diff --git a/htdocs/langs/en_US/mails.lang b/htdocs/langs/en_US/mails.lang
index f52dea49651..bced2db57e5 100644
--- a/htdocs/langs/en_US/mails.lang
+++ b/htdocs/langs/en_US/mails.lang
@@ -77,7 +77,7 @@ MailingStatusRead=Read
CheckRead=Read Receipt
YourMailUnsubcribeOK=The email %s is correctly unsubcribe from mailing list
MailtoEMail=Hyper link to email
-ActivateCheckRead=Allow to use the "Read receipt" tracker and the "Unsubcribe" link
+ActivateCheckRead=Allow to use the "Unsubcribe" link
ActivateCheckReadKey=Key use to encrypt URL use for "Read Receipt" and "Unsubcribe" feature
EMailSentToNRecipients=EMail sent to %s recipients.
diff --git a/htdocs/langs/fr_FR/mails.lang b/htdocs/langs/fr_FR/mails.lang
index a94aa8ff149..cb5be2cdabe 100644
--- a/htdocs/langs/fr_FR/mails.lang
+++ b/htdocs/langs/fr_FR/mails.lang
@@ -77,7 +77,7 @@ MailingStatusRead=Lu
CheckRead=Accusé de lecture
YourMailUnsubcribeOK=L'adresse e-mail %s est bien désinscrite de la liste.
MailtoEMail=Ecrire un e-mail (lien)
-ActivateCheckRead=Permettre l'utilisation du tracker d'accusé de lecture et du lien de désinscription
+ActivateCheckRead=Permettre l'utilisation du tracker d'accusé du lien de désinscription
ActivateCheckReadKey=Clef de sécurité permettant l'encryption des URL utilisées dans les fonctions d'accusé de lecture et de désinscription
EMailSentToNRecipients=EMail envoyé à %s destinataires.
diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php
index b152fdb69d3..dc80b96c5e5 100644
--- a/htdocs/public/emailing/mailing-read.php
+++ b/htdocs/public/emailing/mailing-read.php
@@ -31,15 +31,17 @@ define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
require '../../main.inc.php';
$tag=GETPOST('tag');
+$securitykey=GETPOST('securitykey');
-if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled');
+//if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled');
+if ($securitykey != $conf->global->MAILING_EMAIL_UNSUBSCRIBE) accessforbidden('Bad security key value.');
/*
* Actions
*/
-if ($tag!='')
+if (! empty($tag))
{
$statut='2';
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$db->escape($tag)."'";
diff --git a/scripts/emailings/mailing-send.php b/scripts/emailings/mailing-send.php
index 3ff70ceb4ae..1c929dec212 100755
--- a/scripts/emailings/mailing-send.php
+++ b/scripts/emailings/mailing-send.php
@@ -2,7 +2,7 @@
- * Copyright (C) 2005-2011 Laurent Destailleur
+ * Copyright (C) 2005-2013 Laurent Destailleur
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -135,8 +135,8 @@ if ($resql)
$substitutionarray=array(
'__ID__' => $obj->source_id,
'__EMAIL__' => $obj->email,
- '__CHECK_READ__' => '
',
- '__UNSUBSCRIBE__' => ''.$langs->trans("MailUnsubcribe").'',
+ '__CHECK_READ__' => '.')
',
+ '__UNSUBSCRIBE__' => ''.$langs->trans("MailUnsubcribe").'',
'__MAILTOEMAIL__' => ''.$obj2->email.'',
'__LASTNAME__' => $obj2->lastname,
'__FIRSTNAME__' => $obj2->firstname,