diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/config_default.inc.php | 2 | ||||
| -rw-r--r-- | include/ws_functions.inc.php | 10 |
2 files changed, 9 insertions, 3 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 6fd1b0b26..3c3d0e7e0 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -605,7 +605,7 @@ $conf['allow_web_services'] = true; // Maximum number of images to be returned foreach call to the web service $conf['ws_max_images_per_page'] = 500; -// On Access control false +// On Access control false / Admim Web Service need Php cURL extension // Controls are done on public basis or // if connected on member authorization basis $conf['ws_access_control'] = false; diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index c68d5d195..e19966673 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -59,8 +59,10 @@ SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." return new PwgError(403, 'Partner id does not exist or is expired'); } if ( !empty($row['request']) - and strpos($methodName, $row['request'])==false ) - { + and strpos($methodName, $row['request'])==false + and strpos($methodName, 'session')==false + and strpos($methodName, 'getVersion')==false ) + { // session and getVersion are allowed to diagnose any failure reason return new PwgError(403, 'Method not allowed'); } @@ -114,6 +116,10 @@ $result = pwg_query($query); // 3 cases: list, cat or tag // Behind / we could found img-ids, cat-ids or tag-ids $target = $row['access']; + if ( $target == '') + { + return '1=1'; // No controls are requested + } list($type, $str_ids) = explode('/',$target); // Find type list // (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, |