From f028cce39d3cee894ad9498b7925c79a35093dcd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 14 Apr 2013 20:43:38 +0200 Subject: [PATCH] Qual: More log --- htdocs/public/emailing/mailing-read.php | 16 ++++++++++------ htdocs/public/emailing/mailing-unsubscribe.php | 13 +++++++++---- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php index dc80b96c5e5..f7734a03e25 100644 --- a/htdocs/public/emailing/mailing-read.php +++ b/htdocs/public/emailing/mailing-read.php @@ -25,22 +25,26 @@ * \brief Script use to update mail status if destinaries read it (if images during mail read are display) */ -define("NOLOGIN",1); // This means this output page does not require to be logged. -define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOLOGIN')) define("NOLOGIN",1); // This means this output page does not require to be logged. +if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test +if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not check anti POST attack test +if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu require '../../main.inc.php'; $tag=GETPOST('tag'); $securitykey=GETPOST('securitykey'); -//if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled'); -if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE) accessforbidden('Bad security key value.'); - /* * Actions */ +dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG); + +if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE) accessforbidden('Bad security key value.'); + if (! empty($tag)) { $statut='2'; @@ -64,4 +68,4 @@ if (! empty($tag)) } $db->close(); -?> +?> \ No newline at end of file diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php index 48000db995b..339946d4123 100644 --- a/htdocs/public/emailing/mailing-unsubscribe.php +++ b/htdocs/public/emailing/mailing-unsubscribe.php @@ -25,8 +25,9 @@ * \brief Script use to update unsubcribe contact to prospect mailing list */ -define("NOLOGIN",1); // This means this output page does not require to be logged. -define("NOCSRFCHECK",1); // We accept to go on this page from external web site. +if (! defined('NOLOGIN')) define("NOLOGIN",1); // This means this output page does not require to be logged. +if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test +if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; @@ -38,14 +39,18 @@ $langs->load("mails"); $tag=GETPOST('tag'); $unsuscrib=GETPOST('unsuscrib'); - -if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled'); +$securitykey=GETPOST('securitykey'); /* * Actions */ +dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG); + +if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE) accessforbidden('Bad security key value.'); + + if (($tag!='') && ($unsuscrib=='1')) { //Udate status of mail in Destinaries maling list