if (!may_update()) {
return PL_FORBIDDEN;
}
+ S::assert_xsrf_token();
$res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements
WHERE eid = {?} AND asso_id = {?}",
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$moments = Post::v('moment', array());
$page->assign('moments', $moments);
if (Post::v('intitule')) {
+ S::assert_xsrf_token();
+
require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
$short_name = event_change_shortname($page, $eid,
$infos['short_name'],
}
if (may_update() && Post::v('adm')) {
+ S::assert_xsrf_token();
+
$member = get_infos(Post::v('mail'));
if (!$member) {
$page->trigError("Membre introuvable");
</p>
<form action="{$platal->pl_self()}" method="post" id="inscription">
+ {xsrf_token_field}
<p class="descr">
<input type="hidden" name="adm" value="nbs" />
</p>
<form action="{$platal->pl_self()}" method="post" id="montant">
+ {xsrf_token_field}
<p class="descr">
<input type="hidden" name="adm" value="prix" />
Mail : <input name="mail" size="20" />
{/if}
<form method="post" action="{$platal->ns}events/edit/{$url_ref}">
+ {xsrf_token_field}
<table class='bicol' cellspacing='0' cellpadding='0'>
<colgroup>
<col width='25%' />
modifier
{icon name=date_edit title="Édition de l'événement"}</a>]
- [<a href="javascript:dynpostkv('{$platal->pl_self()}', {if !$archive}'archive'{else}'unarchive'{/if}, {$e.eid})">
+ [<a href="javascript:dynpostkv('{$platal->pl_self()}?token={xsrf_token}', {if !$archive}'archive'{else}'unarchive'{/if}, {$e.eid})">
{if !$archive}
archiver
{icon name=package_add title="Archivage"}</a>]
{icon name=package_delete title="Désarchivage"}</a>]
{/if}
- [<a href="javascript:dynpostkv('{$platal->ns}events', 'del', {$e.eid})"
+ [<a href="javascript:dynpostkv('{$platal->ns}events?token={xsrf_token}', 'del', {$e.eid})"
onclick="return confirm('Supprimer l\'événement effacera la liste des inscrits et des paiements.\n Es-tu sûr de vouloir supprimer l\'événement ?')">
supprimer
{icon name=delete title='Suppression'}</a>]
{/if}
<form action="{$platal->ns}events/sub/{$event.eid}" method="post">
+ {xsrf_token_field}
<table class="tiny" cellspacing="0" cellpadding="0">
{foreach from=$event.moments item=m}
<tr><th>{$m.titre} ({$m.montant} €)</th></tr>
projects / platal.git / commitdiff