Changeset 25382


Ignore:
Timestamp:
Nov 7, 2013, 10:02:52 PM (10 years ago)
Author:
rvelices
Message:

post_only for ws admin write methods without token (avoid XSRF)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/ws.php

    r25281 r25382  
    788788      '<b>Admin only.</b> Adds one or more users to a group.',
    789789      $ws_functions_root . 'pwg.groups.php',
    790       array('admin_only'=>true)
     790      array('admin_only'=>true, 'post_only'=>true)
    791791    );
    792792
     
    931931      '<b>Admin only.</b> Adds permissions to an album.',
    932932      $ws_functions_root . 'pwg.permissions.php',
    933       array('admin_only'=>true)
     933      array('admin_only'=>true, 'post_only'=>true)
    934934    );
    935935   
Note: See TracChangeset for help on using the changeset viewer.