X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fpayment.php;h=f54ce5b7f0613ebcc219f65d64db8b5dc7babc59;hb=4f970ab081dfb75e7595d98c61e1660f76edab65;hp=7d2493c45627bd6ed97b3d0f79584b2b46c79002;hpb=d0edeb70f254ed642b59c7c3636b7802266bcfe4;p=platal.git

diff --git a/modules/payment.php b/modules/payment.php
index 7d2493c..f54ce5b 100644
--- a/modules/payment.php
+++ b/modules/payment.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2009 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -88,14 +88,14 @@ class PaymentModule extends PLModule
     function handlers()
     {
         return array(
-            'payment'               => $this->make_hook('payment', AUTH_MDP),
-            'payment/cyber_return'  => $this->make_hook('cyber_return',  AUTH_PUBLIC),
-            'payment/paypal_return' => $this->make_hook('paypal_return',  AUTH_PUBLIC),
-            '%grp/paiement'              => $this->make_hook('xnet_payment', AUTH_MDP),
-            '%grp/payment'               => $this->make_hook('xnet_payment', AUTH_MDP),
-            '%grp/payment/cyber_return'  => $this->make_hook('cyber_return', AUTH_PUBLIC),
-            '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC),
-            'admin/payments'        => $this->make_hook('admin', AUTH_MDP, 'admin'),
+            'payment'                    => $this->make_hook('payment',       AUTH_MDP),
+            'payment/cyber_return'       => $this->make_hook('cyber_return',  AUTH_PUBLIC, 'user', NO_HTTPS),
+            'payment/paypal_return'      => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
+            '%grp/paiement'              => $this->make_hook('xnet_payment',  AUTH_MDP),
+            '%grp/payment'               => $this->make_hook('xnet_payment',  AUTH_MDP),
+            '%grp/payment/cyber_return'  => $this->make_hook('cyber_return',  AUTH_PUBLIC, 'user', NO_HTTPS),
+            '%grp/payment/paypal_return' => $this->make_hook('paypal_return', AUTH_PUBLIC, 'user', NO_HTTPS),
+            'admin/payments'             => $this->make_hook('admin',         AUTH_MDP,    'admin'),
 
         );
     }
@@ -208,7 +208,7 @@ class PaymentModule extends PLModule
             $res = XDB::query("SELECT  rcb.text,c.id,c.text
                                  FROM  paiement.codeRCB AS rcb
                             LEFT JOIN  paiement.codeC   AS c ON rcb.codeC=c.id
-                                WHERE  rcb.id='$champ906'");
+                                WHERE  rcb.id={?}", $champ906);
             if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
                 cb_erreur("erreur lors du paiement : $c_text ($c_id)");
             } else{