i('modlevel'), Post::i('inslevel'), $owners, $members); @@ -252,11 +310,13 @@ class ListsModule extends PLModule $page->changeTpl('lists/members.tpl'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe($liste); pl_redirect('lists/members/'.$liste); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe($liste); pl_redirect('lists/members/'.$liste); } @@ -278,6 +338,25 @@ class ListsModule extends PLModule } } + function handler_csv(PlPage &$page, $liste = null) + { + if (is_null($liste)) { + return PL_NOT_FOUND; + } + $this->prepare_client($page); + $members = $this->client->get_members($liste); + $list = list_fetch_names(list_extract_members($members[1])); + header('Content-Type: text/x-csv; charset=utf-8;'); + header('Pragma: '); + header('Cache-Control: '); + + echo "email,nom,prenom,promo\n"; + foreach ($list as $member) { + echo @$member['email'] . ',' . @$member['nom'] . ',' . @$member['prenom'] . ',' . @$member['promo'] . "\n"; + } + exit; + } + function handler_annu(&$page, $liste = null, $action = null, $subaction = null) { if (is_null($liste)) { @@ -287,10 +366,12 @@ class ListsModule extends PLModule $this->prepare_client($page); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe($liste); pl_redirect('lists/annu/'.$liste); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe($liste); pl_redirect('lists/annu/'.$liste); } @@ -310,7 +391,7 @@ class ListsModule extends PLModule $view = new ArraySet($users); $view->addMod('trombi', 'Trombinoscope', true, array('with_promo' => true)); if (empty($GLOBALS['IS_XNET_SITE'])) { - $view->addMod('minifiche', 'Minifiches', false); + $view->addMod('minifiche', 'Mini-fiches', false); } $view->addMod('geoloc', 'Planisphère'); $view->apply("lists/annu/$liste", $page, $action, $subaction); @@ -339,7 +420,7 @@ class ListsModule extends PLModule if (list($det) = $this->client->get_members($liste)) { if (substr($liste,0,5) != 'promo' && ($det['ins'] || $det['priv']) && !$det['own'] && ($det['sub'] < 2)) { - $page->kill("La liste n'existe pas ou tu n'as pas le droit de la consulter"); + $page->kill("La liste n'existe pas ou tu n'as pas le droit de la consulter."); } $get = Array('listname' => $liste, 'domain' => $domain); if (Post::has('updateall')) { @@ -349,7 +430,7 @@ class ListsModule extends PLModule get_banana_params($get, null, $action, $artid); run_banana($page, 'MLBanana', $get); } else { - $page->kill("La liste n'existe pas ou tu n'as pas le droit de la consulter"); + $page->kill("La liste n'existe pas ou tu n'as pas le droit de la consulter."); } } @@ -375,7 +456,7 @@ class ListsModule extends PLModule exit; } require_once('banana/ml.inc.php'); - $banana = new MLBanana(S::v('forlife'), Array('listname' => $liste, 'domain' => $domain, 'action' => 'rss2')); + $banana = new MLBanana(S::user(), Array('listname' => $liste, 'domain' => $domain, 'action' => 'rss2')); $banana->run(); } exit; @@ -411,6 +492,8 @@ class ListsModule extends PLModule $page->register_modifier('hdc', 'list_header_decode'); if (Env::has('sadd') || Env::has('sdel')) { + S::assert_xsrf_token(); + if (Env::has('sadd')) { /* 4 = SUBSCRIBE */ $sub = $this->client->get_pending_sub($liste, Env::v('sadd')); $this->client->handle_request($liste,Env::v('sadd'),4,''); @@ -418,7 +501,7 @@ class ListsModule extends PLModule } if (Post::has('sdel')) { /* 2 = REJECT */ $sub = $this->client->get_pending_sub($liste, Env::v('sdel')); - $this->client->handle_request($liste, Post::v('sdel'), 2, Post::v('reason')); + $this->client->handle_request($liste, Post::v('sdel'), 2, utf8_decode(Post::v('reason'))); $info = "refusée"; } if ($sub) { @@ -441,6 +524,8 @@ class ListsModule extends PLModule } if (Post::has('moderate_mails') && Post::has('select_mails')) { + S::assert_xsrf_token(); + $mails = array_keys(Post::v('select_mails')); foreach($mails as $mail) { $this->moderate_mail($domain, $liste, $mail); @@ -461,6 +546,21 @@ class ListsModule extends PLModule $msg = str_replace("%(listname)s", $liste, $msg); $page->assign('msg', $msg); return; + } elseif (Get::has('mid') && Env::has('mok')) { + $page->changeTpl('lists/moderate_mail.tpl'); + require_once('banana/moderate.inc.php'); + $params = array('listname' => $liste, 'domain' => $domain, + 'artid' => Get::i('mid'), 'part' => Get::v('part'), 'action' => Get::v('action')); + $params['client'] = $this->client; + run_banana($page, 'ModerationBanana', $params); + + $msg = file_get_contents('/etc/mailman/fr/accept.txt'); + $msg = str_replace("%(adminaddr)s", "$liste-owner@{$domain}", $msg); + $msg = str_replace("%(request)s", "<< SUJET DU MAIL >>", $msg); + $msg = str_replace("%(reason)s", "<< TON EXPLICATION >>", $msg); + $msg = str_replace("%(listname)s", $liste, $msg); + $page->assign('msg', $msg); + return; } $mail = $this->moderate_mail($domain, $liste, Env::i('mid')); @@ -480,6 +580,11 @@ class ListsModule extends PLModule if (list($subs,$mails) = $this->get_pending_ops($domain, $liste)) { foreach ($mails as $key=>$mail) { $mails[$key]['stamp'] = strftime("%Y%m%d%H%M%S", $mail['stamp']); + if ($mail['fromx']) { + $page->assign('with_fromx', true); + } else { + $page->assign('with_nonfromx', true); + } } $page->assign_by_ref('subs', $subs); $page->assign_by_ref('mails', $mails); @@ -491,7 +596,7 @@ class ListsModule extends PLModule static public function no_login_callback($login) { require_once 'user.func.inc.php'; - global $list_unregistered; + global $list_unregistered, $globals; $users = get_not_registered_user($login, true); if ($users && $users->total()) { @@ -500,7 +605,10 @@ class ListsModule extends PLModule } $list_unregistered[$login] = $users; } else { - _default_user_callback($login); + list($name, $dom) = @explode('@', $login); + if ($dom == $globals->mail->domain || $dom == $globals->mail->domain2) { + User::_default_user_callback($login); + } } } @@ -517,6 +625,8 @@ class ListsModule extends PLModule $page->changeTpl('lists/admin.tpl'); if (Env::has('send_mark')) { + S::assert_xsrf_token(); + $actions = Env::v('mk_action'); $uids = Env::v('mk_uid'); $mails = Env::v('mk_email'); @@ -547,17 +657,41 @@ class ListsModule extends PLModule } if (Env::has('add_member')) { - require_once('user.func.inc.php'); - $members = get_users_forlife_list(Env::v('add_member'), false, array('ListsModule', 'no_login_callback')); + S::assert_xsrf_token(); + + $members = User::getBulkForlifeEmails(Env::v('add_member'), + false, + array('ListsModule', 'no_login_callback')); $arr = $this->client->mass_subscribe($liste, $members); if (is_array($arr)) { foreach($arr as $addr) { - $page->trig("{$addr[0]} inscrit."); + $page->trigSuccess("{$addr[0]} inscrit."); + } + } + } + + if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { + S::assert_xsrf_token(); + + $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); + if (!$upload) { + $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier'); + } else { + $members = User::getBulkForlifeEmails($upload->getContents(), + false, + array('ListsModule', 'no_login_callback')); + $arr = $this->client->mass_subscribe($liste, $members); + if (is_array($arr)) { + foreach($arr as $addr) { + $page->trigSuccess("{$addr[0]} inscrit."); + } } } } if (Env::has('del_member')) { + S::assert_xsrf_token(); + if (strpos(Env::v('del_member'), '@') === false) { $this->client->mass_unsubscribe( $liste, array(Env::v('del_member').'@'.$globals->mail->domain)); @@ -568,18 +702,21 @@ class ListsModule extends PLModule } if (Env::has('add_owner')) { - require_once('user.func.inc.php'); - $owners = get_users_forlife_list(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback')); + S::assert_xsrf_token(); + + $owners = User::getBulkForlifeEmails(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback')); if ($owners) { foreach ($owners as $login) { if ($this->client->add_owner($liste, $login)) { - $page->trig($alias." ajouté aux modérateurs."); + $page->trigSuccess($login ." ajouté aux modérateurs."); } } } } if (Env::has('del_owner')) { + S::assert_xsrf_token(); + if (strpos(Env::v('del_owner'), '@') === false) { $this->client->del_owner($liste, Env::v('del_owner').'