- Add an anti-XSRF framework, and add protection to most pages -VZA
- Add a 'disallow all' robots.txt in development working copies. -VZA
+ * Forums:
+ - Can choose the color of the branches -FRU
+
Bug/Wish:
* Admin:
* Core:
- Fix email sending, correcting bugs introduced in r1897 -VZA
+ - #832: Always include the url in bug reports -ALK
- #841: Improves contrast of links in legends in skin 'Espace' -FRU
- #844: Uses INT in MySQL to store user ids -VZA
- #851: Adds a direct link to GApps for gapps-active users -VZA
}
// la table des notifs est nettoyée
-$eight_days_ago = date("YmdHis",mktime() - 8*24*60*60);
+$eight_days_ago = date("YmdHis", time() - 8*24*60*60);
query("DELETE FROM watch_ops WHERE known<$eight_days_ago");
query("DELETE FROM register_pending WHERE TO_DAYS(NOW()) - TO_DAYS(date) >= 365");
-query("delete from register_pending WHERE hash = 'INSCRIT'");
+query("DELETE FROM register_pending WHERE hash = 'INSCRIT'");
// quelques tables sont triées pour que la lecture triée soit plus facile
-query("alter table applis_def order by text");
-query("alter table binets_def order by text");
-query("alter table groupesx_def order by text");
-query("alter table secteur order by text");
-query("alter table sections order by text");
+query("ALTER TABLE applis_def ORDER BY text");
+query("ALTER TABLE binets_def ORDER BY text");
+query("ALTER TABLE groupesx_def ORDER BY text");
+query("ALTER TABLE secteur ORDER BY text");
+query("ALTER TABLE sections ORDER BY text");
+// Prunes older autocomplete queries.
+query("DELETE FROM search_autocomplete WHERE generated < DATE_SUB(NOW(), INTERVAL 1 DAY)");
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
$sub = array();
$sub['liste des groupes'] = 'plan';
$sub['documentation'] = 'Xnet';
- $sub['signaler un bug'] = array('href' => 'send_bug', 'class' => 'popup_840x600');
+ $sub['signaler un bug'] = array('href' => 'send_bug/'.$_SERVER['REQUEST_URI'], 'class' => 'popup_840x600');
$menu["no_title"] = $sub;
$perms = S::v('perms');
div.contact div.identity {
float: left;
- width: 90%;
+ width: 89%;
}
div.contact div.nom {
div.contact div.bits {
text-align: right;
float: right;
+ width: 10%;
}
div.contact div.long {
}
div.long table { width: 100%; }
-div.long td.lt { width: 35%; font-style: italic; }
-div.long td.rt { width: 65%; }
+div.long td.lt { width: 18%; font-style: italic; }
+div.long td.rt { width: 82%; }
/*******************************************************************************
6 Profil
div.contact div.identity {
float: left;
- width: 70%;
+ width: 89%;
}
div.contact div.nom {
padding-left: 2px;
}
+div.contact div.nom a {
+ text-decoration: none;
+ font-size: 100%;
+}
+
div.contact div.appli {
}
}
div.long table { width: 100%; }
-div.long td.lt { width: 25%; font-style: italic; }
-div.long td.rt { width: 75%; }
+div.long td.lt { width: 15%; font-style: italic; }
+div.long td.rt { width: 85%; }
/*******************************************************************************
6 Profil
// Get user profile from SQL
$req = XDB::query("SELECT nom, mail, sig,
- FIND_IN_SET('threads',flags), FIND_IN_SET('automaj',flags)
+ FIND_IN_SET('threads',flags), FIND_IN_SET('automaj',flags),
+ tree_unread, tree_read
FROM {$globals->banana->table_prefix}profils
WHERE uid={?}", S::i('uid'));
- if (!(list($nom,$mail,$sig,$disp,$maj) = $req->fetchOneRow())) {
+ if (!(list($nom, $mail, $sig, $disp, $maj, $unread, $read) = $req->fetchOneRow())) {
$nom = S::v('prenom')." ".S::v('nom');
$mail = S::v('forlife')."@" . $globals->mail->domain;
$sig = $nom." (".S::v('promo').")";
$disp = 0;
$maj = 1;
+ $unread = 'o';
+ $read = 'dg';
}
if ($maj) {
$time = time();
Banana::$profile['autoup'] = $maj;
Banana::$profile['lastnews'] = S::v('banana_last');
Banana::$profile['subscribe'] = $req->fetchColumn();
+ Banana::$tree_unread = $unread;
+ Banana::$tree_read = $read;
// Update the "unread limit"
if (!is_null($time)) {
global $globals;
$page = Platal::page();
- if (Post::has('action') && Post::has('banananame') && Post::has('bananasig')
- && Post::has('bananadisplay') && Post::has('bananamail')
- && Post::has('bananaupdate') && Post::v('action')=="Enregistrer" ) {
- $flags = new PlFlagSet();
+ $colors = glob(dirname(__FILE__) . '/../../htdocs/images/banana/m2*.gif');
+ foreach ($colors as $key=>$path) {
+ $path = basename($path, '.gif');
+ $colors[$key] = substr($path, 2);
+ }
+ $page->assign('colors', $colors);
+
+ if (Post::has('action') && Post::v('action') == 'Enregistrer') {
+ S::assert_xsrf_token();
+ $flags = new FlagSet();
if (Post::b('bananadisplay')) {
$flags->addFlag('threads');
}
if (Post::b('bananaxface')) {
$flags->addFlag('xface');
}
- if (XDB::execute("REPLACE INTO forums.profils (uid, sig, mail, nom, flags)
- VALUES ({?}, {?}, {?}, {?}, {?})",
- S::v('uid'), Post::v('bananasig'),
- Post::v('bananamail'), Post::v('banananame'),
- $flags)) {
+ $unread = Post::s('unread');
+ $read = Post::s('read');
+ if (!in_array($unread, $colors) || !in_array($read, $colors)) {
+ $page->trigError('Le choix de type pour l\'arborescence est invalide');
+ } elseif (XDB::execute("REPLACE INTO forums.profils (uid, sig, mail, nom, flags, tree_unread, tree_read)
+ VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?})",
+ S::v('uid'), Post::v('bananasig'),
+ Post::v('bananamail'), Post::v('banananame'),
+ $flags, $unread, $read)) {
$page->trigSuccess("Ton profil a été enregistré avec succès.");
} else {
