mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-05-07 16:55:51 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge r27810 from branch 2.6 to trunk

Browse source 
bug 3055: add security pwg_token on API methods introduced in Piwigo 2.6
(pwg.groups.addUser, pwg.groups.deleteUser, pwg.groups.setInfo, pwg.users.add,
pwg.users.setInfo, pwg.permissions.add, pwg.permissions.remove)



git-svn-id: http://piwigo.org/svn/trunk@27811 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2014-03-17 22:20:28 +00:00
parent 61b4fd3bb2
commit b08c46f3c3
5 changed files with 47 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

15
include/ws_functions/pwg.groups.php
View file

@ -165,6 +165,11 @@ DELETE
*/
function ws_groups_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
$updates = array();
// does the group exist ?
@ -221,6 +226,11 @@ SELECT COUNT(*)
*/
function ws_groups_addUser($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
// does the group exist ?
$query = '
SELECT COUNT(*)
@ -264,6 +274,11 @@ SELECT COUNT(*)
*/
function ws_groups_deleteUser($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
// does the group exist ?
$query = '
SELECT COUNT(*)

10
include/ws_functions/pwg.permissions.php
View file

@ -146,6 +146,11 @@ SELECT group_id, cat_id
*/
function ws_permissions_add($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
if (!empty($params['group_id']))
@ -203,6 +208,11 @@ SELECT id
*/
function ws_permissions_remove($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
$cat_ids = get_subcat_ids($params['cat_id']);

10
include/ws_functions/pwg.users.php
View file

@ -275,6 +275,11 @@ SELECT
*/
function ws_users_add($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
global $conf;
if ($conf['double_password_type_in_admin'])
@ -363,6 +368,11 @@ function ws_users_delete($params, &$service)
*/
function ws_users_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token'])
{
return new PwgError(403, 'Invalid security token');
}
global $conf, $user;
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');