dolibarr/htdocs/public/emailing/mailing-read.php

<?php
/**
 * Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2005-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2012	   Florian Henry  <florian.henry@open-concept.pro>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */


/**
 *      \file       public/emailing/mailing-read.php
 *      \ingroup    mailing
 *      \brief      Script use to update mail status if destinaries read it (if images during mail read are display)
 */

if (!defined('NOLOGIN'))        define("NOLOGIN", 1); // This means this output page does not require to be logged.
if (!defined('NOREQUIRETRAN'))  define('NOREQUIRETRAN', '1');
if (!defined('NOCSRFCHECK'))    define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu

/**
 * Header empty
 *
 * @return	void
 */
function llxHeader()
{
}
/**
 * Footer empty
 *
 * @return	void
 */
function llxFooter()
{
}


require '../../main.inc.php';

$tag = GETPOST('tag');
$securitykey = GETPOST('securitykey');


/*
 * Actions
 */

dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG);

if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY)
{
	print 'Bad security key value.';
	exit;
}

if (!empty($tag))
{
	$statut = '2';
	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'";
	dol_syslog("public/emailing/mailing-read.php : Mail read : ".$sql, LOG_DEBUG);

	$resql = $db->query($sql);

	//Update status communication of thirdparty prospect
	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE fk_stcomm != -1 AND rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag='".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)";
	dol_syslog("public/emailing/mailing-read.php : Mail read thirdparty : ".$sql, LOG_DEBUG);

	$resql = $db->query($sql);

	//Update status communication of contact prospect
	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE fk_stcomm != -1 AND rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.tag = '".$db->escape($tag)."' AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";
	dol_syslog("public/emailing/mailing-read.php : Mail read contact : ".$sql, LOG_DEBUG);

	$resql = $db->query($sql);
}

$db->close();
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`<?php`
Doxygen 2012-04-16 12:01:32 +02:00			`/**`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>`
			`* Copyright (C) 2005-2011 Laurent Destailleur <eldy@users.sourceforge.net>`
			`* Copyright (C) 2012 Florian Henry <florian.henry@open-concept.pro>`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
Prepare move to other licence. For the moment all answers for licence upgrade were not yet received. So we prepare for GPL by uniformizing licence text keys to GPL-3+. Will move later to AGPL if all answers are positive. 2013-01-16 15:36:08 +01:00			`* the Free Software Foundation; either version 3 of the License, or`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
Move Gnu.org to https 2019-09-23 21:55:30 +02:00			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`*/`


			`/**`
Doxygen 2012-04-16 12:01:32 +02:00			`* \file public/emailing/mailing-read.php`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00			`* \ingroup mailing`
			`* \brief Script use to update mail status if destinaries read it (if images during mail read are display)`
			`*/`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`if (!defined('NOLOGIN')) define("NOLOGIN", 1); // This means this output page does not require to be logged.`
			`if (!defined('NOREQUIRETRAN')) define('NOREQUIRETRAN', '1');`
			`if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test`
			`if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test`
			`if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00
Doxygen llxHeader and llxFooter. 2013-04-15 15:43:25 +02:00			`/**`
			`* Header empty`
			`*`
			`* @return void`
			`*/`
function declaration 2018-08-15 14:28:34 +02:00			`function llxHeader()`
			`{`
			`}`
Doxygen llxHeader and llxFooter. 2013-04-15 15:43:25 +02:00			`/**`
			`* Footer empty`
			`*`
			`* @return void`
			`*/`
function declaration 2018-08-15 14:28:34 +02:00			`function llxFooter()`
			`{`
			`}`
Doxygen llxHeader and llxFooter. 2013-04-15 15:43:25 +02:00

Removed parenthesis from all require and replaced with single quotes 2012-08-22 23:24:21 +02:00			`require '../../main.inc.php';`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`$tag = GETPOST('tag');`
			`$securitykey = GETPOST('securitykey');`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
			`/*`
			`* Actions`
			`*/`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00
Fix: EOF 2013-06-05 16:24:32 +02:00			`dol_syslog("public/emailing/mailing-read.php : tag=".$tag." securitykey=".$securitykey, LOG_DEBUG);`

Fix: Check on correct security key 2013-04-14 20:59:16 +02:00			`if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY)`
			`{`
			`print 'Bad security key value.';`
			`exit;`
Fix: EOF 2013-06-05 16:24:32 +02:00			`}`
Qual: More log 2013-04-14 20:43:38 +02:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`if (!empty($tag))`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`{`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`$statut = '2';`
Fix: A better fix for escaping data: escape for database must be done during sql request forging. Also renamed tag to tag. Merge: Security fix emailing read and unsubscribe unsubscribe can lead to email disclosure Conflicts: htdocs/public/emailing/mailing-unsubscribe.php 2013-01-04 18:08:34 +01:00			`$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'";`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`dol_syslog("public/emailing/mailing-read.php : Mail read : ".$sql, LOG_DEBUG);`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`$resql = $db->query($sql);`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00
			`//Update status communication of thirdparty prospect`
FIX: Avoid changing the state to a thirdparty who shouldn't be contacted anymore 2015-11-02 11:50:14 +01:00			`$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE fk_stcomm != -1 AND rowid IN (SELECT source_id FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE tag='".$db->escape($tag)."' AND source_type='thirdparty' AND source_id is not null)";`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00			`dol_syslog("public/emailing/mailing-read.php : Mail read thirdparty : ".$sql, LOG_DEBUG);`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`$resql = $db->query($sql);`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-03-23 15:54:02 +01:00			`//Update status communication of contact prospect`
FIX: Avoid changing the state to a thirdparty who shouldn't be contacted anymore 2015-11-02 11:50:14 +01:00			`$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=3 WHERE fk_stcomm != -1 AND rowid IN (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."socpeople AS sc INNER JOIN ".MAIN_DB_PREFIX."mailing_cibles AS mc ON mc.tag = '".$db->escape($tag)."' AND mc.source_type = 'contact' AND mc.source_id = sc.rowid)";`
Module e-maillling : Correctif et evolution Accusé de lecture et desinscription 2012-04-04 14:45:48 +02:00			`dol_syslog("public/emailing/mailing-read.php : Mail read contact : ".$sql, LOG_DEBUG);`
Fix: Disable feature by default. Need option MAIN_SOCIETE_UNSUBSCRIBE to enable because feature is a security hole. 2012-04-05 21:02:00 +02:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-10 10:59:32 +02:00			`$resql = $db->query($sql);`
Emailing campaign- unsubcribe and use of md5 tag 2012-03-01 14:51:07 +01:00			`}`
Read Receipt in module emailing 2012-02-22 20:49:55 +01:00
			`$db->close();`