Fix: check read feature

de9f1009 · Laurent Destailleur · 22731788 · de9f1009 · de9f1009 · de9f1009
Commit de9f1009 authored 12 years ago by Laurent Destailleur
--- a/htdocs/langs/en_US/mails.lang
+++ b/htdocs/langs/en_US/mails.lang
@@ -77,7 +77,7 @@ MailingStatusRead=Read
 CheckRead=Read Receipt
 YourMailUnsubcribeOK=The email <b>%s</b>  is correctly unsubcribe from mailing list
 MailtoEMail=Hyper link to email
-ActivateCheckRead=Allow to use the "Read receipt" tracker and the "Unsubcribe" link
+ActivateCheckRead=Allow to use the "Unsubcribe" link
 ActivateCheckReadKey=Key use to encrypt URL use for "Read Receipt" and "Unsubcribe" feature
 EMailSentToNRecipients=EMail sent to %s recipients.

--- a/htdocs/langs/fr_FR/mails.lang
+++ b/htdocs/langs/fr_FR/mails.lang
@@ -77,7 +77,7 @@ MailingStatusRead=Lu
 CheckRead=Accusé de lecture
 YourMailUnsubcribeOK=L'adresse e-mail <b>%s</b> est bien désinscrite de la liste.
 MailtoEMail=Ecrire un e-mail (lien)
-ActivateCheckRead=Permettre l'utilisation du tracker d'accusé de lecture et du lien de désinscription
+ActivateCheckRead=Permettre l'utilisation du tracker d'accusé du lien de désinscription
 ActivateCheckReadKey=Clef de sécurité permettant l'encryption des URL utilisées dans les fonctions d'accusé de lecture et de désinscription
 EMailSentToNRecipients=EMail envoyé à %s destinataires.

--- a/htdocs/public/emailing/mailing-read.php
+++ b/htdocs/public/emailing/mailing-read.php
@@ -31,15 +31,17 @@ define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
 require '../../main.inc.php';
 $tag=GETPOST('tag');
+$securitykey=GETPOST('securitykey');
-if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled');
+//if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled');
+if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE) accessforbidden('Bad security key value.');
 /*
 * Actions
 */
-if ($tag!='')
+if (! empty($tag))
 {
 	$statut='2';
 	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'";

--- a/scripts/emailings/mailing-send.php
+++ b/scripts/emailings/mailing-send.php
@@ -2,7 +2,7 @@
 <?php
 /*
 * Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2005-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -135,8 +135,8 @@ if ($resql)
 						$substitutionarray=array(
 						'__ID__' => $obj->source_id,
 						'__EMAIL__' => $obj->email,
-						'__CHECK_READ__' => '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$obj->tag.'" width="1" height="1" style="width:1px;height:1px" border="0"/>',
+						'__CHECK_READ__' => '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$obj2->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>',
-						'__UNSUBSCRIBE__' => '<a href="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-unsubscribe.php?tag='.$obj->tag.'&unsuscrib=1" target="_blank">'.$langs->trans("MailUnsubcribe").'</a>',
+						'__UNSUBSCRIBE__' => '<a href="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-unsubscribe.php?tag='.$obj2->tag.'&unsuscrib=1&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" target="_blank">'.$langs->trans("MailUnsubcribe").'</a>',
 						'__MAILTOEMAIL__' => '<a href="mailto:'.$obj2->email.'">'.$obj2->email.'</a>',
 						'__LASTNAME__' => $obj2->lastname,
 						'__FIRSTNAME__' => $obj2->firstname,