$page->addJsLink('ajax.js');
if (Post::has('send')) {
+ S::assert_xsrf_token();
$from = Post::v('from');
$sujet = Post::v('sujet');
$body = Post::v('body');
$this->removeSubscriptionRequest($uid);
$page->kill("$prenom $nom est déjà membre du groupe !");
return;
- }
- elseif (Env::has('accept'))
- {
+ } elseif (Env::has('accept')) {
+ S::assert_xsrf_token();
+
$this->validSubscription($nom, $prenom, $sexe, $uid, $u);
pl_redirect("member/$u");
- }
- elseif (Env::has('refuse'))
- {
+ } elseif (Env::has('refuse')) {
+ S::assert_xsrf_token();
+
$this->removeSubscriptionRequest($uid);
$mailer = new PlMailer();
$mailer->addTo("$u@polytechnique.org");
}
if (Post::has('inscrire')) {
+ S::assert_xsrf_token();
+
XDB::execute("INSERT INTO groupex.membres_sub_requests (asso_id, uid, ts, reason)
VALUES ({?}, {?}, NOW(), {?})",
$globals->asso('id'), S::i('uid'), Post::v('message'));
if (is_null($email)) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if (strpos($email, '@') === false) {
if (!Post::has('confirm')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if ($this->unsubscribe($user)) {
if (!Post::has('confirm')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if ($this->unsubscribe($user)) {
$globals->asso('mail_domain'));
if (Post::has('change')) {
+ S::assert_xsrf_token();
+
// Convert user status to X
if ($user['origine'] == 'ext' && trim(Post::v('login_X'))) {
$forlife = $this->changeLogin($page, $user, $mmlist, trim(Post::v('login_X')));
if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer'
|| Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') {
+ S::assert_xsrf_token();
+
if (!is_null($aid)) {
$art['id'] = $aid;
}
$page->changeTpl('xnetgrp/announce-admin.tpl');
if (Env::has('del')) {
+ S::assert_xsrf_token();
XDB::execute("DELETE FROM groupex.announces
WHERE id = {?} AND asso_id = {?}",
Env::i('del'), $globals->asso('id'));
projects / platal.git / commitdiff