} elseif ($action && (!trim($texte) || !trim($titre))) {
$page->trigError("L'article doit avoir un titre et un contenu");
} elseif ($action) {
+ S::assert_xsrf_token();
+
require_once 'validations.inc.php';
$evtreq = new EvtReq($titre, $texte, $promo_min, $promo_max,
$peremption, $valid_mesg, S::v('uid'), $upload);
}
if (Post::v('action') == 'Pas d\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
XDB::execute("DELETE FROM evenements_photo WHERE eid = {?}", $eid);
$action = 'edit';
} elseif (Post::v('action') == 'Supprimer l\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
$action = 'edit';
} elseif (Post::v('action') == "Proposer" && $eid) {
+ S::assert_xsrf_token();
$promo_min = Post::i('promo_min');
$promo_max = Post::i('promo_max');
if (($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) ||
} else {
switch ($action) {
case 'delete':
+ S::assert_xsrf_token();
XDB::execute('DELETE from evenements
WHERE id = {?}', $eid);
break;
case "archive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",archive")
WHERE id = {?}', $eid);
break;
case "unarchive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"archive","")
WHERE id = {?}', $eid);
break;
case "valid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",valide")
WHERE id = {?}', $eid);
break;
case "unvalid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"valide", "")
WHERE id = {?}', $eid);
<td class="right">{if !$ev.fvalide}<strong>{/if}{$ev.peremption}{if !$ev.fvalide}</strong>{/if}</td>
<td class="right" style="width: 42px">
{if $arch}
- <a href="admin/events/unarchive/{$ev.id}">{icon name=package_delete title="Désarchiver"}</a><br />
+ <a href="admin/events/unarchive/{$ev.id}?token={xsrf_token}">{icon name=package_delete title="Désarchiver"}</a><br />
{else}
{if $ev.fvalide}
- <a href="admin/events/unvalid/{$ev.id}">{icon name=thumb_down title="Invalider"}</a>
- <a href="admin/events/archive/{$ev.id}">{icon name=package_add title="Archiver"}</a><br />
+ <a href="admin/events/unvalid/{$ev.id}?token={xsrf_token}">{icon name=thumb_down title="Invalider"}</a>
+ <a href="admin/events/archive/{$ev.id}?token={xsrf_token}">{icon name=package_add title="Archiver"}</a><br />
{else}
- <a href="admin/events/valid/{$ev.id}">{icon name=thumb_up title="Valider"}</a><br />
+ <a href="admin/events/valid/{$ev.id}?token={xsrf_token}">{icon name=thumb_up title="Valider"}</a><br />
{/if}
{/if}
<a href="admin/events/edit/{$ev.id}">{icon name=page_edit title="Editer"}</a>
- <a href="admin/events/delete/{$ev.id}">{icon name=delete title="Supprimer"}</a>
+ <a href="admin/events/delete/{$ev.id}?token={xsrf_token}">{icon name=delete title="Supprimer"}</a>
</td>
</tr>
{if $ev.preview}
projects / platal.git / commitdiff