diff --git a/htdocs/admin/mailing.php b/htdocs/admin/mailing.php
index ff945e2897e3b32c2e9f49b0dde3d6b05d4086ea..3c9c2f5ad93a1f86a999084058eec1d0293e85d5 100644
--- a/htdocs/admin/mailing.php
+++ b/htdocs/admin/mailing.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2005-2012 Laurent Destailleur <eldy@users.sourceforge.org>
+ * Copyright (C) 2005-2013 Laurent Destailleur <eldy@users.sourceforge.org>
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
@@ -40,15 +40,6 @@ $action = GETPOST('action','alpha');
* Actions
*/
-if ($action == 'setMAILING_EMAIL_UNSUBSCRIBE')
-{
- $res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",1,'chaine',0,'',$conf->entity);
-}
-if ($action == 'unsetMAILING_EMAIL_UNSUBSCRIBE')
-{
- $res=dolibarr_del_const($db, "MAILING_EMAIL_UNSUBSCRIBE");
-}
-
if ($action == 'setvalue')
{
$db->begin();
@@ -62,22 +53,8 @@ if ($action == 'setvalue')
if (! $res > 0) $error++;
$res=dolibarr_set_const($db, "MAILING_EMAIL_ERRORSTO",$mailerror,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
- if ($checkread=='on')
- {
- $res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",1,'chaine',0,'',$conf->entity);
- if (! $res > 0) $error++;
- }
- else if ($checkread=='off')
- {
- $res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",0,'chaine',0,'',$conf->entity);
- if (! $res > 0) $error++;
- }
-
- //Create temporary encryption key if nedded
- if (($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1) && (empty($checkread_key)))
- {
- $checkread_key=getRandomPassword(true);
- }
+
+ // Create temporary encryption key if nedded
$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE_KEY",$checkread_key,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -157,32 +134,13 @@ print '<input size="32" type="text" name="MAILING_EMAIL_ERRORSTO" value="'.$conf
if (!empty($conf->global->MAILING_EMAIL_ERRORSTO) && ! isValidEmail($conf->global->MAILING_EMAIL_ERRORSTO)) print ' '.img_warning($langs->trans("BadEMail"));
print '</td></tr>';
-// TODO the precedent values are deleted after turn on this switch
-$var=!$var;
-print '<tr '.$bc[$var].'><td>';
-print $langs->trans("ActivateCheckRead").'</td><td>';
-if (!empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE))
-{
- print '<a href="'.$_SERVER["PHP_SELF"].'?action=unsetMAILING_EMAIL_UNSUBSCRIBE">';
- print img_picto($langs->trans("Enabled"),'switch_on');
- print '</a>';
- $readonly='';
-}
-else
-{
- print '<a href="'.$_SERVER["PHP_SELF"].'?action=setMAILING_EMAIL_UNSUBSCRIBE">';
- print img_picto($langs->trans("Disabled"),'switch_off');
- print '</a>';
- $readonly='disabled="disabled"';
-}
-print '</td></tr>';
-
+// Constant to add salt into the unsubscribe and check read tag.
+// It is also used as a security key parameter.
