X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fmarketing.php;h=9507cf58e5793379361a5558c95b58459b4ea120;hb=343e22c25d384cb09e5cdc77bb861fcf6c60a653;hp=74ee081af188dfc230806e4e1c3a533c250ae7f9;hpb=1c82f959c6e69a5a979e46e530872685106f9103;p=platal.git

diff --git a/modules/marketing.php b/modules/marketing.php
index 74ee081..9507cf5 100644
--- a/modules/marketing.php
+++ b/modules/marketing.php
@@ -40,7 +40,7 @@ class MarketingModule extends PLModule
     {
         $page->changeTpl('marketing/index.tpl');
 
-        $page->setTitle('Polytechnique.org - Marketing');
+        $page->setTitle('Marketing');
 
         // Quelques statistiques
 
@@ -105,6 +105,7 @@ class MarketingModule extends PLModule
         }
 
         if ($action == 'del') {
+            S::assert_xsrf_token();
             Marketing::clear($uid, $value);
         }
 
@@ -128,15 +129,18 @@ class MarketingModule extends PLModule
         }
 
         if ($action == 'relforce') {
+            S::assert_xsrf_token();
+
             $market = Marketing::get($uid, Post::v('to'));
             if (is_null($market)) {
                 $market = new Marketing($uid, Post::v('to'), 'default', null, 'staff');
             }
             $market->send(Post::v('title'), Post::v('message'));
-            $page->trigSuccess("Mail envoyé");
+            $page->trigSuccess("Email envoyé");
         }
 
         if ($action == 'insrel') {
+            S::assert_xsrf_token();
             if (Marketing::relance($uid)) {
                 $page->trigSuccess('relance faite');
             }
@@ -194,11 +198,13 @@ class MarketingModule extends PLModule
         $page->assign('user', $user);
 
         $email = null;
+        require_once 'emails.inc.php';
         if (Post::has('mail')) {
-            require_once 'emails.inc.php';
             $email = valide_email(Post::v('mail'));
         }
         if (Post::has('valide') && isvalid_email_redirection($email)) {
+            S::assert_xsrf_token();
+
             // security stuff
             check_email($email, "Proposition d'une adresse surveillee pour " . $user['forlife'] . " par " . S::v('forlife'));
             $res = XDB::query("SELECT  e.flags
@@ -261,8 +267,10 @@ class MarketingModule extends PLModule
             $page->assign('promo', $promo);
 
             if (Post::has('valide')) {
+                S::assert_xsrf_token();
                 $email = trim(Post::v('mail'));
 
+                require_once 'emails.inc.php';
                 if (!isvalid_email_redirection($email)) {
                     $page->trigError("Email invalide !");
                 } else {