aboutsummaryrefslogtreecommitdiffstats
path: root/admin/notification_by_mail.php
diff options
context:
space:
mode:
authorrub <rub@piwigo.org>2006-10-21 12:28:07 +0000
committerrub <rub@piwigo.org>2006-10-21 12:28:07 +0000
commit258fa3b40c0c60adad284ad3bc09ed33c5dc53a1 (patch)
tree71616e49e713f5fb26038343c80a3c7b89b2fa06 /admin/notification_by_mail.php
parenteaacbc7b2d224524eac6def04e9b721949afd4b8 (diff)
Resolved Issue ID 0000356:
o Increase security on adviser mode First modifications of n modifications. All the others modifications will be done on BSF branch. Merge branch-1_6 1568:1570 into BSF git-svn-id: http://piwigo.org/svn/trunk@1571 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/notification_by_mail.php')
-rw-r--r--admin/notification_by_mail.php27
1 files changed, 15 insertions, 12 deletions
diff --git a/admin/notification_by_mail.php b/admin/notification_by_mail.php
index 1c3a2e829..073f78b34 100644
--- a/admin/notification_by_mail.php
+++ b/admin/notification_by_mail.php
@@ -419,7 +419,7 @@ switch ($page['mode'])
$result = pwg_query('select param, value from '.CONFIG_TABLE.' where param like \'nbm\\_%\'');
while ($nbm_user = mysql_fetch_array($result))
{
- if (isset($_POST['param_submit']))
+ if (isset($_POST['param_submit']) and !is_adviser())
{
if (isset($_POST[$nbm_user['param']]))
{
@@ -441,7 +441,7 @@ where
// if the parameter is present in $_POST array (if a form is submited), we
// override it with the submited value
- if (isset($_POST[$nbm_user['param']]))
+ if (isset($_POST[$nbm_user['param']]) and !is_adviser())
{
$conf[$nbm_user['param']] = stripslashes($_POST[$nbm_user['param']]);
}
@@ -461,23 +461,26 @@ where
}
case 'subscribe' :
{
- if (isset($_POST['falsify']) and isset($_POST['cat_true']))
+ if (!is_adviser())
{
- $check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
- do_timeout_treatment('cat_true', $check_key_treated);
- }
- else
- if (isset($_POST['trueify']) and isset($_POST['cat_false']))
- {
- $check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
- do_timeout_treatment('cat_false', $check_key_treated);
+ if (isset($_POST['falsify']) and isset($_POST['cat_true']))
+ {
+ $check_key_treated = unsubcribe_notification_by_mail(true, $_POST['cat_true']);
+ do_timeout_treatment('cat_true', $check_key_treated);
+ }
+ else
+ if (isset($_POST['trueify']) and isset($_POST['cat_false']))
+ {
+ $check_key_treated = subcribe_notification_by_mail(true, $_POST['cat_false']);
+ do_timeout_treatment('cat_false', $check_key_treated);
+ }
}
break;
}
case 'send' :
{
- if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']))
+ if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content']) and !is_adviser())
{
$check_key_treated = do_action_send_mail_notification('send', $_POST['send_selection'], stripslashes($_POST['send_customize_mail_content']));
do_timeout_treatment('send_selection', $check_key_treated);