X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnetlists.php;h=036452ed3ba32de0878ef6816eb4fb042c866928;hb=b032b01b8919b36ec66f8a0395132953d8c01cf2;hp=ab86ee6fad54930e0db2345ff295d152d9afd34e;hpb=055dbf301ba573fab8af02315cef0fbcd0ca1316;p=platal.git diff --git a/modules/xnetlists.php b/modules/xnetlists.php index ab86ee6..036452e 100644 --- a/modules/xnetlists.php +++ b/modules/xnetlists.php @@ -1,6 +1,6 @@ $this->make_hook('lists', AUTH_MDP, 'groupmember'), - '%grp/lists/create' => $this->make_hook('create', AUTH_MDP, 'groupmember'), + '%grp/lists' => $this->make_hook('lists', AUTH_MDP, 'groupmember'), + '%grp/lists/create' => $this->make_hook('create', AUTH_MDP, 'groupmember'), - '%grp/lists/members' => $this->make_hook('members', AUTH_COOKIE), - '%grp/lists/annu' => $this->make_hook('annu', AUTH_COOKIE), - '%grp/lists/archives' => $this->make_hook('archives', AUTH_COOKIE), - '%grp/lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC), + '%grp/lists/members' => $this->make_hook('members', AUTH_COOKIE), + '%grp/lists/csv' => $this->make_hook('csv', AUTH_COOKIE), + '%grp/lists/annu' => $this->make_hook('annu', AUTH_COOKIE), + '%grp/lists/archives' => $this->make_hook('archives', AUTH_COOKIE), + '%grp/lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC), - '%grp/lists/moderate' => $this->make_hook('moderate', AUTH_MDP), - '%grp/lists/admin' => $this->make_hook('admin', AUTH_MDP), - '%grp/lists/options' => $this->make_hook('options', AUTH_MDP), - '%grp/lists/delete' => $this->make_hook('delete', AUTH_MDP), + '%grp/lists/moderate' => $this->make_hook('moderate', AUTH_MDP), + '%grp/lists/admin' => $this->make_hook('admin', AUTH_MDP), + '%grp/lists/options' => $this->make_hook('options', AUTH_MDP), + '%grp/lists/delete' => $this->make_hook('delete', AUTH_MDP), - '%grp/lists/soptions' => $this->make_hook('soptions', AUTH_MDP), - '%grp/lists/check' => $this->make_hook('check', AUTH_MDP), - '%grp/lists/sync' => $this->make_hook('sync', AUTH_MDP), + '%grp/lists/soptions' => $this->make_hook('soptions', AUTH_MDP), + '%grp/lists/check' => $this->make_hook('check', AUTH_MDP), + '%grp/lists/sync' => $this->make_hook('sync', AUTH_MDP), - '%grp/alias/admin' => $this->make_hook('aadmin', AUTH_MDP, 'groupadmin'), - '%grp/alias/create' => $this->make_hook('acreate', AUTH_MDP, 'groupadmin'), + '%grp/alias/admin' => $this->make_hook('aadmin', AUTH_MDP, 'groupadmin'), + '%grp/alias/create' => $this->make_hook('acreate', AUTH_MDP, 'groupadmin'), /* hack: lists uses that */ - 'profile' => $this->make_hook('profile', AUTH_PUBLIC), + 'profile' => $this->make_hook('profile', AUTH_PUBLIC), ); } function prepare_client(&$page) { global $globals; - - require_once dirname(__FILE__).'/lists/lists.inc.php'; + Platal::load('lists', 'lists.inc.php'); $this->client = new MMList(S::v('uid'), S::v('password'), $globals->asso('mail_domain')); @@ -79,15 +79,19 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/index.tpl'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe(Get::v('del')); pl_redirect('lists'); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe(Get::v('add')); pl_redirect('lists'); } if (Post::has('del_alias') && may_update()) { + S::assert_xsrf_token(); + $alias = Post::v('del_alias'); // prevent group admin from erasing aliases from other groups $alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain'); @@ -96,11 +100,11 @@ class XnetListsModule extends ListsModule USING x4dat.virtual AS v LEFT JOIN x4dat.virtual_redirect AS r USING(vid) WHERE v.alias={?}', $alias); - $page->trig(Post::v('del_alias')." supprimé !"); + $page->trigSuccess(Post::v('del_alias')." supprimé !"); } $listes = $this->client->get_lists(); - $page->assign('listes',$listes); + $page->assign('listes', $listes); $alias = XDB::iterator( 'SELECT alias,type @@ -111,6 +115,13 @@ class XnetListsModule extends ListsModule $page->assign('alias', $alias); $page->assign('may_update', may_update()); + + if (count($listes) > 0 && !$globals->asso('has_ml')) { + XDB::execute("UPDATE groupex.asso + SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'has_ml') + WHERE id = {?