diff options
| author | rvelices <rv-github@modusoptimus.com> | 2013-11-07 21:02:52 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2013-11-07 21:02:52 +0000 |
| commit | 6caa1e5825d117e907d11561d187323ac1a5ac61 (patch) | |
| tree | 0f09284f38e27c4aefb4c6ee3626c6e1ffce706d | |
| parent | 401c08836472d6d0a452265da337d5cf21cece14 (diff) | |
post_only for ws admin write methods without token (avoid XSRF)
git-svn-id: http://piwigo.org/svn/trunk@25382 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | ws.php | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -787,7 +787,7 @@ function ws_addDefaultMethods( $arr ) ), '<b>Admin only.</b> Adds one or more users to a group.', $ws_functions_root . 'pwg.groups.php', - array('admin_only'=>true) + array('admin_only'=>true, 'post_only'=>true) ); $service->addMethod( @@ -930,7 +930,7 @@ function ws_addDefaultMethods( $arr ) ), '<b>Admin only.</b> Adds permissions to an album.', $ws_functions_root . 'pwg.permissions.php', - array('admin_only'=>true) + array('admin_only'=>true, 'post_only'=>true) ); $service->addMethod( |