From 83b1ddafef6d5f771ef3a6cc79a0c62fe98d2b96 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 3 Apr 2013 22:55:46 +0400 Subject: [PATCH] plugins/mail: remove secretkey stuff --- plugins/mail/init.php | 44 +++++++++++++++---------------------------- 1 file changed, 15 insertions(+), 29 deletions(-) diff --git a/plugins/mail/init.php b/plugins/mail/init.php index 49de96af..40da8720 100644 --- a/plugins/mail/init.php +++ b/plugins/mail/init.php @@ -32,11 +32,6 @@ class Mail extends Plugin { $param = db_escape_string($this->link, $_REQUEST['param']); - $secretkey = sha1(uniqid(rand(), true)); - - $_SESSION['email_secretkey'] = $secretkey; - - print ""; print ""; print ""; print ""; @@ -135,41 +130,32 @@ class Mail extends Plugin { } function sendEmail() { - $secretkey = $_REQUEST['secretkey']; - require_once 'classes/ttrssmailer.php'; $reply = array(); - if ($_SESSION['email_secretkey'] && - $secretkey == $_SESSION['email_secretkey']) { + $_SESSION['email_secretkey'] = ''; - $_SESSION['email_secretkey'] = ''; + $replyto = strip_tags($_SESSION['email_replyto']); + $fromname = strip_tags($_SESSION['email_fromname']); - $replyto = strip_tags($_SESSION['email_replyto']); - $fromname = strip_tags($_SESSION['email_fromname']); + $mail = new ttrssMailer(); - $mail = new ttrssMailer(); + $mail->From = $replyto; + $mail->FromName = $fromname; + $mail->AddAddress($_REQUEST['destination']); - $mail->From = $replyto; - $mail->FromName = $fromname; - $mail->AddAddress($_REQUEST['destination']); + $mail->IsHTML(false); + $mail->Subject = $_REQUEST['subject']; + $mail->Body = $_REQUEST['content']; - $mail->IsHTML(false); - $mail->Subject = $_REQUEST['subject']; - $mail->Body = $_REQUEST['content']; - - $rc = $mail->Send(); - - if (!$rc) { - $reply['error'] = $mail->ErrorInfo; - } else { - save_email_address($this->link, db_escape_string($this->link, $destination)); - $reply['message'] = "UPDATE_COUNTERS"; - } + $rc = $mail->Send(); + if (!$rc) { + $reply['error'] = $mail->ErrorInfo; } else { - $reply['error'] = "Not authorized."; + save_email_address($this->link, db_escape_string($this->link, $destination)); + $reply['message'] = "UPDATE_COUNTERS"; } print json_encode($reply); -- 2.39.5