merge r27810 from branch 2.6 to trunk

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6 (pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add, pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove) git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
author: plegall <plg@piwigo.org> 2014-03-17 22:20:28 +0000
committer: plegall <plg@piwigo.org> 2014-03-17 22:20:28 +0000
commit: b08c46f3c3428fa5ffe50c15367ecefd46f65b6f (patch)
tree: e62e0b80e68a6955ede42dd72d5793d1fddaef9a /ws.php
parent: 61b4fd3bb26b79a1e22a8cf62680b9d28b73cf73 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ws.php b/ws.php
index fe81decf3..c5829671b 100644
--- a/ws.php
+++ b/ws.php
@@ -772,6 +772,7 @@ function ws_addDefaultMethods( $arr )
         'name' =>       array('flags'=>WS_PARAM_OPTIONAL),
         'is_default' => array('flags'=>WS_PARAM_OPTIONAL,
                               'type'=>WS_TYPE_BOOL),
+        'pwg_token' => array(),
         ),
       'Updates a group. Leave a field blank to keep the current value.',
       $ws_functions_root . 'pwg.groups.php',
@@ -785,6 +786,7 @@ function ws_addDefaultMethods( $arr )
         'group_id' => array('type'=>WS_TYPE_ID),
         'user_id' =>  array('flags'=>WS_PARAM_FORCE_ARRAY,
                             'type'=>WS_TYPE_ID),
+        'pwg_token' => array(),
         ),
       'Adds one or more users to a group.',
       $ws_functions_root . 'pwg.groups.php',
@@ -798,6 +800,7 @@ function ws_addDefaultMethods( $arr )
         'group_id' => array('type'=>WS_TYPE_ID),
         'user_id' =>  array('flags'=>WS_PARAM_FORCE_ARRAY,
                             'type'=>WS_TYPE_ID),
+        'pwg_token' => array(),
         ),
       'Removes one or more users from a group.',
       $ws_functions_root . 'pwg.groups.php',
@@ -850,6 +853,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
         'password_confirm' => array('flags'=>WS_PARAM_OPTIONAL),
         'email' =>    array('default'=>null),
         'send_password_by_mail' => array('default'=>false, 'type'=>WS_TYPE_BOOL),
+        'pwg_token' => array(),
         ),
       'Registers a new user.',
       $ws_functions_root . 'pwg.users.php',
@@ -899,6 +903,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
                                     'type'=>WS_TYPE_BOOL),
         'enabled_high' =>     array('flags'=>WS_PARAM_OPTIONAL,
                                     'type'=>WS_TYPE_BOOL),
+        'pwg_token' => array(),
         ),
       'Updates a user. Leave a field blank to keep the current value.
 <br>"username", "password" and "email" are ignored if "user_id" is an array.
@@ -936,6 +941,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
                               'type'=>WS_TYPE_ID),
         'recursive' =>  array('default'=>false,
                               'type'=>WS_TYPE_BOOL),
+        'pwg_token' => array(),
         ),
       'Adds permissions to an album.',
       $ws_functions_root . 'pwg.permissions.php',
@@ -952,6 +958,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
                             'type'=>WS_TYPE_ID),
         'user_id' =>  array('flags'=>WS_PARAM_FORCE_ARRAY|WS_PARAM_OPTIONAL,
                             'type'=>WS_TYPE_ID),
+        'pwg_token' => array(),
         ),
       'Removes permissions from an album.',
       $ws_functions_root . 'pwg.permissions.php',
author	plegall <plg@piwigo.org>	2014-03-17 22:20:28 +0000
committer	plegall <plg@piwigo.org>	2014-03-17 22:20:28 +0000
commit	b08c46f3c3428fa5ffe50c15367ecefd46f65b6f (patch)
tree	e62e0b80e68a6955ede42dd72d5793d1fddaef9a /ws.php
parent	61b4fd3bb26b79a1e22a8cf62680b9d28b73cf73 (diff)