X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Flists.php;h=ba625948b65382b5afb31e636103d760faffcce6;hb=dd092f56992ad4dd8a7189173878691522c5a0f1;hp=c7aed33994dd14e43f5cfff2bfc88531d2758e02;hpb=efccf7ed77120bf8b15ac54d4d447e842f032884;p=platal.git diff --git a/modules/lists.php b/modules/lists.php index c7aed33..ba62594 100644 --- a/modules/lists.php +++ b/modules/lists.php @@ -1,6 +1,6 @@ $this->make_hook('lists', AUTH_MDP), 'lists/ajax' => $this->make_hook('ajax', AUTH_MDP, 'user', NO_AUTH), - 'lists/create' => $this->make_hook('create', AUTH_MDP), + 'lists/create' => $this->make_hook('create', AUTH_MDP, 'lists'), 'lists/members' => $this->make_hook('members', AUTH_COOKIE), + 'lists/csv' => $this->make_hook('csv', AUTH_COOKIE), 'lists/annu' => $this->make_hook('annu', AUTH_COOKIE), 'lists/archives' => $this->make_hook('archives', AUTH_COOKIE), 'lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS), @@ -46,19 +47,16 @@ class ListsModule extends PLModule ); } - function on_subscribe($forlife, $uid, $promo, $password) - { - $this->prepare_client(null); - $this->client->subscribe("promo$promo"); - } - - function prepare_client(&$page) + function prepare_client($page, $user = null) { global $globals; - require_once dirname(__FILE__).'/lists/lists.inc.php'; + $this->load('lists.inc.php'); + if (is_null($user)) { + $user = S::user(); + } - $this->client = new MMList(S::v('uid'), S::v('password')); + $this->client = new MMList($user); return $globals->mail->domain; } @@ -66,7 +64,7 @@ class ListsModule extends PLModule { list($subs,$mails) = $this->client->get_pending_ops($list); $res = XDB::query("SELECT mid - FROM ml_moderate + FROM email_list_moderate WHERE ml = {?} AND domain = {?}", $list, $domain); $mids = $res->fetchColumn(); @@ -78,7 +76,7 @@ class ListsModule extends PLModule return array($subs, $mails); } - function handler_lists(&$page) + function handler_lists($page) { function filter_owner($list) { @@ -93,47 +91,54 @@ class ListsModule extends PLModule $domain = $this->prepare_client($page); $page->changeTpl('lists/index.tpl'); - $page->addJsLink('ajax.js'); - $page->setTitle('Polytechnique.org - Listes de diffusion'); + $page->setTitle('Listes de diffusion'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe(Get::v('del')); pl_redirect('lists'); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe(Get::v('add')); pl_redirect('lists'); } if (Post::has('promo_add')) { + S::assert_xsrf_token(); + $promo = Post::i('promo_add'); if ($promo >= 1900 and $promo < 2100) { $this->client->subscribe("promo$promo"); } else { - $page->trigSuccess("promo incorrecte, il faut une promo sur 4 chiffres."); + $page->trigError("promo incorrecte, il faut une promo sur 4 chiffres."); } } - $listes = $this->client->get_lists(); - $owner = array_filter($listes, 'filter_owner'); - $listes = array_diff_key($listes, $owner); - $member = array_filter($listes, 'filter_member'); - $listes = array_diff_key($listes, $member); - foreach ($owner as $key=>$liste) { - list($subs,$mails) = $this->get_pending_ops($domain, $liste['list']); - $owner[$key]['subscriptions'] = $subs; - $owner[$key]['mails'] = $mails; + + if (!is_null($listes = $this->client->get_lists())) { + $owner = array_filter($listes, 'filter_owner'); + $listes = array_diff_key($listes, $owner); + $member = array_filter($listes, 'filter_member'); + $listes = array_diff_key($listes, $member); + foreach ($owner as $key => $liste) { + list($subs, $mails) = $this->get_pending_ops($domain, $liste['list']); + $owner[$key]['subscriptions'] = $subs; + $owner[$key]['mails'] = $mails; + } + $page->register_modifier('hdc', 'list_header_decode'); + $page->assign_by_ref('owner', $owner); + $page->assign_by_ref('member', $member); + $page->assign_by_ref('public', $listes); } - $page->register_modifier('hdc', 'list_header_decode'); - $page->assign_by_ref('owner', $owner); - $page->assign_by_ref('member', $member); - $page->assign_by_ref('public', $listes); } - function handler_ajax(&$page, $list = null) + function handler_ajax($page, $list = null) { - header('Content-Type: