X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnetlists.php;h=a22bf1d12cd3ee9a04b6fe69c415368ef1af580c;hb=69f80f78a22a0f750a22d50843aab5937d627ba6;hp=f442fea24c1da22aeefe66a57eb4ea12dd9b21ee;hpb=527ccdb5d9e3a120168331f4aa3070f6c574228e;p=platal.git diff --git a/modules/xnetlists.php b/modules/xnetlists.php index f442fea..a22bf1d 100644 --- a/modules/xnetlists.php +++ b/modules/xnetlists.php @@ -19,7 +19,7 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once dirname(__FILE__).'/lists.php'; +Platal::load('lists'); class XnetListsModule extends ListsModule { @@ -32,6 +32,7 @@ class XnetListsModule extends ListsModule '%grp/lists/create' => $this->make_hook('create', AUTH_MDP, 'groupmember'), '%grp/lists/members' => $this->make_hook('members', AUTH_COOKIE), + '%grp/lists/csv' => $this->make_hook('csv', AUTH_COOKIE), '%grp/lists/annu' => $this->make_hook('annu', AUTH_COOKIE), '%grp/lists/archives' => $this->make_hook('archives', AUTH_COOKIE), '%grp/lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC), @@ -56,8 +57,7 @@ class XnetListsModule extends ListsModule function prepare_client(&$page) { global $globals; - - require_once dirname(__FILE__).'/lists/lists.inc.php'; + Platal::load('lists', 'lists.inc.php'); $this->client = new MMList(S::v('uid'), S::v('password'), $globals->asso('mail_domain')); @@ -79,15 +79,19 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/index.tpl'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe(Get::v('del')); pl_redirect('lists'); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe(Get::v('add')); pl_redirect('lists'); } if (Post::has('del_alias') && may_update()) { + S::assert_xsrf_token(); + $alias = Post::v('del_alias'); // prevent group admin from erasing aliases from other groups $alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain'); @@ -125,6 +129,8 @@ class XnetListsModule extends ListsModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } if (!Post::has('liste')) { @@ -154,7 +160,7 @@ class XnetListsModule extends ListsModule $ret = $this->client->create_list( $liste, utf8_decode(Post::v('desc')), Post::v('advertise'), Post::v('modlevel'), Post::v('inslevel'), - array(S::v('forlife')), array(S::v('forlife'))); + array(S::user()->forlifeEmail()), array(S::user()->forlifeEmail())); $dom = strtolower($globals->asso("mail_domain")); $red = $dom.'_'.$liste; @@ -189,6 +195,7 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/sync.tpl'); if (Env::has('add')) { + S::assert_xsrf_token(); $this->client->mass_subscribe($liste, array_keys(Env::v('add'))); } @@ -234,6 +241,8 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/alias-admin.tpl'); if (Env::has('add_member')) { + S::assert_xsrf_token(); + $add = Env::v('add_member'); if (strstr($add, '@')) { list($mbox,$dom) = explode('@', strtolower($add)); @@ -269,6 +278,7 @@ class XnetListsModule extends ListsModule } if (Env::has('del_member')) { + S::assert_xsrf_token(); XDB::query( "DELETE FROM x4dat.virtual_redirect USING x4dat.virtual_redirect @@ -308,6 +318,8 @@ class XnetListsModule extends ListsModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } if (!Post::has('liste')) {