diff options
Diffstat (limited to '')
-rw-r--r-- | include/ws_functions/pwg.groups.php | 15 | ||||
-rw-r--r-- | include/ws_functions/pwg.permissions.php | 10 | ||||
-rw-r--r-- | include/ws_functions/pwg.users.php | 10 |
3 files changed, 35 insertions, 0 deletions
diff --git a/include/ws_functions/pwg.groups.php b/include/ws_functions/pwg.groups.php index 773623eaf..67d5c843c 100644 --- a/include/ws_functions/pwg.groups.php +++ b/include/ws_functions/pwg.groups.php @@ -165,6 +165,11 @@ DELETE */ function ws_groups_setInfo($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + $updates = array(); // does the group exist ? @@ -221,6 +226,11 @@ SELECT COUNT(*) */ function ws_groups_addUser($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + // does the group exist ? $query = ' SELECT COUNT(*) @@ -264,6 +274,11 @@ SELECT COUNT(*) */ function ws_groups_deleteUser($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + // does the group exist ? $query = ' SELECT COUNT(*) diff --git a/include/ws_functions/pwg.permissions.php b/include/ws_functions/pwg.permissions.php index 936999ab8..990404da3 100644 --- a/include/ws_functions/pwg.permissions.php +++ b/include/ws_functions/pwg.permissions.php @@ -146,6 +146,11 @@ SELECT group_id, cat_id */ function ws_permissions_add($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); if (!empty($params['group_id'])) @@ -203,6 +208,11 @@ SELECT id */ function ws_permissions_remove($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); $cat_ids = get_subcat_ids($params['cat_id']); diff --git a/include/ws_functions/pwg.users.php b/include/ws_functions/pwg.users.php index 345d8f661..d3c676df1 100644 --- a/include/ws_functions/pwg.users.php +++ b/include/ws_functions/pwg.users.php @@ -275,6 +275,11 @@ SELECT */ function ws_users_add($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + global $conf; if ($conf['double_password_type_in_admin']) @@ -363,6 +368,11 @@ function ws_users_delete($params, &$service) */ function ws_users_setInfo($params, &$service) { + if (get_pwg_token() != $params['pwg_token']) + { + return new PwgError(403, 'Invalid security token'); + } + global $conf, $user; include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |