Changeset 27811 for trunk/include/ws_functions/pwg.groups.php

Timestamp:

Mar 17, 2014, 11:20:28 PM (10 years ago)

Author:

plg

Message:

merge r27810 from branch 2.6 to trunk

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)

File:

• trunk/include/ws_functions/pwg.groups.php (modified) (3 diffs)

trunk/include/ws_functions/pwg.groups.php

@@ -166 +166 @@
 function ws_groups_setInfo($params, &$service)
 {
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
+
   $updates = array();
 
@@ -222 +227 @@
 function ws_groups_addUser($params, &$service)
 {
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
+
   // does the group exist ?
   $query = '
@@ -265 +275 @@
 function ws_groups_deleteUser($params, &$service)
 {
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
+
   // does the group exist ?
   $query = '