MantisBT - Piwigo
View Issue Details
0003055Piwigosecuritypublic2014.03.17 23:152014.03.18 23:20
plg 
plg 
normalmajorN/A
closedfixed 
2.6.0 
2.6.22.6.2 
any
Apache 1.3.x
0003055: CSRF, increase security on 2.6 new API methods
* pwg.groups.addUser
* pwg.groups.deleteUser
* pwg.groups.setInfo
* pwg.users.add
* pwg.users.setInfo
* pwg.permissions.add
* pwg.permissions.remove

Add pwg_token
No tags attached.
Issue History
2014.03.17 23:15plgNew Issue
2014.03.17 23:15plgStatusnew => assigned
2014.03.17 23:15plgAssigned To => plg
2014.03.17 23:15plgbrowser => any
2014.03.17 23:15plgWeb server => Apache 1.3.x
2014.03.17 23:16svnCheckin
2014.03.17 23:16svnNote Added: 0007370
2014.03.17 23:20svnCheckin
2014.03.17 23:20svnNote Added: 0007371
2014.03.18 23:20plgStatusassigned => closed
2014.03.18 23:20plgResolutionopen => fixed
2014.03.18 23:20plgFixed in Version => 2.6.2

Notes
(0007370)
svn   
2014.03.17 23:16   
[Subversion] r27810 by plg on branch 2.6

-----[Subversion commit log]----------------------------------------------------
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)
(0007371)
svn   
2014.03.17 23:20   
[Subversion] r27811 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r27810 from branch 2.6 to trunk

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)