CSRF checks

diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php
index 523c3d2078b66dacca21860bd0b346380c3b3215..e1dccb7d0fad7099d27b0c99b376e0c65a58f457 100644 (file)
--- a/apps/files_sharing/ajax/email.php
+++ b/apps/files_sharing/ajax/email.php
@@ -1,6 +1,8 @@
 <?php
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('files_sharing');
+OCP\JSON::callCheck();
+
 $user = OCP\USER::getUser();
 // TODO translations
 $type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';

diff --git a/apps/files_sharing/ajax/setpermissions.php b/apps/files_sharing/ajax/setpermissions.php
index 4d19cd40f2d4fd5ee07d72f26eff2bf7816c8e6a..31b7a3878ef2fa7830c4bbcf5568bdcd7a9ba024 100644 (file)
--- a/apps/files_sharing/ajax/setpermissions.php
+++ b/apps/files_sharing/ajax/setpermissions.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
 $uid_shared_with = $_POST['uid_shared_with'];

diff --git a/apps/files_sharing/ajax/share.php b/apps/files_sharing/ajax/share.php
index 1ee8c3f791a6d214be1d358168f2cbb2ac003f97..f4f2172d25124e486de257f4516f1caed9eed8a0 100644 (file)
--- a/apps/files_sharing/ajax/share.php
+++ b/apps/files_sharing/ajax/share.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $userDirectory = '/'.OCP\USER::getUser().'/files';
 $sources = explode(';', $_POST['sources']);

diff --git a/apps/files_sharing/ajax/unshare.php b/apps/files_sharing/ajax/unshare.php
index d50e7963a0551eb143f7f9b2181cec94e71def06..44ffdb1a5bca4abe034577ff9bca5534d98bcebc 100644 (file)
--- a/apps/files_sharing/ajax/unshare.php
+++ b/apps/files_sharing/ajax/unshare.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
 $uid_shared_with = $_POST['uid_shared_with'];