aboutsummaryrefslogtreecommitdiffstats
path: root/include/ws_functions/pwg.groups.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2014-03-17 22:20:28 +0000
committerplegall <plg@piwigo.org>2014-03-17 22:20:28 +0000
commitb08c46f3c3428fa5ffe50c15367ecefd46f65b6f (patch)
treee62e0b80e68a6955ede42dd72d5793d1fddaef9a /include/ws_functions/pwg.groups.php
parent61b4fd3bb26b79a1e22a8cf62680b9d28b73cf73 (diff)
merge r27810 from branch 2.6 to trunk
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6 (pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add, pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove) git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/ws_functions/pwg.groups.php15
1 files changed, 15 insertions, 0 deletions
diff --git a/include/ws_functions/pwg.groups.php b/include/ws_functions/pwg.groups.php
index 773623eaf..67d5c843c 100644
--- a/include/ws_functions/pwg.groups.php
+++ b/include/ws_functions/pwg.groups.php
@@ -165,6 +165,11 @@ DELETE
*/
function ws_groups_setInfo($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
$updates = array();
// does the group exist ?
@@ -221,6 +226,11 @@ SELECT COUNT(*)
*/
function ws_groups_addUser($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
// does the group exist ?
$query = '
SELECT COUNT(*)
@@ -264,6 +274,11 @@ SELECT COUNT(*)
*/
function ws_groups_deleteUser($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
// does the group exist ?
$query = '
SELECT COUNT(*)