mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-06 01:42:29 +02:00
merge r27810 from branch 2.6 to trunk
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6 (pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add, pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove) git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
@@ -146,6 +146,11 @@ SELECT group_id, cat_id
|
||||
*/
|
||||
function ws_permissions_add($params, &$service)
|
||||
{
|
||||
if (get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
return new PwgError(403, 'Invalid security token');
|
||||
}
|
||||
|
||||
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
||||
|
||||
if (!empty($params['group_id']))
|
||||
@@ -203,6 +208,11 @@ SELECT id
|
||||
*/
|
||||
function ws_permissions_remove($params, &$service)
|
||||
{
|
||||
if (get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
return new PwgError(403, 'Invalid security token');
|
||||
}
|
||||
|
||||
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
||||
|
||||
$cat_ids = get_subcat_ids($params['cat_id']);
|
||||
|
||||
Reference in New Issue
Block a user