Ignore:
Timestamp:
Mar 17, 2014, 11:16:47 PM (10 years ago)
Author:
plg
Message:

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)

Location:
branches/2.6/include/ws_functions
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • branches/2.6/include/ws_functions/pwg.groups.php

    r26461 r27810  
    166166function ws_groups_setInfo($params, &$service)
    167167{
     168  if (get_pwg_token() != $params['pwg_token'])
     169  {
     170    return new PwgError(403, 'Invalid security token');
     171  }
     172
    168173  $updates = array();
    169174
     
    222227function ws_groups_addUser($params, &$service)
    223228{
     229  if (get_pwg_token() != $params['pwg_token'])
     230  {
     231    return new PwgError(403, 'Invalid security token');
     232  }
     233
    224234  // does the group exist ?
    225235  $query = '
     
    265275function ws_groups_deleteUser($params, &$service)
    266276{
     277  if (get_pwg_token() != $params['pwg_token'])
     278  {
     279    return new PwgError(403, 'Invalid security token');
     280  }
     281
    267282  // does the group exist ?
    268283  $query = '

  • branches/2.6/include/ws_functions/pwg.permissions.php

    r26461 r27810  
    147147function ws_permissions_add($params, &$service)
    148148{
     149  if (get_pwg_token() != $params['pwg_token'])
     150  {
     151    return new PwgError(403, 'Invalid security token');
     152  }
     153
    149154  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    150155
     
    204209function ws_permissions_remove($params, &$service)
    205210{
     211  if (get_pwg_token() != $params['pwg_token'])
     212  {
     213    return new PwgError(403, 'Invalid security token');
     214  }
     215
    206216  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    207217

  • branches/2.6/include/ws_functions/pwg.users.php

    r27715 r27810  
    276276function ws_users_add($params, &$service)
    277277{
     278  if (get_pwg_token() != $params['pwg_token'])
     279  {
     280    return new PwgError(403, 'Invalid security token');
     281  }
     282 
    278283  global $conf;
    279284
     
    364369function ws_users_setInfo($params, &$service)
    365370{
     371  if (get_pwg_token() != $params['pwg_token'])
     372  {
     373    return new PwgError(403, 'Invalid security token');
     374  }
     375
    366376  global $conf, $user;
    367377
Note: See TracChangeset for help on using the changeset viewer.