- Timestamp:
- Mar 7, 2013, 10:06:42 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Subscribe_to_comments/include/subscribtions_page.inc.php
r17494 r21340 5 5 6 6 // check input parameters 7 $_GET['verif_key'] = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null); 8 9 if ( 10 empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key']) 11 or decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET['verif_key'] 12 ) 7 if ( empty($_GET['action']) or empty($_GET['email']) or empty($_GET['key']) ) 13 8 { 14 9 $_GET['action'] = null; 15 10 } 16 11 else 12 { 13 $_GET['verif_key'] = $_GET['action'].$_GET['email'].(isset($_GET['id'])?$_GET['id']:null); 14 15 if ( decrypt_value($_GET['key'], $conf['secret_key']) !== $_GET['verif_key'] ) 16 { 17 $_GET['action'] = null; 18 } 19 } 20 21 22 23 if ( !empty($_GET['action']) ) 17 24 { 18 25 // unsubscribe all … … 27 34 28 35 // bulk action 29 if (isset($_POST['apply_bulk']))36 else if (isset($_POST['apply_bulk'])) 30 37 { 31 38 foreach ($_POST['selected'] as $id) … … 44 51 45 52 // unsubscribe from manage page 46 if (isset($_GET['unsubscribe']))53 else if (isset($_GET['unsubscribe'])) 47 54 { 48 55 if (un_subscribe_to_comments($_GET['email'], $_GET['unsubscribe'])) … … 52 59 else 53 60 { 54 array_push($page['errors'], l10n('Not found.'));61 array_push($page['errors'], l10n('Not found.')); 55 62 } 56 63 } 57 64 58 65 // validate from manage page 59 if (isset($_GET['validate']))66 else if (isset($_GET['validate'])) 60 67 { 61 68 if (validate_subscriptions($_GET['email'], $_GET['validate'])) … … 78 85 case 'validate': 79 86 { 80 $query = ' 81 SELECT 82 type, 83 element_id 87 // don't need to sanitize inputs, already checked with the unique key 88 $query = ' 89 SELECT type, element_id 84 90 FROM '.SUBSCRIBE_TO_TABLE.' 85 91 WHERE … … 238 244 239 245 $template->assign(array( 240 'TITLE' => l10n('Subscriptions of').' <i>'.$_GET['email'].'</i>',241 246 'SUBSCRIBE_TO_PATH' => SUBSCRIBE_TO_PATH, 242 247 'SUBSCRIBE_TO_ABS_PATH' => realpath(SUBSCRIBE_TO_PATH).'/', 243 248 )); 249 250 if (!empty($_GET['email'])) 251 { 252 $template->assign('TITLE', '<a href="'.get_absolute_root_url().'">'.l10n('Home').'</a>'.$conf['level_separator']. 253 sprintf(l10n('Subscriptions of %s'), '<i>'.$_GET['email'].'</i>')); 254 } 244 255 245 256 $template->set_filenames(array('index'=> dirname(__FILE__).'/../template/subscribtions_page.tpl'));
Note: See TracChangeset
for help on using the changeset viewer.