Ignore:
Timestamp:
Mar 17, 2014, 11:16:47 PM (7 years ago)
Author:
plg
Message:

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.6/include/ws_functions/pwg.groups.php

    r26461 r27810  
    166166function ws_groups_setInfo($params, &$service)
    167167{
     168  if (get_pwg_token() != $params['pwg_token'])
     169  {
     170    return new PwgError(403, 'Invalid security token');
     171  }
     172
    168173  $updates = array();
    169174
     
    222227function ws_groups_addUser($params, &$service)
    223228{
     229  if (get_pwg_token() != $params['pwg_token'])
     230  {
     231    return new PwgError(403, 'Invalid security token');
     232  }
     233
    224234  // does the group exist ?
    225235  $query = '
     
    265275function ws_groups_deleteUser($params, &$service)
    266276{
     277  if (get_pwg_token() != $params['pwg_token'])
     278  {
     279    return new PwgError(403, 'Invalid security token');
     280  }
     281
    267282  // does the group exist ?
    268283  $query = '
Note: See TracChangeset for help on using the changeset viewer.