$page->trigError("Une erreur s'est produite lors de l'enregistrement de ton profil");
SELECT nom, mail, sig,
FIND_IN_SET('threads', flags),
FIND_IN_SET('automaj', flags),
- FIND_IN_SET('xface', flags)
+ FIND_IN_SET('xface', flags),
+ tree_unread,
+ tree_read
FROM forums.profils
WHERE uid = {?}", S::v('uid'));
- if (!(list($nom, $mail, $sig, $disp, $maj, $xface) = $req->fetchOneRow())) {
+ if (!(list($nom, $mail, $sig, $disp, $maj, $xface, $unread, $read) = $req->fetchOneRow())) {
$nom = S::v('prenom').' '.S::v('nom');
$mail = S::v('forlife').'@'.$globals->mail->domain;
$sig = $nom.' ('.S::v('promo').')';
$disp = 0;
$maj = 0;
$xface = 0;
+ $unread = 'o';
+ $read = 'dg';
}
$page->assign('nom' , $nom);
$page->assign('mail', $mail);
$page->assign('disp', $disp);
$page->assign('maj', $maj);
$page->assign('xface', $xface);
+ $page->assign('unread', $unread);
+ $page->assign('read', $read);
return null;
}
}
$sig = $nom . ' (' . S::v('promo') . ')';
Banana::$msgedit_headers['X-Org-Mail'] = S::v('forlife') . '@' . $globals->mail->domain;
+ // Tree color
+ $req = XDB::query("SELECT tree_unread, tree_read
+ FROM {$globals->banana->table_prefix}profils
+ WHERE uid={?}", S::i('uid'));
+ if (!(list($unread, $read) = $req->fetchOneRow())) {
+ $unread = 'o';
+ $read = 'dg';
+ }
+ Banana::$tree_unread = $unread;
+ Banana::$tree_read = $read;
+
// Build user profile
Banana::$profile['headers']['From'] = "$nom <$mail>";
Banana::$profile['headers']['Organization'] = make_Organization();
function __construct($forlife, $params = null)
{
+ ini_set('memory_limit', '128M');
+
global $globals;
ModerationBanana::$client = $params['client'];
ModerationBanana::$listname = $params['listname'];
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************/
-function __autoload($cls)
-{
- if (!pl_autoload($cls)) {
- $cls = strtolower($cls);
- if (substr($cls, -3, 3) == 'req') {
- @include 'validations.inc.php';
- return;
- } else if (substr($cls, 0, 6) == 'banana') {
- require_once 'banana/banana.inc.php';
- Banana::load(substr($cls, 6));
- return;
- }
- @include "$cls.inc.php";
+function smarty_function_xsrf_token_field($params, &$smarty) {
+ if (S::has('xsrf_token')) {
+ return '<div style="display: none"><input type="hidden" name="token" value="' . S::v('xsrf_token') . '" /></div>';
}
+ return '';
}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
public $evt;
public $evt_intitule;
- public $rules = "Laisser la validation à un trésorier";
+ public $rules = "Vérifier que les balises <salutation>, <prenom>, <nom> et <montant> n'ont pas été modifiées.
+Vérifier que le demandeur n'a pas laissé les crochets [].
+Si le télépaiement n'est pas lié à un groupe ou supérieur à 51 euros, laisser la validation à un trésorier";
// }}}
// {{{ constructor
$user['forlife'].'@'.$globals->mail->domain2);
$user['virtualalias'] = $res->fetchOneCell();
- $user['gpxs_vcardjoin'] = join(',', array_map(array('VCard', 'text_encode'), $user['gpxs_name']));
- $user['binets_vcardjoin'] = join(',', array_map(array('VCard', 'text_encode'), $user['binets']));
+ $user['gpxs_vcardjoin'] = join(', ', array_map(array('VCard', 'text_encode'), $user['gpxs_name']));
+ $user['binets_vcardjoin'] = join(', ', array_map(array('VCard', 'text_encode'), $user['binets']));
// get photo
if ($this->photos) {
$res = XDB::query(
'special' => true);
}
- $exclude = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' ';
+ $exclude = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' ';
$priority = rand(0, 510);
do {
$priority = (int)($priority/2);
} elseif ($action && (!trim($texte) || !trim($titre))) {
$page->trigError("L'article doit avoir un titre et un contenu");
} elseif ($action) {
+ S::assert_xsrf_token();
+
require_once 'validations.inc.php';
$evtreq = new EvtReq($titre, $texte, $promo_min, $promo_max,
$peremption, $valid_mesg, S::v('uid'), $upload);
}
if (Post::v('action') == 'Pas d\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
XDB::execute("DELETE FROM evenements_photo WHERE eid = {?}", $eid);
$action = 'edit';
} elseif (Post::v('action') == 'Supprimer l\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
$action = 'edit';
} elseif (Post::v('action') == "Proposer" && $eid) {
+ S::assert_xsrf_token();
$promo_min = Post::i('promo_min');
$promo_max = Post::i('promo_max');
if (($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) ||
} else {
switch ($action) {
case 'delete':
+ S::assert_xsrf_token();
XDB::execute('DELETE from evenements
WHERE id = {?}', $eid);
break;
case "archive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",archive")
WHERE id = {?}', $eid);
break;
case "unarchive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"archive","")
WHERE id = {?}', $eid);
break;
case "valid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",valide")
WHERE id = {?}', $eid);
break;
case "unvalid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"valide", "")
WHERE id = {?}', $eid);
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe(Get::v('del'));
pl_redirect('lists');
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe(Get::v('add'));
pl_redirect('lists');
}
if (Post::has('promo_add')) {
+ S::assert_xsrf_token();
+
$promo = Post::i('promo_add');
if ($promo >= 1900 and $promo < 2100) {
$this->client->subscribe("promo$promo");
$page->trigSuccess("promo incorrecte, il faut une promo sur 4 chiffres.");
}
}
+
$listes = $this->client->get_lists();
$owner = array_filter($listes, 'filter_owner');
