Context Navigation

← Previous Change
Next Change →

pwg.users.php

Timestamp:

Mar 17, 2014, 11:16:47 PM (10 years ago)

Author:

plg

Message:

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)

File:

: 1 edited

branches/2.6/include/ws_functions/pwg.users.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/2.6/include/ws_functions/pwg.users.php

-                      r27715
+                      r27810
 function ws_users_add($params, &$service)
+{
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
   global $conf;
 …
 function ws_users_setInfo($params, &$service)
+{
+  if (get_pwg_token() != $params['pwg_token'])
+  {
+    return new PwgError(403, 'Invalid security token');
+  }
   global $conf, $user;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 27810 for branches/2.6/include/ws_functions/pwg.users.php

Legend:

branches/2.6/include/ws_functions/pwg.users.php

Download in other formats: