Ignore:
Timestamp:
Mar 7, 2013, 10:06:42 PM (11 years ago)
Author:
mistic100
Message:

too many changes

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/Subscribe_to_comments/include/subscribtions_page.inc.php

    r17494 r21340  
    55
    66// check input parameters
    7 $_GET['verif_key'] = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null);
    8 
    9 if (
    10   empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key'])
    11   or decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET['verif_key']
    12   )
     7if ( empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key']) )
    138{
    149  $_GET['action'] = null;
    1510}
    1611else
     12{
     13  $_GET['verif_key'] = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null);
     14
     15  if ( decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET['verif_key'] )
     16  {
     17    $_GET['action'] = null;
     18  }
     19}
     20
     21
     22
     23if ( !empty($_GET['action']) )
    1724{
    1825  // unsubscribe all
     
    2734 
    2835  // bulk action
    29   if (isset($_POST['apply_bulk']))
     36  else if (isset($_POST['apply_bulk']))
    3037  {
    3138    foreach ($_POST['selected'] as $id)
     
    4451 
    4552  // unsubscribe from manage page
    46   if (isset($_GET['unsubscribe']))
     53  else if (isset($_GET['unsubscribe']))
    4754  {
    4855    if (un_subscribe_to_comments($_GET['email'], $_GET['unsubscribe']))
     
    5259    else
    5360    {
    54      array_push($page['errors'], l10n('Not found.'));
     61      array_push($page['errors'], l10n('Not found.'));
    5562    }
    5663  }
    5764 
    5865  // validate from manage page
    59   if (isset($_GET['validate']))
     66  else if (isset($_GET['validate']))
    6067  {
    6168    if (validate_subscriptions($_GET['email'], $_GET['validate']))
     
    7885  case 'validate':
    7986  {
    80     $query = '
    81 SELECT
    82     type,
    83     element_id
     87    // don't need to sanitize inputs, already checked with the unique key
     88    $query = '
     89SELECT type, element_id
    8490  FROM '.SUBSCRIBE_TO_TABLE.'
    8591  WHERE
     
    238244
    239245$template->assign(array(
    240   'TITLE' => l10n('Subscriptions of').' <i>'.$_GET['email'].'</i>',
    241246  'SUBSCRIBE_TO_PATH' => SUBSCRIBE_TO_PATH,
    242247  'SUBSCRIBE_TO_ABS_PATH' => realpath(SUBSCRIBE_TO_PATH).'/',
    243248  ));
     249 
     250if (!empty($_GET['email']))
     251{
     252  $template->assign('TITLE', '<a href="'.get_absolute_root_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].
     253                              sprintf(l10n('Subscriptions of %s'), '<i>'.$_GET['email'].'</i>'));
     254}
    244255
    245256$template->set_filenames(array('index'=> dirname(__FILE__).'/../template/subscribtions_page.tpl'));
Note: See TracChangeset for help on using the changeset viewer.