$listes = array_diff_key($listes, $owner);
header('Content-Type: text/html; charset="UTF-8"');
$domain = $this->prepare_client($page);
$page->changeTpl('lists/liste.inc.tpl', NO_SKIN);
+ S::assert_xsrf_token();
+
if (Get::has('unsubscribe')) {
$this->client->unsubscribe($list);
}
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$asso = Post::v('asso');
$page->changeTpl('lists/members.tpl');
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe($liste);
pl_redirect('lists/members/'.$liste);
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe($liste);
pl_redirect('lists/members/'.$liste);
}
$this->prepare_client($page);
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe($liste);
pl_redirect('lists/annu/'.$liste);
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe($liste);
pl_redirect('lists/annu/'.$liste);
}
$page->register_modifier('hdc', 'list_header_decode');
if (Env::has('sadd') || Env::has('sdel')) {
+ S::assert_xsrf_token();
+
if (Env::has('sadd')) { /* 4 = SUBSCRIBE */
$sub = $this->client->get_pending_sub($liste, Env::v('sadd'));
$this->client->handle_request($liste,Env::v('sadd'),4,'');
}
if (Post::has('moderate_mails') && Post::has('select_mails')) {
+ S::assert_xsrf_token();
+
$mails = array_keys(Post::v('select_mails'));
foreach($mails as $mail) {
$this->moderate_mail($domain, $liste, $mail);
$page->changeTpl('lists/admin.tpl');
if (Env::has('send_mark')) {
+ S::assert_xsrf_token();
+
$actions = Env::v('mk_action');
$uids = Env::v('mk_uid');
$mails = Env::v('mk_email');
}
if (Env::has('add_member')) {
+ S::assert_xsrf_token();
+
require_once('user.func.inc.php');
$members = get_users_forlife_list(Env::v('add_member'),
false,
}
if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ S::assert_xsrf_token();
+
$upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true);
if (!$upload) {
$page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
}
if (Env::has('del_member')) {
+ S::assert_xsrf_token();
+
if (strpos(Env::v('del_member'), '@') === false) {
$this->client->mass_unsubscribe(
$liste, array(Env::v('del_member').'@'.$globals->mail->domain));
}
if (Env::has('add_owner')) {
+ S::assert_xsrf_token();
+
require_once('user.func.inc.php');
$owners = get_users_forlife_list(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback'));
if ($owners) {
}
if (Env::has('del_owner')) {
+ S::assert_xsrf_token();
+
if (strpos(Env::v('del_owner'), '@') === false) {
$this->client->del_owner($liste, Env::v('del_owner').'@'.$globals->mail->domain);
} else {
$page->changeTpl('lists/options.tpl');
if (Post::has('submit')) {
+ S::assert_xsrf_token();
+
$values = $_POST;
$values = array_map('utf8_decode', $values);
$spamlevel = intval($values['bogo_level']);
}
$this->client->set_owner_options($liste, $values);
} elseif (isvalid_email(Post::v('atn_add'))) {
+ S::assert_xsrf_token();
$this->client->add_to_wl($liste, Post::v('atn_add'));
} elseif (Get::has('atn_del')) {
+ S::assert_xsrf_token();
$this->client->del_from_wl($liste, Get::v('atn_del'));
pl_redirect('lists/options/'.$liste);
}
$page->changeTpl('lists/delete.tpl');
if (Post::v('valid') == 'OUI') {
+ S::assert_xsrf_token();
+
if ($this->client->delete_list($liste, Post::b('del_archive'))) {
foreach (array('', '-owner', '-admin', '-bounces', '-unsubscribe') as $app) {
XDB::execute("DELETE FROM $table
$page->changeTpl('lists/soptions.tpl');
if (Post::has('submit')) {
+ S::assert_xsrf_token();
+
$values = $_POST;
$values = array_map('utf8_decode', $values);
unset($values['submit']);
$page->changeTpl('lists/check.tpl');
if (Post::has('correct')) {
+ S::assert_xsrf_token();
$this->client->check_options($liste, true);
}
}
if ($action == 'del') {
+ S::assert_xsrf_token();
Marketing::clear($uid, $value);
}
}
if ($action == 'relforce') {
+ S::assert_xsrf_token();
+
$market = Marketing::get($uid, Post::v('to'));
if (is_null($market)) {
$market = new Marketing($uid, Post::v('to'), 'default', null, 'staff');
}
if ($action == 'insrel') {
+ S::assert_xsrf_token();
if (Marketing::relance($uid)) {
$page->trigSuccess('relance faite');
}
$email = valide_email(Post::v('mail'));
}
if (Post::has('valide') && isvalid_email_redirection($email)) {
+ S::assert_xsrf_token();
+
// security stuff
check_email($email, "Proposition d'une adresse surveillee pour " . $user['forlife'] . " par " . S::v('forlife'));
$res = XDB::query("SELECT e.flags
$page->assign('promo', $promo);
if (Post::has('valide')) {
+ S::assert_xstf_token();
$email = trim(Post::v('mail'));
if (!isvalid_email_redirection($email)) {
if (!may_update()) {
return PL_FORBIDDEN;
}
+ S::assert_xsrf_token();
$res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements
WHERE eid = {?} AND asso_id = {?}",
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$moments = Post::v('moment', array());
$page->assign('moments', $moments);
if (Post::v('intitule')) {
+ S::assert_xsrf_token();
+
require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
$short_name = event_change_shortname($page, $eid,
$infos['short_name'],
}
if (may_update() && Post::v('adm')) {
+ S::assert_xsrf_token();
+
$member = get_infos(Post::v('mail'));
if (!$member) {
$page->trigError("Membre introuvable");
$page->changeTpl('xnetlists/index.tpl');
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe(Get::v('del'));
pl_redirect('lists');
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe(Get::v('add'));
pl_redirect('lists');
}
if (Post::has('del_alias') && may_update()) {
