diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php
index 61e4f7b4bb6..654dea6d697 100644
--- a/htdocs/comm/mailing/card.php
+++ b/htdocs/comm/mailing/card.php
@@ -330,7 +330,7 @@ if (empty($reshook)) {
//if cheack read is use then update prospect contact status
if (strpos($message, '__CHECK_READ__') !== false) {
//Update status communication of thirdparty prospect
- $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$obj->rowid.")";
+ $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".((int) $obj->rowid).")";
dol_syslog("card.php: set prospect thirdparty status", LOG_DEBUG);
$resql2 = $db->query($sql);
if (!$resql2) {
@@ -338,7 +338,7 @@ if (empty($reshook)) {
}
//Update status communication of contact prospect
- $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.rowid=".$obj->rowid." AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
+ $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.rowid=".((int) $obj->rowid)." AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
dol_syslog("card.php: set prospect contact status", LOG_DEBUG);
$resql2 = $db->query($sql);
diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php
index 75844b77d4c..85725b16547 100644
--- a/htdocs/core/actions_massactions.inc.php
+++ b/htdocs/core/actions_massactions.inc.php
@@ -419,7 +419,7 @@ if (!$error && $massaction == 'confirm_presend') {
$substitutionarray['__ID__'] = ($oneemailperrecipient ? join(', ', array_keys($listofqualifiedobj)) : $objecttmp->id);
$substitutionarray['__REF__'] = ($oneemailperrecipient ? join(', ', $listofqualifiedref) : $objecttmp->ref);
$substitutionarray['__EMAIL__'] = $thirdparty->email;
- $substitutionarray['__CHECK_READ__'] = '.')
';
+ $substitutionarray['__CHECK_READ__'] = '.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).')
';
$parameters = array('mode'=>'formemail');
diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php
index d05985b1aa3..b4e583387c9 100644
--- a/htdocs/core/actions_sendmails.inc.php
+++ b/htdocs/core/actions_sendmails.inc.php
@@ -337,7 +337,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
// Make substitution in email content
$substitutionarray = getCommonSubstitutionArray($langs, 0, null, $object);
$substitutionarray['__EMAIL__'] = $sendto;
- $substitutionarray['__CHECK_READ__'] = (is_object($object) && is_object($object->thirdparty)) ? '.')
' : '';
+ $substitutionarray['__CHECK_READ__'] = (is_object($object) && is_object($object->thirdparty)) ? '.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).')
' : '';
$parameters = array('mode'=>'formemail');
complete_substitutions_array($substitutionarray, $langs, $object, $parameters);
diff --git a/htdocs/core/tpl/card_presend.tpl.php b/htdocs/core/tpl/card_presend.tpl.php
index 62aafc2fdb5..bca1386c82e 100644
--- a/htdocs/core/tpl/card_presend.tpl.php
+++ b/htdocs/core/tpl/card_presend.tpl.php
@@ -208,7 +208,7 @@ if ($action == 'presend') {
// Make substitution in email content
$substitutionarray = getCommonSubstitutionArray($outputlangs, 0, $arrayoffamiliestoexclude, $object);
- $substitutionarray['__CHECK_READ__'] = (is_object($object) && is_object($object->thirdparty)) ? '' : '';
+ $substitutionarray['__CHECK_READ__'] = (is_object($object) && is_object($object->thirdparty)) ? '' : '';
$substitutionarray['__PERSONALIZED__'] = ''; // deprecated
$substitutionarray['__CONTACTCIVNAME__'] = '';
$parameters = array(
diff --git a/htdocs/core/tpl/massactions_pre.tpl.php b/htdocs/core/tpl/massactions_pre.tpl.php
index 2848bd3d48c..21150d19936 100644
--- a/htdocs/core/tpl/massactions_pre.tpl.php
+++ b/htdocs/core/tpl/massactions_pre.tpl.php
@@ -165,7 +165,7 @@ if ($massaction == 'presend') {
$substitutionarray = getCommonSubstitutionArray($langs, 0, null, $object);
$substitutionarray['__EMAIL__'] = $sendto;
- $substitutionarray['__CHECK_READ__'] = (is_object($object) && is_object($object->thirdparty)) ? '' : '';
+ $substitutionarray['__CHECK_READ__'] = (is_object($object) && is_object($object->thirdparty)) ? '' : '';
$substitutionarray['__PERSONALIZED__'] = ''; // deprecated
$substitutionarray['__CONTACTCIVNAME__'] = '';
diff --git a/scripts/emailings/mailing-send.php b/scripts/emailings/mailing-send.php
index 44b8ade0c62..d3c8e152c6b 100755
--- a/scripts/emailings/mailing-send.php
+++ b/scripts/emailings/mailing-send.php
@@ -206,8 +206,9 @@ if ($resql) {
$substitutionarray['__OTHER5__'] = $other5;
$substitutionarray['__USER_SIGNATURE__'] = $signature; // Signature is empty when ran from command line or taken from user in parameter)
$substitutionarray['__SIGNATURE__'] = $signature; // For backward compatibility
- $substitutionarray['__CHECK_READ__'] = '.')
';
- $substitutionarray['__UNSUBSCRIBE__'] = ''.$langs->trans("MailUnsubcribe").'';
+ $substitutionarray['__CHECK_READ__'] = '.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'&email='.urlencode($obj->email).'&mtid='.$obj->rowid.')
';
+ $substitutionarray['__UNSUBSCRIBE__'] = ''.$langs->trans("MailUnsubcribe").'';
+ $substitutionarray['__UNSUBSCRIBE_URL__'] = DOL_MAIN_URL_ROOT.'/public/emailing/mailing-unsubscribe.php?tag='.urlencode($obj->tag).'&unsuscrib=1&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'&email='.urlencode($obj->email).'&mtid='.$obj->rowid;
$onlinepaymentenabled = 0;
if (!empty($conf->paypal->enabled)) {
@@ -324,7 +325,7 @@ if ($resql) {
*/
$sqlok = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles";
- $sqlok .= " SET statut=1, date_envoi='".$db->idate($now)."' WHERE rowid=".$obj->rowid;
+ $sqlok .= " SET statut = 1, date_envoi = '".$db->idate($now)."' WHERE rowid = ".((int) $obj->rowid);
$resqlok = $db->query($sqlok);
if (!$resqlok) {
dol_print_error($db);
@@ -333,7 +334,7 @@ if ($resql) {
// if cheack read is use then update prospect contact status
if (strpos($message, '__CHECK_READ__') !== false) {
// Update status communication of thirdparty prospect
- $sqlx = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".$obj->rowid.")";
+ $sqlx = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid=".((int) $obj->rowid).")";
dol_syslog("card.php: set prospect thirdparty status", LOG_DEBUG);
$resqlx = $db->query($sqlx);
if (!$resqlx) {
@@ -342,7 +343,7 @@ if ($resql) {
}
// Update status communication of contact prospect
- $sqlx = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.rowid=".$obj->rowid." AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
+ $sqlx = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.rowid=".((int) $obj->rowid)." AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
dol_syslog("card.php: set prospect contact status", LOG_DEBUG);
$resqlx = $db->query($sqlx);