From 6caa1e5825d117e907d11561d187323ac1a5ac61 Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Thu, 7 Nov 2013 21:02:52 +0000
Subject: post_only for ws admin write methods without token (avoid XSRF)

git-svn-id: http://piwigo.org/svn/trunk@25382 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 ws.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ws.php')

diff --git a/ws.php b/ws.php
index 73fcc0bce..434091687 100644
--- a/ws.php
+++ b/ws.php
@@ -787,7 +787,7 @@ function ws_addDefaultMethods( $arr )
         ),
       '<b>Admin only.</b> Adds one or more users to a group.',
       $ws_functions_root . 'pwg.groups.php',
-      array('admin_only'=>true)
+      array('admin_only'=>true, 'post_only'=>true)
     );
 
   $service->addMethod(
@@ -930,7 +930,7 @@ function ws_addDefaultMethods( $arr )
         ),
       '<b>Admin only.</b> Adds permissions to an album.',
       $ws_functions_root . 'pwg.permissions.php',
-      array('admin_only'=>true)
+      array('admin_only'=>true, 'post_only'=>true)
     );
     
   $service->addMethod(
-- 
cgit v1.2.3