+ S::assert_xsrf_token();
+
$alias = Post::v('del_alias');
// prevent group admin from erasing aliases from other groups
$alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain');
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if (!Post::has('liste')) {
$page->changeTpl('xnetlists/sync.tpl');
if (Env::has('add')) {
+ S::assert_xsrf_token();
$this->client->mass_subscribe($liste, array_keys(Env::v('add')));
}
$page->changeTpl('xnetlists/alias-admin.tpl');
if (Env::has('add_member')) {
+ S::assert_xsrf_token();
+
$add = Env::v('add_member');
if (strstr($add, '@')) {
list($mbox,$dom) = explode('@', strtolower($add));
}
if (Env::has('del_member')) {
+ S::assert_xsrf_token();
XDB::query(
"DELETE FROM x4dat.virtual_redirect
USING x4dat.virtual_redirect
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if (!Post::has('liste')) {
</p>
<form action="banana/profile" method="post">
+ {xsrf_token_field}
<table class="bicol" cellpadding="3" cellspacing="0" summary="Configuration de Banana">
<tr>
<th colspan="2">Profil Banana</th>
</td>
</tr>
<tr class="pair">
+ <td class="titre">Aspect de l'arborescence</td>
+ <td>
+ {foreach from=$colors item=color}
+ <label>non-lu <input type="radio" name="unread" value="{$color}" {if $unread eq $color}checked="checked"{/if} /></label>
+ <img src="images/banana/m2{$color}.gif" alt="{$color}" />
+ <label><input type="radio" name="read" value="{$color}" {if $read eq $color}checked="checked"{/if} /> lu</label>
+ <br />
+ {/foreach}
+ </td>
+ </tr>
+ <tr class="pair">
<td class="titre">Mise à jour des messages non lus</td>
<td>
<input type="radio" name="bananaupdate" value="1"
Ma liste personnelle de contacts
</h1>
-<div>
-Ajouter la personne suivante à ma liste de contacts :
-<div style="float: right">
-<form id="add_user" action="carnet/contacts" method="post">
- {xsrf_token_field}
- <div>
- <input type="hidden" name="action" value="ajouter" />
- <input type="text" size="30" name="user" class="quick_search"
- value="ajouter prenom.nom"
- onfocus="if (this.value == 'ajouter prenom.nom') this.value=''"
- onblur="if (this.value == '') this.value='ajouter prenom.nom'"
- size="20" maxlength="70"/>
- <a href="" onclick="document.getElementById('add_user').submit(); return false;">
- {icon name=add title="Ajouter la personne"}
- </a>
+<p>
+ <div style="float: right">
+ <form id="add_user" action="carnet/contacts" method="post">
+ {xsrf_token_field}
+ <div>
+ <input type="hidden" name="action" value="ajouter" />
+ <input type="text" size="30" name="user" class="quick_search"
+ value="ajouter prenom.nom"
+ onfocus="if (this.value == 'ajouter prenom.nom') this.value=''"
+ onblur="if (this.value == '') this.value='ajouter prenom.nom'"
+ size="20" maxlength="70"/>
+ <a href="" onclick="document.getElementById('add_user').submit(); return false;">
+ {icon name=add title="Ajouter la personne"}
+ </a>
+ </div>
+ </form>
</div>
+ Ajouter à tes contacts :
</p>
-</form>
-</div>
-</div>
<p style="clear: both">
- Tu peux également rajouter des camarades dans tes contacts lors d'une recherche dans l'annuaire :
- il te suffit de cliquer sur l'icône {icon name=add} en face de son nom dans les résultats !
-</p>
+ Tu peux également ajouter un(e) camarade à tes contacts en cliquant sur l'icône {icon name=add} en
+ face de son nom dans les résultats d'une recherche dans l'annuaire !
+</p>
-{if $plset_count || $smarty.request.quick}
<p>
-Pour récupérer ta liste de contacts dans un PDF imprimable :<br />
-(attention, les photos font beaucoup grossir les fichiers !)
+ Tu peux télécharger des informations sur tes contacts :
</p>
+{if $plset_count || $smarty.request.quick}
<ul>
- <li>avec les photos :
- [<a href="carnet/contacts/pdf/promo/photos/mescontacts.pdf" class='popup'><strong>tri par promo</strong></a>]
- [<a href="carnet/contacts/pdf/photos/mescontacts.pdf" class='popup'><strong>tri par noms</strong></a>]
- </li>
- <li>sans les photos :
+ <li>Tes contacts en PDF, sans les photos :
[<a href="carnet/contacts/pdf/promo/mescontacts.pdf" class='popup'><strong>tri par promo</strong></a>]
[<a href="carnet/contacts/pdf/mescontacts.pdf" class='popup'><strong>tri par noms</strong></a>]
</li>
-</ul>
-
-<p>
- Tu peux télécharger des informations sur tes contacts :
-</p>
-<ul>
+ <li>Avec les photos (attention fichier plus gros) :
+ [<a href="carnet/contacts/pdf/promo/photos/mescontacts.pdf" class='popup'><strong>tri par promo</strong></a>]
+ [<a href="carnet/contacts/pdf/photos/mescontacts.pdf" class='popup'><strong>tri par noms</strong></a>]
+ </li>
<li>
{icon name=calendar_view_day title='Anniversaires'}
<a href="carnet/contacts/ical/{$smarty.session.forlife}/{$smarty.session.core_rss_hash}/anniv-x.ics" title="Anniversaires">
</div>
</form>
</div>
- Tu peux faire une recherche sur tes contacts :
+ Rechercher dans tes contacts :
</p>
{include file="core/plset.tpl"}
<option value="wish">Souhait</option>\r
<option value="help">Aide/Dépannage</option>\r
</select>\r
- Sujet : <input type="text" name="item_summary" id="flyspray_title" value="sur la page {$smarty.server.HTTP_REFERER}" size="50" maxlength="100"/>\r
+ Sujet : <input type="text" name="item_summary" id="flyspray_title" value="sur la page { $location }" size="50" maxlength="100"/>\r
<textarea name="detailed_desc" id="flyspray_detail" cols="70" rows="10" style="width:100%;margin-top:10px;margin-bottom:10px;height:400px;display:block;" onFocus="cleanContent()" onBlur="fillContent()"></textarea>\r
