diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php
index d5187bb2ab8..5148956163e 100644
--- a/htdocs/comm/mailing/card.php
+++ b/htdocs/comm/mailing/card.php
@@ -211,8 +211,8 @@ if (empty($reshook))
$substitutionarray['__OTHER4__'] = $other4;
$substitutionarray['__OTHER5__'] = $other5;
$substitutionarray['__USER_SIGNATURE__'] = $signature; // Signature is empty when ran from command line or taken from user in parameter)
- $substitutionarray['__CHECK_READ__'] = '.')
';
- $substitutionarray['__UNSUBSCRIBE__'] = ''.$langs->trans("MailUnsubcribe").'';
+ $substitutionarray['__CHECK_READ__'] = '.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'&email='.urlencode($obj->email).'&mtid='.$obj->rowid.')
';
+ $substitutionarray['__UNSUBSCRIBE__'] = ''.$langs->trans("MailUnsubcribe").'';
$onlinepaymentenabled = 0;
if (!empty($conf->paypal->enabled)) $onlinepaymentenabled++;
diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php
index a2b8fcb574a..5e05387f664 100644
--- a/htdocs/public/emailing/mailing-read.php
+++ b/htdocs/public/emailing/mailing-read.php
@@ -32,6 +32,7 @@ if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1');
if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
+if (!defined("NOSESSION")) define("NOSESSION", '1');
/**
* Header empty
@@ -92,8 +93,8 @@ if (!empty($tag))
print 'Email target not valid. Operation canceled.';
exit;
}
- if ($obj->statut == 2) {
- print 'Email target already set to read. Operation canceled.';
+ if ($obj->statut == 2 || $obj->statut == 3) {
+ print 'Email target already set to read or unsubscribe. Operation canceled.';
exit;
}
// TODO Test that mtid and email match also with the one found from $tag
@@ -107,8 +108,9 @@ if (!empty($tag))
//Update status of target
$statut = '2';
- $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE id = ".$obj->rowid;
+ $sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE rowid = ".((int) $obj->rowid);
$resql = $db->query($sql);
+ if (!$resql) dol_print_error($db);
//Update status communication of thirdparty prospect
if ($obj->source_id > 0 && $obj->source_type == 'thirdparty' && $obj->entity) {
diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php
index 5e15769a753..0e07359c484 100644
--- a/htdocs/public/emailing/mailing-unsubscribe.php
+++ b/htdocs/public/emailing/mailing-unsubscribe.php
@@ -32,6 +32,7 @@ if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1');
if (!defined('NOBROWSERNOTIF')) define('NOBROWSERNOTIF', '1');
if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
if (!defined('NOIPCHECK')) define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
+if (!defined("NOSESSION")) define("NOSESSION", '1');
/**
* Header empty
@@ -134,7 +135,7 @@ if (!empty($tag) && ($unsuscrib == '1'))
*/
// Update status communication of email (new usage)
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email) VALUES ('".$db->idate(dol_now())."', ".$db->escape($obj->entity).", '".$db->escape($obj->email)."')";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_unsubscribe (date_creat, entity, email, unsubscribegroup, ip) VALUES ('".$db->idate(dol_now())."', ".$db->escape($obj->entity).", '".$db->escape($obj->email)."', '', '".$db->escape(getUserRemoteIP())."')";
$resql = $db->query($sql);
//if (! $resql) dol_print_error($db); No test on errors, may fail if already unsubscribed