X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Flists.php;h=8a5ccb9abb1746bc3dc403e51e6c3f0579b41fb2;hb=08b5c28f7adf245d5a262add9c31209f5d188ec7;hp=f73598f98ba7d932496be1ecc410572b59541991;hpb=1ea2d001c2511d30bae13fe3aed0e698919380a8;p=platal.git
diff --git a/modules/lists.php b/modules/lists.php
index f73598f..8a5ccb9 100644
--- a/modules/lists.php
+++ b/modules/lists.php
@@ -61,6 +61,19 @@ class ListsModule extends PLModule
return $globals->mail->domain;
}
+ function verify_list_owner($page, $liste)
+ {
+ if (list(, , $owners) = $this->client->get_members($liste)) {
+ if (!(in_array(S::user()->forlifeEmail(), $owners) || S::admin())) {
+ $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.");
+ }
+ } else {
+ $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.
"
+ . " Si tu penses qu'il s'agit d'une erreur, "
+ . "contact le support.");
+ }
+ }
+
function get_pending_ops($domain, $list)
{
list($subs,$mails) = $this->client->get_pending_ops($list);
@@ -346,11 +359,11 @@ class ListsModule extends PLModule
$this->prepare_client($page);
$members = $this->client->get_members($liste);
$list = list_fetch_basic_info(list_extract_members($members[1]));
- pl_cached_content_headers('text/x-csv', 1);
+ pl_cached_content_headers('text/x-csv', 'iso-8859-1', 1);
- echo "nom,promo\n";
- echo implode("\n", $list);
- exit;
+ echo utf8_decode("Nom;Prénom;Promotion\n");
+ echo utf8_decode(implode("\n", $list));
+ exit();
}
function handler_annu($page, $liste = null, $action = null, $subaction = null)
@@ -483,6 +496,7 @@ class ListsModule extends PLModule
}
$domain = $this->prepare_client($page);
+ $this->verify_list_owner($page, $liste);
$page->changeTpl('lists/moderate.tpl');
@@ -602,6 +616,17 @@ class ListsModule extends PLModule
}
$domain = $this->prepare_client($page);
+ $force_rights = false;
+ if ($GLOBALS['IS_XNET_SITE']) {
+ $perms = S::v('perms');
+ if (is_object($perms) && $perms->hasFlag('groupadmin')) {
+ $force_rights = true;
+ }
+ }
+ $page->assign('group_admin', $force_rights);
+ if (!$force_rights) {
+ $this->verify_list_owner($page, $liste);
+ }
$page->changeTpl('lists/admin.tpl');
@@ -618,8 +643,9 @@ class ListsModule extends PLModule
case 'marketu': case 'markets':
require_once 'emails.inc.php';
+ $user = User::get($uids[$key]);
$mail = valide_email($mails[$key]);
- if (isvalid_email_redirection($mail)) {
+ if (isvalid_email_redirection($mail, $user)) {
$from = ($action == 'marketu') ? 'user' : 'staff';
$market = Marketing::get($uids[$key], $mail);
if (!$market) {
@@ -637,34 +663,52 @@ class ListsModule extends PLModule
}
}
- if (Env::has('add_member')) {
+ if (Env::has('add_member') ||
+ isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
S::assert_xsrf_token();
- $members = User::getBulkForlifeEmails(Env::v('add_member'),
+ if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError("Une erreur s'est produite lors du téléchargement du fichier.");
+ } else {
+ $logins = $upload->getContents();
+ }
+ } else {
+ $logins = Env::v('add_member');
+ }
+
+ $logins = preg_split("/[; ,\r\n\|]+/", $logins);
+ $members = User::getBulkForlifeEmails($logins,
true,
array('ListsModule', 'no_login_callback'));
+ $unfound = array_diff_key($logins, $members);
+
+ // Make sure we send a list (array_values) of unique (array_unique)
+ // emails.
+ $members = array_values(array_unique($members));
+
$arr = $this->client->mass_subscribe($liste, $members);
+
+ $successes = array();
if (is_array($arr)) {
foreach($arr as $addr) {
+ $successes[] = $addr[1];
$page->trigSuccess("{$addr[0]} inscrit.");
}
}
- }
- if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
- S::assert_xsrf_token();
+ $already = array_diff($members, $successes);
+ if (is_array($already)) {
+ foreach ($already as $item) {
+ $page->trigWarning($item . ' est déjà inscrit.');
+ }
+ }
- $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
- if (!$upload) {
- $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
- } else {
- $members = User::getBulkForlifeEmails($upload->getContents(),
- true,
- array('ListsModule', 'no_login_callback'));
- $arr = $this->client->mass_subscribe($liste, $members);
- if (is_array($arr)) {
- foreach($arr as $addr) {
- $page->trigSuccess("{$addr[0]} inscrit.");
+ if (is_array($unfound)) {
+ foreach ($unfound as $item) {
+ if (trim($item) != '') {
+ $page->trigError($item . " ne correspond pas à un compte existant et n'est pas une adresse email.");
}
}
}
@@ -721,7 +765,6 @@ class ListsModule extends PLModule
$page->assign_by_ref('members', $membres);
$page->assign_by_ref('owners', $moderos);
$page->assign('np_m', count($mem));
-
} else {
$page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.
"
. " Si tu penses qu'il s'agit d'une erreur, "
@@ -736,6 +779,7 @@ class ListsModule extends PLModule
}
$this->prepare_client($page);
+ $this->verify_list_owner($page, $liste);
$page->changeTpl('lists/options.tpl');
@@ -804,6 +848,7 @@ class ListsModule extends PLModule
}
$domain = $this->prepare_client($page);
+ $this->verify_list_owner($page, $liste);
$page->changeTpl('lists/delete.tpl');
if (Post::v('valid') == 'OUI') {
S::assert_xsrf_token();
@@ -838,6 +883,7 @@ class ListsModule extends PLModule
}
$this->prepare_client($page);
+ $this->verify_list_owner($page, $liste);
$page->changeTpl('lists/soptions.tpl');
@@ -867,6 +913,7 @@ class ListsModule extends PLModule
}
$this->prepare_client($page);
+ $this->verify_list_owner($page, $liste);
$page->changeTpl('lists/check.tpl');