<input type="hidden" name="page" value="{$smarty.server.HTTP_REFERER|default:$smarty.request.page}" />\r
<div class="center">\r
{if strlen(trim($vcard.freetext)) == 0}
NOTE:(X{$vcard.promo})
{else}
-NOTE:(X{$vcard.promo})\n{$vcard.freetext|vcard_enc}
+NOTE:(X{$vcard.promo})\n{$vcard.freetext|miniwiki:'no_title':'text'|vcard_enc}
{/if}
{if $vcard.section}
X-SECTION:{$vcard.section}
<td class="right">{if !$ev.fvalide}<strong>{/if}{$ev.peremption}{if !$ev.fvalide}</strong>{/if}</td>
<td class="right" style="width: 42px">
{if $arch}
- <a href="admin/events/unarchive/{$ev.id}">{icon name=package_delete title="Désarchiver"}</a><br />
+ <a href="admin/events/unarchive/{$ev.id}?token={xsrf_token}">{icon name=package_delete title="Désarchiver"}</a><br />
{else}
{if $ev.fvalide}
- <a href="admin/events/unvalid/{$ev.id}">{icon name=thumb_down title="Invalider"}</a>
- <a href="admin/events/archive/{$ev.id}">{icon name=package_add title="Archiver"}</a><br />
+ <a href="admin/events/unvalid/{$ev.id}?token={xsrf_token}">{icon name=thumb_down title="Invalider"}</a>
+ <a href="admin/events/archive/{$ev.id}?token={xsrf_token}">{icon name=package_add title="Archiver"}</a><br />
{else}
- <a href="admin/events/valid/{$ev.id}">{icon name=thumb_up title="Valider"}</a><br />
+ <a href="admin/events/valid/{$ev.id}?token={xsrf_token}">{icon name=thumb_up title="Valider"}</a><br />
{/if}
{/if}
<a href="admin/events/edit/{$ev.id}">{icon name=page_edit title="Editer"}</a>
- <a href="admin/events/delete/{$ev.id}">{icon name=delete title="Supprimer"}</a>
+ <a href="admin/events/delete/{$ev.id}?token={xsrf_token}">{icon name=delete title="Supprimer"}</a>
</td>
</tr>
{if $ev.preview}
<br />
<form action="{$platal->path}" method="post" enctype="multipart/form-data">
+ {xsrf_token_field}
<table class="bicol">
<tr>
<th colspan="2">Contenu de l'annonce</th>
{if $c.iso3166}
<img src='images/flags/{$c.iso3166}.gif' alt='{$c.nat}' height='11' title='{$c.nat}' />
{/if}
- (X {$c.promo}{if $c.app0text}, {applis_fmt type=$c.app0type text=$c.app0text url=$c.app0url}{*
- *}{/if}{if $c.app1text}, {applis_fmt type=$c.app1type text=$c.app1text url=$c.app1url}{/if})
- {if $c.dcd}décédé{if $c.sexe}e{/if} le {$c.deces|date_format}{/if}
- {if $smarty.session.auth ge AUTH_COOKIE}
- {if !$c.dcd && !$c.wasinscrit}
- <a href="marketing/public/{$c.user_id}" class='popup'>clique ici si tu connais son adresse email !</a>
- {/if}
- {/if}
+ X {$c.promo}{if $c.app0text}, {applis_fmt type=$c.app0type text=$c.app0text url=$c.app0url}{*
+ *}{/if}{if $c.app1text}, {applis_fmt type=$c.app1type text=$c.app1text url=$c.app1url}{/if}{*
+ *}{if $c.dcd}, décédé{if $c.sexe}e{/if} le {$c.deces|date_format}{/if}
</div>
</div>
{if hasPerm('admin')}
<div>
- {if !$c.wasinscrit && !$c.dcd}
- <a href="marketing/private/{$c.user_id}">{*
- *}{icon name=email title="marketter user"}</a>
- {/if}
- <a href="admin/user/{if $c.wasinscrit}{$c.forlife}{else}{$c.user_id}{/if}">{*
- *}{icon name=wrench title="administrer user"}</a>
- <a href="http://www.polytechniciens.com/?page=AX_FICHE_ANCIEN&anc_id={$c.matricule_ax}">{*
- *}{icon name=user_gray title="fiche AX"}</a>
+ [{if !$c.wasinscrit && !$c.dcd}
+ <a href="marketing/private/{$c.user_id}">{*
+ *}{icon name=email title="marketter user"}</a>
+ {/if}
+ <a href="admin/user/{if $c.wasinscrit}{$c.forlife}{else}{$c.user_id}{/if}">{*
+ *}{icon name=wrench title="administrer user"}</a>
+ <a href="http://www.polytechniciens.com/?page=AX_FICHE_ANCIEN&anc_id={$c.matricule_ax}">{*
+ *}{icon name=user_gray title="fiche AX"}</a>]
</div>
{/if}
</div>
{/if}
<div class="long">
- {if $c.wasinscrit}
+ {if $c.wasinscrit || !$c.dcd}
{if $c.web || $c.mobile || $c.countrytxt || $c.city || $c.region || $c.entreprise || $c.freetext || (!$c.dcd && !$c.actif )}
<table cellspacing="0" cellpadding="0">
{if $c.web}
<tr>
- <td class="lt">Page web:</td>
+ <td class="lt">Page web :</td>
<td class="rt"><a href="{$c.web}">{$c.web}</a></td>
</tr>
{/if}
{if $c.countrytxt || $c.city}
<tr>
- <td class="lt">Géographie:</td>
+ <td class="lt">Géographie :</td>
<td class="rt">{$c.city}{if $c.city && $c.countrytxt}, {/if}{$c.countrytxt}</td>
</tr>
{/if}
{if $c.mobile && !$c.dcd}
<tr>
- <td class="lt">Mobile:</td>
+ <td class="lt">Mobile :</td>
<td class="rt">{$c.mobile}</td>
</tr>
{/if}
{if $c.entreprise}
<tr>
- <td class="lt">Profession:</td>
+ <td class="lt">Profession :</td>
<td class="rt">
{$c.entreprise} {if $c.secteur}({$c.secteur}){/if}
{if $c.fonction}<br />{$c.fonction}{/if}
{/if}
{if $c.freetext}
<tr>
- <td class="lt">Commentaire:</td>
+ <td class="lt">Commentaire :</td>
<td class="rt">{$c.freetext|nl2br}</td>
</tr>
{/if}
- {if !$c.dcd && !$c.actif && $c.wasinscrit && $smarty.session.auth ge AUTH_COOKIE}
+ {if !$c.dcd && (!$c.actif || !$c.wasinscrit) && $smarty.session.auth ge AUTH_COOKIE}
<tr>
<td class="smaller" colspan="2">
- Ce camarade n'a plus d'adresse de redirection valide.
+ {if !$c.wasinscrit}
+ Ce{if $c.sexe}tte{/if} camarade n'est pas inscrit{if $c.sexe}e{/if}.
+ <a href="marketing/public/{$c.user_id}" class='popup'>Si tu connais son adresse email,
+ <strong>n'hésite pas à nous la transmettre !</a>
+ {elseif !$c.actif}
+ Ce{if $c.sexe}tte{/if} camarade n'a plus d'adresse de redirection valide.
<a href="marketing/broken/{$c.forlife}">
- Si tu en connais une, <strong>n'hésite pas à nous la transmettre</strong>
+ Si tu en connais une, <strong>n'hésite pas à nous la transmettre</strong>.
