plugins/mail: remove secretkey stuff

diff --git a/plugins/mail/init.php b/plugins/mail/init.php
index 49de96afd16e299bda3fc1729ce26ae94469a9b3..40da8720c73494517f0de78f8c506866640a8414 100644 (file)
--- a/plugins/mail/init.php
+++ b/plugins/mail/init.php
@@ -32,11 +32,6 @@ class Mail extends Plugin {
 
                $param = db_escape_string($this->link, $_REQUEST['param']);
 
-               $secretkey = sha1(uniqid(rand(), true));
-
-               $_SESSION['email_secretkey'] = $secretkey;
-
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"secretkey\" value=\"$secretkey\">";
                print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
                print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"mail\">";
                print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"sendEmail\">";
@@ -135,41 +130,32 @@ class Mail extends Plugin {
        }
 
        function sendEmail() {
-               $secretkey = $_REQUEST['secretkey'];
-
                require_once 'classes/ttrssmailer.php';
 
                $reply = array();
 
-               if ($_SESSION['email_secretkey'] &&
-               $secretkey == $_SESSION['email_secretkey']) {
+               $_SESSION['email_secretkey'] = '';
 
-                       $_SESSION['email_secretkey'] = '';
+               $replyto = strip_tags($_SESSION['email_replyto']);
+               $fromname = strip_tags($_SESSION['email_fromname']);
 
-                       $replyto = strip_tags($_SESSION['email_replyto']);
-                       $fromname = strip_tags($_SESSION['email_fromname']);
+               $mail = new ttrssMailer();
 
-                       $mail = new ttrssMailer();
+               $mail->From = $replyto;
+               $mail->FromName = $fromname;
+               $mail->AddAddress($_REQUEST['destination']);
 
-                       $mail->From = $replyto;
-                       $mail->FromName = $fromname;
-                       $mail->AddAddress($_REQUEST['destination']);
+               $mail->IsHTML(false);
+               $mail->Subject = $_REQUEST['subject'];
+               $mail->Body = $_REQUEST['content'];
 
-                       $mail->IsHTML(false);
-                       $mail->Subject = $_REQUEST['subject'];
-                       $mail->Body = $_REQUEST['content'];
-
-                       $rc = $mail->Send();
-
-                       if (!$rc) {
-                               $reply['error'] =  $mail->ErrorInfo;
-                       } else {
-                               save_email_address($this->link, db_escape_string($this->link, $destination));
-                               $reply['message'] = "UPDATE_COUNTERS";
-                       }
+               $rc = $mail->Send();
 
+               if (!$rc) {
+                       $reply['error'] =  $mail->ErrorInfo;
                } else {
-                       $reply['error'] = "Not authorized.";
+                       save_email_address($this->link, db_escape_string($this->link, $destination));
+                       $reply['message'] = "UPDATE_COUNTERS";
                }
 
                print json_encode($reply);