X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fmarketing.php;h=c854069ec88bbf9dee0b2dec1f167a1678cb2ff9;hb=46f272feb613c57febf40a0f7bf6a721e439b73b;hp=74ee081af188dfc230806e4e1c3a533c250ae7f9;hpb=edfdbe40a2eb4cd9b576214613431b32975baf84;p=platal.git diff --git a/modules/marketing.php b/modules/marketing.php index 74ee081..c854069 100644 --- a/modules/marketing.php +++ b/modules/marketing.php @@ -40,7 +40,7 @@ class MarketingModule extends PLModule { $page->changeTpl('marketing/index.tpl'); - $page->setTitle('Polytechnique.org - Marketing'); + $page->setTitle('Marketing'); // Quelques statistiques @@ -105,6 +105,7 @@ class MarketingModule extends PLModule } if ($action == 'del') { + S::assert_xsrf_token(); Marketing::clear($uid, $value); } @@ -128,15 +129,18 @@ class MarketingModule extends PLModule } if ($action == 'relforce') { + S::assert_xsrf_token(); + $market = Marketing::get($uid, Post::v('to')); if (is_null($market)) { $market = new Marketing($uid, Post::v('to'), 'default', null, 'staff'); } $market->send(Post::v('title'), Post::v('message')); - $page->trigSuccess("Mail envoyé"); + $page->trigSuccess("Email envoyé"); } if ($action == 'insrel') { + S::assert_xsrf_token(); if (Marketing::relance($uid)) { $page->trigSuccess('relance faite'); } @@ -199,6 +203,8 @@ class MarketingModule extends PLModule $email = valide_email(Post::v('mail')); } if (Post::has('valide') && isvalid_email_redirection($email)) { + S::assert_xsrf_token(); + // security stuff check_email($email, "Proposition d'une adresse surveillee pour " . $user['forlife'] . " par " . S::v('forlife')); $res = XDB::query("SELECT e.flags @@ -261,6 +267,7 @@ class MarketingModule extends PLModule $page->assign('promo', $promo); if (Post::has('valide')) { + S::assert_xsrf_token(); $email = trim(Post::v('mail')); if (!isvalid_email_redirection($email)) {