</a>
+ {/if}
</td>
</tr>
{/if}
</script>
<form method="post" action='{$smarty.server.REQUEST_URI}'>
+ {xsrf_token_field}
<table class="bicol">
{foreach from=$unregistered key=login item=it}
<tr class="{cycle values="pair,impair"}">
</h1>
<form method='post' action='{$smarty.server.REQUEST_URI}'>
+ {xsrf_token_field}
<table class='tinybicol' cellpadding='0' cellspacing='0'>
{foreach from=$owners item=xs key=promo}
<tr>
</h1>
<form method='post' action='{$smarty.server.REQUEST_URI}' enctype="multipart/form-data">
+ {xsrf_token_field}
<table class='bicol' cellpadding='0' cellspacing='0'>
{foreach from=$members item=xs key=promo}
<tr>
{else}
{$x.l}
{/if}
- <a href='{$platal->pl_self(1)}?del_member={$x.l}'>{icon name=cross title='retirer membre'}</a>
+ <a href='{$platal->pl_self(1)}?del_member={$x.l}&token={xsrf_token}'>{icon name=cross title='retirer membre'}</a>
<br />
{/foreach}
</td>
{if $details.sub>1}
Tu es inscrit sur la liste.<br />
Te désinscrire :
- <a href='{$platal->pl_self(1)}?del=1'>{icon name=cross title="me désinscrire"}</a>
+ <a href='{$platal->pl_self(1)}?del=1&token={xsrf_token}'>{icon name=cross title="me désinscrire"}</a>
{elseif $details.sub eq 1}
Ta demande d'inscription est en cours de validation.
{else}
Tu n'es pas inscrit.<br />
Demander ton inscription :
- <a href="{$platal->pl_self(1)}?add=1">{icon name=add title="demander mon inscription"}</a>
+ <a href="{$platal->pl_self(1)}?add=1&token={xsrf_token}">{icon name=add title="demander mon inscription"}</a>
{/if}
</td>
</tr>
{/foreach}
</table>
<form action='{$platal->pl_self(1)}' method='post'>
+ {xsrf_token_field}
<div class='center'>
<br />
<input type='submit' name='correct' value='Corriger les valeurs !' />
</p>
<form action='lists/create' method='post' enctype="multipart/form-data">
+ {xsrf_token_field}
<table class='bicol' cellspacing='0' cellpadding='2'>
<tr>
<th colspan='5'>Caractéristiques de la liste</th>
</h1>
<form method='post' action='{$platal->pl_self(1)}'>
+ {xsrf_token_field}
<table class='tinybicol' cellpadding='2' cellspacing='0'>
<tr class='impair'>
<td>
{/if}
<form method='post' action='lists'>
+ {xsrf_token_field}
<table class='tinybicol' cellspacing='0' cellpadding='2'>
<tr>
<th colspan='2'>Inscription à une liste de diffusion promo</th>
{if $liste.subscriptions|@count}
<strong>• Demandes d'inscription</strong><br />
{foreach from=$liste.subscriptions item=s}
- <a href='{$platal->ns}lists/moderate/{$liste.list}?sadd={$s.id}'
- onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?sadd={$s.id}'));">
+ <a href='{$platal->ns}lists/moderate/{$liste.list}?sadd={$s.id}&token={xsrf_token}'
+ onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?sadd={$s.id}&token={xsrf_token}'));">
{icon name=add title="Accepter"}
</a>
<a href='{$platal->ns}lists/moderate/{$liste.list}?sid={$s.id}'>
<strong>• Demandes de modération</strong><br />
<span class="smaller">
{foreach from=$liste.mails item=m}
- <a href='{$platal->ns}lists/moderate/{$liste.list}?mid={$m.id}&mok=1'
- onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?mid={$m.id}&mok=1'));">
+ <a href='{$platal->ns}lists/moderate/{$liste.list}?mid={$m.id}&mok=1&token={xsrf_token}'
+ onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?mid={$m.id}&mok=1&token={xsrf_token}'));">
{icon name=add title="Valider le mail"}
</a>
- <a href='{$platal->ns}lists/moderate/{$liste.list}?mid={$m.id}&mdel=1'
- onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?mid={$m.id}&mdel=1'));">
+ <a href='{$platal->ns}lists/moderate/{$liste.list}?mid={$m.id}&mdel=1&token={xsrf_token}'
+ onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?mid={$m.id}&mdel=1&token={xsrf_token}'));">
{icon name=delete title="Spam"}
</a>
De : {$m.sender}<br />
<td class='right'>{$liste.nbsub}</td>
<td class='right'>
{if $liste.sub eq 2}
- <a href='{$platal->ns}lists?del={$liste.list}'
- onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?unsubscribe=1'));">
+ <a href='{$platal->ns}lists?del={$liste.list}&token={xsrf_token}'
+ onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?unsubscribe=1&token={xsrf_token}'));">
{icon name=cross title="me désinscrire"}
</a>
{elseif $liste.sub eq 1}
{icon name=flag_orange title='inscription en attente de modération'}
{else}
- <a href='{$platal->ns}lists?add={$liste.list}'
- onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?subscribe=1'));">
+ <a href='{$platal->ns}lists?add={$liste.list}&token={xsrf_token}'
+ onclick="return (is_IE || Ajax.update_html('list_{$liste.list}', '{$platal->ns}lists/ajax/{$liste.list}?subscribe=1&token={xsrf_token}'));">
{icon name=add title="m'inscrire"}
</a>
{/if}
{if $details.sub>1}
Tu es inscrit sur la liste.<br />
Te désinscrire :
- <a href='{$platal->pl_self(1)}?del=1'>{icon name=cross title="me désinscrire"}</a>
+ <a href='{$platal->pl_self(1)}?del=1&token={xsrf_token}'>{icon name=cross title="me désinscrire"}</a>
{elseif $details.sub eq 1}
Ta demande d'inscription est en cours de validation.