text/html; charset="UTF-8"'); + pl_content_headers("text/html"); $domain = $this->prepare_client($page); $page->changeTpl('lists/liste.inc.tpl', NO_SKIN); + S::assert_xsrf_token(); + if (Get::has('unsubscribe')) { $this->client->unsubscribe($list); } @@ -157,22 +162,40 @@ class ListsModule extends PLModule $page->assign_by_ref('liste', $liste); } - function handler_create(&$page) + function handler_create($page) { global $globals; $page->changeTpl('lists/create.tpl'); + $user_promo = S::user()->profile()->yearPromo(); + $year = date('Y'); + $month = date('m'); + // scolar year starts in september + $scolarmonth = ($year - $user_promo) * 12 + ($month - 8); + $young_promo = $very_young_promo = 0; + // binet are accessible only in april in the first year and until + // march of the 5th year + if ($scolarmonth >= 8 && $scolarmonth < 56) { + $young_promo = 1; + } + // PSC aliases are accesible only between september and june of the second + // year of scolarity + if ($scolarmonth >= 12 && $scolarmonth < 22) { + $very_young_promo = 1; + } + $page->assign('young_promo', $young_promo); + $page->assign('very_young_promo', $very_young_promo); + $owners = preg_split("/[\s]+/", Post::v('owners'), -1, PREG_SPLIT_NO_EMPTY); $members = preg_split("/[\s]+/", Post::v('members'), -1, PREG_SPLIT_NO_EMPTY); // click on validate button 'add_owner_sub' or type if (Post::has('add_owner_sub') && Post::has('add_owner')) { - require_once('user.func.inc.php'); // if we want to add an owner and then type , then both // add_owner_sub and add_owner are filled. - $oforlifes = get_users_forlife_list(Post::v('add_owner'), true); - $mforlifes = get_users_forlife_list(Post::v('add_member'), true); + $oforlifes = User::getBulkForlifeEmails(Post::v('add_owner'), true); + $mforlifes = User::getBulkForlifeEmails(Post::v('add_member'), true); if (!is_null($oforlifes)) { $owners = array_merge($owners, $oforlifes); } @@ -184,19 +207,18 @@ class ListsModule extends PLModule } // click on validate button 'add_member_sub' - require_once('user.func.inc.php'); if (Post::has('add_member_sub') && Post::has('add_member')) { - $forlifes = get_users_forlife_list(Post::v('add_member'), true); + $forlifes = User::getBulkForlifeEmails(Post::v('add_member'), true); if (!is_null($forlifes)) { $members = array_merge($members, $forlifes); } } if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { - $upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true); + $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); if (!$upload) { $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier'); } else { - $forlifes = get_users_forlife_list($upload->getContents(), true); + $forlifes = User::getBulkForlifeEmails($upload->getContents(), true); if (!is_null($forlifes)) { $members = array_merge($members, $forlifes); } @@ -213,55 +235,47 @@ class ListsModule extends PLModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } - $asso = Post::v('asso'); - $liste = Post::v('liste'); + $asso = Post::t('asso'); + $list = strtolower(Post::t('liste')); - if (empty($liste)) { - $page->trigError('Le champ «adresse souhaitée» est vide.'); + if (empty($list)) { + $page->trigError('Le champ « adresse souhaitée Â» est vide.'); } - if (!preg_match("/^[a-zA-Z0-9\-]*$/", $liste)) { + if (!preg_match("/^[a-zA-Z0-9\-]*$/", $list)) { $page->trigError('Le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets.'); } - if (($asso == "binet") || ($asso == "alias")) { + if (($asso == 'binet') || ($asso == 'alias')) { $promo = Post::i('promo'); $domain = $promo . '.' . $globals->mail->domain; if (($promo < 1921) || ($promo > date('Y'))) { - $page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.'); + $page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.'); } - $new = $liste . '@' . $domain; - $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new); - - } else { - if ($asso == "groupex") { - $groupex_name = Post::v('groupex_name'); - - $res_groupe = XDB::query('SELECT mail_domain FROM groupex.asso WHERE nom={?