$var=!$var;
print '<tr '.$bc[$var].'><td>';
print $langs->trans("ActivateCheckReadKey").'</td><td>';
-print '<input size="32" type="text" name="MAILING_EMAIL_UNSUBSCRIBE_KEY" id="MAILING_EMAIL_UNSUBSCRIBE_KEY" '.$readonly.' value="'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY.'">';
-if (! empty($conf->use_javascript_ajax))
- print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
+print '<input size="32" type="text" name="MAILING_EMAIL_UNSUBSCRIBE_KEY" id="MAILING_EMAIL_UNSUBSCRIBE_KEY" value="'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY.'">';
+if (! empty($conf->use_javascript_ajax)) print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_token" class="linkobject"');
print '</td></tr>';
print '</table>';
diff --git a/htdocs/admin/proxy.php b/htdocs/admin/proxy.php
index e78e86991cb9f1c2a59e733ace1751a503c8a772..a292ae75e11a3a8e2932d8c157ce9a04b6b6869a 100644
--- a/htdocs/admin/proxy.php
+++ b/htdocs/admin/proxy.php
@@ -1,6 +1,6 @@
<?php
-/* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
+/* Copyright (C) 2011-2013 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -196,13 +196,14 @@ print '</tr>';
print '</table>';
-dol_fiche_end();
-
-print '<center>';
+print '<br><center>';
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
print '</center>';
-print '</form><br>';
+print '</form>';
+
+dol_fiche_end();
+
$db->close();
diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index e32194d818f2444603a299e45f7c121cfbbe7c57..6afc12949d6ba06154da440e02a4139a43c5bb00 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2004-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
- * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -327,7 +327,7 @@ dol_fiche_end();
// Form to test upload
print '<br>';
$formfile=new FormFile($db);
-$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1);
+$formfile->form_attach_new_file($_SERVER['PHP_SELF'], $langs->trans("FormToTestFileUploadForm"), 0, 0, 1, 50, '', '', 1, '', 0);
// List of document
$filearray=dol_dir_list($upload_dir, "files", 0, '', '', 'name', SORT_ASC, 1);
diff --git a/htdocs/comm/mailing/fiche.php b/htdocs/comm/mailing/fiche.php
index 71ea4cc5d93a72d1c48f008fb1bd97efb8ef62b3..3510df7339eef597ee528a79403d17b98462d43a 100644
--- a/htdocs/comm/mailing/fiche.php
+++ b/htdocs/comm/mailing/fiche.php
@@ -67,13 +67,10 @@ $object->substitutionarray=array(
'__OTHER4__' => 'Other4',
'__OTHER5__' => 'Other5',
'__SIGNATURE__' => 'TagSignature',
- '__CHECK_READ__' => 'TagCheckMail'
+ '__CHECK_READ__' => 'TagCheckMail',
+ '__UNSUBSCRIBE__' => 'TagUnsubscribe'
//,'__PERSONALIZED__' => 'Personalized' // Hidden because not used yet
);
-if (! empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE))
-{
- $object->substitutionarray=array_merge($object->substitutionarray, array('__UNSUBSCRIBE__' => 'TagUnsubscribe'));
-}
$object->substitutionarrayfortest=array(
'__ID__' => 'TESTIdRecord',
@@ -86,19 +83,12 @@ $object->substitutionarrayfortest=array(
'__OTHER3__' => 'TESTOther3',
'__OTHER4__' => 'TESTOther4',
'__OTHER5__' => 'TESTOther5',
- '__SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN))?$user->signature:'')
- //,'__PERSONALIZED__' => 'TESTPersonalized' // Not used yet
+ '__SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN))?$user->signature:''),
+ '__CHECK_READ__' => 'TagCheckMail',
+ '__UNSUBSCRIBE__' => 'TagUnsubscribe'
+//,'__PERSONALIZED__' => 'TESTPersonalized' // Not used yet
);
-if (!empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE))
-{
- $object->substitutionarrayfortest=array_merge(
- $object->substitutionarrayfortest,
- array(
- '__CHECK_READ__' => 'TESTCheckMail',
- '__UNSUBSCRIBE__' => 'TESTUnsubscribe'
- )
- );
-}
+
/*
* Actions
@@ -221,8 +211,8 @@ if ($action == 'sendallconfirmed' && $confirm == 'yes')
$substitutionarray=array(
'__ID__' => $obj->source_id,
'__EMAIL__' => $obj->email,
