diff options
author | plegall <plg@piwigo.org> | 2014-03-17 22:20:28 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-03-17 22:20:28 +0000 |
commit | b08c46f3c3428fa5ffe50c15367ecefd46f65b6f (patch) | |
tree | e62e0b80e68a6955ede42dd72d5793d1fddaef9a /include/ws_functions/pwg.permissions.php | |
parent | 61b4fd3bb26b79a1e22a8cf62680b9d28b73cf73 (diff) |
merge r27810 from branch 2.6 to trunk
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)
git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/ws_functions/pwg.permissions.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/ws_functions/pwg.permissions.php b/include/ws_functions/pwg.permissions.php index 936999ab8..990404da3 100644 --- a/include/ws_functions/pwg.permissions.php +++ b/include/ws_functions/pwg.permissions.php @@ -146,6 +146,11 @@ SELECT group_id, cat_id */ function ws_permissions_add($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); if (!empty($params['group_id'])) @@ -203,6 +208,11 @@ SELECT id */ function ws_permissions_remove($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); $cat_ids = get_subcat_ids($params['cat_id']); |