}', $groupex_name); - $domain = $res_groupe->fetchOneCell(); + } elseif ($asso == 'groupex') { + $domain = XDB::fetchOneCell('SELECT mail_domain + FROM groups + WHERE nom = {?}', + Post::t('groupex_name')); if (!$domain) { $page->trigError('Il n\'y a aucun groupe de ce nom sur Polytechnique.net.'); } - - $new = $liste . '@' . $domain; - $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new); - } else { - $res = XDB::query("SELECT COUNT(*) FROM aliases WHERE alias={?}", $liste); - $domain = $globals->mail->domain; - } + } else { + $domain = $globals->mail->domain; } - $n = $res->fetchOneCell(); - - if ($n) { - $page->trigError('L\'«adresse souhaitée» est déjà prise.'); + require_once 'emails.inc.php'; + if (list_exist($list, $domain)) { + $page->trigError("L'« adresse souhaitée Â» est déjà prise."); } - if (!Post::v('desc')) { + if (!Post::t('desc')) { $page->trigError('Le sujet est vide.'); } @@ -269,22 +283,22 @@ class ListsModule extends PLModule $page->trigError('Il n\'y a pas de gestionnaire.'); } - if (count($members)<4) { + if (count($members) < 4) { $page->trigError('Il n\'y a pas assez de membres.'); } if (!$page->nb_errs()) { + $page->trigSuccess('Demande de création envoyée !'); $page->assign('created', true); - require_once 'validations.inc.php'; - $req = new ListeReq(S::v('uid'), $asso, $liste, $domain, - Post::v('desc'), Post::i('advertise'), + $req = new ListeReq(S::user(), $asso, $list, $domain, + Post::t('desc'), Post::i('advertise'), Post::i('modlevel'), Post::i('inslevel'), $owners, $members); $req->submit(); } } - function handler_members(&$page, $liste = null) + function handler_members($page, $liste = null) { if (is_null($liste)) { return PL_NOT_FOUND; @@ -295,11 +309,13 @@ class ListsModule extends PLModule $page->changeTpl('lists/members.tpl'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe($liste); pl_redirect('lists/members/'.$liste); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe($liste); pl_redirect('lists/members/'.$liste); } @@ -317,11 +333,26 @@ class ListsModule extends PLModule $page->assign_by_ref('owners', $moderos); $page->assign('nb_m', count($mem)); } else { - $page->kill("La liste n'existe pas ou tu n'as pas le droit d'en voir les détails"); + $page->kill("La liste n'existe pas ou tu n'as pas le droit d'en voir les détails."); + } + } + + function handler_csv(PlPage $page, $liste = null) + { + if (is_null($liste)) { + return PL_NOT_FOUND; } + $this->prepare_client($page); + $members = $this->client->get_members($liste); + $list = list_fetch_basic_info(list_extract_members($members[1])); + pl_cached_content_headers('text/x-csv', 1); + + echo "email,nom,promo\n"; + echo implode("\n", $list); + exit; } - function handler_annu(&$page, $liste = null, $action = null, $subaction = null) + function handler_annu($page, $liste = null, $action = null, $subaction = null) { if (is_null($liste)) { return PL_NOT_FOUND; @@ -330,17 +361,19 @@ class ListsModule extends PLModule $this->prepare_client($page); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe($liste); pl_redirect('lists/annu/'.$liste); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe($liste); pl_redirect('lists/annu/'.$liste); } $owners = $this->client->get_owners($liste); if (!is_array($owners)) { - $page->kill("La liste n'existe pas ou tu n'as pas le droit d'en voir les détails"); + $page->kill("La liste n'existe pas ou tu n'as pas le droit d'en voir les détails."); } global $platal; @@ -353,9 +386,10 @@ class ListsModule extends PLModule $view = new ArraySet($users); $view->addMod('trombi', 'Trombinoscope', true, array('with_promo' => true)); if (empty($GLOBALS['IS_XNET_SITE'])) { - $view->addMod('minifiche', 'Minifiches', false); + $view->addMod('minifiche', 'Mini-fiches', false); } - $view->addMod('geoloc', 'Planisphère'); + // TODO: Reactivate when the new map is completed. + // $view->addMod('geoloc', 'Planisphère'); $view->apply("lists/annu/$liste", $page, $action, $subaction); if ($action == 'geoloc' && $subaction) { return; @@ -367,7 +401,7 @@ class ListsModule extends PLModule $page->assign_by_ref('owners', $moderos); } - function handler_archives(&$page, $liste = null, $action = null, $artid = null) + function handler_archives($page, $liste = null, $action = null, $artid = null) { global $globals; @@ -396,29 +430,24 @@ class ListsModule extends PLModule } } - function handler_rss(&$page, $liste = null, $alias = null, $hash = null) + function handler_rss($page, $liste = null, $alias = null, $hash = null) { - require_once('rss.inc.php'); - $uid = init_rss(null, $alias, $hash); - if (!