- '__CHECK_READ__' => '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$obj->tag.'" width="1" height="1" style="width:1px;height:1px" border="0"/>',
- '__UNSUBSCRIBE__' => '<a href="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-unsubscribe.php?tag='.$obj->tag.'&unsuscrib=1" target="_blank">'.$langs->trans("MailUnsubcribe").'</a>',
+ '__CHECK_READ__' => '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$obj->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>',
+ '__UNSUBSCRIBE__' => '<a href="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-unsubscribe.php?tag='.$obj->tag.'&unsuscrib=1&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" target="_blank">'.$langs->trans("MailUnsubcribe").'</a>',
'__MAILTOEMAIL__' => '<a href="mailto:'.$obj->email.'">'.$obj->email.'</a>',
'__LASTNAME__' => $obj->lastname,
'__FIRSTNAME__' => $obj->firstname,
diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php
index 74d79547e2fe3764e9f073a9b9ba888eba7e6c1c..4f0599bfb3b49393c3b0d62b848ce342b64cc512 100644
--- a/htdocs/core/modules/mailings/modules_mailings.php
+++ b/htdocs/core/modules/mailings/modules_mailings.php
@@ -155,24 +155,20 @@ class MailingTargets // This can't be abstract as it is used for some method
if (! empty($targetarray['email'])) // avoid empty email address
{
$sql = "INSERT INTO ".MAIN_DB_PREFIX."mailing_cibles";
- $sql .= " (fk_mailing,";
- $sql .= " fk_contact,";
- $sql .= " lastname, firstname, email, other, source_url, source_id,";
- if (! empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) {
- $sql .= " tag,";
- }
+ $sql.= " (fk_mailing,";
+ $sql.= " fk_contact,";
+ $sql.= " lastname, firstname, email, other, source_url, source_id,";
+ $sql.= " tag,";
$sql.= " source_type)";
- $sql .= " VALUES (".$mailing_id.",";
- $sql .= (empty($targetarray['fk_contact']) ? '0' : "'".$targetarray['fk_contact']."'") .",";
- $sql .= "'".$this->db->escape($targetarray['lastname'])."',";
- $sql .= "'".$this->db->escape($targetarray['firstname'])."',";
- $sql .= "'".$this->db->escape($targetarray['email'])."',";
- $sql .= "'".$this->db->escape($targetarray['other'])."',";
- $sql .= "'".$this->db->escape($targetarray['source_url'])."',";
- $sql .= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").",";
- if (! empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) {
- $sql .= "'".$this->db->escape(md5($targetarray['email'].';'.$targetarray['name'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY))."',";
- }
+ $sql.= " VALUES (".$mailing_id.",";
+ $sql.= (empty($targetarray['fk_contact']) ? '0' : "'".$targetarray['fk_contact']."'") .",";
+ $sql.= "'".$this->db->escape($targetarray['lastname'])."',";
+ $sql.= "'".$this->db->escape($targetarray['firstname'])."',";
+ $sql.= "'".$this->db->escape($targetarray['email'])."',";
+ $sql.= "'".$this->db->escape($targetarray['other'])."',";
+ $sql.= "'".$this->db->escape($targetarray['source_url'])."',";
+ $sql.= (empty($targetarray['source_id']) ? 'null' : "'".$this->db->escape($targetarray['source_id'])."'").",";
+ $sql .= "'".$this->db->escape(dol_hash($targetarray['email'].';'.$targetarray['name'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY))."',";
$sql .= "'".$this->db->escape($targetarray['source_type'])."')";
$result=$this->db->query($sql);
if ($result)
diff --git a/scripts/emailings/mailing-send.php b/scripts/emailings/mailing-send.php
index 31cb141835cd8ab552a1564567495d7379510639..c6fffdcc59f9e2ce4895e4f36ba32188ccf13530 100755
--- a/scripts/emailings/mailing-send.php
+++ b/scripts/emailings/mailing-send.php
@@ -227,7 +227,7 @@ if ($resql)
$error++;
}
- //Update status communication of contact prospect
+ //Update status communication of contact prospect
$sqlx = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=2 WHERE rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.rowid=".$obj2->rowid." AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
dol_syslog("fiche.php: set prospect contact status sql=".$sql, LOG_DEBUG);