{else}
Tu n'es pas inscrit.<br />
Demander ton inscription :
- <a href="{$platal->pl_self(1)}?add=1">{icon name=add title="demander mon inscription"}</a>
+ <a href="{$platal->pl_self(1)}?add=1&token={xsrf_token}">{icon name=add title="demander mon inscription"}</a>
{/if}
</td>
</tr>
</td>
<td>{$s.addr}</td>
<td class='action'>
- <a href='{$platal->pl_self(1)}?sadd={$s.id}'>{icon name=add title="Valider l'inscription"}</a>
+ <a href='{$platal->pl_self(1)}?sadd={$s.id}&token={xsrf_token}'>{icon name=add title="Valider l'inscription"}</a>
<a href='{$platal->pl_self(1)}?sid={$s.id}'>{icon name=delete title="Refuser l'inscription"}</a>
</td>
</tr>
//]]></script>
<form method="post" action="{$platal->pl_self(1)}">
+{xsrf_token_field}
{if $with_fromx}
<table class="bicol" style="margin-bottom: 1ex">
<tr>
{$m.size} octets</small>
</td>
<td class='action'>
- <a href='{$platal->pl_self(1)}?mid={$m.id}&mok=1'>{icon name=add title="Accepter le message"}</a>
+ <a href='{$platal->pl_self(1)}?mid={$m.id}&mok=1&token={xsrf_token}'>{icon name=add title="Accepter le message"}</a>
</td>
<td class='action'>
<a href='{$platal->pl_self(1)}?mid={$m.id}'>{icon name=magnifier title="Voir le message"}</a><br/>
- <a href='{$platal->pl_self(1)}?mid={$m.id}&mdel=1'>{icon name=delete title="Spam !"}</a>
+ <a href='{$platal->pl_self(1)}?mid={$m.id}&mdel=1&token={xsrf_token}'>{icon name=delete title="Spam !"}</a>
</td>
</tr>
{/if}
{$m.size} octets</small>
</td>
<td class='action'>
- <a href='{$platal->pl_self(1)}?mid={$m.id}&mok=1'>{icon name=add title="Accepter le message"}</a>
+ <a href='{$platal->pl_self(1)}?mid={$m.id}&mok=1&token={xsrf_token}'>{icon name=add title="Accepter le message"}</a>
</td>
<td class='action'>
<a href='{$platal->pl_self(1)}?mid={$m.id}'>{icon name=magnifier title="Voir le message"}</a><br/>
- <a href='{$platal->pl_self(1)}?mid={$m.id}&mdel=1'>{icon name=delete title="Spam !"}</a>
+ <a href='{$platal->pl_self(1)}?mid={$m.id}&mdel=1&token={xsrf_token}'>{icon name=delete title="Spam !"}</a>
</td>
</tr>
{/if}
<h1>Refuser l'inscription d'un utilisateur</h1>
<form method='post' action='{$platal->pl_self(1)}'>
+ {xsrf_token_field}
<table class='tinybicol' cellpadding='0' cellspacing='0'>
<tr>
<th class='titre'>refuser l'inscription de :</th>
</h1>
<form method='post' action='{$platal->pl_self(1)}'>
+ {xsrf_token_field}
<table class='bicol' cellpadding='2' cellspacing='0'>
<tr><th colspan='2'>Options de la liste {$details.addr}</th></tr>
<tr class='impair'>
</p>
<form method='post' action='{$platal->pl_self(1)}'>
+ {xsrf_token_field}
<table class='tinybicol' cellpadding='2' cellspacing='0'>
<tr><th>Adresses non modérées</th></tr>
<tr>
<td>
{if $options.accept_these_nonmembers|@count}
{foreach from=$options.accept_these_nonmembers item=addr}
- {$addr}<a href='{$platal->pl_self(1)}&atn_del={$addr}'>
+ {$addr}<a href='{$platal->pl_self(1)}&atn_del={$addr}&token={xsrf_token}'>
{icon name=cross title="retirer de la whitelist"}
</a><br />
{/foreach}
</h1>
<form method='post' action='{$platal->pl_self(1)}'>
+ {xsrf_token_field}
<table class='bicol' cellpadding='2' cellspacing='0'>
<tr><th colspan='2'>Options de la liste {$details.addr}</th></tr>
<tr class='impair'>
</p>
<form method="post" action="{$platal->path}">
+ {xsrf_token_field}
<table class="bicol" summary="Fiche camarade">
<tr><th colspan="2">Proposition d'adresse pour<br />{$user.nom} {$user.prenom} (X{$user.promo})</th></tr>
<tr class="pair">
{/if}
</p>
-<p>[<a href='{$path}/insrel'>le relancer</a>]</p>
+<p>[<a href='{$path}/insrel?token={xsrf_token}'>le relancer</a>]</p>
{/if}
<td>{$a.last|date_format|default:'-'}</td>
<td class='center'>{$a.nb|default:"-"}</td>
<td class='action'>
- <a href='{$path}/del/{$a.email}'>del</a><br />
+ <a href='{$path}/del/{$a.email}?token={xsrf_token}'>del</a><br />
<a href='{$path}/rel/{$a.email}'>relance</a>
</td>
</tr>
{if $rel_to}
<form action="{$path}/relforce/{$email}" method="post">
+ {xsrf_token_field}
<table class="bicol">
<tr class="pair">
<th colspan="2">Edition du mail de relance</th>
</p>
<form method="post" action="{$platal->path}">
+ {xsrf_token_field}
<table class="bicol" summary="Fiche camarade">
<tr class="impair"><td>Nom :</td><td>{$nom}</td></tr>
<tr class="pair"><td>Prénom :</td><td>{$prenom}</td></tr>
{/foreach}
<form action="marketing/relance" method="post">
+ {xsrf_token_field}
<table class="bicol" summary="liste des inscriptions non confirmées">
<tr>
<th>Date</th>
{if $x.dcd}
Décédé{if $x.sexe}e{/if} le {$x.deces|date_format}
{elseif !$x.actif}
- Ce camarade n'a plus d'adresse de redirection valide,<br />
+ Ce{if $c.sexe}tte{/if} camarade n'a plus d'adresse de redirection valide,<br />
<a href="marketing/broken/{$x.forlife}" class="popup">clique ici si tu connais son adresse email !</a>
{elseif !$x.inscrit}
Cette personne n'est pas inscrite à Polytechnique.org,<br />
<div class="menu_item"><a href="nl">Lettres mensuelles</a></div>
<div class="menu_item"><a href="ax">Lettres de l'AX</a></div>
<div class="menu_item"><a href="Xorg/NousContacter">Nous contacter</a></div>
-<div class="menu_item"><a href="send_bug" class="popup2">Signaler un bug</a></div>
+<div class="menu_item"><a href="send_bug/{ $smarty.server.REQUEST_URI }" class="popup2">Signaler un bug</a></div>
{if hasPerm('admin')}
<div class="menu_title">***</div>
{elseif $survey_message neq ""}
{$survey_message}
{else}
-Une erreur inconnue est survenue dans l'édition de ce sondage. N'hésite pas à <a href='send_bug'>signaler ce bug</a> si il persiste.