$uid || !$liste) { - exit; + if (!$liste) { + return PL_NOT_FOUND; + } + $user = Platal::session()->tokenAuth($alias, $hash); + if (is_null($user)) { + return PL_FORBIDDEN; } - $res = XDB::query("SELECT user_id AS uid, password, alias AS forlife - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON (a.id = u.user_id AND a.type = 'a_vie') - WHERE u.user_id = {?}", $uid); - $row = $res->fetchOneAssoc(); - $_SESSION = array_merge($row, $_SESSION); - - $domain = $this->prepare_client($page); + $domain = $this->prepare_client($page, $user); if (list($det) = $this->client->get_members($liste)) { if (substr($liste,0,5) != 'promo' && ($det['ins'] || $det['priv']) && !$det['own'] && ($det['sub'] < 2)) { exit; } require_once('banana/ml.inc.php'); - $banana = new MLBanana(S::v('forlife'), Array('listname' => $liste, 'domain' => $domain, 'action' => 'rss2')); + $banana = new MLBanana($user, Array('listname' => $liste, 'domain' => $domain, 'action' => 'rss2')); $banana->run(); } exit; @@ -436,12 +465,12 @@ class ListsModule extends PLModule return false; } Get::kill('mid'); - return XDB::execute("INSERT IGNORE INTO ml_moderate + return XDB::execute("INSERT IGNORE INTO email_list_moderate VALUES ({?}, {?}, {?}, {?}, {?}, NOW(), {?}, NULL)", $liste, $domain, $mid, S::i('uid'), $action, Post::v('reason')); } - function handler_moderate(&$page, $liste = null) + function handler_moderate($page, $liste = null) { if (is_null($liste)) { return PL_NOT_FOUND; @@ -454,6 +483,8 @@ class ListsModule extends PLModule $page->register_modifier('hdc', 'list_header_decode'); if (Env::has('sadd') || Env::has('sdel')) { + S::assert_xsrf_token(); + if (Env::has('sadd')) { /* 4 = SUBSCRIBE */ $sub = $this->client->get_pending_sub($liste, Env::v('sadd')); $this->client->handle_request($liste,Env::v('sadd'),4,''); @@ -470,8 +501,7 @@ class ListsModule extends PLModule $mailer->addTo("$liste-owner@{$domain}"); $mailer->addHeader('Reply-To', "$liste-owner@{$domain}"); $mailer->setSubject("L'inscription de {$sub['name']} a été $info"); - $text = "L'inscription de {$sub['name']} à la liste $liste@{$domain} a été $info par " . S::v('prenom') . ' ' - . S::v('nom') . '(' . S::v('promo') . ")\n"; + $text = "L'inscription de {$sub['name']} à la liste $liste@{$domain} a été $info par " . S::user()->fullName(true) . ".\n"; if (trim(Post::v('reason'))) { $text .= "\nLa raison invoquée est :\n" . Post::v('reason'); } @@ -484,14 +514,17 @@ class ListsModule extends PLModule } if (Post::has('moderate_mails') && Post::has('select_mails')) { + S::assert_xsrf_token(); + $mails = array_keys(Post::v('select_mails')); foreach($mails as $mail) { $this->moderate_mail($domain, $liste, $mail); } } elseif (Env::has('mid')) { if (Get::has('mid') && !Env::has('mok') && !Env::has('mdel')) { + require_once 'banana/moderate.inc.php'; + $page->changeTpl('lists/moderate_mail.tpl'); - require_once('banana/moderate.inc.php'); $params = array('listname' => $liste, 'domain' => $domain, 'artid' => Get::i('mid'), 'part' => Get::v('part'), 'action' => Get::v('action')); $params['client'] = $this->client; @@ -506,7 +539,7 @@ class ListsModule extends PLModule return; } - $mail = $this->moderate_mail($domain, $liste, Env::i('mid')); + $this->moderate_mail($domain, $liste, Env::i('mid')); } elseif (Env::has('sid')) { if (list($subs,$mails) = $this->get_pending_ops($domain, $liste)) { foreach($subs as $user) { @@ -532,30 +565,29 @@ class ListsModule extends PLModule $page->assign_by_ref('subs', $subs); $page->assign_by_ref('mails', $mails); } else { - $page->kill("La liste n'existe pas ou tu n'as pas le droit de la modérer"); + $page->kill("La liste n'existe