X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=3ebcd991fc168c11a1371cfd80e1386f14ad9fc5;hb=67f95129c935e3844b9ecf996bb29f979ef3ca7f;hp=c558b49137ccd5dbfde01712995a10c8b6f6de12;hpb=9f52839d4a55c6b59ab80af35026a064e007ac72;p=platal.git

diff --git a/modules/platal.php b/modules/platal.php
index c558b49..3ebcd99 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2010 Polytechnique.org                              *
+ *  Copyright (C) 2003-2011 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -21,7 +21,7 @@
 
 function bugize($list)
 {
-    $list = split(',', $list);
+    $list = preg_split('/,/', Env::s('libs'), -1, PREG_SPLIT_NO_EMPTY);
     $ans  = array();
 
     foreach ($list as $bug) {
@@ -59,7 +59,7 @@ class PlatalModule extends PLModule
         );
     }
 
-    function handler_index(&$page)
+    function handler_index($page)
     {
         // Include X-XRDS-Location response-header for Yadis discovery
         global $globals;
@@ -73,14 +73,14 @@ class PlatalModule extends PLModule
         }
     }
 
-    function handler_cacert(&$page)
+    function handler_cacert($page)
     {
         pl_cached_content_headers("application/x-x509-ca-cert");
         readfile("/etc/ssl/xorgCA/cacert.pem");
         exit;
     }
 
-    function handler_changelog(&$page, $core = null)
+    function handler_changelog($page, $core = null)
     {
         $page->changeTpl('platal/changeLog.tpl');
 
@@ -113,42 +113,40 @@ class PlatalModule extends PLModule
     function __set_rss_state($state)
     {
         if ($state) {
-            S::user()->token = rand_url_id(16);
-            XDB::execute('UPDATE  accounts
-                             SET  token = {?}
-                           WHERE  uid = {?}', S::user()->token, S::i('uid'));
+            if (!S::user()->token) {
+                S::user()->token = rand_url_id(16);
+                S::set('token', S::user()->token);
+                XDB::execute('UPDATE  accounts
+                                 SET  token = {?}
+                               WHERE  uid = {?}', S::user()->token, S::i('uid'));
+            }
         } else {
             S::kill('token');
+            S::user()->token = null;
             XDB::execute('UPDATE  accounts
                              SET  token = NULL
                            WHERE  uid = {?}', S::i('uid'));
         }
     }
 
-    function handler_prefs(&$page)
+    function handler_prefs($page)
     {
         $page->changeTpl('platal/preferences.tpl');
         $page->setTitle('Mes préférences');
 
         if (Post::has('email_format')) {
+            S::assert_xsrf_token();
             $fmt = Post::s('email_format');
             S::user()->setEmailFormat($fmt);
         }
 
         if (Post::has('rss')) {
-            $this->__set_rss_state(Post::b('rss'));
+            S::assert_xsrf_token();
+            $this->__set_rss_state(Post::s('rss') == 'on');
         }
-
-        # FIXME: this code is not multi-domain compatible. We should decide how
-        # carva will extend to users not in the main domain.
-        $res = XDB::query("SELECT  alias
-                             FROM  aliases
-                            WHERE  uid = {?} AND FIND_IN_SET('bestalias', flags)",
-                          S::user()->id());
-        $page->assign('bestalias', $res->fetchOneCell());
     }
 
-    function handler_webredir(&$page)
+    function handler_webredir($page)
     {
         $page->changeTpl('platal/webredirect.tpl');
         $page->setTitle('Redirection de page WEB');
@@ -158,8 +156,9 @@ class PlatalModule extends PLModule
                 $page->trigError('URL invalide');
             } else {
                 $url = Env::t('url');
-                XDB::execute('REPLACE INTO  carvas (uid, url)
-                                    VALUES  ({?}, {?})',
+                XDB::execute('INSERT INTO  carvas (uid, url)
+                                   VALUES  ({?}, {?})
+                  ON DUPLICATE KEY UPDATE  url = VALUES(url)',
                              S::i('uid'), $url);
                 S::logger()->log('carva_add', 'http://' . $url);
                 $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
@@ -186,7 +185,7 @@ class PlatalModule extends PLModule
         $page->assign('bestalias', $res->fetchOneCell());
     }
 
-    function handler_prefs_rss(&$page)
+    function handler_prefs_rss($page)
     {
         $page->changeTpl('platal/filrss.tpl');
 
@@ -198,7 +197,7 @@ class PlatalModule extends PLModule
         }
     }
 
-    function handler_password(&$page)
+    function handler_password($page)
     {
         global $globals;
 
@@ -229,11 +228,10 @@ class PlatalModule extends PLModule
         }
 
         $page->changeTpl('platal/password.tpl');
-        $page->addJsLink('password.js');
         $page->setTitle('Mon mot de passe');
     }
 
-    function handler_smtppass(&$page)
+    function handler_smtppass($page)
     {
         $page->changeTpl('platal/acces_smtp.tpl');
         $page->setTitle('Acces SMTP/NNTP');
@@ -267,7 +265,7 @@ class PlatalModule extends PLModule
         $page->assign('actif', $res->fetchOneCell());
     }
 
-    function handler_recovery(&$page)
+    function handler_recovery($page)
     {
         global $globals;
 
@@ -349,7 +347,7 @@ Adresse de secours : " . Post::v('email') : ""));
         S::logger($user->id())->log('recovery', $mails);
     }
 
-    function handler_tmpPWD(&$page, $certif = null)
+    function handler_tmpPWD($page, $certif = null)
     {
         global $globals;
         // XXX: recovery requires data from the profile
@@ -388,11 +386,10 @@ Adresse de secours : " . Post::v('email') : ""));
             $page->changeTpl('platal/tmpPWD.success.tpl');
         } else {
             $page->changeTpl('platal/password.tpl');
-            $page->addJsLink('password.js');
         }
     }
 
-    function handler_skin(&$page)
+    function handler_skin($page)
     {
         global $globals;
 
@@ -421,12 +418,18 @@ Adresse de secours : " . Post::v('email') : ""));
         $page->assign('skins', XDB::iterator($sql));
     }
 
-    function handler_exit(&$page, $level = null)
+    function handler_exit($page, $level = null)
     {
         if (S::suid()) {
-            S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
+            $old = S::user()->login();
+            S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
             Platal::session()->stopSUID();
-            pl_redirect('admin/user/' . S::user()->login());
+            $target = S::s('suid_startpage');
+            S::kill('suid_startpage');
+            if (!empty($target)) {
+                http_redirect($target);
+            }
+            pl_redirect('admin/user/' . $old);
         }
 
         if ($level == 'forget' || $level == 'forgetall') {
@@ -449,7 +452,7 @@ Adresse de secours : " . Post::v('email') : ""));
         }
     }
 
-    function handler_review(&$page, $action = null, $mode = null)
+    function handler_review($page, $action = null, $mode = null)
     {
         // Include X-XRDS-Location response-header for Yadis discovery
         global $globals;