X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnet.php;h=c8e5611df0a9303cde1c8e0266a0cc1ecf3c087e;hb=175f2c12b9483c2d17912ecf4a599d2bd608c357;hp=1f30778ebbd289bd551c7550e40addc2fc3f2e1c;hpb=8c5c6d646a25e0d90a00ea798d18e535533c4814;p=platal.git

diff --git a/modules/xnet.php b/modules/xnet.php
index 1f30778..c8e5611 100644
--- a/modules/xnet.php
+++ b/modules/xnet.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -56,7 +56,7 @@ class XnetModule extends PLModule
         }
         exit;
     }
-    
+
     function handler_index(&$page)
     {
         $page->nomenu = true;
@@ -72,7 +72,7 @@ class XnetModule extends PLModule
 
     function handler_admin(&$page)
     {
-        new_admin_page('xnet/admin.tpl');
+        $page->changeTpl('xnet/admin.tpl');
 
         if (Get::has('del')) {
             $res = XDB::query('SELECT id, nom, mail_domain
@@ -81,6 +81,8 @@ class XnetModule extends PLModule
             list($id, $nom, $domain) = $res->fetchOneRow();
             $page->assign('nom', $nom);
             if ($id && Post::has('del')) {
+                S::assert_xsrf_token();
+
                 XDB::query('DELETE FROM groupex.membres WHERE asso_id={?}', $id);
                 $page->trig('membres supprimés');
 
@@ -110,6 +112,8 @@ class XnetModule extends PLModule
         }
 
         if (Post::has('diminutif')) {
+            S::assert_xsrf_token();
+
             XDB::query('INSERT INTO groupex.asso (id,diminutif)
                                  VALUES(NULL,{?})', Post::v('diminutif'));
             pl_redirect('../'.Post::v('diminutif').'/edit');
@@ -197,7 +201,7 @@ class XnetModule extends PLModule
 
         $page->setType($cat);
     }
-    
+
     function handler_autologin(&$page)
     {
         $allkeys = func_get_args();