}", + $globals->asso('id')); + } } function handler_create(&$page) @@ -125,17 +136,19 @@ class XnetListsModule extends ListsModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } if (!Post::has('liste')) { - $page->trig('champs «addresse souhaitée» vide'); + $page->trigError('champs «adresse souhaitée» vide'); return; } $liste = strtolower(Post::v('liste')); if (!preg_match("/^[a-zA-Z0-9\-]*$/", $liste)) { - $page->trig('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets'); + $page->trigError('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets'); return; } @@ -143,18 +156,18 @@ class XnetListsModule extends ListsModule $res = XDB::query('SELECT alias FROM x4dat.virtual WHERE alias={?}', $new); if ($res->numRows()) { - $page->trig('cet alias est déjà pris'); + $page->trigError('cet alias est déjà pris'); return; } if (!Post::v('desc')) { - $page->trig('le sujet est vide'); + $page->trigError('le sujet est vide'); return; } $ret = $this->client->create_list( $liste, utf8_decode(Post::v('desc')), Post::v('advertise'), Post::v('modlevel'), Post::v('inslevel'), - array(S::v('forlife')), array(S::v('forlife'))); + array(S::user()->forlifeEmail()), array(S::user()->forlifeEmail())); $dom = strtolower($globals->asso("mail_domain")); $red = $dom.'_'.$liste; @@ -166,13 +179,21 @@ class XnetListsModule extends ListsModule } foreach (array('', 'owner', 'admin', 'bounces', 'unsubscribe') as $app) { $mdir = $app == '' ? '+post' : '+' . $app; - $app = '-' . $app; + if (!empty($app)) { + $app = '-' . $app; + } XDB::execute('INSERT INTO x4dat.virtual (alias,type) VALUES({?},{?})', $liste. $app . '@'.$dom, 'list'); XDB::execute('INSERT INTO x4dat.virtual_redirect (vid,redirect) VALUES ({?}, {?})', XDB::insertId(), $red . $mdir . '@listes.polytechnique.org'); } + + XDB::execute("UPDATE groupex.asso + SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'has_ml') + WHERE id = {?}", + $globals->asso('id')); + pl_redirect('lists/admin/'.$liste); } @@ -187,6 +208,7 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/sync.tpl'); if (Env::has('add')) { + S::assert_xsrf_token(); $this->client->mass_subscribe($liste, array_keys(Env::v('add'))); } @@ -232,6 +254,8 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/alias-admin.tpl'); if (Env::has('add_member')) { + S::assert_xsrf_token(); + $add = Env::v('add_member'); if (strstr($add, '@')) { list($mbox,$dom) = explode('@', strtolower($add)); @@ -252,9 +276,9 @@ class XnetListsModule extends ListsModule SELECT vid, {?} FROM x4dat.virtual WHERE alias={?}", "$alias@m4x.org", $lfull); - $page->trig("$alias@m4x.org ajouté"); + $page->trigSuccess("$alias@m4x.org ajouté"); } else { - $page->trig("$mbox@{$globals->mail->domain} n'existe pas."); + $page->trigError("$mbox@{$globals->mail->domain} n'existe pas."); } } else { XDB::query( @@ -262,11 +286,12 @@ class XnetListsModule extends ListsModule SELECT vid,{?} FROM x4dat.virtual WHERE alias={?}", "$mbox@$dom", $lfull); - $page->trig("$mbox@$dom ajouté"); + $page->trigSuccess("$mbox@$dom ajouté"); } } if (Env::has('del_member')) { + S::assert_xsrf_token(); XDB::query( "DELETE FROM x4dat.virtual_redirect USING x4dat.virtual_redirect @@ -306,16 +331,18 @@ class XnetListsModule extends ListsModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } if (!Post::has('liste')) { - $page->trig('champs «addresse souhaitée» vide'); + $page->trigError('champs «adresse souhaitée» vide'); return; } $liste = Post::v('liste'); if (!preg_match("/^[a-zA-Z0-9\-\.]*$/", $liste)) { - $page->trig('le nom de l\'alias ne doit contenir que des lettres,' - .' chiffres, tirets et points'); + $page->trigError('le nom de l\'alias ne doit contenir que des lettres,' + .' chiffres, tirets et points'); return; } @@ -323,7 +350,7 @@ class XnetListsModule extends ListsModule $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new); $n = $res->fetchOneCell(); if ($n) { - $page->trig('cet alias est déjà pris'); + $page->trigError('cet alias est déjà pris'); return; }