X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fmarketing.php;h=eb0778dd67bca718dc000ef44ad10f283ff25587;hb=58acfe8b40d3417e7b1a5ffd868a52509d053558;hp=74ee081af188dfc230806e4e1c3a533c250ae7f9;hpb=316b40d60daacd3aa3b480ccba0db6a3d97c093b;p=platal.git

diff --git a/modules/marketing.php b/modules/marketing.php
index 74ee081..eb0778d 100644
--- a/modules/marketing.php
+++ b/modules/marketing.php
@@ -40,7 +40,7 @@ class MarketingModule extends PLModule
     {
         $page->changeTpl('marketing/index.tpl');
 
-        $page->setTitle('Polytechnique.org - Marketing');
+        $page->setTitle('Marketing');
 
         // Quelques statistiques
 
@@ -105,6 +105,7 @@ class MarketingModule extends PLModule
         }
 
         if ($action == 'del') {
+            S::assert_xsrf_token();
             Marketing::clear($uid, $value);
         }
 
@@ -128,15 +129,18 @@ class MarketingModule extends PLModule
         }
 
         if ($action == 'relforce') {
+            S::assert_xsrf_token();
+
             $market = Marketing::get($uid, Post::v('to'));
             if (is_null($market)) {
                 $market = new Marketing($uid, Post::v('to'), 'default', null, 'staff');
             }
             $market->send(Post::v('title'), Post::v('message'));
-            $page->trigSuccess("Mail envoyé");
+            $page->trigSuccess("Email envoyé");
         }
 
         if ($action == 'insrel') {
+            S::assert_xsrf_token();
             if (Marketing::relance($uid)) {
                 $page->trigSuccess('relance faite');
             }
@@ -150,7 +154,7 @@ class MarketingModule extends PLModule
         $res = XDB::iterator(
                 "SELECT  r.*, a.alias
                    FROM  register_marketing AS r
-             INNER JOIN  aliases            AS a ON (r.sender=a.id AND a.type = 'a_vie')
+              LEFT JOIN  aliases            AS a ON (r.sender=a.id AND a.type = 'a_vie')
                   WHERE  uid={?}
                ORDER BY  date", $uid);
         $page->assign('addr', $res);
@@ -194,11 +198,13 @@ class MarketingModule extends PLModule
         $page->assign('user', $user);
 
         $email = null;
+        require_once 'emails.inc.php';
         if (Post::has('mail')) {
-            require_once 'emails.inc.php';
             $email = valide_email(Post::v('mail'));
         }
         if (Post::has('valide') && isvalid_email_redirection($email)) {
+            S::assert_xsrf_token();
+
             // security stuff
             check_email($email, "Proposition d'une adresse surveillee pour " . $user['forlife'] . " par " . S::v('forlife'));
             $res = XDB::query("SELECT  e.flags
@@ -261,8 +267,10 @@ class MarketingModule extends PLModule
             $page->assign('promo', $promo);
 
             if (Post::has('valide')) {
+                S::assert_xsrf_token();
                 $email = trim(Post::v('mail'));
 
+                require_once 'emails.inc.php';
                 if (!isvalid_email_redirection($email)) {
                     $page->trigError("Email invalide !");
                 } else {