aboutsummaryrefslogtreecommitdiffstats
path: root/include/ws_functions/pwg.users.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2014-03-17 22:16:47 +0000
committerplegall <plg@piwigo.org>2014-03-17 22:16:47 +0000
commit8c8591ccb0ca20940d4d41ec05a09b25ddaabb00 (patch)
tree79ec98b8936b93ab010982d726a46bdb90b6ae6b /include/ws_functions/pwg.users.php
parent1dd79b4bac79ba8bd9ae68b20870e60ec62fabf2 (diff)
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add, pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove) git-svn-id: http://piwigo.org/svn/branches/2.6@27810 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/ws_functions/pwg.users.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index 345d8f661..d3c676df1 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -275,6 +275,11 @@ SELECT
*/
function ws_users_add($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
global $conf;
if ($conf['double_password_type_in_admin'])
@@ -363,6 +368,11 @@ function ws_users_delete($params, &$service)
*/
function ws_users_setInfo($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
global $conf, $user;
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');