aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/ws_functions/pwg.groups.php15
-rw-r--r--include/ws_functions/pwg.permissions.php10
-rw-r--r--include/ws_functions/pwg.users.php10
3 files changed, 35 insertions, 0 deletions
diff --git a/include/ws_functions/pwg.groups.php b/include/ws_functions/pwg.groups.php
index 773623eaf..67d5c843c 100644
--- a/include/ws_functions/pwg.groups.php
+++ b/include/ws_functions/pwg.groups.php
@@ -165,6 +165,11 @@ DELETE
*/
function ws_groups_setInfo($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
$updates = array();
// does the group exist ?
@@ -221,6 +226,11 @@ SELECT COUNT(*)
*/
function ws_groups_addUser($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
// does the group exist ?
$query = '
SELECT COUNT(*)
@@ -264,6 +274,11 @@ SELECT COUNT(*)
*/
function ws_groups_deleteUser($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
// does the group exist ?
$query = '
SELECT COUNT(*)
diff --git a/include/ws_functions/pwg.permissions.php b/include/ws_functions/pwg.permissions.php
index 936999ab8..990404da3 100644
--- a/include/ws_functions/pwg.permissions.php
+++ b/include/ws_functions/pwg.permissions.php
@@ -146,6 +146,11 @@ SELECT group_id, cat_id
*/
function ws_permissions_add($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
if (!empty($params['group_id']))
@@ -203,6 +208,11 @@ SELECT id
*/
function ws_permissions_remove($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
$cat_ids = get_subcat_ids($params['cat_id']);
diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php
index 345d8f661..d3c676df1 100644
--- a/include/ws_functions/pwg.users.php
+++ b/include/ws_functions/pwg.users.php
@@ -275,6 +275,11 @@ SELECT
*/
function ws_users_add($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
global $conf;
if ($conf['double_password_type_in_admin'])
@@ -363,6 +368,11 @@ function ws_users_delete($params, &$service)
*/
function ws_users_setInfo($params, &$service)
{
+ if (get_pwg_token() != $params['pwg_token'])
+ {
+ return new PwgError(403, 'Invalid security token');
+ }
+
global $conf, $user;
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');