pas ou tu n'as pas le droit de la modérer."); } } static public function no_login_callback($login) { - require_once 'user.func.inc.php'; - global $list_unregistered, $globals; + global $list_unregistered; - $users = get_not_registered_user($login, true); + $users = User::getPendingAccounts($login, true); if ($users && $users->total()) { if (!isset($list_unregistered)) { $list_unregistered = array(); } $list_unregistered[$login] = $users; } else { - list($name, $dom) = @explode('@', $login); - if ($dom == $globals->mail->domain || $dom == $globals->mail->domain2) { - _default_user_callback($login); + list($name, $domain) = @explode('@', $login); + if (User::isMainMailDomain($domain)) { + User::_default_user_callback($login); } } } - function handler_admin(&$page, $liste = null) + function handler_admin($page, $liste = null) { global $globals; @@ -568,6 +600,8 @@ class ListsModule extends PLModule $page->changeTpl('lists/admin.tpl'); if (Env::has('send_mark')) { + S::assert_xsrf_token(); + $actions = Env::v('mk_action'); $uids = Env::v('mk_uid'); $mails = Env::v('mk_email'); @@ -598,10 +632,11 @@ class ListsModule extends PLModule } if (Env::has('add_member')) { - require_once('user.func.inc.php'); - $members = get_users_forlife_list(Env::v('add_member'), - false, - array('ListsModule', 'no_login_callback')); + S::assert_xsrf_token(); + + $members = User::getBulkForlifeEmails(Env::v('add_member'), + true, + array('ListsModule', 'no_login_callback')); $arr = $this->client->mass_subscribe($liste, $members); if (is_array($arr)) { foreach($arr as $addr) { @@ -611,13 +646,15 @@ class ListsModule extends PLModule } if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { - $upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true); + S::assert_xsrf_token(); + + $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); if (!$upload) { $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier'); } else { - $members = get_users_forlife_list($upload->getContents(), - false, - array('ListsModule', 'no_login_callback')); + $members = User::getBulkForlifeEmails($upload->getContents(), + true, + array('ListsModule', 'no_login_callback')); $arr = $this->client->mass_subscribe($liste, $members); if (is_array($arr)) { foreach($arr as $addr) { @@ -628,9 +665,12 @@ class ListsModule extends PLModule } if (Env::has('del_member')) { + S::assert_xsrf_token(); + if (strpos(Env::v('del_member'), '@') === false) { - $this->client->mass_unsubscribe( - $liste, array(Env::v('del_member').'@'.$globals->mail->domain)); + if ($del_member = User::getSilent(Env::t('del_member'))) { + $this->client->mass_unsubscribe($liste, array($del_member->forlifeEmail())); + } } else { $this->client->mass_unsubscribe($liste, array(Env::v('del_member'))); } @@ -638,20 +678,25 @@ class ListsModule extends PLModule } if (Env::has('add_owner')) { - require_once('user.func.inc.php'); - $owners = get_users_forlife_list(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback')); + S::assert_xsrf_token(); + + $owners = User::getBulkForlifeEmails(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback')); if ($owners) { foreach ($owners as $login) { if ($this->client->add_owner($liste, $login)) { - $page->trigSuccess($alias." ajouté aux modérateurs."); + $page->trigSuccess($login ." ajouté aux modérateurs."); } } } } if (Env::has('del_owner')) { + S::assert_xsrf_token(); + if (strpos(Env::v('del_owner'), '@') === false) { - $this->client->del_owner($liste, Env::v('del_owner').'@'.$globals->mail->domain); + if ($del_owner = User::getSilent(Env::t('del_owner'))) { + $this->client->mass_unsubscribe($liste, array($del_owner->forlifeEmail())); + } } else { $this->client->del_owner($liste, Env::v('del_owner')); } @@ -673,12 +718,12 @@ class ListsModule extends PLModule } else { $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.
