Changeset 25382


Ignore:
Timestamp:
11/07/13 22:02:52 (6 years ago)
Author:
rvelices
Message:

post_only for ws admin write methods without token (avoid XSRF)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/ws.php

    r25281 r25382  
    788788      '<b>Admin only.</b> Adds one or more users to a group.', 
    789789      $ws_functions_root . 'pwg.groups.php', 
    790       array('admin_only'=>true) 
     790      array('admin_only'=>true, 'post_only'=>true) 
    791791    ); 
    792792 
     
    931931      '<b>Admin only.</b> Adds permissions to an album.', 
    932932      $ws_functions_root . 'pwg.permissions.php', 
    933       array('admin_only'=>true) 
     933      array('admin_only'=>true, 'post_only'=>true) 
    934934    ); 
    935935     
Note: See TracChangeset for help on using the changeset viewer.