Changeset 27810
- Timestamp:
- Mar 17, 2014, 11:16:47 PM (10 years ago)
- Location:
- branches/2.6
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.6/admin/themes/default/template/user_list.tpl
r26270 r27810 57 57 url: "ws.php?format=json&method=pwg.users.add", 58 58 type:"POST", 59 data: jQuery(this).serialize() ,59 data: jQuery(this).serialize()+"&pwg_token="+pwg_token, 60 60 beforeSend: function() { 61 61 jQuery("#addUserForm .errors").hide(); … … 346 346 type:"POST", 347 347 data: { 348 pwg_token:pwg_token, 348 349 user_id:userId, 349 350 password: jQuery('#user'+userId+' .changePassword input[type=text]').val() … … 397 398 type:"POST", 398 399 data: { 400 pwg_token:pwg_token, 399 401 user_id:userId, 400 402 username: jQuery('#user'+userId+' .changeUsername input[type=text]').val() … … 468 470 469 471 var formData = jQuery('#user'+userId+' form').serialize(); 472 formData += '&pwg_token='+pwg_token; 470 473 471 474 if (jQuery('#user'+userId+' form select[name="group_id[]"] option:selected').length == 0) { … … 709 712 var method = 'pwg.users.setInfo'; 710 713 var data = { 714 pwg_token: pwg_token, 711 715 user_id: selection 712 716 }; … … 719 723 } 720 724 method = 'pwg.users.delete'; 721 data.pwg_token = pwg_token;722 725 break; 723 726 case 'group_associate': -
branches/2.6/include/ws_functions/pwg.groups.php
r26461 r27810 166 166 function ws_groups_setInfo($params, &$service) 167 167 { 168 if (get_pwg_token() != $params['pwg_token']) 169 { 170 return new PwgError(403, 'Invalid security token'); 171 } 172 168 173 $updates = array(); 169 174 … … 222 227 function ws_groups_addUser($params, &$service) 223 228 { 229 if (get_pwg_token() != $params['pwg_token']) 230 { 231 return new PwgError(403, 'Invalid security token'); 232 } 233 224 234 // does the group exist ? 225 235 $query = ' … … 265 275 function ws_groups_deleteUser($params, &$service) 266 276 { 277 if (get_pwg_token() != $params['pwg_token']) 278 { 279 return new PwgError(403, 'Invalid security token'); 280 } 281 267 282 // does the group exist ? 268 283 $query = ' -
branches/2.6/include/ws_functions/pwg.permissions.php
r26461 r27810 147 147 function ws_permissions_add($params, &$service) 148 148 { 149 if (get_pwg_token() != $params['pwg_token']) 150 { 151 return new PwgError(403, 'Invalid security token'); 152 } 153 149 154 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 150 155 … … 204 209 function ws_permissions_remove($params, &$service) 205 210 { 211 if (get_pwg_token() != $params['pwg_token']) 212 { 213 return new PwgError(403, 'Invalid security token'); 214 } 215 206 216 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 207 217 -
branches/2.6/include/ws_functions/pwg.users.php
r27715 r27810 276 276 function ws_users_add($params, &$service) 277 277 { 278 if (get_pwg_token() != $params['pwg_token']) 279 { 280 return new PwgError(403, 'Invalid security token'); 281 } 282 278 283 global $conf; 279 284 … … 364 369 function ws_users_setInfo($params, &$service) 365 370 { 371 if (get_pwg_token() != $params['pwg_token']) 372 { 373 return new PwgError(403, 'Invalid security token'); 374 } 375 366 376 global $conf, $user; 367 377 -
branches/2.6/ws.php
r26838 r27810 773 773 'is_default' => array('flags'=>WS_PARAM_OPTIONAL, 774 774 'type'=>WS_TYPE_BOOL), 775 'pwg_token' => array(), 775 776 ), 776 777 'Updates a group. Leave a field blank to keep the current value.', … … 786 787 'user_id' => array('flags'=>WS_PARAM_FORCE_ARRAY, 787 788 'type'=>WS_TYPE_ID), 789 'pwg_token' => array(), 788 790 ), 789 791 'Adds one or more users to a group.', … … 799 801 'user_id' => array('flags'=>WS_PARAM_FORCE_ARRAY, 800 802 'type'=>WS_TYPE_ID), 803 'pwg_token' => array(), 801 804 ), 802 805 'Removes one or more users from a group.', … … 851 854 'email' => array('default'=>null), 852 855 'send_password_by_mail' => array('default'=>false, 'type'=>WS_TYPE_BOOL), 856 'pwg_token' => array(), 853 857 ), 854 858 'Registers a new user.', … … 900 904 'enabled_high' => array('flags'=>WS_PARAM_OPTIONAL, 901 905 'type'=>WS_TYPE_BOOL), 906 'pwg_token' => array(), 902 907 ), 903 908 'Updates a user. Leave a field blank to keep the current value. … … 937 942 'recursive' => array('default'=>false, 938 943 'type'=>WS_TYPE_BOOL), 944 'pwg_token' => array(), 939 945 ), 940 946 'Adds permissions to an album.', … … 953 959 'user_id' => array('flags'=>WS_PARAM_FORCE_ARRAY|WS_PARAM_OPTIONAL, 954 960 'type'=>WS_TYPE_ID), 961 'pwg_token' => array(), 955 962 ), 956 963 'Removes permissions from an album.',
Note: See TracChangeset
for help on using the changeset viewer.