X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=cfa973f1e5c1b6d6e3cb327fa3b5ed6dd0b8c98b;hb=2d89ec936167033886ae76b153605d7ccf19bc20;hp=9d8c2051cb8f56db6788cb1fecf56af8f7ed6193;hpb=4abb0fe4bcefc73a18891e9768640d8811a09acc;p=platal.git diff --git a/modules/platal.php b/modules/platal.php index 9d8c205..cfa973f 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -45,13 +45,13 @@ class PlatalModule extends PLModule // Preferences thingies 'prefs' => $this->make_hook('prefs', AUTH_COOKIE), 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE), - 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP), + 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE), // password related thingies 'password' => $this->make_hook('password', AUTH_MDP), 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), - 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP), + 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), 'exit' => $this->make_hook('exit', AUTH_PUBLIC), 'review' => $this->make_hook('review', AUTH_PUBLIC), @@ -113,12 +113,16 @@ class PlatalModule extends PLModule function __set_rss_state($state) { if ($state) { - S::user()->token = rand_url_id(16); - XDB::execute('UPDATE accounts - SET token = {?} - WHERE uid = {?}', S::user()->token, S::i('uid')); + if (!S::user()->token) { + S::user()->token = rand_url_id(16); + S::set('token', S::user()->token); + XDB::execute('UPDATE accounts + SET token = {?} + WHERE uid = {?}', S::user()->token, S::i('uid')); + } } else { S::kill('token'); + S::user()->token = null; XDB::execute('UPDATE accounts SET token = NULL WHERE uid = {?}', S::i('uid')); @@ -131,21 +135,15 @@ class PlatalModule extends PLModule $page->setTitle('Mes préférences'); if (Post::has('email_format')) { + S::assert_xsrf_token(); $fmt = Post::s('email_format'); S::user()->setEmailFormat($fmt); } if (Post::has('rss')) { - $this->__set_rss_state(Post::b('rss')); + S::assert_xsrf_token(); + $this->__set_rss_state(Post::s('rss') == 'on'); } - - # FIXME: this code is not multi-domain compatible. We should decide how - # carva will extend to users not in the main domain. - $res = XDB::query("SELECT alias - FROM aliases - WHERE uid = {?} AND FIND_IN_SET('bestalias', flags)", - S::user()->id()); - $page->assign('bestalias', $res->fetchOneCell()); } function handler_webredir(&$page) @@ -158,8 +156,9 @@ class PlatalModule extends PLModule $page->trigError('URL invalide'); } else { $url = Env::t('url'); - XDB::execute('REPLACE INTO carvas (uid, url) - VALUES ({?}, {?})', + XDB::execute('INSERT INTO carvas (uid, url) + VALUES ({?}, {?}) + ON DUPLICATE KEY UPDATE url = VALUES(url)', S::i('uid'), $url); S::logger()->log('carva_add', 'http://' . $url); $page->trigSuccess("Redirection activée vers $url"); @@ -424,9 +423,15 @@ Adresse de secours : " . Post::v('email') : "")); function handler_exit(&$page, $level = null) { if (S::suid()) { - S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid')); + $old = S::user()->login(); + S::logger()->log('suid_stop', $old . " by " . S::suid('hruid')); Platal::session()->stopSUID(); - pl_redirect('admin/user/' . S::user()->login()); + $target = S::s('suid_startpage'); + S::kill('suid_startpage'); + if (!empty($target)) { + http_redirect($target); + } + pl_redirect('admin/user/' . $old); } if ($level == 'forget' || $level == 'forgetall') {