adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

merge r27810 from branch 2.6 to trunk

Browse Source 
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)



git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2014-03-17 22:20:28 +00:00
parent 61b4fd3bb2
commit b08c46f3c3
5 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/themes/default/template/user_list.tpl
+5 -2
View File
@@ -56,7 +56,7 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: "ws.php?format=json&method=pwg.users.add",
type:"POST",
data: jQuery(this).serialize(),
data: jQuery(this).serialize()+"&pwg_token="+pwg_token,
beforeSend: function() {
jQuery("#addUserForm .errors").hide();
@@ -345,6 +345,7 @@ jQuery(document).ready(function() {
url: "ws.php?format=json&method=pwg.users.setInfo",
type:"POST",
data: {
pwg_token:pwg_token,
user_id:userId,
password: jQuery('#user'+userId+' .changePassword input[type=text]').val()
},
@@ -396,6 +397,7 @@ jQuery(document).ready(function() {
url: "ws.php?format=json&method=pwg.users.setInfo",
type:"POST",
data: {
pwg_token:pwg_token,
user_id:userId,
username: jQuery('#user'+userId+' .changeUsername input[type=text]').val()
},
@@ -467,6 +469,7 @@ jQuery(document).ready(function() {
var userId = jQuery(this).data('user_id');
var formData = jQuery('#user'+userId+' form').serialize();
formData += '&pwg_token='+pwg_token;
if (jQuery('#user'+userId+' form select[name="group_id[]"] option:selected').length == 0) {
formData += '&group_id=-1';
@@ -708,6 +711,7 @@ jQuery(document).ready(function() {
var action = jQuery("select[name=selectAction]").prop("value");
var method = 'pwg.users.setInfo';
var data = {
pwg_token: pwg_token,
user_id: selection
};
@@ -718,7 +722,6 @@ jQuery(document).ready(function() {
return false;
}
method = 'pwg.users.delete';
data.pwg_token = pwg_token;
break;
case 'group_associate':
method = 'pwg.groups.addUser';