" - ." Si tu penses qu'il s'agit d'une erreur, " - ."contact le support"); + . " Si tu penses qu'il s'agit d'une erreur, " + . "contact le support."); } } - function handler_options(&$page, $liste = null) + function handler_options($page, $liste = null) { if (is_null($liste)) { return PL_NOT_FOUND; @@ -689,6 +734,8 @@ class ListsModule extends PLModule $page->changeTpl('lists/options.tpl'); if (Post::has('submit')) { + S::assert_xsrf_token(); + $values = $_POST; $values = array_map('utf8_decode', $values); $spamlevel = intval($values['bogo_level']); @@ -724,8 +771,10 @@ class ListsModule extends PLModule } $this->client->set_owner_options($liste, $values); } elseif (isvalid_email(Post::v('atn_add'))) { + S::assert_xsrf_token(); $this->client->add_to_wl($liste, Post::v('atn_add')); } elseif (Get::has('atn_del')) { + S::assert_xsrf_token(); $this->client->del_from_wl($liste, Get::v('atn_del')); pl_redirect('lists/options/'.$liste); } @@ -741,7 +790,7 @@ class ListsModule extends PLModule } } - function handler_delete(&$page, $liste = null) + function handler_delete($page, $liste = null) { global $globals; if (is_null($liste)) { @@ -749,40 +798,34 @@ class ListsModule extends PLModule } $domain = $this->prepare_client($page); - if ($domain == $globals->mail->domain || $domain == $globals->mail->domain2) { - $domain = ''; - $table = 'aliases'; - $type = 'liste'; - } else { - $domain = '@' . $domain; - $table = 'virtual'; - $type = 'list'; - } - $page->changeTpl('lists/delete.tpl'); if (Post::v('valid') == 'OUI') { + S::assert_xsrf_token(); + if ($this->client->delete_list($liste, Post::b('del_archive'))) { - foreach (array('', '-owner', '-admin', '-bounces', '-unsubscribe') as $app) { - XDB::execute("DELETE FROM $table - WHERE type={?} AND alias={?}", - $type, $liste.$app.$domain); - } + require_once 'emails.inc.php'; + + delete_list($liste, $domain); $page->assign('deleted', true); + $page->trigSuccess('La liste a été détruite !'); } else { $page->kill('Une erreur est survenue lors de la suppression de la liste.
' . 'Contact les administrateurs du site pour régler le problème : ' - . 'support@polytechnique.org'); + . 'support@polytechnique.org.'); } } elseif (list($details,$options) = $this->client->get_owner_options($liste)) { + if (!$details['own']) { + $page->trigWarning('Tu n\'es pas administrateur de la liste, mais du site.'); + } $page->assign_by_ref('details', $details); $page->assign_by_ref('options', $options); $page->assign('bogo_level', $this->client->get_bogo_level($liste)); } else { - $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer"); + $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer."); } } - function handler_soptions(&$page, $liste = null) + function handler_soptions($page, $liste = null) { if (is_null($liste)) { return PL_NOT_FOUND; @@ -793,6 +836,8 @@ class ListsModule extends PLModule $page->changeTpl('lists/soptions.tpl'); if (Post::has('submit')) { + S::assert_xsrf_token(); + $values = $_POST; $values = array_map('utf8_decode', $values); unset($values['submit']); @@ -805,11 +850,11 @@ class ListsModule extends PLModule $page->assign_by_ref('details', $details); $page->assign_by_ref('options', $options); } else { - $page->kill("La liste n'existe pas"); + $page->kill("La liste n'existe pas."); } } - function handler_check(&$page, $liste = null) + function handler_check($page, $liste = null) { if (is_null($liste)) { return PL_NOT_FOUND; @@ -820,6 +865,7 @@ class ListsModule extends PLModule $page->changeTpl('lists/check.tpl'); if (Post::has('correct')) { + S::assert_xsrf_token(); $this->client->check_options($liste, true); } @@ -827,16 +873,17 @@ class ListsModule extends PLModule $page->assign_by_ref('details', $details); $page->assign_by_ref('options', $options); } else { - $page->kill("La liste n'existe pas"); + $page->kill("La liste n'existe pas."); } } - function handler_admin_all(&$page) { + function handler_admin_all($page) + { $page->changeTpl('lists/admin_all.tpl'); - $page->setTitle('Polytechnique.org - Administration - Mailing lists'); + $page->setTitle('Administration - Mailing lists'); - $client = new MMList(S::v('uid'), S::v('password')); - $listes = $client->get_all_lists(); + $this->prepare_client($page); + $listes = $this->client->get_all_lists(); $page->assign_by_ref('listes', $listes); } }