Ignore:
Timestamp:
03/17/14 23:16:47 (5 years ago)
Author:
plg
Message:

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.6/include/ws_functions/pwg.users.php

    r27715 r27810  
    276276function ws_users_add($params, &$service) 
    277277{ 
     278  if (get_pwg_token() != $params['pwg_token']) 
     279  { 
     280    return new PwgError(403, 'Invalid security token'); 
     281  } 
     282   
    278283  global $conf; 
    279284 
     
    364369function ws_users_setInfo($params, &$service) 
    365370{ 
     371  if (get_pwg_token() != $params['pwg_token']) 
     372  { 
     373    return new PwgError(403, 'Invalid security token'); 
     374  } 
     375 
    366376  global $conf, $user; 
    367377 
Note: See TracChangeset for help on using the changeset viewer.