@'.$globals->mail->domain); } else { @@ -619,9 +756,20 @@ class ListsModule extends PLModule $page->changeTpl('lists/options.tpl'); if (Post::has('submit')) { + S::assert_xsrf_token(); + $values = $_POST; $values = array_map('utf8_decode', $values); - $this->client->set_bogo_level($liste, intval($values['bogo_level'])); + $spamlevel = intval($values['bogo_level']); + $unsurelevel = intval($values['unsure_level']); + if ($spamlevel == 0) { + $unsurelevel = 0; + } + if ($spamlevel > 3 || $spamlevel < 0 || $unsurelevel < 0 || $unsurelevel > 1) { + $page->trigError("Réglage de l'antispam non valide"); + } else { + $this->client->set_bogo_level($liste, ($spamlevel << 1) + $unsurelevel); + } switch($values['moderate']) { case '0': $values['generic_nonmember_action'] = 0; @@ -645,8 +793,10 @@ class ListsModule extends PLModule } $this->client->set_owner_options($liste, $values); } elseif (isvalid_email(Post::v('atn_add'))) { + S::assert_xsrf_token(); $this->client->add_to_wl($liste, Post::v('atn_add')); } elseif (Get::has('atn_del')) { + S::assert_xsrf_token(); $this->client->del_from_wl($liste, Get::v('atn_del')); pl_redirect('lists/options/'.$liste); } @@ -654,7 +804,9 @@ class ListsModule extends PLModule if (list($details,$options) = $this->client->get_owner_options($liste)) { $page->assign_by_ref('details', $details); $page->assign_by_ref('options', $options); - $page->assign('bogo_level', $this->client->get_bogo_level($liste)); + $bogo_level = intval($this->client->get_bogo_level($liste)); + $page->assign('unsure_level', $bogo_level & 1); + $page->assign('bogo_level', $bogo_level >> 1); } else { $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer"); } @@ -680,19 +832,25 @@ class ListsModule extends PLModule $page->changeTpl('lists/delete.tpl'); if (Post::v('valid') == 'OUI') { + S::assert_xsrf_token(); + if ($this->client->delete_list($liste, Post::b('del_archive'))) { - foreach (array('', '-owner', '-admin', '-bounces') as $app) { + foreach (array('', '-owner', '-admin', '-bounces', '-unsubscribe') as $app) { XDB::execute("DELETE FROM $table WHERE type={?} AND alias={?}", $type, $liste.$app.$domain); } $page->assign('deleted', true); + $page->trigSuccess('La liste a été détruite !'); } else { $page->kill('Une erreur est survenue lors de la suppression de la liste.
' . 'Contact les administrateurs du site pour régler le problème : ' . 'support@polytechnique.org'); } } elseif (list($details,$options) = $this->client->get_owner_options($liste)) { + if (!$details['own']) { + $page->trigWarning('Tu n\'es pas administrateur de la liste, mais du site.'); + } $page->assign_by_ref('details', $details); $page->assign_by_ref('options', $options); $page->assign('bogo_level', $this->client->get_bogo_level($liste)); @@ -712,6 +870,8 @@ class ListsModule extends PLModule $page->changeTpl('lists/soptions.tpl'); if (Post::has('submit')) { + S::assert_xsrf_token(); + $values = $_POST; $values = array_map('utf8_decode', $values); unset($values['submit']); @@ -739,6 +899,7 @@ class ListsModule extends PLModule $page->changeTpl('lists/check.tpl'); if (Post::has('correct')) { + S::assert_xsrf_token(); $this->client->check_options($liste, true); } @@ -752,7 +913,7 @@ class ListsModule extends PLModule function handler_admin_all(&$page) { $page->changeTpl('lists/admin_all.tpl'); - $page->assign('xorg_title','Polytechnique.org - Administration - Mailing lists'); + $page->setTitle('Administration - Mailing lists'); $client = new MMList(S::v('uid'), S::v('password')); $listes = $client->get_all_lists();