merge r27810 from branch 2.6 to trunk

bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)



git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2014-03-17 22:20:28 +00:00
parent 61b4fd3bb2
commit b08c46f3c3
5 changed files with 47 additions and 2 deletions
+7
View File
@@ -772,6 +772,7 @@ function ws_addDefaultMethods( $arr )
'name' => array('flags'=>WS_PARAM_OPTIONAL),
'is_default' => array('flags'=>WS_PARAM_OPTIONAL,
'type'=>WS_TYPE_BOOL),
'pwg_token' => array(),
),
'Updates a group. Leave a field blank to keep the current value.',
$ws_functions_root . 'pwg.groups.php',
@@ -785,6 +786,7 @@ function ws_addDefaultMethods( $arr )
'group_id' => array('type'=>WS_TYPE_ID),
'user_id' => array('flags'=>WS_PARAM_FORCE_ARRAY,
'type'=>WS_TYPE_ID),
'pwg_token' => array(),
),
'Adds one or more users to a group.',
$ws_functions_root . 'pwg.groups.php',
@@ -798,6 +800,7 @@ function ws_addDefaultMethods( $arr )
'group_id' => array('type'=>WS_TYPE_ID),
'user_id' => array('flags'=>WS_PARAM_FORCE_ARRAY,
'type'=>WS_TYPE_ID),
'pwg_token' => array(),
),
'Removes one or more users from a group.',
$ws_functions_root . 'pwg.groups.php',
@@ -850,6 +853,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
'password_confirm' => array('flags'=>WS_PARAM_OPTIONAL),
'email' => array('default'=>null),
'send_password_by_mail' => array('default'=>false, 'type'=>WS_TYPE_BOOL),
'pwg_token' => array(),
),
'Registers a new user.',
$ws_functions_root . 'pwg.users.php',
@@ -899,6 +903,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
'type'=>WS_TYPE_BOOL),
'enabled_high' => array('flags'=>WS_PARAM_OPTIONAL,
'type'=>WS_TYPE_BOOL),
'pwg_token' => array(),
),
'Updates a user. Leave a field blank to keep the current value.
<br>"username", "password" and "email" are ignored if "user_id" is an array.
@@ -936,6 +941,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
'type'=>WS_TYPE_ID),
'recursive' => array('default'=>false,
'type'=>WS_TYPE_BOOL),
'pwg_token' => array(),
),
'Adds permissions to an album.',
$ws_functions_root . 'pwg.permissions.php',
@@ -952,6 +958,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
'type'=>WS_TYPE_ID),
'user_id' => array('flags'=>WS_PARAM_FORCE_ARRAY|WS_PARAM_OPTIONAL,
'type'=>WS_TYPE_ID),
'pwg_token' => array(),
),
'Removes permissions from an album.',
$ws_functions_root . 'pwg.permissions.php',