+Une erreur inconnue est survenue dans l'édition de ce sondage. N'hésite pas à <a href='send_bug/{ $smarty.server.REQUEST_URI }'>signaler ce bug</a> si il persiste.
{/if}
<br/>
<a href="{$survey_link}">Retour</a>
<a href="Xnet/APropos">à propos de ce site</a> -
<a href="mailto:contact@polytechnique.org">nous contacter</a>
{if $smarty.session.auth}
- - <a href="send_bug" class="popup_840x600">signaler un bug</a>
+ - <a href="send_bug/{ $smarty.server.REQUEST_URI }" class="popup_840x600">signaler un bug</a>
{/if}
<br />
Plat/al {#globals.version#} - © Copyright 2000-2008 <a href="http://x-org.polytechnique.org/">Association Polytechnique.org</a>
</p>
<form action="{$platal->pl_self()}" method="post" id="inscription">
+ {xsrf_token_field}
<p class="descr">
<input type="hidden" name="adm" value="nbs" />
</p>
<form action="{$platal->pl_self()}" method="post" id="montant">
+ {xsrf_token_field}
<p class="descr">
<input type="hidden" name="adm" value="prix" />
Mail : <input name="mail" size="20" />
{/if}
<form method="post" action="{$platal->ns}events/edit/{$url_ref}">
+ {xsrf_token_field}
<table class='bicol' cellspacing='0' cellpadding='0'>
<colgroup>
<col width='25%' />
modifier
{icon name=date_edit title="Édition de l'événement"}</a>]
- [<a href="javascript:dynpostkv('{$platal->pl_self()}', {if !$archive}'archive'{else}'unarchive'{/if}, {$e.eid})">
+ [<a href="javascript:dynpostkv('{$platal->pl_self()}?token={xsrf_token}', {if !$archive}'archive'{else}'unarchive'{/if}, {$e.eid})">
{if !$archive}
archiver
{icon name=package_add title="Archivage"}</a>]
{icon name=package_delete title="Désarchivage"}</a>]
{/if}
- [<a href="javascript:dynpostkv('{$platal->ns}events', 'del', {$e.eid})"
+ [<a href="javascript:dynpostkv('{$platal->ns}events?token={xsrf_token}', 'del', {$e.eid})"
onclick="return confirm('Supprimer l\'événement effacera la liste des inscrits et des paiements.\n Es-tu sûr de vouloir supprimer l\'événement ?')">
supprimer
{icon name=delete title='Suppression'}</a>]
{/if}
<form action="{$platal->ns}events/sub/{$event.eid}" method="post">
+ {xsrf_token_field}
<table class="tiny" cellspacing="0" cellpadding="0">
{foreach from=$event.moments item=m}
<tr><th>{$m.titre} ({$m.montant} €)</th></tr>
{if $m.admin}</strong>{/if}
</td>
<td class="center">
- <a href='{$platal->ns}alias/admin/{$platal->argv[1]}?del_member={$m.redirect|urlencode}'>
+ <a href='{$platal->ns}alias/admin/{$platal->argv[1]}?del_member={$m.redirect|urlencode}&token={xsrf_token}'>
{icon name=delete title='retirer membre'}
</a>
</td>
<tr>
<td colspan="3" class="center">
<form method="post" action="{$platal->ns}alias/admin/{$platal->argv[1]}">
+ {xsrf_token_field}
<div>
<input type='text' name='add_member' />
de modération), il est recommandé de créer <a href="{$platal->ns}lists/create">une liste de diffusion</a>.
</p>
<form action='{$platal->ns}alias/create' method='post'>
+ {xsrf_token_field}
<table class='large'>
<tr>
<th colspan='2'>Caractéristiques de l'alias</th>
<a href="{$platal->ns}alias/create">un alias</a> qui, lui, est capable de regrouper plusieurs listes.
</p>
<form action='{$platal->ns}lists/create' method='post'>
+ {xsrf_token_field}
<table class="large">
<tr>
<th colspan='4'>Caractéristiques de la Liste</th>
<p class="error">Es-tu sûr de vouloir supprimer l'alias {$smarty.get.del_alias} ?</p>
<form action='{$platal->ns}lists' method="post">
+ {xsrf_token_field}
<div class="center">
<input type='submit' value="Oui, je suis sûr" />
<input type='hidden' name='del_alias' value="{$smarty.get.del_alias}" />
<td align='right'>{$l.nbsub}</td>
<td align='center'>
{if $l.sub eq 2}
- <a href="{$platal->ns}lists?del={$l.list}">{icon name=cross title="me désinscrire"}</a>
+ <a href="{$platal->ns}lists?del={$l.list}&token={xsrf_token}">{icon name=cross title="me désinscrire"}</a>
{elseif $l.sub eq 1}
{icon name=flag_orange title='inscription en attente de modération'}
{else}
- <a href="{$platal->ns}lists?add={$l.list}">{icon name=add title="m'inscrire"}</a>
+ <a href="{$platal->ns}lists?add={$l.list}&token={xsrf_token}">{icon name=add title="m'inscrire"}</a>
{/if}
</td>
</tr>
<h1>Non abonnés à la liste {$platal->argv[1]}@{$asso.mail_domain}</h1>
<form action="{$platal->ns}lists/sync/{$platal->argv[1]}" method="post">
-
+ {xsrf_token_field}
<table cellspacing="2" cellpadding="0" class="tiny">
<tr>
<th colspan="2">Membre</th>
--- /dev/null
+ALTER TABLE auth_user_quick MODIFY COLUMN last_version VARCHAR(16) NOT NULL DEFAULT '';
+
+# vim:set syntax=mysql:
--- /dev/null
+use forums;
+
+alter table profils
+ add column tree_unread varchar(8) not null default 'o',
+ add column tree_read varchar(8) not null default 'dg';
+
+use x4dat;
+
+# vim:set syntax=mysql:
--- /dev/null
+use logger;
+
+alter table events change column data data text default null;
+
+use x4dat;
+
+# vim:set syntax=mysql: